Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/n7kVHLxEp8WvY469Eh7bwv_NJh8.roa
File:                     n7kVHLxEp8WvY469Eh7bwv_NJh8.roa (raw, json)
Hash identifier:          /9NNLOXG158PYgvSRn/nf+oFBJ6nW3OMFHLDWD+8yNI=
Subject key identifier:   9F:B9:15:1C:BC:44:A7:C5:AF:63:8E:BD:12:1E:DB:C2:FF:CD:26:1F
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018FCDA92EA286CC5EEB3A40CCD7A73B5366
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/n7kVHLxEp8WvY469Eh7bwv_NJh8.roa
Signing time:             Fri 31 May 2024 07:59:27 +0000
ROA not before:           Fri 31 May 2024 07:59:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        80.240.88.0/21 maxlen: 24
                          82.152.174.0/23 maxlen: 23
                          82.153.208.0/22 maxlen: 22
                          82.163.24.0/21 maxlen: 24
                          89.213.143.0/24 maxlen: 24
                          89.213.147.0/24 maxlen: 24
                          89.213.181.0/24 maxlen: 24
                          89.213.198.0/23 maxlen: 24
                          89.213.200.0/23 maxlen: 24
                          89.213.202.0/23 maxlen: 24
                          89.213.204.0/23 maxlen: 24
Validation:               Failed, certificate revoked on Mon 03 Jun 2024 11:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:cd:a9:2e:a2:86:cc:5e:eb:3a:40:cc:d7:a7:3b:53:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 31 07:59:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9fb9151cbc44a7c5af638ebd121edbc2ffcd261f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:7a:35:4d:d9:61:57:59:65:ad:e4:b4:da:a2:
                    9e:1e:9d:63:78:2a:b2:7c:36:ed:12:6a:2e:0a:27:
                    c0:5c:06:46:3f:c6:e9:d5:42:f2:62:4c:dd:63:12:
                    26:e6:8e:1e:8a:65:0b:42:a4:17:a1:f0:c9:9d:32:
                    0a:c4:74:b5:17:6c:78:f9:ac:c3:90:a5:cd:e5:fa:
                    ae:5b:70:3a:9c:99:f6:6e:01:7f:5e:23:8c:92:6c:
                    c9:6d:91:ae:94:7d:1a:46:38:ad:af:e8:62:93:15:
                    eb:b6:1b:db:a8:5b:b7:00:d3:84:97:82:27:57:79:
                    17:79:5d:c1:24:98:53:4e:aa:9d:c8:ee:17:50:52:
                    1e:c1:dd:36:62:6f:ca:d7:d4:90:f9:b9:8f:4e:6c:
                    68:bb:13:43:ce:0b:6b:e3:67:1d:74:30:b0:3d:50:
                    c4:a2:35:3f:f3:e5:c1:ef:74:02:1f:89:84:30:98:
                    b2:ea:b9:2f:a1:d1:3e:97:11:65:58:df:15:c0:ab:
                    80:ac:88:63:09:12:79:02:b2:6b:32:d9:9d:e3:51:
                    ba:c6:4f:dc:d0:8d:f9:96:15:f7:3d:85:14:a6:2b:
                    fb:be:99:99:22:f5:68:87:0a:a7:19:ca:53:25:4a:
                    e4:b1:27:23:23:56:45:e8:f8:9b:a4:b7:36:46:17:
                    0a:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:B9:15:1C:BC:44:A7:C5:AF:63:8E:BD:12:1E:DB:C2:FF:CD:26:1F
