Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/jj95H3zavE2Mb3xUYGxr8-cKo-k.roa
File:                     jj95H3zavE2Mb3xUYGxr8-cKo-k.roa (raw, json)
Hash identifier:          +Tjc9LOTRoZ9P1nnzuEd0T4h9MNVjdtF0KVs+qtW0HE=
Subject key identifier:   8E:3F:79:1F:7C:DA:BC:4D:8C:6F:7C:54:60:6C:6B:F3:E7:0A:A3:E9
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018BD70D08E267DE75E94E66E034787A6251
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/jj95H3zavE2Mb3xUYGxr8-cKo-k.roa
Signing time:             Thu 16 Nov 2023 07:33:57 +0000
ROA not before:           Thu 16 Nov 2023 07:33:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        89.213.180.0/22 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          109.176.245.0/24 maxlen: 24
                          109.176.246.0/24 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.148.0/22 maxlen: 24
                          109.176.248.0/24 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          213.152.42.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 17 Nov 2023 08:44:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:d7:0d:08:e2:67:de:75:e9:4e:66:e0:34:78:7a:62:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Nov 16 07:33:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8e3f791f7cdabc4d8c6f7c54606c6bf3e70aa3e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:69:b3:34:55:08:4c:5d:fd:5f:cd:e1:39:a8:
                    70:26:34:6a:d8:7e:ac:9b:19:fd:b8:02:11:9f:99:
                    23:1f:07:0c:15:13:06:d3:e9:9b:5b:46:b0:95:f9:
                    06:24:50:c4:d1:9d:8b:fa:a1:f9:07:ad:76:48:07:
                    9f:0f:49:c2:11:68:19:c9:f6:1a:e0:f2:42:70:d8:
                    df:7a:2f:af:33:c4:ee:24:7c:d5:f1:a0:91:c6:13:
                    40:bf:59:16:7e:53:df:48:43:c3:94:d6:71:8e:43:
                    e3:d2:93:92:92:fe:e3:51:22:8e:73:4a:b2:2a:cc:
                    ce:e9:f3:10:4f:37:4e:a8:4c:23:ca:70:64:0f:6c:
                    24:4d:46:60:21:b6:8d:33:dc:d3:f9:a6:75:9d:b2:
                    85:5b:66:f1:ed:12:e8:0a:74:a6:7c:92:99:5f:12:
                    fc:0e:96:33:69:e9:e7:be:a7:0a:a9:9f:15:91:d7:
                    6f:f2:7b:f6:73:4b:ec:04:aa:91:e0:71:b1:3f:f4:
                    88:c9:98:8c:ae:e0:0e:93:1c:31:7b:c4:0b:64:98:
                    f2:01:66:89:d7:3a:3a:8c:ab:8a:57:04:a7:7e:09:
                    9f:56:19:69:92:84:65:f2:4a:12:20:a3:e7:a1:72:
                    e2:25:fd:6e:9a:1e:7e:f9:d9:d7:30:d5:5d:cd:15:
                    4a:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:3F:79:1F:7C:DA:BC:4D:8C:6F:7C:54:60:6C:6B:F3:E7:0A:A3:E9
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/jj95H3zavE2Mb3xUYGxr8-cKo-k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.119.0/24
                  81.168.123.0/24
                  82.153.136.0/22
                  89.213.148.0-89.213.159.255
                  89.213.180.0/22
                  109.176.245.0-109.176.246.255
                  109.176.248.0/24
                  185.49.126.0/23
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:fd:f3:84:e6:24:61:e5:4c:44:ae:b7:e4:b3:d6:cf:87:61:
         ce:a3:d7:13:66:d8:aa:8d:d7:b4:b6:13:1c:b4:2b:c9:38:d5:
         88:c5:9e:a0:0a:22:a7:b7:5a:0f:fa:a4:6a:92:20:ea:97:72:
         7d:1e:85:4e:42:67:4e:f3:fb:1b:74:80:a8:b9:bf:e4:dd:df:
         95:52:f7:4f:a3:25:a7:7a:42:bf:03:64:98:ac:5f:a7:cf:37:
         7f:1c:88:8b:2e:ff:66:0f:96:07:25:11:1c:8d:47:0f:10:41:
         33:fa:d6:ba:00:a3:4f:36:df:9a:d1:02:bc:a2:63:84:98:6b:
         1e:b0:f4:f0:17:27:23:5a:6a:8c:d5:68:27:b8:a3:61:0b:0d:
         89:ab:54:7b:89:14:b5:87:1e:d8:46:1d:43:a5:fd:69:4b:bb:
         54:e4:ad:6f:5b:21:e9:14:40:e9:17:bc:f4:24:93:de:46:15:
         be:be:e2:9f:3d:34:17:90:e1:c9:c2:42:c9:3f:bd:67:35:da:
         68:a5:d7:a2:09:42:61:72:6c:3a:6c:db:d4:34:1f:ab:f2:20:
         f6:75:8b:5a:c5:09:e4:ac:99:4c:19:4b:b4:6b:28:2e:a6:59:
         01:f2:20:b3:0c:75:fd:c1:d2:b7:c0:f4:b6:b7:24:fe:18:4d:
         14:73:80:c0
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYvXDQjiZ9516U5m4DR4emJRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMxMTE2MDczMzU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTNmNzkxZjdjZGFiYzRkOGM2ZjdjNTQ2MDZjNmJmM2U3MGFhM2U5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq2mzNFUITF39X83hOahwJjRq2H6s
mxn9uAIRn5kjHwcMFRMG0+mbW0awlfkGJFDE0Z2L+qH5B612SAefD0nCEWgZyfYa
4PJCcNjfei+vM8TuJHzV8aCRxhNAv1kWflPfSEPDlNZxjkPj0pOSkv7jUSKOc0qy
KszO6fMQTzdOqEwjynBkD2wkTUZgIbaNM9zT+aZ1nbKFW2bx7RLoCnSmfJKZXxL8
DpYzaennvqcKqZ8Vkddv8nv2c0vsBKqR4HGxP/SIyZiMruAOkxwxe8QLZJjyAWaJ
1zo6jKuKVwSnfgmfVhlpkoRl8koSIKPnoXLiJf1umh5++dnXMNVdzRVKqwIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFI4/eR982rxNjG98VGBsa/PnCqPpMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvamo5NUgzemF2RTJNYjN4VVlHeHI4LWNLby1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjBMBAIAATBGAwQAUah3AwQA
Uah7AwQCUpmIMAwDBAJZ1ZQDBAVZ1YADBAJZ1bQwDAMEAG2w9QMEAG2w9gMEAG2w
+AMEAbkxfgMEANWYKjANBgkqhkiG9w0BAQsFAAOCAQEAiP3zhOYkYeVMRK635LPW
z4dhzqPXE2bYqo3XtLYTHLQryTjViMWeoAoip7daD/qkapIg6pdyfR6FTkJnTvP7
G3SAqLm/5N3flVL3T6Mlp3pCvwNkmKxfp883fxyIiy7/Zg+WByURHI1HDxBBM/rW
ugCjTzbfmtECvKJjhJhrHrD08BcnI1pqjNVoJ7ijYQsNiatUe4kUtYce2EYdQ6X9
aUu7VOStb1sh6RRA6Re89CST3kYVvr7inz00F5DhycJCyT+9ZzXaaKXXoglCYXJs
Omzb1DQfq/Ig9nWLWsUJ5KyZTBlLtGsoLqZZAfIgswx1/cHSt8D0trck/hhNFHOA
wA==
-----END CERTIFICATE-----