Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/hG1PQcWojYUYghiMAu3er8TcOhg.roa
File:                     hG1PQcWojYUYghiMAu3er8TcOhg.roa (raw, json)
Hash identifier:          g/AfEFO9EJJ3729D7aQpEUUXq3mncy3Cwi0mRTzFkNs=
Subject key identifier:   84:6D:4F:41:C5:A8:8D:85:18:82:18:8C:02:ED:DE:AF:C4:DC:3A:18
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0186BC03A49157E19BC389D5FDEBBCE8B4E3
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/hG1PQcWojYUYghiMAu3er8TcOhg.roa
Signing time:             Tue 07 Mar 2023 12:20:00 +0000
ROA not before:           Tue 07 Mar 2023 12:20:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     60721
IP address blocks:        82.153.243.0/24 maxlen: 24
                          82.152.176.0/24 maxlen: 24
                          82.152.177.0/24 maxlen: 24
                          82.153.68.0/24 maxlen: 24
                          82.153.208.0/24 maxlen: 24
                          82.153.209.0/24 maxlen: 24
                          82.153.211.0/24 maxlen: 24
                          82.152.249.0/24 maxlen: 24
                          82.152.252.0/24 maxlen: 24
                          82.152.254.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 14 Mar 2023 08:51:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:bc:03:a4:91:57:e1:9b:c3:89:d5:fd:eb:bc:e8:b4:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Mar  7 12:20:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=846d4f41c5a88d851882188c02eddeafc4dc3a18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:2c:45:69:4e:43:aa:dc:25:3c:d5:ac:d3:f3:
                    80:cc:fa:68:3a:12:86:78:17:27:be:0f:1f:dc:3a:
                    9e:bc:d7:50:23:d2:45:a8:f6:6d:31:88:05:27:10:
                    fe:48:08:0f:be:c5:28:69:48:42:45:4f:d9:55:45:
                    e0:e1:40:da:c4:ee:a7:09:c8:19:21:4c:96:5b:4b:
                    91:52:7f:9c:3d:ff:87:8d:05:48:a3:a6:3c:b0:bb:
                    d5:33:76:20:c0:ae:b3:da:56:9c:2e:06:e3:44:ba:
                    6b:fc:0a:e6:53:b6:6c:d0:72:ed:f5:d5:be:a6:94:
                    3b:6c:6b:c3:4d:0e:d4:1a:e6:19:14:52:f9:aa:e2:
                    5d:64:c8:fc:39:ab:32:13:5f:ab:31:0c:14:a5:fe:
                    ba:83:48:98:2d:35:f7:e2:0c:60:2d:a4:11:b7:11:
                    02:3d:90:0c:63:a9:8b:c5:0e:11:eb:8a:05:f9:77:
                    f1:68:70:eb:37:39:62:14:36:6b:db:84:91:92:ee:
                    d8:2e:6a:de:be:b1:fa:b3:a6:67:66:c5:a5:29:cf:
                    8b:c5:7c:24:e9:aa:2c:b0:1e:78:60:3e:e9:d6:84:
                    16:9c:32:63:37:20:35:51:c6:7a:c8:66:36:c9:48:
                    bc:19:22:5c:f2:1d:6d:9a:26:fd:20:3c:07:e8:78:
                    80:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:6D:4F:41:C5:A8:8D:85:18:82:18:8C:02:ED:DE:AF:C4:DC:3A:18
