Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ufoPR65O_ipQK2oSw8x3MfzeVtw.roa
File:                     ufoPR65O_ipQK2oSw8x3MfzeVtw.roa (raw, json)
Hash identifier:          aWxPqgu05/qx2+8qfySPocLv6IDI+iZRu9S6sedQYl0=
Subject key identifier:   B9:FA:0F:47:AE:4E:FE:2A:50:2B:6A:12:C3:CC:77:31:FC:DE:56:DC
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018E79B281EDFE4722910308425F3E023744
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ufoPR65O_ipQK2oSw8x3MfzeVtw.roa
Signing time:             Tue 26 Mar 2024 07:38:45 +0000
ROA not before:           Tue 26 Mar 2024 07:38:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        82.152.176.0/23 maxlen: 23
                          82.153.1.0/24 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          89.213.148.0/22 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          89.213.165.0/24 maxlen: 24
                          89.213.172.0/22 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          109.176.245.0/24 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          213.152.42.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 26 Mar 2024 11:42:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:79:b2:81:ed:fe:47:22:91:03:08:42:5f:3e:02:37:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Mar 26 07:38:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b9fa0f47ae4efe2a502b6a12c3cc7731fcde56dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:a6:fa:2d:88:ad:22:cc:7f:ff:0b:52:59:c8:
                    97:ac:b6:b0:7a:ec:ce:2a:04:e9:af:dc:9f:a2:6f:
                    71:69:71:95:16:9b:78:c5:a0:2c:97:0c:23:31:51:
                    c6:23:f4:8d:2e:b1:e5:a0:ac:36:0f:5d:23:d6:c4:
                    df:1b:fb:9a:db:97:20:72:db:9b:4b:26:39:a0:f3:
                    cb:09:68:ac:98:0c:a1:51:a4:34:e4:6a:ad:cb:b8:
                    85:3b:99:95:ce:5d:f5:de:b7:7b:a5:bf:9d:3b:35:
                    aa:c9:f7:b8:5b:51:4a:27:0a:c8:a4:00:26:28:6e:
                    77:c5:07:6d:7c:85:88:a9:c0:b1:ee:f3:27:0a:46:
                    e5:c7:93:40:d9:ed:dc:37:4c:87:f9:ca:4d:90:39:
                    3d:51:b7:06:f8:ad:cd:03:30:b6:7c:1d:6d:56:e1:
                    69:79:4e:ba:77:ad:dd:b4:71:93:d8:54:44:b1:2d:
                    10:dc:7c:c2:b1:53:2b:76:04:69:4c:a8:cc:d1:e8:
                    88:44:23:b9:1e:7c:59:6f:c1:3c:10:dd:36:8b:fa:
                    42:38:1a:58:98:d6:06:61:37:07:63:8d:72:8f:84:
                    b9:8a:ff:64:cf:79:6d:cc:32:67:1c:26:11:ec:cf:
                    1c:48:02:37:65:da:50:ca:37:71:b1:df:29:7f:6a:
                    e9:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:FA:0F:47:AE:4E:FE:2A:50:2B:6A:12:C3:CC:77:31:FC:DE:56:DC
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ufoPR65O_ipQK2oSw8x3MfzeVtw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.176.0/23
                  82.153.1.0/24
                  82.153.136.0/22
                  89.213.148.0-89.213.159.255
                  89.213.165.0/24
                  89.213.172.0/22
                  89.213.180.0/24
                  109.176.245.0/24
                  185.49.126.0/23
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:77:c4:b7:af:94:e8:11:5e:c3:c1:58:88:92:97:96:6c:d2:
         0e:7f:ee:95:6a:41:85:fe:c0:53:fb:29:b7:9e:4e:fc:8e:61:
         e6:9f:64:24:a7:31:0a:6e:6f:4e:09:10:36:81:88:fb:18:aa:
         6d:ae:9b:2a:dd:63:aa:89:0b:e2:44:8d:b4:7d:38:5b:69:ba:
         e0:35:c8:2e:c8:12:2c:03:af:33:45:90:02:c3:5d:79:3b:7f:
         8b:71:50:a1:1b:27:30:5e:06:e6:ac:ed:6d:fa:2e:2a:90:48:
         c5:ec:06:0d:47:0e:4e:89:62:3f:b0:a0:33:4f:60:fc:03:eb:
         5a:f7:5f:e2:fc:95:67:89:aa:c2:c7:c7:ca:b7:32:49:df:1a:
         90:08:33:d0:93:81:ad:a5:a6:05:b8:28:5a:be:12:fc:cb:15:
         83:72:cc:50:92:29:bc:f0:63:6a:89:b7:13:53:52:37:f2:4b:
         76:79:35:cd:36:66:79:f9:8c:ef:c6:eb:8e:05:ff:f6:3c:2b:
         27:d5:b4:f6:aa:66:2f:a8:78:b6:78:bf:dd:db:84:da:33:8c:
         a3:b4:d7:f6:65:96:69:94:6d:c0:e0:84:0a:53:f4:44:75:a0:
         f7:b9:c0:f9:c4:8b:cd:64:66:c6:78:d8:75:47:c8:af:46:ff:
         99:d7:86:21
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAY55soHt/kcikQMIQl8+AjdEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMzI2MDczODQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWZhMGY0N2FlNGVmZTJhNTAyYjZhMTJjM2NjNzczMWZjZGU1NmRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmKb6LYitIsx//wtSWciXrLaweuzO
KgTpr9yfom9xaXGVFpt4xaAslwwjMVHGI/SNLrHloKw2D10j1sTfG/ua25cgctub
SyY5oPPLCWismAyhUaQ05Gqty7iFO5mVzl313rd7pb+dOzWqyfe4W1FKJwrIpAAm
KG53xQdtfIWIqcCx7vMnCkblx5NA2e3cN0yH+cpNkDk9UbcG+K3NAzC2fB1tVuFp
eU66d63dtHGT2FREsS0Q3HzCsVMrdgRpTKjM0eiIRCO5HnxZb8E8EN02i/pCOBpY
mNYGYTcHY41yj4S5iv9kz3ltzDJnHCYR7M8cSAI3ZdpQyjdxsd8pf2rpQwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFLn6D0euTv4qUCtqEsPMdzH83lbcMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvdWZvUFI2NU9faXBRSzJvU3c4eDNNZnplVnR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQBUpiwAwQA
UpkBAwQCUpmIMAwDBAJZ1ZQDBAVZ1YADBABZ1aUDBAJZ1awDBABZ1bQDBABtsPUD
BAG5MX4DBADVmCowDQYJKoZIhvcNAQELBQADggEBAKB3xLevlOgRXsPBWIiSl5Zs
0g5/7pVqQYX+wFP7KbeeTvyOYeafZCSnMQpub04JEDaBiPsYqm2umyrdY6qJC+JE
jbR9OFtpuuA1yC7IEiwDrzNFkALDXXk7f4txUKEbJzBeBuas7W36LiqQSMXsBg1H
Dk6JYj+woDNPYPwD61r3X+L8lWeJqsLHx8q3MknfGpAIM9CTga2lpgW4KFq+EvzL
FYNyzFCSKbzwY2qJtxNTUjfyS3Z5Nc02Znn5jO/G644F//Y8KyfVtPaqZi+oeLZ4
v93bhNozjKO01/ZllmmUbcDghApT9ER1oPe5wPnEi81kZsZ42HVHyK9G/5nXhiE=
-----END CERTIFICATE-----