Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/_NyUoTQiXqRPzJTbePP4_zjSfag.roa
File:                     _NyUoTQiXqRPzJTbePP4_zjSfag.roa (raw, json)
Hash identifier:          WChX5U2FgXsH5tpDbIG+yVYuwcAt4TLf4jv+vd6aj5U=
Subject key identifier:   FC:DC:94:A1:34:22:5E:A4:4F:CC:94:DB:78:F3:F8:FF:38:D2:7D:A8
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018F28B1A911895560BDC49E97AF1447AC95
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/_NyUoTQiXqRPzJTbePP4_zjSfag.roa
Signing time:             Mon 29 Apr 2024 07:11:22 +0000
ROA not before:           Mon 29 Apr 2024 07:11:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        82.152.176.0/23 maxlen: 23
                          82.153.50.0/24 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          82.153.245.0/24 maxlen: 24
                          89.213.133.0/24 maxlen: 24
                          89.213.148.0/22 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          89.213.172.0/22 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          109.176.16.0/21 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          194.105.80.0/20 maxlen: 20
                          213.130.149.0/24 maxlen: 24
                          217.145.68.0/24 maxlen: 24
                          217.145.69.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 29 Apr 2024 13:22:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:28:b1:a9:11:89:55:60:bd:c4:9e:97:af:14:47:ac:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr 29 07:11:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fcdc94a134225ea44fcc94db78f3f8ff38d27da8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:a4:f7:f0:26:9e:86:0c:41:49:31:1f:67:17:
                    d3:07:c7:9f:8a:66:99:20:b1:bd:7b:0e:ef:88:da:
                    00:21:61:55:a6:25:99:a2:9d:da:5c:dd:c7:c9:c7:
                    cf:47:32:a1:da:10:85:40:57:04:f6:93:21:ff:cd:
                    8c:14:39:b0:77:a1:db:5a:1c:fa:ae:1b:cf:16:dd:
                    2e:26:15:cd:f7:f5:14:51:01:cc:8c:e4:a1:a3:98:
                    3e:48:25:9b:06:3a:0c:7d:ce:26:00:d6:8d:c6:b2:
                    61:63:5e:29:d0:ba:b7:a4:ba:db:6c:60:68:d4:f4:
                    1b:53:b2:93:7c:45:e7:85:f7:5d:e9:d9:d9:2e:0b:
                    1a:83:73:42:ff:7f:0c:72:4d:65:99:d4:69:b5:d6:
                    2f:32:4c:4d:e2:a9:02:e2:11:f2:f4:30:b3:42:3d:
                    b0:5a:24:c8:2c:28:5d:8d:5f:fd:36:97:03:17:17:
                    f7:35:7f:81:a5:b1:19:c7:8b:4d:96:c6:33:73:69:
                    c1:e6:b7:8d:21:d1:80:9e:a4:36:9f:6f:38:e0:87:
                    77:3d:f3:50:72:39:8a:48:86:b3:49:d8:6c:04:82:
                    c2:c1:be:81:47:01:a8:89:d4:f4:19:f6:0a:fb:68:
                    3e:01:18:60:5d:60:24:2c:d5:b9:77:9d:c2:34:61:
                    03:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:DC:94:A1:34:22:5E:A4:4F:CC:94:DB:78:F3:F8:FF:38:D2:7D:A8
