Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/RLxBBiYuNnJYsA4XpSM-R5r3-SQ.roa
File:                     RLxBBiYuNnJYsA4XpSM-R5r3-SQ.roa (raw, json)
Hash identifier:          BPUYJBdAI9qdOMHkTfav4s00YpxLIFmoRWiYPHJ6aoc=
Subject key identifier:   44:BC:41:06:26:2E:36:72:58:B0:0E:17:A5:23:3E:47:9A:F7:F9:24
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018E5B0A9A02BA398BC8F788158C5322C135
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/RLxBBiYuNnJYsA4XpSM-R5r3-SQ.roa
Signing time:             Wed 20 Mar 2024 08:46:45 +0000
ROA not before:           Wed 20 Mar 2024 08:46:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        82.152.176.0/23 maxlen: 23
                          82.153.136.0/22 maxlen: 22
                          89.213.148.0/22 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          89.213.165.0/24 maxlen: 24
                          89.213.172.0/22 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          109.176.245.0/24 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          213.152.42.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 22 Mar 2024 11:27:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:5b:0a:9a:02:ba:39:8b:c8:f7:88:15:8c:53:22:c1:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Mar 20 08:46:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=44bc4106262e367258b00e17a5233e479af7f924
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:5c:e3:3e:39:72:96:ab:bb:89:cd:a4:87:bc:
                    24:95:13:cc:77:da:1f:14:0f:e0:8c:b3:55:75:78:
                    a4:7a:ac:17:74:36:68:27:d3:6b:e3:9f:fd:f2:0a:
                    26:64:9c:9d:29:03:b9:f8:7d:be:d8:90:ec:2b:71:
                    ed:1a:f1:78:ff:ba:2c:b9:71:24:26:e9:b3:03:5d:
                    3e:e9:b4:e8:ab:de:18:8e:85:42:89:94:7b:19:3a:
                    45:15:4b:4b:1e:82:75:ae:0f:c2:ff:3d:00:08:c4:
                    fa:bc:27:41:38:22:f3:72:47:cb:5a:73:ed:cf:12:
                    af:c8:2d:cb:2f:48:0c:07:08:85:d7:ca:c3:39:e1:
                    ce:8a:9f:e6:32:38:25:a6:20:0a:31:5c:4a:6e:10:
                    64:59:20:5e:af:76:4f:d4:53:c1:ea:e1:0d:55:e3:
                    37:8f:6a:3a:42:f2:8b:2d:6e:8a:e0:b3:28:cf:63:
                    24:04:79:32:34:3b:13:30:28:58:b7:d9:b6:d1:2a:
                    13:3c:9b:17:06:6e:f7:02:77:6d:99:0a:15:6f:13:
                    09:95:a0:50:a9:95:81:fb:47:f7:bb:14:aa:ad:7a:
                    57:ce:be:93:56:3c:e3:4d:62:2d:29:76:05:11:07:
                    30:d1:0d:8b:13:2e:68:84:57:ee:22:3c:eb:83:c7:
                    42:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:BC:41:06:26:2E:36:72:58:B0:0E:17:A5:23:3E:47:9A:F7:F9:24
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/RLxBBiYuNnJYsA4XpSM-R5r3-SQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.176.0/23
                  82.153.136.0/22
                  89.213.148.0-89.213.159.255
                  89.213.165.0/24
                  89.213.172.0/22
                  89.213.180.0/24
                  109.176.245.0/24
                  185.49.126.0/23
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:7d:d2:a8:8c:aa:95:4d:98:29:bf:3d:f8:55:8a:21:c5:fd:
         6a:e0:f0:ac:7a:12:27:9f:1f:0a:1e:26:20:cf:c6:59:ec:d2:
         a9:6d:89:15:31:f8:5d:8b:0c:a4:29:34:e4:e3:74:80:44:38:
         91:4e:77:9f:62:99:d8:cc:78:1d:34:22:5a:fd:49:95:7f:a1:
         0d:89:92:1e:fe:c4:4f:58:b1:e5:95:61:cb:f4:f1:20:23:2b:
         3c:fb:43:b9:de:33:fa:b5:bb:47:87:2b:2e:e6:f3:ab:9c:eb:
         96:79:36:59:ea:12:ac:70:13:3a:9f:68:41:d9:1d:99:ae:70:
         a5:b6:fa:e5:6c:47:39:d1:22:91:c3:4b:97:61:5a:ee:17:20:
         ab:3c:c3:5d:b8:f9:33:55:98:5a:b9:43:e2:e7:e6:21:20:20:
         ea:2e:c8:4e:21:fa:63:60:f7:0e:73:19:43:38:74:b6:f7:d2:
         a5:9e:a2:c3:1e:b0:00:12:c3:aa:d3:c1:1a:b7:41:73:26:8d:
         20:10:c6:59:6c:93:46:4f:77:c8:ff:16:be:53:3c:3e:60:ce:
         8c:25:70:e8:ba:5c:4c:fe:f8:5b:48:9b:26:a9:a0:20:9b:2b:
         5b:cd:08:70:41:6d:86:cd:c5:b1:36:55:0b:2b:11:77:70:15:
         f2:72:d2:67
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAY5bCpoCujmLyPeIFYxTIsE1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMzIwMDg0NjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGJjNDEwNjI2MmUzNjcyNThiMDBlMTdhNTIzM2U0NzlhZjdmOTI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw1zjPjlylqu7ic2kh7wklRPMd9of
FA/gjLNVdXikeqwXdDZoJ9Nr45/98gomZJydKQO5+H2+2JDsK3HtGvF4/7osuXEk
JumzA10+6bToq94YjoVCiZR7GTpFFUtLHoJ1rg/C/z0ACMT6vCdBOCLzckfLWnPt
zxKvyC3LL0gMBwiF18rDOeHOip/mMjglpiAKMVxKbhBkWSBer3ZP1FPB6uENVeM3
j2o6QvKLLW6K4LMoz2MkBHkyNDsTMChYt9m20SoTPJsXBm73AndtmQoVbxMJlaBQ
qZWB+0f3uxSqrXpXzr6TVjzjTWItKXYFEQcw0Q2LEy5ohFfuIjzrg8dCFwIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFES8QQYmLjZyWLAOF6UjPkea9/kkMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvUkx4QkJpWXVObkpZc0E0WHBTTS1SNXIzLVNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQBUpiwAwQC
UpmIMAwDBAJZ1ZQDBAVZ1YADBABZ1aUDBAJZ1awDBABZ1bQDBABtsPUDBAG5MX4D
BADVmCowDQYJKoZIhvcNAQELBQADggEBACZ90qiMqpVNmCm/PfhViiHF/Wrg8Kx6
EiefHwoeJiDPxlns0qltiRUx+F2LDKQpNOTjdIBEOJFOd59imdjMeB00Ilr9SZV/
oQ2Jkh7+xE9YseWVYcv08SAjKzz7Q7neM/q1u0eHKy7m86uc65Z5NlnqEqxwEzqf
aEHZHZmucKW2+uVsRznRIpHDS5dhWu4XIKs8w124+TNVmFq5Q+Ln5iEgIOouyE4h
+mNg9w5zGUM4dLb30qWeosMesAASw6rTwRq3QXMmjSAQxllsk0ZPd8j/Fr5TPD5g
zowlcOi6XEz++FtImyapoCCbK1vNCHBBbYbNxbE2VQsrEXdwFfJy0mc=
-----END CERTIFICATE-----