Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/qKc9Bnxd0Or2kE4Ag5UiPgtIfo8.roa
File:                     qKc9Bnxd0Or2kE4Ag5UiPgtIfo8.roa (raw, json)
Hash identifier:          KW9br70m3gjYZvm9rAM58B7fPeKPqdq4WnzfRdEDiKU=
Subject key identifier:   A8:A7:3D:06:7C:5D:D0:EA:F6:90:4E:00:83:95:22:3E:0B:48:7E:8F
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018EAD48346F9120D4514FC6731B7A0850DD
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/qKc9Bnxd0Or2kE4Ag5UiPgtIfo8.roa
Signing time:             Fri 05 Apr 2024 08:02:54 +0000
ROA not before:           Fri 05 Apr 2024 08:02:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        81.5.189.0/24 maxlen: 24
                          82.152.49.0/24 maxlen: 24
                          82.153.65.0/24 maxlen: 24
                          89.213.152.0/24 maxlen: 24
                          89.213.176.0/24 maxlen: 24
                          89.213.183.0/24 maxlen: 24
                          212.38.74.0/24 maxlen: 24
                          212.38.79.0/24 maxlen: 24
                          212.38.84.0/24 maxlen: 24
                          213.130.138.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Tue 09 Apr 2024 07:59:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:ad:48:34:6f:91:20:d4:51:4f:c6:73:1b:7a:08:50:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr  5 08:02:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a8a73d067c5dd0eaf6904e008395223e0b487e8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:ad:27:ed:a8:12:17:cc:04:e4:8b:c0:15:a0:
                    11:a7:2d:bb:de:77:4a:d0:0f:0c:fc:f7:45:d2:a1:
                    76:a3:f7:70:da:05:f7:da:f5:f1:15:a4:37:bd:e8:
                    8e:e6:d2:51:31:f9:b5:31:02:6c:40:2e:44:56:7f:
                    34:59:82:e2:f2:b8:aa:0d:0c:9c:ba:57:b3:73:4a:
                    81:2d:bd:ce:53:ef:db:31:a3:e8:6f:9f:b5:e7:83:
                    f2:3e:48:97:ab:86:e0:e9:35:f9:c5:3f:d1:f8:d5:
                    76:d4:c6:83:66:82:a9:f8:7c:b6:85:20:4d:dc:f5:
                    92:d2:c6:3f:b0:53:8e:5d:27:a7:84:ae:87:b6:5a:
                    f6:1d:af:5f:94:cd:9c:c4:f1:a6:c7:26:a7:28:00:
                    3c:28:c0:d3:83:56:ed:bf:06:b3:07:ba:29:b9:f4:
                    af:4a:c6:2b:7e:9b:1c:93:cc:47:87:53:56:90:1b:
                    d5:4c:cd:7d:1a:84:9b:46:4f:82:89:1c:5f:55:c9:
                    49:06:56:68:79:72:13:4d:18:b8:56:dc:19:01:6c:
                    f2:cc:4b:01:21:51:c6:92:16:53:1a:12:de:f1:6a:
                    da:a6:60:cd:ec:f4:a0:4e:57:81:76:9e:72:67:83:
                    97:6d:13:51:74:4b:f2:76:af:a2:26:f9:0f:5c:f6:
                    af:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:A7:3D:06:7C:5D:D0:EA:F6:90:4E:00:83:95:22:3E:0B:48:7E:8F