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/hG1PQcWojYUYghiMAu3er8TcOhg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.176.0/23
                  82.152.249.0/24
                  82.152.252.0/24
                  82.152.254.0/24
                  82.153.68.0/24
                  82.153.208.0/23
                  82.153.211.0/24
                  82.153.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:f8:f0:5e:a8:a7:72:cf:b4:a8:76:2f:09:96:c4:27:dd:74:
         43:71:0b:ed:51:17:87:08:f3:86:bb:3d:b7:7d:ea:a6:5c:2d:
         6e:7a:a7:25:24:8f:6c:a6:8b:02:3c:a0:fc:37:a3:0a:53:f8:
         02:0e:d8:51:92:49:5d:52:d5:8b:cb:4b:9d:ee:9f:e3:30:f2:
         92:64:a9:89:51:ab:8a:f5:a9:dd:4e:da:df:cc:5b:b0:ed:09:
         5a:b2:35:e1:94:47:b0:77:12:02:d0:0f:a6:f5:5f:4e:15:fb:
         4d:93:1e:db:2e:a9:b9:b1:e3:b6:58:73:34:c0:f6:59:8a:ac:
         b0:a3:7f:f4:af:0d:10:6a:95:62:99:f4:15:55:f4:e3:97:25:
         c3:c6:8f:df:a2:de:45:89:91:fc:ba:38:2b:ed:ae:fe:a9:d6:
         81:e0:3e:3a:36:2a:bb:e4:b8:c3:79:46:4b:3e:6b:3c:05:5d:
         51:31:b9:d8:e8:d7:87:c5:a1:e4:2a:1f:cd:4c:f4:5a:0f:82:
         4a:f8:31:27:ed:e0:5f:db:fe:70:d1:c0:7f:30:bc:a2:00:bc:
         eb:b6:99:4d:49:71:82:ea:d6:5d:f5:5d:fd:1b:1d:7f:18:d4:
         cf:06:7b:6a:5a:e4:0f:51:62:cf:a9:23:04:e9:08:73:38:12:
         d0:7f:cf:3a
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYa8A6SRV+Gbw4nV/eu86LTjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwMzA3MTIyMDAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDZkNGY0MWM1YTg4ZDg1MTg4MjE4OGMwMmVkZGVhZmM0ZGMzYTE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqyxFaU5DqtwlPNWs0/OAzPpoOhKG
eBcnvg8f3DqevNdQI9JFqPZtMYgFJxD+SAgPvsUoaUhCRU/ZVUXg4UDaxO6nCcgZ
IUyWW0uRUn+cPf+HjQVIo6Y8sLvVM3YgwK6z2lacLgbjRLpr/ArmU7Zs0HLt9dW+
ppQ7bGvDTQ7UGuYZFFL5quJdZMj8OasyE1+rMQwUpf66g0iYLTX34gxgLaQRtxEC
PZAMY6mLxQ4R64oF+XfxaHDrNzliFDZr24SRku7YLmrevrH6s6ZnZsWlKc+LxXwk
6aossB54YD7p1oQWnDJjNyA1UcZ6yGY2yUi8GSJc8h1tmib9IDwH6HiA0QIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFIRtT0HFqI2FGIIYjALt3q/E3DoYMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvaEcxUFFjV29qWVVZZ2hpTUF1M2VyOFRjT2hnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQBUpiwAwQA
Upj5AwQAUpj8AwQAUpj+AwQAUplEAwQBUpnQAwQAUpnTAwQAUpnzMA0GCSqGSIb3
DQEBCwUAA4IBAQBi+PBeqKdyz7Sodi8JlsQn3XRDcQvtUReHCPOGuz23feqmXC1u
eqclJI9sposCPKD8N6MKU/gCDthRkkldUtWLy0ud7p/jMPKSZKmJUauK9andTtrf
zFuw7QlasjXhlEewdxIC0A+m9V9OFftNkx7bLqm5seO2WHM0wPZZiqywo3/0rw0Q
apVimfQVVfTjlyXDxo/fot5FiZH8ujgr7a7+qdaB4D46Niq75LjDeUZLPms8BV1R
MbnY6NeHxaHkKh/NTPRaD4JK+DEn7eBf2/5w0cB/MLyiALzrtplNSXGC6tZd9V39
Gx1/GNTPBntqWuQPUWLPqSME6QhzOBLQf886
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:30 2024 by rpki-client on console-ams.rpki-client.org