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/_NyUoTQiXqRPzJTbePP4_zjSfag.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.176.0/23
                  82.153.50.0/24
                  82.153.136.0/22
                  82.153.245.0/24
                  89.213.133.0/24
                  89.213.148.0-89.213.159.255
                  89.213.172.0/22
                  89.213.180.0/24
                  109.176.16.0/21
                  185.49.126.0/23
                  194.105.80.0/20
                  213.130.149.0/24
                  217.145.68.0/23

    Signature Algorithm: sha256WithRSAEncryption
         aa:44:09:ce:5a:4d:4a:07:d6:aa:df:86:03:43:87:ce:e0:c9:
         e9:a7:6d:3c:e0:21:09:53:0c:ef:f4:50:fc:65:cc:a9:3e:97:
         26:aa:97:aa:3b:28:ac:b8:ef:76:18:6c:17:f2:4f:12:16:0e:
         00:71:e9:5a:46:95:33:f7:d7:f8:c3:67:c9:72:3d:bf:98:fc:
         96:3b:0c:08:8a:1b:b5:28:ca:81:be:01:f5:d8:d5:45:82:0a:
         8b:00:81:be:21:6e:b9:a7:ae:eb:8a:3f:93:15:71:c3:12:c0:
         e3:81:5b:fd:f2:34:f7:32:60:e8:34:e9:7e:0a:ac:95:e6:20:
         d0:9f:9e:2d:81:67:30:33:84:7e:cf:6b:6b:78:d2:ca:32:24:
         05:e1:17:f3:60:10:40:77:5a:cc:7c:0e:ff:d9:8e:ed:16:57:
         48:7a:8d:30:a4:a1:02:1d:4e:21:8b:6e:40:e1:38:d1:ad:88:
         7d:cb:47:5c:11:ee:74:4d:44:4f:ec:35:c9:51:fc:ba:da:27:
         52:2a:ad:b6:f7:d7:86:8b:68:d4:f5:f9:60:6e:72:2f:30:f0:
         8b:a5:0e:4d:c8:b2:2b:e8:96:65:40:4f:ba:eb:07:c8:3e:5b:
         10:06:77:63:4e:27:0b:1c:35:51:e0:97:c6:b7:26:8f:95:43:
         df:37:e0:98
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAY8osakRiVVgvcSel68UR6yVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNDI5MDcxMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2RjOTRhMTM0MjI1ZWE0NGZjYzk0ZGI3OGYzZjhmZjM4ZDI3ZGE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2aT38CaehgxBSTEfZxfTB8efimaZ
ILG9ew7viNoAIWFVpiWZop3aXN3HycfPRzKh2hCFQFcE9pMh/82MFDmwd6HbWhz6
rhvPFt0uJhXN9/UUUQHMjOSho5g+SCWbBjoMfc4mANaNxrJhY14p0Lq3pLrbbGBo
1PQbU7KTfEXnhfdd6dnZLgsag3NC/38Mck1lmdRptdYvMkxN4qkC4hHy9DCzQj2w
WiTILChdjV/9NpcDFxf3NX+BpbEZx4tNlsYzc2nB5reNIdGAnqQ2n2844Id3PfNQ
cjmKSIazSdhsBILCwb6BRwGoidT0GfYK+2g+ARhgXWAkLNW5d53CNGEDIwIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFPzclKE0Il6kT8yU23jz+P840n2oMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvX055VW9UUWlYcVJQekpUYmVQUDRfempTZmFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBcBAIAATBWAwQBUpiwAwQA
UpkyAwQCUpmIAwQAUpn1AwQAWdWFMAwDBAJZ1ZQDBAVZ1YADBAJZ1awDBABZ1bQD
BANtsBADBAG5MX4DBATCaVADBADVgpUDBAHZkUQwDQYJKoZIhvcNAQELBQADggEB
AKpECc5aTUoH1qrfhgNDh87gyemnbTzgIQlTDO/0UPxlzKk+lyaql6o7KKy473YY
bBfyTxIWDgBx6VpGlTP31/jDZ8lyPb+Y/JY7DAiKG7UoyoG+AfXY1UWCCosAgb4h
brmnruuKP5MVccMSwOOBW/3yNPcyYOg06X4KrJXmINCfni2BZzAzhH7Pa2t40soy
JAXhF/NgEEB3Wsx8Dv/Zju0WV0h6jTCkoQIdTiGLbkDhONGtiH3LR1wR7nRNRE/s
NclR/LraJ1Iqrbb314aLaNT1+WBuci8w8IulDk3IsivolmVAT7rrB8g+WxAGd2NO
JwscNVHgl8a3Jo+VQ9834Jg=
-----END CERTIFICATE-----