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/qKc9Bnxd0Or2kE4Ag5UiPgtIfo8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.5.189.0/24
                  82.152.49.0/24
                  82.153.65.0/24
                  89.213.152.0/24
                  89.213.176.0/24
                  89.213.183.0/24
                  212.38.74.0/24
                  212.38.79.0/24
                  212.38.84.0/24
                  213.130.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:9c:6d:25:cb:3c:bb:c7:d9:83:eb:0a:54:a2:7a:d6:54:00:
         11:d7:ed:bb:66:16:9d:b7:d5:b6:11:c8:1d:ff:c2:54:35:50:
         00:9b:f9:c8:85:82:4d:52:89:86:3c:5c:c6:80:bc:d4:3a:aa:
         c5:48:52:83:0f:81:8b:fe:ba:bc:b0:ca:28:b2:9e:5b:7e:2d:
         ed:b4:03:ab:bb:e2:ad:2c:67:c7:77:3e:73:44:9b:e2:af:0a:
         4b:6a:e5:3f:86:f4:cf:af:50:06:f1:13:2c:d7:fa:44:8a:a8:
         af:3c:a0:1f:a5:06:cb:c8:78:13:08:d5:15:b5:a5:7e:44:e1:
         f1:6b:ca:ee:e8:dd:c5:4c:d4:52:ca:04:89:36:36:51:0c:c0:
         d1:ad:b5:6d:36:84:3b:39:fb:90:25:4f:4c:d3:6e:af:f4:a3:
         66:ff:36:0d:6b:70:cd:fc:e0:d9:5d:4e:47:e1:aa:35:8b:e4:
         7d:e7:bd:36:8d:11:ce:ec:f5:1d:59:bb:90:3c:10:09:9f:c4:
         2b:53:94:d4:b8:ff:d3:55:8d:03:a5:bc:41:5a:b5:7b:39:92:
         da:29:2c:39:79:93:36:99:ca:ea:b4:62:3e:04:6e:12:18:ae:
         74:26:b2:ce:ef:46:ba:c7:e2:4e:6b:3b:be:91:3e:fd:cc:4e:
         5b:73:8b:10
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAY6tSDRvkSDUUU/Gcxt6CFDdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNDA1MDgwMjU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGE3M2QwNjdjNWRkMGVhZjY5MDRlMDA4Mzk1MjIzZTBiNDg3ZThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm60n7agSF8wE5IvAFaARpy273ndK
0A8M/PdF0qF2o/dw2gX32vXxFaQ3veiO5tJRMfm1MQJsQC5EVn80WYLi8riqDQyc
ulezc0qBLb3OU+/bMaPob5+154PyPkiXq4bg6TX5xT/R+NV21MaDZoKp+Hy2hSBN
3PWS0sY/sFOOXSenhK6Htlr2Ha9flM2cxPGmxyanKAA8KMDTg1btvwazB7opufSv
SsYrfpsck8xHh1NWkBvVTM19GoSbRk+CiRxfVclJBlZoeXITTRi4VtwZAWzyzEsB
IVHGkhZTGhLe8WrapmDN7PSgTleBdp5yZ4OXbRNRdEvydq+iJvkPXPavOQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFKinPQZ8XdDq9pBOAIOVIj4LSH6PMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvcUtjOUJueGQwT3Iya0U0QWc1VWlQZ3RJZm84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQAUQW9AwQA
UpgxAwQAUplBAwQAWdWYAwQAWdWwAwQAWdW3AwQA1CZKAwQA1CZPAwQA1CZUAwQA
1YKKMA0GCSqGSIb3DQEBCwUAA4IBAQAPnG0lyzy7x9mD6wpUonrWVAAR1+27Zhad
t9W2Ecgd/8JUNVAAm/nIhYJNUomGPFzGgLzUOqrFSFKDD4GL/rq8sMoosp5bfi3t
tAOru+KtLGfHdz5zRJvirwpLauU/hvTPr1AG8RMs1/pEiqivPKAfpQbLyHgTCNUV
taV+ROHxa8ru6N3FTNRSygSJNjZRDMDRrbVtNoQ7OfuQJU9M026v9KNm/zYNa3DN
/ODZXU5H4ao1i+R95702jRHO7PUdWbuQPBAJn8QrU5TUuP/TVY0DpbxBWrV7OZLa
KSw5eZM2mcrqtGI+BG4SGK50JrLO70a6x+JOazu+kT79zE5bc4sQ
-----END CERTIFICATE-----