Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ebmZrDf833RIKTSFYeZhPj1XOBk.roa
File:                     ebmZrDf833RIKTSFYeZhPj1XOBk.roa (raw, json)
Hash identifier:          vl3IHRStuUCgxUkS0t4HcZ/p+N+h+88YVUKX9JCB/tM=
Subject key identifier:   79:B9:99:AC:37:FC:DF:74:48:29:34:85:61:E6:61:3E:3D:57:38:19
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018D7A3FC51A1E06AB93F0A51A73C8048F77
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ebmZrDf833RIKTSFYeZhPj1XOBk.roa
Signing time:             Mon 05 Feb 2024 17:10:15 +0000
ROA not before:           Mon 05 Feb 2024 17:10:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        82.153.136.0/22 maxlen: 22
                          82.153.246.0/24 maxlen: 24
                          89.213.148.0/22 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          89.213.165.0/24 maxlen: 24
                          89.213.172.0/22 maxlen: 24
                          89.213.173.0/24 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          213.152.42.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 06 Feb 2024 08:26:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:7a:3f:c5:1a:1e:06:ab:93:f0:a5:1a:73:c8:04:8f:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Feb  5 17:10:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=79b999ac37fcdf744829348561e6613e3d573819
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:ca:62:ab:9c:b0:82:d6:38:af:9e:af:92:f9:
                    46:40:8d:55:52:19:65:45:fe:6d:76:b9:a9:7e:e7:
                    0a:60:40:3c:41:1d:18:a1:93:da:0b:18:95:10:c9:
                    c7:90:ed:20:9a:08:6d:20:8f:07:af:b9:b2:56:e2:
                    3d:ee:f8:32:d9:dc:8b:d8:44:3b:ea:74:e4:44:47:
                    42:bc:7b:c9:72:98:ed:ad:7b:52:a8:b0:45:7f:67:
                    a7:95:36:6f:f8:2f:04:c1:24:2d:e2:a7:03:1e:5d:
                    7f:f0:71:72:b8:6d:3c:84:85:23:77:2d:86:a3:9d:
                    a7:ac:0d:19:69:f0:3c:20:e6:5b:f3:c6:f3:c6:c8:
                    57:0a:4a:ca:51:c7:26:77:3f:a4:03:b1:a0:c8:25:
                    07:7e:ca:4f:49:7a:1b:08:bf:de:12:40:35:99:67:
                    14:81:db:a5:c6:fa:cd:3a:97:5c:f4:7e:9d:a1:c3:
                    61:af:fd:c1:19:e9:fe:34:7e:e6:f1:e1:b2:f7:34:
                    79:c4:83:7a:8e:96:ad:e1:6b:4f:bc:18:75:54:be:
                    b6:0e:98:ef:d9:b5:d6:8d:4e:8f:89:36:8e:f6:fe:
                    f8:fe:45:6e:c6:06:84:97:67:5d:a3:98:73:4d:bb:
                    b9:36:3f:f8:03:bc:ad:bb:a1:64:30:5a:e6:68:03:
                    e7:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:B9:99:AC:37:FC:DF:74:48:29:34:85:61:E6:61:3E:3D:57:38:19
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ebmZrDf833RIKTSFYeZhPj1XOBk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.136.0/22
                  82.153.246.0/24
                  89.213.148.0-89.213.159.255
                  89.213.165.0/24
                  89.213.172.0/22
                  89.213.180.0/24
                  185.49.126.0/23
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:2e:e9:72:75:a1:bc:69:19:83:f5:05:97:e6:1c:79:24:15:
         53:12:db:0e:1d:c3:09:ec:bc:4c:19:e5:7f:43:5a:f9:bf:26:
         38:d1:a2:2b:11:db:d5:d4:e7:32:2f:e3:e5:73:7e:c5:33:7f:
         2a:81:00:6d:bf:4f:14:0f:e9:1f:03:d3:92:9b:cb:0f:1d:98:
         58:80:5b:8a:8d:b7:aa:ab:52:99:27:5d:a2:15:9d:ab:bd:66:
         11:59:0b:47:72:9e:e5:66:f8:4d:ff:89:c6:43:b3:2f:53:c9:
         e0:15:87:3f:a7:0a:b8:67:55:cd:17:5d:f1:ce:d3:f2:c3:1d:
         3e:18:b1:6f:73:bf:53:96:99:3b:7f:91:4d:51:ae:48:49:88:
         6c:ab:8d:2f:a6:18:22:99:e5:02:7a:3f:8c:5e:9b:a5:78:07:
         31:52:af:da:c6:7a:7a:0d:99:02:e2:b8:a0:a5:53:5f:0b:39:
         53:ff:4b:f0:06:ae:dc:27:1c:e4:cc:ec:da:06:3f:b1:a5:8f:
         fb:ad:8a:1a:67:37:04:03:e7:3f:79:5e:37:69:b9:ba:84:99:
         1f:88:88:3f:50:f2:f7:ee:9e:14:50:b0:76:22:ce:e3:92:80:
         55:84:8b:6a:2b:72:a8:62:8d:45:ef:75:bf:8e:13:07:e1:56:
         fe:df:bc:55
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAY16P8UaHgark/ClGnPIBI93MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMjA1MTcxMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OWI5OTlhYzM3ZmNkZjc0NDgyOTM0ODU2MWU2NjEzZTNkNTczODE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk8piq5ywgtY4r56vkvlGQI1VUhll
Rf5tdrmpfucKYEA8QR0YoZPaCxiVEMnHkO0gmghtII8Hr7myVuI97vgy2dyL2EQ7
6nTkREdCvHvJcpjtrXtSqLBFf2enlTZv+C8EwSQt4qcDHl1/8HFyuG08hIUjdy2G
o52nrA0ZafA8IOZb88bzxshXCkrKUccmdz+kA7GgyCUHfspPSXobCL/eEkA1mWcU
gdulxvrNOpdc9H6docNhr/3BGen+NH7m8eGy9zR5xIN6jpat4WtPvBh1VL62Dpjv
2bXWjU6PiTaO9v74/kVuxgaEl2ddo5hzTbu5Nj/4A7ytu6FkMFrmaAPnOQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFHm5maw3/N90SCk0hWHmYT49VzgZMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvZWJtWnJEZjgzM1JJS1RTRlllWmhQajFYT0JrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQCUpmIAwQA
Upn2MAwDBAJZ1ZQDBAVZ1YADBABZ1aUDBAJZ1awDBABZ1bQDBAG5MX4DBADVmCow
DQYJKoZIhvcNAQELBQADggEBABAu6XJ1obxpGYP1BZfmHHkkFVMS2w4dwwnsvEwZ
5X9DWvm/JjjRoisR29XU5zIv4+VzfsUzfyqBAG2/TxQP6R8D05Kbyw8dmFiAW4qN
t6qrUpknXaIVnau9ZhFZC0dynuVm+E3/icZDsy9TyeAVhz+nCrhnVc0XXfHO0/LD
HT4YsW9zv1OWmTt/kU1RrkhJiGyrjS+mGCKZ5QJ6P4xem6V4BzFSr9rGenoNmQLi
uKClU18LOVP/S/AGrtwnHOTM7NoGP7Glj/utihpnNwQD5z95XjdpubqEmR+IiD9Q
8vfunhRQsHYizuOSgFWEi2orcqhijUXvdb+OEwfhVv7fvFU=
-----END CERTIFICATE-----