Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/tu-msq1CZqF91Xczh8azeKSU3UA.roa
File:                     tu-msq1CZqF91Xczh8azeKSU3UA.roa (raw, json)
Hash identifier:          GJoDDP4bXutFLCIET9MGG/V5PGFVzmYlez5QsbZ9314=
Subject key identifier:   B6:EF:A6:B2:AD:42:66:A1:7D:D5:77:33:87:C6:B3:78:A4:94:DD:40
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018C8204DE203FB1D6F0FA0988FD9C10EFAD
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/tu-msq1CZqF91Xczh8azeKSU3UA.roa
Signing time:             Tue 19 Dec 2023 12:20:06 +0000
ROA not before:           Tue 19 Dec 2023 12:20:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        185.49.126.0/23 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          82.153.246.0/24 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          81.168.119.0/24 maxlen: 24
                          81.168.126.0/24 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.148.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          213.152.42.0/24 maxlen: 24
                          89.213.172.0/22 maxlen: 24

Validation:               Failed, certificate revoked on Tue 19 Dec 2023 13:49:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:82:04:de:20:3f:b1:d6:f0:fa:09:88:fd:9c:10:ef:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Dec 19 12:20:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b6efa6b2ad4266a17dd5773387c6b378a494dd40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:82:bc:32:67:6b:4a:b4:61:6c:54:91:6a:b1:
                    a3:e5:20:7c:54:92:6b:36:12:45:30:a4:92:ca:36:
                    c2:a3:f3:ab:0d:7d:cc:d1:de:fe:5e:40:2b:9d:e0:
                    c3:46:62:be:65:a6:8b:de:20:16:7c:08:57:a3:11:
                    6c:f4:a9:83:88:0d:c8:2b:54:45:cf:06:78:4a:95:
                    97:82:0b:52:59:d1:bd:d1:34:60:55:f7:3b:9a:b7:
                    21:44:53:99:0d:48:d8:bd:9f:13:3a:21:48:06:76:
                    03:b2:e4:aa:f8:ba:07:14:c6:93:d7:02:5c:7e:68:
                    4c:84:7c:6d:26:47:fe:28:4d:ff:cf:1f:ff:c5:65:
                    e9:8a:76:82:b8:3d:b5:9c:ad:5a:4d:5f:7f:f6:58:
                    f3:7c:61:78:9c:0f:ab:a8:f5:0f:ec:2c:36:89:4f:
                    2f:36:8d:df:2e:83:97:fb:41:a3:16:17:78:9e:c9:
                    74:91:f2:fc:1b:93:88:46:f6:68:d9:88:fb:19:e9:
                    80:32:b7:2a:04:3e:91:1b:ce:4d:20:5f:c8:5b:78:
                    e9:01:f2:33:38:68:7c:54:70:ac:d1:e9:bf:2e:58:
                    bb:ae:5a:98:6d:32:c9:e4:d4:7d:2c:0a:0a:ec:6a:
                    28:09:20:9c:17:e3:c2:0f:30:98:8d:83:69:93:d2:
                    6f:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:EF:A6:B2:AD:42:66:A1:7D:D5:77:33:87:C6:B3:78:A4:94:DD:40
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/tu-msq1CZqF91Xczh8azeKSU3UA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.119.0/24
                  81.168.126.0/24
                  82.153.136.0/22
                  82.153.246.0/24
                  89.213.148.0-89.213.159.255
                  89.213.172.0/22
                  89.213.180.0/24
                  185.49.126.0/23
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:9c:42:66:ac:97:67:bd:08:3c:11:5c:5b:ea:bd:63:c8:f3:
         92:05:8e:2e:09:3f:6f:c1:da:96:5d:c0:ac:c0:08:7a:83:a8:
         5f:1e:b8:f5:f7:6a:19:60:cf:95:3c:5a:d6:fc:b5:71:8c:60:
         8c:a0:08:9b:29:7a:aa:1a:a5:1d:86:2f:e2:91:53:01:c6:22:
         e1:25:2c:af:b1:2c:52:d9:d9:f2:1e:4e:ae:16:d4:e1:5e:d1:
         9f:ad:d2:9a:27:f6:e1:88:3c:39:1c:6a:34:a9:00:5b:01:33:
         3a:3b:ca:b9:f9:56:7b:16:51:db:88:01:e1:e2:d5:91:5b:09:
         56:ca:ca:90:64:d1:e9:1a:d1:3d:4c:e9:b5:cb:a1:5c:63:fb:
         a7:d7:0c:40:0f:30:83:3c:2b:7a:bd:34:fc:51:08:61:9e:a7:
         90:32:7c:81:26:63:aa:ad:d4:9a:d6:8d:cb:c6:d3:d7:66:4c:
         77:2d:09:77:98:6b:6a:a1:c6:d5:89:28:72:3e:03:40:7e:77:
         cf:5c:f1:a4:79:fc:bc:50:8e:23:8d:a2:ef:f9:90:f6:7a:59:
         32:71:8f:5c:20:65:cb:65:01:bf:0d:54:9a:9d:9f:94:80:e2:
         14:65:1c:fe:fc:06:dc:b8:8e:67:1e:04:64:f6:d3:3d:73:f8:
         d7:18:39:b6
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYyCBN4gP7HW8PoJiP2cEO+tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMxMjE5MTIyMDA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmVmYTZiMmFkNDI2NmExN2RkNTc3MzM4N2M2YjM3OGE0OTRkZDQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2IK8MmdrSrRhbFSRarGj5SB8VJJr
NhJFMKSSyjbCo/OrDX3M0d7+XkArneDDRmK+ZaaL3iAWfAhXoxFs9KmDiA3IK1RF
zwZ4SpWXggtSWdG90TRgVfc7mrchRFOZDUjYvZ8TOiFIBnYDsuSq+LoHFMaT1wJc
fmhMhHxtJkf+KE3/zx//xWXpinaCuD21nK1aTV9/9ljzfGF4nA+rqPUP7Cw2iU8v
No3fLoOX+0GjFhd4nsl0kfL8G5OIRvZo2Yj7GemAMrcqBD6RG85NIF/IW3jpAfIz
OGh8VHCs0em/Lli7rlqYbTLJ5NR9LAoK7GooCSCcF+PCDzCYjYNpk9JvCQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFLbvprKtQmahfdV3M4fGs3iklN1AMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvdHUtbXNxMUNacUY5MVhjemg4YXplS1NVM1VBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQAUah3AwQA
Uah+AwQCUpmIAwQAUpn2MAwDBAJZ1ZQDBAVZ1YADBAJZ1awDBABZ1bQDBAG5MX4D
BADVmCowDQYJKoZIhvcNAQELBQADggEBADycQmasl2e9CDwRXFvqvWPI85IFji4J
P2/B2pZdwKzACHqDqF8euPX3ahlgz5U8Wtb8tXGMYIygCJspeqoapR2GL+KRUwHG
IuElLK+xLFLZ2fIeTq4W1OFe0Z+t0pon9uGIPDkcajSpAFsBMzo7yrn5VnsWUduI
AeHi1ZFbCVbKypBk0eka0T1M6bXLoVxj+6fXDEAPMIM8K3q9NPxRCGGep5AyfIEm
Y6qt1JrWjcvG09dmTHctCXeYa2qhxtWJKHI+A0B+d89c8aR5/LxQjiONou/5kPZ6
WTJxj1wgZctlAb8NVJqdn5SA4hRlHP78Bty4jmceBGT20z1z+NcYObY=
-----END CERTIFICATE-----