Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/cviJ8OuM8F-oqgZ82dCCpP7BbAk.roa
File:                     cviJ8OuM8F-oqgZ82dCCpP7BbAk.roa (raw, json)
Hash identifier:          2CwKEQBFCzF7EVOvbUSTpelmj8OTc2UlTzUzrSoWS/g=
Subject key identifier:   72:F8:89:F0:EB:8C:F0:5F:A8:AA:06:7C:D9:D0:82:A4:FE:C1:6C:09
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018FB3C8A7D3130B29E64418363645E5F58F
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/cviJ8OuM8F-oqgZ82dCCpP7BbAk.roa
Signing time:             Sun 26 May 2024 07:23:42 +0000
ROA not before:           Sun 26 May 2024 07:23:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25369
IP address blocks:        82.152.7.0/24 maxlen: 24
                          82.153.225.0/24 maxlen: 24
                          89.213.43.0/24 maxlen: 24
                          89.213.99.0/24 maxlen: 24
                          89.213.131.0/24 maxlen: 24
                          89.213.145.0/24 maxlen: 24
                          109.176.200.0/24 maxlen: 24
                          109.176.239.0/24 maxlen: 24
                          213.130.155.0/24 maxlen: 24
                          213.218.213.0/24 maxlen: 24
                          213.218.225.0/24 maxlen: 24
                          213.218.227.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Tue 18 Jun 2024 15:58:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:b3:c8:a7:d3:13:0b:29:e6:44:18:36:36:45:e5:f5:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 26 07:23:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=72f889f0eb8cf05fa8aa067cd9d082a4fec16c09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:ea:44:5b:56:97:5e:6b:54:e4:8a:f8:53:8f:
                    e4:51:12:6a:f2:9a:7a:20:00:86:41:18:c7:06:f5:
                    74:cb:a3:af:20:64:fc:57:9f:ef:5b:c4:5b:fe:6c:
                    b4:d2:c4:83:09:cb:c8:c4:f9:3f:34:80:b7:54:be:
                    67:7e:4d:82:27:69:a5:5a:c7:af:fc:70:15:9c:91:
                    2c:a4:a4:b5:be:78:9a:1c:2e:9c:f8:4d:0c:9a:2a:
                    17:25:f8:bd:ea:7f:13:83:fe:09:47:19:40:53:38:
                    12:76:87:da:dd:06:68:56:99:d1:a1:b1:f5:87:47:
                    3d:aa:03:e9:35:f6:bb:52:88:cd:11:1b:6c:5e:e0:
                    d4:3f:69:09:6d:c2:c5:6b:8c:77:43:96:97:80:4f:
                    0c:fe:6a:92:e8:ca:c1:c9:bc:53:ef:3d:a8:7b:26:
                    94:44:39:c5:86:30:96:09:a7:6a:d1:c5:21:c6:21:
                    d7:cb:64:b3:ba:b2:88:48:80:a0:f2:5b:f2:7b:7e:
                    f3:8a:a5:e0:b6:30:3b:80:10:7f:66:eb:86:ff:88:
                    bc:c5:6f:62:6c:f4:8c:b3:64:83:9c:f5:17:01:7d:
                    94:84:c5:1d:65:37:9c:2c:ce:5a:f5:7d:1e:8c:17:
                    7c:df:a7:b4:98:c2:58:1b:7c:45:e9:ea:dd:5b:71:
                    dc:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:F8:89:F0:EB:8C:F0:5F:A8:AA:06:7C:D9:D0:82:A4:FE:C1:6C:09
