Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/kSu7Wh8Sgf4MGhjmhYWllhH8xjc.roa
File:                     kSu7Wh8Sgf4MGhjmhYWllhH8xjc.roa (raw, json)
Hash identifier:          2N/nlAhpshx9NpIe42RSGxKNBPjHqMPBJYNvubAZZCs=
Subject key identifier:   91:2B:BB:5A:1F:12:81:FE:0C:1A:18:E6:85:85:A5:96:11:FC:C6:37
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018D0CEE4FED41E252CECD3F722A03020C93
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/kSu7Wh8Sgf4MGhjmhYWllhH8xjc.roa
Signing time:             Mon 15 Jan 2024 11:42:41 +0000
ROA not before:           Mon 15 Jan 2024 11:42:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        82.153.136.0/22 maxlen: 22
                          81.168.119.0/24 maxlen: 24
                          109.176.253.0/24 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          89.213.139.0/24 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.148.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          213.152.42.0/24 maxlen: 24
                          89.213.165.0/24 maxlen: 24
                          89.213.172.0/22 maxlen: 24
                          82.153.220.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 16 Jan 2024 09:30:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:0c:ee:4f:ed:41:e2:52:ce:cd:3f:72:2a:03:02:0c:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan 15 11:42:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=912bbb5a1f1281fe0c1a18e68585a59611fcc637
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:4f:b2:b9:15:0a:51:3e:b4:e5:04:3f:6d:87:
                    d8:98:a9:38:b4:4d:e8:92:69:87:2a:99:c6:52:bd:
                    2b:0b:9d:df:85:75:e4:a7:a7:17:2d:85:be:98:51:
                    ab:2b:14:fa:ad:a1:3f:d2:46:8e:28:f9:2b:5a:0c:
                    57:7d:6a:35:e1:3d:6f:38:52:43:41:20:9c:7e:c6:
                    0a:e1:18:0a:04:04:fb:31:7b:a1:56:ce:cf:ce:10:
                    63:39:51:92:88:40:0e:b8:c6:24:02:cd:89:10:0e:
                    ee:dc:ff:63:aa:e4:19:f4:25:a4:85:88:2e:e7:86:
                    88:84:70:ac:11:af:0d:29:2b:75:2f:48:6d:cb:64:
                    a6:d6:cf:b3:68:13:16:9d:4a:9b:d0:82:79:5c:03:
                    d8:ba:a3:04:27:2c:63:41:b5:47:75:dd:4d:78:7c:
                    db:95:22:49:95:14:3f:04:1c:6c:f9:f4:59:c8:09:
                    89:d1:ac:30:1f:20:c5:85:84:3e:8b:3f:25:29:cb:
                    e7:03:f3:9a:f8:07:04:9d:f0:ce:e9:9e:ff:54:6c:
                    c0:b9:97:fa:c0:8e:32:a0:59:3c:95:12:87:99:1f:
                    22:cd:f6:bf:62:3d:ab:33:ef:79:94:18:a7:b0:cc:
                    87:29:5c:87:ab:f7:52:5e:19:00:5b:94:57:60:99:
                    7c:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:2B:BB:5A:1F:12:81:FE:0C:1A:18:E6:85:85:A5:96:11:FC:C6:37
