Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/daXE4vGWD9saD8C4D3QbNBXx1Wg.roa
File:                     daXE4vGWD9saD8C4D3QbNBXx1Wg.roa (raw, json)
Hash identifier:          Vx4cGoMMQ0yDB1kqVCAaYFcQR32C/irWP+ABMRQKOPE=
Subject key identifier:   75:A5:C4:E2:F1:96:0F:DB:1A:0F:C0:B8:0F:74:1B:34:15:F1:D5:68
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018EBD3CF8D494DAB338794727C000DBC888
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/daXE4vGWD9saD8C4D3QbNBXx1Wg.roa
Signing time:             Mon 08 Apr 2024 10:24:33 +0000
ROA not before:           Mon 08 Apr 2024 10:24:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5511
IP address blocks:        89.213.107.0/24 maxlen: 24
                          89.213.112.0/24 maxlen: 24
                          89.213.113.0/24 maxlen: 24
                          89.213.114.0/24 maxlen: 24
                          89.213.116.0/24 maxlen: 24
                          89.213.121.0/24 maxlen: 24
                          89.213.157.0/24 maxlen: 24
                          89.213.223.0/24 maxlen: 24
                          89.213.227.0/24 maxlen: 24
                          213.130.137.0/24 maxlen: 24
                          213.130.152.0/24 maxlen: 24
                          213.130.153.0/24 maxlen: 24
                          213.130.154.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 23 Apr 2024 06:48:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:bd:3c:f8:d4:94:da:b3:38:79:47:27:c0:00:db:c8:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr  8 10:24:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=75a5c4e2f1960fdb1a0fc0b80f741b3415f1d568
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:04:e9:ef:52:b1:d0:7c:68:a9:91:49:72:d0:
                    67:e2:95:d9:3e:e7:03:88:af:9c:44:9e:a4:2c:93:
                    0e:af:80:87:93:88:78:ef:b3:94:56:2f:26:b5:60:
                    d4:59:35:9d:b3:3e:e6:f4:d2:4e:d5:87:a0:3f:4b:
                    d8:11:4a:7e:36:9e:1d:5d:d2:33:c7:7d:b3:da:09:
                    79:ab:b0:50:eb:f4:c7:a8:8c:01:30:3f:82:df:cc:
                    a5:e3:b5:4d:11:76:35:a7:0f:05:a3:e9:44:b9:d1:
                    0b:73:92:79:cf:3a:dd:4d:ff:1e:d2:55:5d:7a:0c:
                    1d:22:d6:74:f1:67:4c:c7:e4:68:b3:89:89:17:9c:
                    30:47:3e:ee:32:f9:3f:1b:d6:11:a9:1b:f0:04:62:
                    2c:db:e0:73:52:3d:75:ab:ea:39:c7:0b:7d:06:a8:
                    da:5b:d2:13:55:a0:76:b2:86:0c:2d:72:54:33:55:
                    c5:37:75:9a:19:e8:77:4e:32:0e:92:e4:cd:6e:30:
                    1e:85:60:c7:45:dc:ac:fa:73:77:4e:16:f6:77:b3:
                    39:d5:d1:e8:da:12:1d:95:fe:f6:ba:25:75:a6:5d:
                    e3:ed:d7:b7:79:1b:51:2f:e2:05:33:21:06:3e:12:
                    2d:ad:4f:c2:28:05:3a:4d:74:3b:ca:32:f0:99:17:
