Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ldSBtcAZCivE9o72j99-EI63owI.roa
File:                     ldSBtcAZCivE9o72j99-EI63owI.roa (raw, json)
Hash identifier:          Wup4+QEQ9lSea4hl2c+P8JEtRzrz3wIGCc+FKmvhfTo=
Subject key identifier:   95:D4:81:B5:C0:19:0A:2B:C4:F6:8E:F6:8F:DF:7E:10:8E:B7:A3:02
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01894047BF8310B9A169C386BEA810DBE423
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ldSBtcAZCivE9o72j99-EI63owI.roa
Signing time:             Mon 10 Jul 2023 14:49:51 +0000
ROA not before:           Mon 10 Jul 2023 14:49:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        82.153.138.0/24 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          82.152.108.0/24 maxlen: 24
                          82.152.111.0/24 maxlen: 24
                          82.153.73.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          109.176.249.0/24 maxlen: 24
                          82.153.242.0/24 maxlen: 24
                          82.153.246.0/24 maxlen: 24
                          82.153.248.0/24 maxlen: 24
                          82.153.249.0/24 maxlen: 24
                          82.152.253.0/24 maxlen: 24
                          82.152.252.0/24 maxlen: 24
                          81.5.156.0/24 maxlen: 24
                          82.153.4.0/24 maxlen: 24
                          82.153.223.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 10 Jul 2023 15:13:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:40:47:bf:83:10:b9:a1:69:c3:86:be:a8:10:db:e4:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jul 10 14:49:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=95d481b5c0190a2bc4f68ef68fdf7e108eb7a302
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:41:22:a9:23:95:ca:93:e3:7a:80:10:18:ea:
                    aa:f8:76:0b:91:c4:b0:a4:9d:61:c7:83:3f:1f:46:
                    ab:05:58:cb:6a:0a:ed:fd:e6:46:9b:5f:17:db:39:
                    23:42:16:c4:d5:ba:d4:63:57:43:94:9a:b5:de:d6:
                    da:6f:c9:e3:6e:3e:78:a1:eb:07:49:ac:cc:72:37:
                    c6:2f:24:f1:87:aa:c8:87:09:bf:33:6e:8d:8a:3d:
                    3b:b6:8d:79:8f:38:a4:b1:af:78:8a:50:68:34:bf:
                    e1:66:09:e8:01:d7:dd:e6:3a:f4:4e:d2:11:eb:ea:
                    03:4a:06:36:d1:d5:8f:01:83:06:8e:d8:9a:39:24:
                    12:e3:09:3b:91:16:1c:93:c3:02:f4:62:22:54:e4:
                    fa:78:27:e7:b8:91:c3:91:84:61:3b:b0:a6:96:48:
                    6d:5f:0c:73:f4:a2:0d:d1:70:46:db:a9:ab:0d:75:
                    8b:5a:94:4f:24:fd:ca:bc:8b:b1:c2:55:e6:f8:aa:
                    04:59:2f:4e:ce:c0:74:c5:08:24:c6:eb:c0:d4:da:
                    51:f7:b1:17:bf:dc:a5:59:29:bb:a0:97:4c:75:7a:
                    ca:13:18:3f:c6:10:42:24:13:a9:e2:62:53:a3:cc:
                    16:90:49:52:39:59:14:4f:6d:a8:4f:3f:ec:ff:7e:
                    07:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:D4:81:B5:C0:19:0A:2B:C4:F6:8E:F6:8F:DF:7E:10:8E:B7:A3:02