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/n7kVHLxEp8WvY469Eh7bwv_NJh8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.240.88.0/21
                  82.152.174.0/23
                  82.153.208.0/22
                  82.163.24.0/21
                  89.213.143.0/24
                  89.213.147.0/24
                  89.213.181.0/24
                  89.213.198.0-89.213.205.255

    Signature Algorithm: sha256WithRSAEncryption
         59:7c:88:c7:53:e7:50:82:c8:e4:41:fa:fc:25:69:d3:29:65:
         01:e7:2b:4a:95:1c:f4:5c:99:f8:4a:21:dc:db:bb:53:56:ce:
         32:bd:29:80:e5:3d:c6:bc:d7:6b:aa:88:21:ff:7e:c0:b3:18:
         de:d1:96:c3:5a:a4:c6:d8:30:0c:70:e1:19:e9:ac:f8:e6:57:
         c7:6f:db:c5:3b:47:f0:e4:49:1a:a5:6e:1b:ca:a5:de:fc:e6:
         16:fd:82:52:20:26:2e:a4:d2:dd:00:eb:f6:7f:c5:35:6d:e6:
         8c:97:21:c8:ed:84:f2:78:73:d0:c6:d6:c2:56:f8:28:2c:26:
         61:f2:47:0b:2b:d3:5f:05:7c:2b:b2:a6:61:63:a5:38:fb:45:
         78:5d:9b:a3:94:cc:30:48:fa:9d:32:db:b3:56:77:e1:f8:91:
         dc:a9:37:28:cf:d5:ba:31:13:86:8b:d4:4b:ef:65:96:22:67:
         d3:3a:a1:69:65:51:89:60:4f:0b:4a:ef:8e:6b:d9:a0:ae:bd:
         dd:fd:69:3b:85:0d:40:99:96:f3:8e:b1:e0:70:91:30:03:d5:
         a6:79:c3:03:03:f6:79:7b:8c:c5:19:fc:87:96:68:1a:33:b9:
         f9:80:e8:d1:31:ea:82:81:b0:90:90:db:af:c7:af:75:22:0d:
         8d:42:d2:90
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAY/NqS6ihsxe6zpAzNenO1NmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNTMxMDc1OTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmI5MTUxY2JjNDRhN2M1YWY2MzhlYmQxMjFlZGJjMmZmY2QyNjFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlno1TdlhV1llreS02qKeHp1jeCqy
fDbtEmouCifAXAZGP8bp1ULyYkzdYxIm5o4eimULQqQXofDJnTIKxHS1F2x4+azD
kKXN5fquW3A6nJn2bgF/XiOMkmzJbZGulH0aRjitr+hikxXrthvbqFu3ANOEl4In
V3kXeV3BJJhTTqqdyO4XUFIewd02Ym/K19SQ+bmPTmxouxNDzgtr42cddDCwPVDE
ojU/8+XB73QCH4mEMJiy6rkvodE+lxFlWN8VwKuArIhjCRJ5ArJrMtmd41G6xk/c
0I35lhX3PYUUpiv7vpmZIvVohwqnGcpTJUrksScjI1ZF6PibpLc2RhcKRQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFJ+5FRy8RKfFr2OOvRIe28L/zSYfMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvbjdrVkhMeEVwOFd2WTQ2OUVoN2J3dl9OSmg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQDUPBYAwQB
UpiuAwQCUpnQAwQDUqMYAwQAWdWPAwQAWdWTAwQAWdW1MAwDBAFZ1cYDBAFZ1cww
DQYJKoZIhvcNAQELBQADggEBAFl8iMdT51CCyORB+vwladMpZQHnK0qVHPRcmfhK
Idzbu1NWzjK9KYDlPca812uqiCH/fsCzGN7RlsNapMbYMAxw4RnprPjmV8dv28U7
R/DkSRqlbhvKpd785hb9glIgJi6k0t0A6/Z/xTVt5oyXIcjthPJ4c9DG1sJW+Cgs
JmHyRwsr018FfCuypmFjpTj7RXhdm6OUzDBI+p0y27NWd+H4kdypNyjP1boxE4aL
1EvvZZYiZ9M6oWllUYlgTwtK745r2aCuvd39aTuFDUCZlvOOseBwkTAD1aZ5wwMD
9nl7jMUZ/IeWaBozufmA6NEx6oKBsJCQ26/Hr3UiDY1C0pA=
-----END CERTIFICATE-----