Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/bZE8oGpDwNgIRT4D5BSbUvFbkOI.roa
File:                     bZE8oGpDwNgIRT4D5BSbUvFbkOI.roa (raw, json)
Hash identifier:          c8Mm4Ar3HYXGoL99qWs4dnQPXP41ep72dMPG8BlCi3g=
Subject key identifier:   6D:91:3C:A0:6A:43:C0:D8:08:45:3E:03:E4:14:9B:52:F1:5B:90:E2
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0190BC5FD2873C154C5BBD81EDD3C3956E7C
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/bZE8oGpDwNgIRT4D5BSbUvFbkOI.roa
Signing time:             Tue 16 Jul 2024 16:28:34 +0000
ROA not before:           Tue 16 Jul 2024 16:28:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25369
IP address blocks:        82.153.225.0/24 maxlen: 24
                          89.213.43.0/24 maxlen: 24
                          89.213.99.0/24 maxlen: 24
                          89.213.131.0/24 maxlen: 24
                          109.176.200.0/24 maxlen: 24
                          213.130.155.0/24 maxlen: 24
                          213.218.213.0/24 maxlen: 24
                          213.218.225.0/24 maxlen: 24
                          213.218.227.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Sun 18 Aug 2024 09:33:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:bc:5f:d2:87:3c:15:4c:5b:bd:81:ed:d3:c3:95:6e:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jul 16 16:28:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d913ca06a43c0d808453e03e4149b52f15b90e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:06:04:f7:b6:aa:2a:9b:be:ce:dd:16:e7:4f:
                    0f:c6:16:ea:97:e6:82:dd:5a:ee:fe:d4:ae:4e:ec:
                    67:af:bb:83:00:84:79:84:ea:1a:e2:9d:16:b2:7c:
                    1b:45:4e:50:36:6b:da:af:e5:fe:f7:99:1c:60:d1:
                    c0:4b:fc:27:69:bb:97:dc:fc:18:8c:25:31:ed:bc:
                    f4:33:14:6e:18:ea:9b:0c:2d:9e:07:da:52:bd:80:
                    a0:73:6d:74:2d:33:fa:bf:a5:cb:5c:bd:0f:9a:0b:
                    c4:00:c1:e6:71:0b:2f:c9:0f:25:e8:fc:90:28:28:
                    b9:b2:28:54:35:9e:b9:a7:fa:33:39:db:8c:01:80:
                    ef:81:fd:26:b0:de:c0:7b:6c:09:bd:8a:6a:d0:19:
                    2e:6e:ab:82:76:36:9d:06:fe:37:db:8a:f8:8b:9e:
                    a7:97:b4:65:d9:a0:4f:dc:c9:79:dd:1a:43:55:7f:
                    82:35:89:12:12:41:66:f7:94:de:33:58:b8:77:8f:
                    33:20:54:19:a4:97:35:7a:de:d6:3d:a7:db:6d:a2:
                    9d:79:aa:61:e0:44:1b:62:47:82:c9:fb:7b:56:25:
                    c2:a0:a1:f2:9b:51:09:fd:ad:ed:c0:9d:ed:eb:17:
                    da:bb:10:86:b6:37:67:77:40:4e:a4:75:3a:7e:1a:
                    33:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:91:3C:A0:6A:43:C0:D8:08:45:3E:03:E4:14:9B:52:F1:5B:90:E2
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/bZE8oGpDwNgIRT4D5BSbUvFbkOI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.225.0/24
                  89.213.43.0/24
                  89.213.99.0/24
                  89.213.131.0/24
                  109.176.200.0/24
                  213.130.155.0/24
                  213.218.213.0/24
                  213.218.225.0/24
                  213.218.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:92:32:69:50:2e:86:bd:ef:51:c0:d7:5e:95:93:ec:76:e4:
         29:24:de:f2:87:29:79:c7:7b:f4:9a:9e:ca:76:2e:1b:12:1f:
         35:c1:2e:3c:cb:b7:91:47:04:24:43:ab:67:b4:a3:77:b0:4d:
         10:af:a3:fd:e1:ce:4b:f9:a4:e5:0c:33:81:a0:07:42:c7:95:
         91:3f:a3:f7:92:c9:73:02:94:18:88:d9:92:78:f9:64:04:80:
         8d:0e:86:4e:52:70:02:e2:71:62:ca:ec:1f:1e:07:12:ef:58:
         68:a6:ab:06:04:ad:8f:b7:86:c8:56:64:3c:6b:8d:c5:1b:b7:
         48:4f:05:33:3c:87:07:20:20:66:7f:dd:ec:a0:c1:57:64:50:
         0f:f1:93:7d:6f:e9:f1:d6:91:9d:7a:d5:22:76:fe:11:c1:a1:
         b1:53:70:4e:d8:c0:e5:c1:30:43:4e:ac:8c:75:1d:7e:e5:50:
         e5:d0:18:f7:eb:82:36:82:79:b8:f7:0a:63:0a:85:63:9a:78:
         ed:b4:ab:81:90:85:ad:1e:7e:67:a1:65:d2:f4:5c:22:bc:9c:
         26:21:da:58:41:b9:eb:cf:a3:ff:f3:36:60:18:9f:6f:f5:c6:
         a3:6d:0d:06:b2:30:21:71:f2:2f:c9:8a:f2:04:5f:2f:81:43:
         2a:00:c5:c0
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZC8X9KHPBVMW72B7dPDlW58MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNzE2MTYyODM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDkxM2NhMDZhNDNjMGQ4MDg0NTNlMDNlNDE0OWI1MmYxNWI5MGUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoAYE97aqKpu+zt0W508Pxhbql+aC
3Vru/tSuTuxnr7uDAIR5hOoa4p0WsnwbRU5QNmvar+X+95kcYNHAS/wnabuX3PwY
jCUx7bz0MxRuGOqbDC2eB9pSvYCgc210LTP6v6XLXL0PmgvEAMHmcQsvyQ8l6PyQ
KCi5sihUNZ65p/ozOduMAYDvgf0msN7Ae2wJvYpq0BkubquCdjadBv4324r4i56n
l7Rl2aBP3Ml53RpDVX+CNYkSEkFm95TeM1i4d48zIFQZpJc1et7WPafbbaKdeaph
4EQbYkeCyft7ViXCoKHym1EJ/a3twJ3t6xfauxCGtjdnd0BOpHU6fhoz0QIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFG2RPKBqQ8DYCEU+A+QUm1LxW5DiMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvYlpFOG9HcER3TmdJUlQ0RDVCU2JVdkZia09JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAUpnhAwQA
WdUrAwQAWdVjAwQAWdWDAwQAbbDIAwQA1YKbAwQA1drVAwQA1drhAwQA1drjMA0G
CSqGSIb3DQEBCwUAA4IBAQA+kjJpUC6Gve9RwNdelZPsduQpJN7yhyl5x3v0mp7K
di4bEh81wS48y7eRRwQkQ6tntKN3sE0Qr6P94c5L+aTlDDOBoAdCx5WRP6P3kslz
ApQYiNmSePlkBICNDoZOUnAC4nFiyuwfHgcS71hopqsGBK2Pt4bIVmQ8a43FG7dI
TwUzPIcHICBmf93soMFXZFAP8ZN9b+nx1pGdetUidv4RwaGxU3BO2MDlwTBDTqyM
dR1+5VDl0Bj364I2gnm49wpjCoVjmnjttKuBkIWtHn5noWXS9FwivJwmIdpYQbnr
z6P/8zZgGJ9v9cajbQ0GsjAhcfIvyYryBF8vgUMqAMXA
-----END CERTIFICATE-----