Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/sAx91pOSWJGkEMqECT__-Hn3Rgk.roa
File:                     sAx91pOSWJGkEMqECT__-Hn3Rgk.roa (raw, json)
Hash identifier:          dbnQbsOW6PT3sshBHkUXpllBvi97G/RUE8LDNsFGR9s=
Subject key identifier:   B0:0C:7D:D6:93:92:58:91:A4:10:CA:84:09:3F:FF:F8:79:F7:46:09
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018E570A204863BCAAF65F360333801A486B
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/sAx91pOSWJGkEMqECT__-Hn3Rgk.roa
Signing time:             Tue 19 Mar 2024 14:07:45 +0000
ROA not before:           Tue 19 Mar 2024 14:07:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        82.152.176.0/23 maxlen: 23
                          82.153.136.0/22 maxlen: 22
                          89.213.148.0/22 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          89.213.165.0/24 maxlen: 24
                          89.213.172.0/22 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          109.176.208.0/24 maxlen: 24
                          109.176.245.0/24 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          213.152.42.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 20 Mar 2024 08:46:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:57:0a:20:48:63:bc:aa:f6:5f:36:03:33:80:1a:48:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Mar 19 14:07:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b00c7dd693925891a410ca84093ffff879f74609
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:bb:77:87:e0:7d:de:00:ae:07:5a:bd:97:ce:
                    80:5f:99:a3:88:5d:b2:3c:e5:30:fe:fa:20:fc:a0:
                    26:71:e7:b5:5f:68:30:73:de:8c:a2:df:13:72:06:
                    30:e5:3a:25:fb:93:4b:15:5f:20:c8:0a:d9:76:ea:
                    09:26:1a:26:d4:0a:18:e6:a6:26:70:c7:88:25:9a:
                    e2:2d:34:3f:75:04:0a:3c:7e:64:65:29:f1:07:13:
                    49:d2:f3:39:ab:a8:97:05:ee:ee:36:5c:c2:7a:d2:
                    01:2a:50:1e:df:eb:5b:30:71:a6:a6:df:77:cb:20:
                    a5:00:0b:21:67:bb:b2:9d:f7:f5:fd:d2:55:40:d4:
                    36:a4:1b:2e:fc:58:c4:1a:74:a3:0e:8f:9e:f1:20:
                    e1:56:18:bb:01:65:26:99:18:2c:bf:e4:eb:85:9b:
                    af:e3:af:cf:bd:40:8b:07:98:8b:40:f8:68:d6:86:
                    bb:09:9e:bf:bf:1f:d9:f7:0a:51:d2:c0:13:d1:dd:
                    f3:35:e0:b4:7b:7c:18:f3:6d:6f:87:e0:c9:98:7b:
                    cd:fb:2f:af:05:63:a5:2a:ab:48:3d:db:09:16:f1:
                    11:c3:fe:38:ea:d6:c6:3d:a0:ae:08:17:4b:aa:c7:
                    64:40:6f:7c:6d:7c:71:ad:ea:e4:87:ac:94:9c:14:
                    bc:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:0C:7D:D6:93:92:58:91:A4:10:CA:84:09:3F:FF:F8:79:F7:46:09
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/sAx91pOSWJGkEMqECT__-Hn3Rgk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.176.0/23
                  82.153.136.0/22
                  89.213.148.0-89.213.159.255
                  89.213.165.0/24
                  89.213.172.0/22
                  89.213.180.0/24
                  109.176.208.0/24
                  109.176.245.0/24
                  185.49.126.0/23
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:b5:02:b1:14:7b:39:c3:a3:28:22:87:5b:b2:bc:65:8b:8d:
         74:d7:13:dd:c9:f9:fc:6d:82:6b:a4:06:6d:38:a3:9a:b2:7d:
         bd:2e:f2:f9:33:3d:ac:61:4f:55:e7:ea:b5:93:d4:02:e7:bd:
         f4:42:44:a7:95:a8:ab:c0:0e:a3:9a:80:50:de:93:f3:12:14:
         8c:e0:d7:7d:8a:86:25:60:8e:9f:7d:2c:4e:b7:fc:c1:c0:c0:
         da:a9:76:e3:7e:c2:e1:fe:d0:87:33:65:1b:88:43:04:e7:bd:
         0c:69:95:f5:4d:92:50:dd:0d:eb:08:b8:06:a9:3d:f3:3c:dc:
         06:38:ac:d5:17:41:22:42:04:6e:34:51:a5:43:58:de:db:32:
         9a:bf:11:15:e7:8e:e6:4e:52:86:00:18:af:45:f0:8d:5f:bb:
         b1:b0:89:da:3a:c3:60:5c:9c:60:4b:08:fe:76:16:48:f7:80:
         b3:a1:66:d1:2d:96:5e:a1:08:4c:6f:09:21:72:45:b6:0d:58:
         91:26:42:8c:48:24:b0:ee:0e:12:da:19:28:6f:0b:49:d5:a5:
         77:54:30:21:42:15:df:c2:d0:7a:8d:66:17:5d:a5:63:45:b4:
         26:5b:51:c8:8a:fb:0b:14:db:3e:f0:a8:f8:9b:19:56:a8:6e:
         a0:2c:cf:2f
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAY5XCiBIY7yq9l82AzOAGkhrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMzE5MTQwNzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDBjN2RkNjkzOTI1ODkxYTQxMGNhODQwOTNmZmZmODc5Zjc0NjA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvbt3h+B93gCuB1q9l86AX5mjiF2y
POUw/vog/KAmcee1X2gwc96Mot8TcgYw5Tol+5NLFV8gyArZduoJJhom1AoY5qYm
cMeIJZriLTQ/dQQKPH5kZSnxBxNJ0vM5q6iXBe7uNlzCetIBKlAe3+tbMHGmpt93
yyClAAshZ7uynff1/dJVQNQ2pBsu/FjEGnSjDo+e8SDhVhi7AWUmmRgsv+TrhZuv
46/PvUCLB5iLQPho1oa7CZ6/vx/Z9wpR0sAT0d3zNeC0e3wY821vh+DJmHvN+y+v
BWOlKqtIPdsJFvERw/446tbGPaCuCBdLqsdkQG98bXxxrerkh6yUnBS82wIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFLAMfdaTkliRpBDKhAk///h590YJMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvc0F4OTFwT1NXSkdrRU1xRUNUX18tSG4zUmdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQBUpiwAwQC
UpmIMAwDBAJZ1ZQDBAVZ1YADBABZ1aUDBAJZ1awDBABZ1bQDBABtsNADBABtsPUD
BAG5MX4DBADVmCowDQYJKoZIhvcNAQELBQADggEBAFi1ArEUeznDoygih1uyvGWL
jXTXE93J+fxtgmukBm04o5qyfb0u8vkzPaxhT1Xn6rWT1ALnvfRCRKeVqKvADqOa
gFDek/MSFIzg132KhiVgjp99LE63/MHAwNqpduN+wuH+0IczZRuIQwTnvQxplfVN
klDdDesIuAapPfM83AY4rNUXQSJCBG40UaVDWN7bMpq/ERXnjuZOUoYAGK9F8I1f
u7Gwido6w2BcnGBLCP52Fkj3gLOhZtEtll6hCExvCSFyRbYNWJEmQoxIJLDuDhLa
GShvC0nVpXdUMCFCFd/C0HqNZhddpWNFtCZbUciK+wsU2z7wqPibGVaobqAszy8=
-----END CERTIFICATE-----