Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/UjPaZYABNoDsXwvPLZSDlRNIpP4.roa
File:                     UjPaZYABNoDsXwvPLZSDlRNIpP4.roa (raw, json)
Hash identifier:          PVePQLHD5eGMLzlWvaOJAKxI3a2aCZGvKbaAoL4fhWk=
Subject key identifier:   52:33:DA:65:80:01:36:80:EC:5F:0B:CF:2D:94:83:95:13:48:A4:FE
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018CED94CBC5FF6EDE52177090273A2A28E0
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/UjPaZYABNoDsXwvPLZSDlRNIpP4.roa
Signing time:             Tue 09 Jan 2024 09:36:40 +0000
ROA not before:           Tue 09 Jan 2024 09:36:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        185.49.126.0/23 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          82.153.245.0/24 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          81.168.119.0/24 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.148.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          213.152.42.0/24 maxlen: 24
                          89.213.165.0/24 maxlen: 24
                          89.213.172.0/22 maxlen: 24

Validation:               Failed, certificate revoked on Thu 11 Jan 2024 09:18:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ed:94:cb:c5:ff:6e:de:52:17:70:90:27:3a:2a:28:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  9 09:36:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5233da6580013680ec5f0bcf2d9483951348a4fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:f9:61:9d:c8:bc:48:49:69:6b:dd:73:6e:c3:
                    9c:fb:35:c1:39:78:2a:15:1f:9a:9d:28:77:cf:ce:
                    7b:7c:30:75:2f:90:93:aa:2e:9e:a6:2b:03:81:30:
                    3a:f6:78:46:79:be:e6:9e:1e:61:8c:6d:80:38:07:
                    0e:7d:c8:ec:76:62:a5:c5:1e:f0:07:76:bc:ba:89:
                    8c:3a:45:b2:00:f9:df:c2:9e:e0:6b:16:05:6e:9f:
                    e8:1c:90:b3:2a:26:c5:3c:70:89:64:1e:bd:07:98:
                    14:54:0e:34:69:6b:93:97:5d:70:79:4d:a6:a3:97:
                    4c:84:c2:5e:61:39:4f:54:a5:55:20:40:31:98:9e:
                    3f:9e:3f:6f:51:ca:c6:5c:26:b5:62:f2:be:9e:47:
                    1d:b3:ae:74:62:ce:2e:a8:07:6e:02:a8:b9:f1:68:
                    f6:9e:cc:06:59:83:0b:d5:54:58:7f:df:70:97:90:
                    c8:a5:e3:cb:f0:b4:8e:fe:fd:76:83:35:cb:44:e2:
                    51:2f:2d:57:bb:26:0c:de:09:f1:fa:17:78:cc:4f:
                    da:9b:25:d1:a8:d8:4d:6c:3e:18:f4:10:99:96:ad:
                    14:53:03:fd:d5:64:41:6b:30:4a:e2:f9:ae:5f:0a:
                    a5:3d:81:cd:e8:4f:1b:17:d8:85:68:7b:4e:e5:6c:
                    b7:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:33:DA:65:80:01:36:80:EC:5F:0B:CF:2D:94:83:95:13:48:A4:FE
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/UjPaZYABNoDsXwvPLZSDlRNIpP4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.119.0/24
                  82.153.136.0/22
                  82.153.245.0/24
                  89.213.148.0-89.213.159.255
                  89.213.165.0/24
                  89.213.172.0/22
                  89.213.180.0/24
                  185.49.126.0/23
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:2e:16:93:65:0f:86:11:35:0d:27:c1:15:4d:55:4e:10:0b:
         de:81:7f:d3:b4:4c:1d:93:f8:64:c9:91:76:f9:9c:4d:0a:01:
         d2:32:29:13:d8:e0:0e:87:60:5b:01:cd:61:4c:60:6a:de:b5:
         75:f5:f5:2b:90:d9:94:92:ea:20:da:31:7b:0c:e1:e3:69:2d:
         cd:f2:a2:24:8c:db:77:c4:88:b9:68:13:a9:7f:7a:26:13:b1:
         6c:8e:c9:d5:6e:ff:77:89:32:bb:aa:24:68:58:99:ae:44:84:
         64:f4:c4:70:ab:c7:0f:a6:8a:62:07:d7:b4:7e:b5:27:cf:23:
         60:b3:86:3b:4a:08:b3:13:e7:fc:15:af:fd:86:1f:86:d8:86:
         17:76:14:90:2d:f1:c5:34:13:3b:ed:4c:f0:17:77:75:3c:59:
         87:53:6f:fa:51:a5:7f:75:27:f5:60:7a:a5:e1:cc:f0:a0:b0:
         26:2d:75:8e:05:7b:17:a9:f8:35:6d:dd:24:e0:c2:fd:70:ce:
         02:60:2f:b9:d2:0a:48:80:cf:73:e8:50:bb:4f:43:12:81:43:
         70:65:2b:ce:78:d7:f9:27:9c:da:a6:1d:97:f8:f1:60:bf:32:
         0d:e6:81:25:35:cc:15:d7:66:91:7f:9c:c5:24:ca:15:08:93:
         25:df:3d:bf
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYztlMvF/27eUhdwkCc6KijgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMTA5MDkzNjQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjMzZGE2NTgwMDEzNjgwZWM1ZjBiY2YyZDk0ODM5NTEzNDhhNGZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlflhnci8SElpa91zbsOc+zXBOXgq
FR+anSh3z857fDB1L5CTqi6episDgTA69nhGeb7mnh5hjG2AOAcOfcjsdmKlxR7w
B3a8uomMOkWyAPnfwp7gaxYFbp/oHJCzKibFPHCJZB69B5gUVA40aWuTl11weU2m
o5dMhMJeYTlPVKVVIEAxmJ4/nj9vUcrGXCa1YvK+nkcds650Ys4uqAduAqi58Wj2
nswGWYML1VRYf99wl5DIpePL8LSO/v12gzXLROJRLy1XuyYM3gnx+hd4zE/amyXR
qNhNbD4Y9BCZlq0UUwP91WRBazBK4vmuXwqlPYHN6E8bF9iFaHtO5Wy3pwIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFFIz2mWAATaA7F8Lzy2Ug5UTSKT+MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvVWpQYVpZQUJOb0RzWHd2UExaU0RsUk5JcFA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQAUah3AwQC
UpmIAwQAUpn1MAwDBAJZ1ZQDBAVZ1YADBABZ1aUDBAJZ1awDBABZ1bQDBAG5MX4D
BADVmCowDQYJKoZIhvcNAQELBQADggEBAJwuFpNlD4YRNQ0nwRVNVU4QC96Bf9O0
TB2T+GTJkXb5nE0KAdIyKRPY4A6HYFsBzWFMYGretXX19SuQ2ZSS6iDaMXsM4eNp
Lc3yoiSM23fEiLloE6l/eiYTsWyOydVu/3eJMruqJGhYma5EhGT0xHCrxw+mimIH
17R+tSfPI2CzhjtKCLMT5/wVr/2GH4bYhhd2FJAt8cU0EzvtTPAXd3U8WYdTb/pR
pX91J/VgeqXhzPCgsCYtdY4Fexep+DVt3STgwv1wzgJgL7nSCkiAz3PoULtPQxKB
Q3BlK8541/knnNqmHZf48WC/Mg3mgSU1zBXXZpF/nMUkyhUIkyXfPb8=
-----END CERTIFICATE-----