Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/RfLTh68QBnxIyA8El5Hr9uVG0OU.roa
File:                     RfLTh68QBnxIyA8El5Hr9uVG0OU.roa (raw, json)
Hash identifier:          YG9LOtEl4pqtGr4+M099/vcNUXl7JdYj4IQwtu+GqqY=
Subject key identifier:   45:F2:D3:87:AF:10:06:7C:48:C8:0F:04:97:91:EB:F6:E5:46:D0:E5
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018D5986577F78FCB1830201C0460C650B44
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/RfLTh68QBnxIyA8El5Hr9uVG0OU.roa
Signing time:             Tue 30 Jan 2024 08:39:52 +0000
ROA not before:           Tue 30 Jan 2024 08:39:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        81.168.119.0/24 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          89.213.148.0/22 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          89.213.165.0/24 maxlen: 24
                          89.213.172.0/22 maxlen: 24
                          89.213.173.0/24 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          213.152.42.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 31 Jan 2024 12:09:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:59:86:57:7f:78:fc:b1:83:02:01:c0:46:0c:65:0b:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan 30 08:39:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=45f2d387af10067c48c80f049791ebf6e546d0e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:71:a2:c2:7e:e9:92:c2:a7:1f:2a:a9:16:d5:
                    25:e2:e5:4e:32:e9:97:d3:b5:1f:f3:c2:3a:44:19:
                    43:cf:87:5e:15:da:d9:15:ba:ee:60:16:fd:dd:0f:
                    db:04:9b:44:8e:35:a3:dc:54:d8:87:a3:89:54:82:
                    2d:f2:29:4e:0b:ac:22:6a:3d:17:35:04:f6:c2:1f:
                    a9:3e:22:f7:18:b3:5e:8e:e3:22:9f:e3:bf:72:1a:
                    9c:00:ed:04:79:34:89:0b:31:75:ce:03:eb:74:5f:
                    d4:36:25:55:62:a8:18:a7:c4:94:5b:b9:1f:21:ea:
                    5c:15:e9:cf:09:d3:69:30:6a:27:4a:9c:a8:ea:d2:
                    5b:f5:21:d3:2d:e5:c4:a6:32:62:ca:cf:f0:bd:2b:
                    f8:83:19:53:f5:b7:48:db:15:aa:81:b1:22:9e:7d:
                    6f:e5:8b:69:51:fb:43:e6:9a:37:9b:22:62:40:8f:
                    b3:49:52:4c:43:a7:e6:2f:50:1a:d4:e4:15:f3:0c:
                    66:40:f0:dd:26:c4:b4:e1:17:9d:cc:85:3a:5f:00:
                    c4:17:c1:c6:c6:7b:67:2c:a3:f1:c1:c0:74:8f:c6:
                    4f:dd:f3:55:47:ef:c5:c5:08:3c:5a:eb:a3:26:6b:
                    a4:9a:ba:40:1e:17:6a:55:92:46:e2:f3:eb:27:a4:
                    a2:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:F2:D3:87:AF:10:06:7C:48:C8:0F:04:97:91:EB:F6:E5:46:D0:E5
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/RfLTh68QBnxIyA8El5Hr9uVG0OU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.119.0/24
                  82.153.136.0/22
                  89.213.148.0-89.213.159.255
                  89.213.165.0/24
                  89.213.172.0/22
                  89.213.180.0/24
                  185.49.126.0/23
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:18:db:af:f4:91:8f:01:a5:28:bc:7c:4b:f0:7b:86:da:db:
         98:d0:9c:64:31:3a:65:48:91:fa:84:af:92:b2:1f:8d:f9:af:
         ff:7a:16:ef:3f:05:30:b0:eb:b0:c3:27:ac:d6:a0:de:e7:61:
         95:b6:3f:c3:33:34:80:d0:24:54:28:ee:96:d2:11:9f:c3:b8:
         5d:28:2a:86:33:0f:bc:a7:4c:a0:64:b4:3a:af:34:1a:9f:37:
         4f:e1:98:18:90:1e:2c:b9:68:14:8c:3b:f0:07:46:58:06:ba:
         13:74:0f:cd:4a:36:ff:95:22:48:69:ec:e9:fa:e2:77:3f:a8:
         08:68:1d:03:26:8f:1e:51:b6:ad:b1:bb:54:2c:97:78:93:ed:
         d3:a4:9d:ac:ba:2f:b1:14:d8:94:94:1c:bc:75:1b:bf:55:6a:
         0d:e0:42:7e:e2:39:7c:bb:49:72:27:28:a6:aa:c5:e6:8f:75:
         3a:c7:b3:a1:f0:a9:4e:00:7d:96:a3:49:e7:18:d6:4c:4d:6a:
         70:39:44:0b:85:25:32:d1:03:60:db:3a:bb:4d:99:9a:08:b4:
         b3:1e:35:52:c2:97:dc:a0:db:4d:09:b3:1b:76:6d:4c:be:ee:
         dc:01:a0:75:9a:d7:89:c9:49:68:8c:43:8c:a2:a4:2a:42:66:
         d3:69:24:31
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAY1Zhld/ePyxgwIBwEYMZQtEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMTMwMDgzOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWYyZDM4N2FmMTAwNjdjNDhjODBmMDQ5NzkxZWJmNmU1NDZkMGU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn3Giwn7pksKnHyqpFtUl4uVOMumX
07Uf88I6RBlDz4deFdrZFbruYBb93Q/bBJtEjjWj3FTYh6OJVIIt8ilOC6wiaj0X
NQT2wh+pPiL3GLNejuMin+O/chqcAO0EeTSJCzF1zgPrdF/UNiVVYqgYp8SUW7kf
IepcFenPCdNpMGonSpyo6tJb9SHTLeXEpjJiys/wvSv4gxlT9bdI2xWqgbEinn1v
5YtpUftD5po3myJiQI+zSVJMQ6fmL1Aa1OQV8wxmQPDdJsS04RedzIU6XwDEF8HG
xntnLKPxwcB0j8ZP3fNVR+/FxQg8WuujJmukmrpAHhdqVZJG4vPrJ6Si7wIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFEXy04evEAZ8SMgPBJeR6/blRtDlMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvUmZMVGg2OFFCbnhJeUE4RWw1SHI5dVZHME9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQAUah3AwQC
UpmIMAwDBAJZ1ZQDBAVZ1YADBABZ1aUDBAJZ1awDBABZ1bQDBAG5MX4DBADVmCow
DQYJKoZIhvcNAQELBQADggEBAH0Y26/0kY8BpSi8fEvwe4ba25jQnGQxOmVIkfqE
r5KyH435r/96Fu8/BTCw67DDJ6zWoN7nYZW2P8MzNIDQJFQo7pbSEZ/DuF0oKoYz
D7ynTKBktDqvNBqfN0/hmBiQHiy5aBSMO/AHRlgGuhN0D81KNv+VIkhp7On64nc/
qAhoHQMmjx5Rtq2xu1Qsl3iT7dOknay6L7EU2JSUHLx1G79Vag3gQn7iOXy7SXIn
KKaqxeaPdTrHs6HwqU4AfZajSecY1kxNanA5RAuFJTLRA2DbOrtNmZoItLMeNVLC
l9yg200Jsxt2bUy+7twBoHWa14nJSWiMQ4yipCpCZtNpJDE=
-----END CERTIFICATE-----