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/cviJ8OuM8F-oqgZ82dCCpP7BbAk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.7.0/24
                  82.153.225.0/24
                  89.213.43.0/24
                  89.213.99.0/24
                  89.213.131.0/24
                  89.213.145.0/24
                  109.176.200.0/24
                  109.176.239.0/24
                  213.130.155.0/24
                  213.218.213.0/24
                  213.218.225.0/24
                  213.218.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:0c:89:c2:9e:3c:5d:53:8c:f3:d6:76:06:1d:d0:ea:f3:ca:
         3d:0c:8a:7e:59:03:3d:72:e7:13:a7:59:25:59:87:e3:0d:d8:
         d4:f1:65:fb:50:00:03:85:7d:d8:ea:8f:53:98:09:c4:06:bd:
         f6:61:3e:26:83:ce:46:a3:30:47:ea:60:0b:5f:34:48:7b:dc:
         2a:e5:fc:73:ad:3a:4d:f3:dc:04:09:f8:35:3a:37:2d:39:fc:
         51:ac:4b:a8:7e:73:30:e2:9c:bd:b8:c3:6b:2d:3a:43:f0:15:
         2d:dd:f8:79:ef:22:9b:68:15:d3:5b:13:d6:f8:fd:58:0e:db:
         04:35:cf:2a:15:36:79:e5:72:ba:61:14:14:ad:55:13:5e:60:
         29:96:49:57:29:92:9e:35:2a:01:46:25:fd:9d:3f:74:61:cf:
         2b:0e:8d:de:23:67:1a:8a:f0:51:35:37:04:c5:d0:ea:95:2e:
         c7:cd:94:cd:f4:29:e3:e2:98:8d:6f:48:e7:0c:f9:ca:bc:71:
         88:5a:d5:57:49:fb:90:3e:0e:7f:43:dd:35:e4:8d:52:ed:3f:
         e6:8b:48:60:f6:8c:bd:77:97:cd:08:58:6b:aa:e0:7d:19:3a:
         a1:ff:47:e8:54:fb:53:30:7b:80:f4:29:9a:b1:fc:c8:b4:73:
         c8:f1:ec:77
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAY+zyKfTEwsp5kQYNjZF5fWPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNTI2MDcyMzQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmY4ODlmMGViOGNmMDVmYThhYTA2N2NkOWQwODJhNGZlYzE2YzA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+pEW1aXXmtU5Ir4U4/kURJq8pp6
IACGQRjHBvV0y6OvIGT8V5/vW8Rb/my00sSDCcvIxPk/NIC3VL5nfk2CJ2mlWsev
/HAVnJEspKS1vniaHC6c+E0MmioXJfi96n8Tg/4JRxlAUzgSdofa3QZoVpnRobH1
h0c9qgPpNfa7UojNERtsXuDUP2kJbcLFa4x3Q5aXgE8M/mqS6MrBybxT7z2oeyaU
RDnFhjCWCadq0cUhxiHXy2SzurKISICg8lvye37ziqXgtjA7gBB/ZuuG/4i8xW9i
bPSMs2SDnPUXAX2UhMUdZTecLM5a9X0ejBd836e0mMJYG3xF6erdW3HcCwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFHL4ifDrjPBfqKoGfNnQgqT+wWwJMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvY3ZpSjhPdU04Ri1vcWdaODJkQ0NwUDdCYkFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQAUpgHAwQA
UpnhAwQAWdUrAwQAWdVjAwQAWdWDAwQAWdWRAwQAbbDIAwQAbbDvAwQA1YKbAwQA
1drVAwQA1drhAwQA1drjMA0GCSqGSIb3DQEBCwUAA4IBAQCBDInCnjxdU4zz1nYG
HdDq88o9DIp+WQM9cucTp1klWYfjDdjU8WX7UAADhX3Y6o9TmAnEBr32YT4mg85G
ozBH6mALXzRIe9wq5fxzrTpN89wECfg1OjctOfxRrEuofnMw4py9uMNrLTpD8BUt
3fh57yKbaBXTWxPW+P1YDtsENc8qFTZ55XK6YRQUrVUTXmAplklXKZKeNSoBRiX9
nT90Yc8rDo3eI2caivBRNTcExdDqlS7HzZTN9Cnj4piNb0jnDPnKvHGIWtVXSfuQ
Pg5/Q9015I1S7T/mi0hg9oy9d5fNCFhrquB9GTqh/0foVPtTMHuA9CmasfzItHPI
8ex3
-----END CERTIFICATE-----