Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/pr4JyXCn4fe7fxsD84YGN6Vjaz8.roa
File:                     pr4JyXCn4fe7fxsD84YGN6Vjaz8.roa (raw, json)
Hash identifier:          V82tJCahBboQap/12p8miRT1e9kuMYxpTVhsTk/GPf4=
Subject key identifier:   A6:BE:09:C9:70:A7:E1:F7:BB:7F:1B:03:F3:86:06:37:A5:63:6B:3F
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018EC1DE91A1ECAF85E7A97EE12B8299B54D
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/pr4JyXCn4fe7fxsD84YGN6Vjaz8.roa
Signing time:             Tue 09 Apr 2024 07:59:32 +0000
ROA not before:           Tue 09 Apr 2024 07:59:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        37.252.27.0/24 maxlen: 24
                          81.5.189.0/24 maxlen: 24
                          82.152.49.0/24 maxlen: 24
                          82.153.65.0/24 maxlen: 24
                          89.213.152.0/24 maxlen: 24
                          89.213.176.0/24 maxlen: 24
                          89.213.183.0/24 maxlen: 24
                          212.38.74.0/24 maxlen: 24
                          212.38.79.0/24 maxlen: 24
                          212.38.84.0/24 maxlen: 24
                          213.130.138.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 15 Apr 2024 08:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c1:de:91:a1:ec:af:85:e7:a9:7e:e1:2b:82:99:b5:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr  9 07:59:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a6be09c970a7e1f7bb7f1b03f3860637a5636b3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:df:f6:9f:46:ee:90:21:54:5d:af:80:85:a5:
                    b1:2e:45:b2:dc:85:6a:d3:55:c1:53:47:d1:d0:a5:
                    22:ea:53:e1:eb:ec:65:a0:cd:d0:e4:dd:47:6e:f2:
                    98:55:44:bf:b5:47:15:b7:87:61:0a:61:57:88:38:
                    c3:41:f0:98:47:d4:41:4a:65:8a:44:20:81:a2:cc:
                    ae:72:ae:5d:48:03:e5:63:2c:cb:fe:c8:1f:80:ca:
                    50:e5:74:e4:d2:49:ca:d6:50:bc:7d:c0:35:c0:29:
                    3f:62:01:a7:ed:4f:5d:06:3e:19:b6:89:3d:8f:32:
                    d2:4d:9d:f5:83:fe:59:5a:b9:06:c4:2e:59:66:22:
                    85:4a:54:f3:97:ad:62:10:a6:43:bd:09:e3:2e:3e:
                    f4:13:9f:ef:73:80:01:8c:0a:fb:f2:2e:8f:cc:6d:
                    df:49:21:3c:54:01:8d:ff:69:46:f2:fb:49:12:46:
                    1f:39:47:5e:55:af:5b:5d:6a:35:73:e9:79:8e:15:
                    e0:c5:20:df:e9:a8:00:1b:d0:dc:37:a7:1c:3b:70:
                    bb:34:4b:8f:99:f1:c0:e2:ee:08:b3:62:5b:e2:f8:
                    cc:a1:d3:e2:c5:25:1a:b1:61:35:27:4f:50:27:af:
                    3c:0f:30:df:92:b6:df:f4:ae:05:b1:8c:7f:5e:a5:
                    e6:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:BE:09:C9:70:A7:E1:F7:BB:7F:1B:03:F3:86:06:37:A5:63:6B:3F