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/kSu7Wh8Sgf4MGhjmhYWllhH8xjc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.119.0/24
                  82.153.136.0/22
                  82.153.220.0/24
                  89.213.139.0/24
                  89.213.148.0-89.213.159.255
                  89.213.165.0/24
                  89.213.172.0/22
                  89.213.180.0/24
                  109.176.253.0/24
                  185.49.126.0/23
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:72:c2:ab:28:72:70:73:3f:dc:61:24:1d:e3:b2:8c:72:df:
         e2:28:4d:32:ae:c0:d7:8c:30:e1:19:4c:7d:fd:6b:d8:64:e8:
         84:5d:a3:15:0f:35:a7:1d:6b:bc:1e:cc:a0:1c:77:45:1a:bd:
         3e:86:94:f8:3c:c9:55:58:22:22:14:76:76:fd:8c:40:c2:3a:
         07:6a:4b:62:5f:65:35:4f:ac:be:36:cf:ec:0b:57:a7:9d:06:
         e2:11:90:28:84:72:b9:cc:d3:8f:27:9c:68:a8:1b:66:c3:f2:
         23:ec:10:91:24:08:f4:15:42:09:a3:1c:58:02:85:51:f8:78:
         cc:3c:18:aa:81:49:7a:ef:a8:b2:5b:00:a0:f6:42:de:5a:3c:
         c6:79:06:ab:bd:9c:50:dc:12:cf:1d:0d:31:3b:7f:8d:e6:f1:
         51:c2:b8:53:97:ad:e3:d8:79:83:03:1d:21:4e:e1:1c:7b:72:
         3a:1c:8e:61:1b:ff:6c:50:68:9c:0c:b2:be:82:e0:6c:f3:86:
         0e:21:48:c1:59:3c:39:70:90:e2:4b:81:0d:9b:3c:8c:83:4d:
         5c:5f:85:59:76:f9:74:27:41:f7:7d:6d:db:69:22:a3:f3:27:
         c7:4f:5e:d3:48:7c:94:d1:bc:a4:86:5a:28:1a:01:36:49:84:
         04:53:6b:31
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAY0M7k/tQeJSzs0/cioDAgyTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMTE1MTE0MjQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTJiYmI1YTFmMTI4MWZlMGMxYTE4ZTY4NTg1YTU5NjExZmNjNjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjU+yuRUKUT605QQ/bYfYmKk4tE3o
kmmHKpnGUr0rC53fhXXkp6cXLYW+mFGrKxT6raE/0kaOKPkrWgxXfWo14T1vOFJD
QSCcfsYK4RgKBAT7MXuhVs7PzhBjOVGSiEAOuMYkAs2JEA7u3P9jquQZ9CWkhYgu
54aIhHCsEa8NKSt1L0hty2Sm1s+zaBMWnUqb0IJ5XAPYuqMEJyxjQbVHdd1NeHzb
lSJJlRQ/BBxs+fRZyAmJ0awwHyDFhYQ+iz8lKcvnA/Oa+AcEnfDO6Z7/VGzAuZf6
wI4yoFk8lRKHmR8izfa/Yj2rM+95lBinsMyHKVyHq/dSXhkAW5RXYJl8SQIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFJEru1ofEoH+DBoY5oWFpZYR/MY3MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEva1N1N1doOFNnZjRNR2hqbWhZV2xsaEg4eGpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQAUah3AwQC
UpmIAwQAUpncAwQAWdWLMAwDBAJZ1ZQDBAVZ1YADBABZ1aUDBAJZ1awDBABZ1bQD
BABtsP0DBAG5MX4DBADVmCowDQYJKoZIhvcNAQELBQADggEBAJxywqsocnBzP9xh
JB3jsoxy3+IoTTKuwNeMMOEZTH39a9hk6IRdoxUPNacda7wezKAcd0UavT6GlPg8
yVVYIiIUdnb9jEDCOgdqS2JfZTVPrL42z+wLV6edBuIRkCiEcrnM048nnGioG2bD
8iPsEJEkCPQVQgmjHFgChVH4eMw8GKqBSXrvqLJbAKD2Qt5aPMZ5Bqu9nFDcEs8d
DTE7f43m8VHCuFOXrePYeYMDHSFO4Rx7cjocjmEb/2xQaJwMsr6C4Gzzhg4hSMFZ
PDlwkOJLgQ2bPIyDTVxfhVl2+XQnQfd9bdtpIqPzJ8dPXtNIfJTRvKSGWigaATZJ
hARTazE=
-----END CERTIFICATE-----