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ldSBtcAZCivE9o72j99-EI63owI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.5.156.0/24
                  81.168.119.0/24
                  81.168.123.0/24
                  82.152.108.0/24
                  82.152.111.0/24
                  82.152.252.0/23
                  82.153.4.0/24
                  82.153.73.0/24
                  82.153.136.0/22
                  82.153.223.0/24
                  82.153.242.0/24
                  82.153.246.0/24
                  82.153.248.0/23
                  109.176.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:3f:50:e6:56:14:d7:d5:fe:0c:05:d8:1b:c9:d2:12:e4:0f:
         66:1c:c9:42:27:10:09:b2:bd:fc:3b:78:9e:ce:83:ec:8c:c5:
         ff:95:c8:c8:e3:a0:10:99:6b:09:94:2a:07:ba:dd:3b:80:ec:
         36:9a:e6:e6:f9:b6:e3:ba:27:29:c2:2c:80:b4:ff:2d:33:b3:
         cb:15:80:00:fa:04:67:13:17:0f:6c:2f:b0:1b:5c:e9:13:49:
         43:93:8d:11:3f:02:a4:6a:5f:91:28:6b:56:2f:55:b4:30:d9:
         ed:82:97:68:f0:db:ad:cb:a7:cd:1d:f7:2f:05:a7:5b:e7:04:
         2c:4e:3a:7a:8a:bd:f7:2c:88:f8:78:8e:75:36:08:61:2b:10:
         01:2c:e6:17:8c:2e:53:8f:50:b0:3a:67:35:59:d4:da:07:f0:
         17:80:dd:34:7b:54:72:49:ee:38:dc:34:83:ac:35:0b:56:9d:
         1f:de:58:f7:eb:78:0c:dc:89:57:04:bb:1c:8c:0e:be:bd:bc:
         1d:da:88:97:94:3c:89:d4:bc:49:17:10:55:4f:66:1a:ba:60:
         b0:7b:6c:c4:ba:cb:20:5b:df:f7:cc:22:17:5b:61:6c:1d:1f:
         12:e7:64:dc:b0:d8:1b:15:ca:1f:d3:e9:20:d4:1a:ba:c8:fb:
         59:cf:b8:da
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAYlAR7+DELmhacOGvqgQ2+QjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNzEwMTQ0OTUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWQ0ODFiNWMwMTkwYTJiYzRmNjhlZjY4ZmRmN2UxMDhlYjdhMzAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhUEiqSOVypPjeoAQGOqq+HYLkcSw
pJ1hx4M/H0arBVjLagrt/eZGm18X2zkjQhbE1brUY1dDlJq13tbab8njbj54oesH
SazMcjfGLyTxh6rIhwm/M26Nij07to15jziksa94ilBoNL/hZgnoAdfd5jr0TtIR
6+oDSgY20dWPAYMGjtiaOSQS4wk7kRYck8MC9GIiVOT6eCfnuJHDkYRhO7Cmlkht
Xwxz9KIN0XBG26mrDXWLWpRPJP3KvIuxwlXm+KoEWS9OzsB0xQgkxuvA1NpR97EX
v9ylWSm7oJdMdXrKExg/xhBCJBOp4mJTo8wWkElSOVkUT22oTz/s/34H/wIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFJXUgbXAGQorxPaO9o/ffhCOt6MCMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvbGRTQnRjQVpDaXZFOW83Mmo5OS1FSTYzb3dJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBaBAIAATBUAwQAUQWcAwQA
Uah3AwQAUah7AwQAUphsAwQAUphvAwQBUpj8AwQAUpkEAwQAUplJAwQCUpmIAwQA
UpnfAwQAUpnyAwQAUpn2AwQBUpn4AwQAbbD5MA0GCSqGSIb3DQEBCwUAA4IBAQAL
P1DmVhTX1f4MBdgbydIS5A9mHMlCJxAJsr38O3iezoPsjMX/lcjI46AQmWsJlCoH
ut07gOw2mubm+bbjuicpwiyAtP8tM7PLFYAA+gRnExcPbC+wG1zpE0lDk40RPwKk
al+RKGtWL1W0MNntgpdo8Nuty6fNHfcvBadb5wQsTjp6ir33LIj4eI51NghhKxAB
LOYXjC5Tj1CwOmc1WdTaB/AXgN00e1RySe443DSDrDULVp0f3lj363gM3IlXBLsc
jA6+vbwd2oiXlDyJ1LxJFxBVT2YaumCwe2zEussgW9/3zCIXW2FsHR8S52TcsNgb
Fcof0+kg1Bq6yPtZz7ja
-----END CERTIFICATE-----