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/pr4JyXCn4fe7fxsD84YGN6Vjaz8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.252.27.0/24
                  81.5.189.0/24
                  82.152.49.0/24
                  82.153.65.0/24
                  89.213.152.0/24
                  89.213.176.0/24
                  89.213.183.0/24
                  212.38.74.0/24
                  212.38.79.0/24
                  212.38.84.0/24
                  213.130.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:05:3d:06:38:10:c5:44:ae:40:87:d8:dd:b1:9a:75:cd:d0:
         70:79:e0:18:f5:8d:60:a4:33:7e:32:82:00:7f:a4:74:17:87:
         d5:76:bc:9c:25:81:a7:88:8c:4c:b7:53:33:2b:e0:b6:01:46:
         60:a0:a3:bb:b9:58:71:be:ad:12:31:c4:17:7b:f1:b9:ae:31:
         1a:71:41:5d:22:24:b1:f5:c0:71:e1:0f:eb:79:30:91:3d:0c:
         91:1b:40:b1:1b:59:6a:19:9e:79:5b:7e:e2:8b:de:80:4c:51:
         3b:14:6e:de:26:0f:53:c7:1c:d0:2c:49:98:da:3c:b2:3b:e2:
         17:9e:85:bd:48:bd:fb:13:9c:a6:11:2c:0c:34:d4:a1:9a:6d:
         03:ea:65:95:4b:58:6c:f6:e9:51:9c:6e:af:9d:54:60:a6:7d:
         b2:be:7b:e5:ab:48:90:00:19:11:74:44:b0:d6:63:4a:b7:8a:
         dc:e1:5f:f1:28:9e:3d:8a:1a:a3:ee:5b:b4:30:4c:23:11:52:
         49:33:15:66:84:b8:77:a3:83:47:ff:7e:ec:85:f0:23:17:b7:
         79:db:3b:fe:c5:98:9e:9d:a7:2c:a5:23:f8:1b:88:33:00:14:
         bc:6e:2d:c0:96:a2:fd:80:86:aa:f8:21:3f:3c:68:20:78:3a:
         fd:3b:bc:b0
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAY7B3pGh7K+F56l+4SuCmbVNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNDA5MDc1OTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmJlMDljOTcwYTdlMWY3YmI3ZjFiMDNmMzg2MDYzN2E1NjM2YjNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4t/2n0bukCFUXa+AhaWxLkWy3IVq
01XBU0fR0KUi6lPh6+xloM3Q5N1HbvKYVUS/tUcVt4dhCmFXiDjDQfCYR9RBSmWK
RCCBosyucq5dSAPlYyzL/sgfgMpQ5XTk0knK1lC8fcA1wCk/YgGn7U9dBj4Ztok9
jzLSTZ31g/5ZWrkGxC5ZZiKFSlTzl61iEKZDvQnjLj70E5/vc4ABjAr78i6PzG3f
SSE8VAGN/2lG8vtJEkYfOUdeVa9bXWo1c+l5jhXgxSDf6agAG9DcN6ccO3C7NEuP
mfHA4u4Is2Jb4vjModPixSUasWE1J09QJ688DzDfkrbf9K4FsYx/XqXmgQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFKa+Cclwp+H3u38bA/OGBjelY2s/MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvcHI0SnlYQ240ZmU3ZnhzRDg0WUdONlZqYXo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQAJfwbAwQA
UQW9AwQAUpgxAwQAUplBAwQAWdWYAwQAWdWwAwQAWdW3AwQA1CZKAwQA1CZPAwQA
1CZUAwQA1YKKMA0GCSqGSIb3DQEBCwUAA4IBAQBGBT0GOBDFRK5Ah9jdsZp1zdBw
eeAY9Y1gpDN+MoIAf6R0F4fVdrycJYGniIxMt1MzK+C2AUZgoKO7uVhxvq0SMcQX
e/G5rjEacUFdIiSx9cBx4Q/reTCRPQyRG0CxG1lqGZ55W37ii96ATFE7FG7eJg9T
xxzQLEmY2jyyO+IXnoW9SL37E5ymESwMNNShmm0D6mWVS1hs9ulRnG6vnVRgpn2y
vnvlq0iQABkRdESw1mNKt4rc4V/xKJ49ihqj7lu0MEwjEVJJMxVmhLh3o4NH/37s
hfAjF7d52zv+xZienacspSP4G4gzABS8bi3AlqL9gIaq+CE/PGggeDr9O7yw
-----END CERTIFICATE-----