Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/lcDBvhhyBa2fHvWnOb88Rd0GwZw.roa
File:                     lcDBvhhyBa2fHvWnOb88Rd0GwZw.roa (raw, json)
Hash identifier:          PcCGQScCk+95NKdj4cMRNpf80AmXyhrGWOV48G5XoBc=
Subject key identifier:   95:C0:C1:BE:18:72:05:AD:9F:1E:F5:A7:39:BF:3C:45:DD:06:C1:9C
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018926BE42803278EDEFF7BF0D3EEBC8D476
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/lcDBvhhyBa2fHvWnOb88Rd0GwZw.roa
Signing time:             Wed 05 Jul 2023 15:49:10 +0000
ROA not before:           Wed 05 Jul 2023 15:49:10 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     140155
IP address blocks:        82.153.227.0/24 maxlen: 24
                          89.213.174.0/24 maxlen: 24
                          89.213.181.0/24 maxlen: 24
                          89.213.189.0/24 maxlen: 24
                          89.213.188.0/24 maxlen: 24
                          89.213.141.0/24 maxlen: 24
                          89.213.146.0/24 maxlen: 24
                          109.176.252.0/24 maxlen: 24
                          109.176.253.0/24 maxlen: 24
                          109.176.251.0/24 maxlen: 24
                          89.213.154.0/24 maxlen: 24
                          82.153.225.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 07 Jul 2023 15:30:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:26:be:42:80:32:78:ed:ef:f7:bf:0d:3e:eb:c8:d4:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jul  5 15:49:10 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=95c0c1be187205ad9f1ef5a739bf3c45dd06c19c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:9e:4c:6e:df:b5:9d:84:94:19:11:a9:d4:4a:
                    d9:2f:53:4e:e4:61:d7:49:86:d1:51:a4:3e:92:26:
                    75:9e:f5:f4:40:78:fc:e0:af:75:e9:34:3c:2c:4c:
                    23:54:4c:fa:33:c8:cb:5a:e2:75:ee:fd:ae:5f:f9:
                    46:72:24:3b:2f:88:ae:79:4e:e0:cf:dd:11:0f:f5:
                    f5:53:2c:b2:cd:bd:0d:e8:69:74:e0:a3:6c:63:ee:
                    5b:4e:c8:8e:68:c6:4e:27:4f:f0:2c:8d:e8:bd:1b:
                    96:90:dc:c6:51:f4:27:fb:24:ad:be:a9:7d:fe:d8:
                    94:f8:57:ff:70:d0:28:d8:b2:66:29:69:e5:c6:4e:
                    e4:1c:b2:11:1d:72:9e:63:c0:2c:1a:c8:b2:3b:1d:
                    bd:a4:4c:81:ba:24:a8:e6:1b:29:40:e4:86:be:f4:
                    99:86:61:27:3e:bc:52:f6:1c:99:68:25:3d:2e:e7:
                    cb:f5:97:34:1e:21:9f:3f:fc:e4:08:f6:f9:fb:37:
                    f2:02:d9:41:46:c8:a9:dd:ce:6a:4b:3f:04:eb:8a:
                    47:61:58:69:b0:90:c9:c9:29:a7:e7:76:c7:b3:77:
                    ac:e4:ca:d3:b1:ac:e6:e9:d4:21:8b:f4:89:2e:17:
                    1a:0f:6b:37:2d:01:0d:f8:e7:1b:02:93:e2:2e:4a:
                    60:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:C0:C1:BE:18:72:05:AD:9F:1E:F5:A7:39:BF:3C:45:DD:06:C1:9C
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/lcDBvhhyBa2fHvWnOb88Rd0GwZw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.225.0/24
                  82.153.227.0/24
                  89.213.141.0/24
                  89.213.146.0/24
                  89.213.154.0/24
                  89.213.174.0/24
                  89.213.181.0/24
                  89.213.188.0/23
                  109.176.251.0-109.176.253.255

    Signature Algorithm: sha256WithRSAEncryption
         4c:91:91:8b:b5:4e:50:ca:c4:95:0d:de:ce:e0:eb:5d:17:f3:
         7e:38:bf:18:62:12:dd:4c:53:17:68:4d:27:fd:b4:a7:7e:87:
         2e:89:2f:3b:6b:f1:c4:3e:a9:2a:bd:57:dd:38:00:74:75:07:
         4e:40:a7:97:0e:03:70:6c:12:93:9d:80:25:ce:db:93:cd:4f:
         26:e1:5c:5f:b4:d8:7d:61:74:08:ce:82:32:b7:11:ac:69:e1:
         53:45:9b:f0:74:77:3a:1d:ec:f7:d8:1a:1e:14:bf:9d:48:9d:
         13:df:1e:90:be:b5:eb:dd:50:2b:c1:d1:d4:53:2a:48:e4:be:
         21:62:5a:89:b1:8a:55:24:86:92:0a:40:0e:91:41:06:13:af:
         a9:1f:5c:e5:5e:0c:1a:5e:68:dd:16:a1:22:e1:12:95:19:e9:
         a2:68:64:20:ac:45:e7:36:76:b9:c6:2c:56:83:1a:52:bd:da:
         de:d1:de:76:89:08:20:e6:2b:1e:41:7a:46:be:a3:00:a4:07:
         87:fe:c9:cc:4a:ed:4f:93:06:f0:3a:53:0d:b7:43:c0:43:7b:
         68:d1:d2:22:66:ee:96:8b:75:1c:57:fb:82:fc:40:d1:87:ea:
         a3:35:4a:48:17:7b:70:f7:27:9a:43:58:09:6e:5a:23:b5:9b:
         55:20:65:2b
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYkmvkKAMnjt7/e/DT7ryNR2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNzA1MTU0OTEwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWMwYzFiZTE4NzIwNWFkOWYxZWY1YTczOWJmM2M0NWRkMDZjMTljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhZ5Mbt+1nYSUGRGp1ErZL1NO5GHX
SYbRUaQ+kiZ1nvX0QHj84K916TQ8LEwjVEz6M8jLWuJ17v2uX/lGciQ7L4iueU7g
z90RD/X1Uyyyzb0N6Gl04KNsY+5bTsiOaMZOJ0/wLI3ovRuWkNzGUfQn+yStvql9
/tiU+Ff/cNAo2LJmKWnlxk7kHLIRHXKeY8AsGsiyOx29pEyBuiSo5hspQOSGvvSZ
hmEnPrxS9hyZaCU9LufL9Zc0HiGfP/zkCPb5+zfyAtlBRsip3c5qSz8E64pHYVhp
sJDJySmn53bHs3es5MrTsazm6dQhi/SJLhcaD2s3LQEN+OcbApPiLkpgzQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFJXAwb4YcgWtnx71pzm/PEXdBsGcMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvbGNEQnZoaHlCYTJmSHZXbk9iODhSZDBHd1p3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQAUpnhAwQA
UpnjAwQAWdWNAwQAWdWSAwQAWdWaAwQAWdWuAwQAWdW1AwQBWdW8MAwDBABtsPsD
BAFtsPwwDQYJKoZIhvcNAQELBQADggEBAEyRkYu1TlDKxJUN3s7g610X8344vxhi
Et1MUxdoTSf9tKd+hy6JLztr8cQ+qSq9V904AHR1B05Ap5cOA3BsEpOdgCXO25PN
TybhXF+02H1hdAjOgjK3Eaxp4VNFm/B0dzod7PfYGh4Uv51InRPfHpC+tevdUCvB
0dRTKkjkviFiWomxilUkhpIKQA6RQQYTr6kfXOVeDBpeaN0WoSLhEpUZ6aJoZCCs
Rec2drnGLFaDGlK92t7R3naJCCDmKx5Beka+owCkB4f+ycxK7U+TBvA6Uw23Q8BD
e2jR0iJm7paLdRxX+4L8QNGH6qM1SkgXe3D3J5pDWAluWiO1m1UgZSs=
-----END CERTIFICATE-----