                    af:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:A5:C4:E2:F1:96:0F:DB:1A:0F:C0:B8:0F:74:1B:34:15:F1:D5:68
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/daXE4vGWD9saD8C4D3QbNBXx1Wg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.107.0/24
                  89.213.112.0-89.213.114.255
                  89.213.116.0/24
                  89.213.121.0/24
                  89.213.157.0/24
                  89.213.223.0/24
                  89.213.227.0/24
                  213.130.137.0/24
                  213.130.152.0-213.130.154.255

    Signature Algorithm: sha256WithRSAEncryption
         12:49:c7:bc:7c:45:ae:a3:dd:51:79:1c:42:2d:80:8b:8a:3d:
         93:df:1c:9d:e5:46:9e:d2:d7:d4:fa:fc:66:7c:19:d6:0e:74:
         4f:ce:45:c7:44:56:de:1a:6c:13:3a:fc:42:46:4f:8c:31:16:
         60:53:cc:23:6e:fb:08:58:b0:1d:73:aa:76:42:5d:0b:a9:48:
         69:74:65:43:64:68:68:3e:88:f0:b6:fc:9b:cb:4f:3b:f8:36:
         42:75:d1:38:c6:2f:32:af:ae:0a:83:bf:90:16:d7:ac:37:39:
         c1:3c:b8:b3:ad:8c:49:39:55:41:f6:07:f5:76:6b:ac:90:ce:
         c9:c7:28:92:b6:40:10:3f:c5:95:bd:30:9a:ea:35:bf:5c:82:
         8e:7f:7f:23:eb:59:4c:58:83:1e:90:2e:14:47:df:75:87:c2:
         63:e8:14:df:ea:4d:73:7b:f1:de:a7:a7:80:97:21:7f:76:57:
         2b:0d:a6:1e:2b:23:83:53:4e:59:c0:e8:25:50:eb:f0:fa:e0:
         29:e7:05:51:3d:57:55:12:4e:9b:c0:1a:57:22:85:24:84:2a:
         e0:1d:95:be:ec:4b:79:d7:c0:df:13:d3:23:07:99:9c:ff:9c:
         7e:15:c6:3f:4b:bc:41:c1:b7:52:ee:4c:5b:ea:58:16:25:67:
         64:c8:60:d8
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAY69PPjUlNqzOHlHJ8AA28iIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNDA4MTAyNDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWE1YzRlMmYxOTYwZmRiMWEwZmMwYjgwZjc0MWIzNDE1ZjFkNTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAigTp71Kx0HxoqZFJctBn4pXZPucD
iK+cRJ6kLJMOr4CHk4h477OUVi8mtWDUWTWdsz7m9NJO1YegP0vYEUp+Np4dXdIz
x32z2gl5q7BQ6/THqIwBMD+C38yl47VNEXY1pw8Fo+lEudELc5J5zzrdTf8e0lVd
egwdItZ08WdMx+Ros4mJF5wwRz7uMvk/G9YRqRvwBGIs2+BzUj11q+o5xwt9Bqja
W9ITVaB2soYMLXJUM1XFN3WaGeh3TjIOkuTNbjAehWDHRdys+nN3Thb2d7M51dHo
2hIdlf72uiV1pl3j7de3eRtRL+IFMyEGPhItrU/CKAU6TXQ7yjLwmRevnQIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFHWlxOLxlg/bGg/AuA90GzQV8dVoMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvZGFYRTR2R1dEOXNhRDhDNEQzUWJOQlh4MVdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjBMBAIAATBGAwQAWdVrMAwD
BARZ1XADBABZ1XIDBABZ1XQDBABZ1XkDBABZ1Z0DBABZ1d8DBABZ1eMDBADVgokw
DAMEA9WCmAMEANWCmjANBgkqhkiG9w0BAQsFAAOCAQEAEknHvHxFrqPdUXkcQi2A
i4o9k98cneVGntLX1Pr8ZnwZ1g50T85Fx0RW3hpsEzr8QkZPjDEWYFPMI277CFiw
HXOqdkJdC6lIaXRlQ2RoaD6I8Lb8m8tPO/g2QnXROMYvMq+uCoO/kBbXrDc5wTy4
s62MSTlVQfYH9XZrrJDOyccokrZAED/Flb0wmuo1v1yCjn9/I+tZTFiDHpAuFEff
dYfCY+gU3+pNc3vx3qengJchf3ZXKw2mHisjg1NOWcDoJVDr8PrgKecFUT1XVRJO
m8AaVyKFJIQq4B2VvuxLedfA3xPTIweZnP+cfhXGP0u8QcG3Uu5MW+pYFiVnZMhg
2A==
-----END CERTIFICATE-----