Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/wOEH8g8A_pfT3zDdMJVOIuFV-8Q.roa
File:                     wOEH8g8A_pfT3zDdMJVOIuFV-8Q.roa (raw, json)
Hash identifier:          OdMWeAfQtkyhp75PTeIDSTawsVVI35wnlwFHV/TK65k=
Subject key identifier:   C0:E1:07:F2:0F:00:FE:97:D3:DF:30:DD:30:95:4E:22:E1:55:FB:C4
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018DE4FC2DE1DEEB049BC10FDD039FA988CC
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/wOEH8g8A_pfT3zDdMJVOIuFV-8Q.roa
Signing time:             Mon 26 Feb 2024 10:35:48 +0000
ROA not before:           Mon 26 Feb 2024 10:35:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        82.153.1.0/24 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          89.213.148.0/22 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          89.213.165.0/24 maxlen: 24
                          89.213.172.0/22 maxlen: 24
                          89.213.173.0/24 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          213.152.42.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 26 Feb 2024 13:40:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:e4:fc:2d:e1:de:eb:04:9b:c1:0f:dd:03:9f:a9:88:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Feb 26 10:35:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c0e107f20f00fe97d3df30dd30954e22e155fbc4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:d3:57:a4:0e:ce:8e:ba:af:fd:ad:2f:1c:df:
                    41:b4:68:cb:91:1f:24:9c:61:24:f2:7a:7a:31:6f:
                    2f:e1:fe:05:1c:29:86:09:3c:77:df:26:17:23:f7:
                    13:cb:f9:e6:20:0f:14:66:74:9f:e4:f1:86:02:07:
                    4c:a7:ee:92:78:1d:f3:0d:34:8c:f1:45:d8:84:4d:
                    75:28:76:58:c7:a3:d0:83:ca:d3:c4:30:28:dc:ac:
                    f7:22:6f:f1:04:81:a7:05:fd:c9:b4:fe:29:b3:b9:
                    21:b0:e3:81:58:e8:1e:6b:0d:2e:8c:b1:b0:3e:f6:
                    52:04:68:bd:38:42:b6:b1:b6:eb:ca:df:e9:df:28:
                    08:9d:22:a7:0d:a8:06:73:db:b6:14:2b:21:47:1f:
                    11:4c:ae:58:a4:59:5b:85:91:eb:ea:bf:07:a3:cc:
                    b9:f0:12:ed:0c:4f:a7:fd:89:fc:b8:51:0d:1b:60:
                    9d:43:d7:6a:8d:08:e9:6b:e3:92:38:f1:40:bb:f3:
                    02:e7:df:72:44:23:cd:5b:86:68:03:85:a4:b0:92:
                    0d:7d:6d:ac:c2:96:ac:dc:95:b8:f4:3d:3f:21:10:
                    66:9e:a4:da:21:21:f4:48:d4:cd:bb:d1:38:2b:23:
                    a7:7b:51:c4:0d:7d:0a:c9:69:01:db:32:4b:be:9d:
                    f0:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:E1:07:F2:0F:00:FE:97:D3:DF:30:DD:30:95:4E:22:E1:55:FB:C4
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/wOEH8g8A_pfT3zDdMJVOIuFV-8Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.1.0/24
                  82.153.136.0/22
                  89.213.148.0-89.213.159.255
                  89.213.165.0/24
                  89.213.172.0/22
                  89.213.180.0/24
                  185.49.126.0/23
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:b6:c7:02:fd:ce:8a:d6:20:5e:49:2a:8e:ec:2b:78:62:48:
         b9:56:4c:5f:60:58:d5:b3:19:fc:0c:61:7d:29:c5:37:8d:9f:
         b4:b3:a0:6d:28:d0:c1:c8:35:db:bd:e6:32:e1:42:ed:25:b7:
         c8:88:bd:eb:db:83:58:38:96:b0:60:35:ca:11:0c:42:d8:2b:
         b2:43:20:0d:80:f2:91:c1:61:ee:aa:42:1a:3f:77:f2:6f:7c:
         5d:d7:0e:d7:69:ef:d0:c3:46:8e:ae:a2:cb:3b:56:01:f0:50:
         c0:d9:b3:ff:fd:4b:ee:d5:60:c2:7c:d0:e0:c2:cd:bf:83:0e:
         e8:9a:9d:3b:55:a0:3d:86:96:68:94:7b:47:dd:18:8a:e7:5a:
         f7:bd:c5:49:b2:cd:1c:26:c1:59:0c:bb:8e:68:34:c1:27:c9:
         cd:c8:2f:80:43:be:98:8b:46:01:27:ec:15:55:30:57:8e:d7:
         63:83:92:c7:10:fc:2c:92:41:0a:74:5c:bc:07:ef:03:01:b1:
         db:6a:b7:fb:d8:c5:7f:ef:bf:80:d5:9a:85:1e:6f:47:9e:39:
         76:51:1f:29:e1:5e:0a:96:03:74:a6:39:36:b3:65:d0:24:01:
         1b:b0:d6:77:38:df:81:cf:b3:73:57:6d:c9:37:78:b3:5f:89:
         33:97:69:84
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAY3k/C3h3usEm8EP3QOfqYjMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMjI2MTAzNTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMGUxMDdmMjBmMDBmZTk3ZDNkZjMwZGQzMDk1NGUyMmUxNTVmYmM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkNNXpA7Ojrqv/a0vHN9BtGjLkR8k
nGEk8np6MW8v4f4FHCmGCTx33yYXI/cTy/nmIA8UZnSf5PGGAgdMp+6SeB3zDTSM
8UXYhE11KHZYx6PQg8rTxDAo3Kz3Im/xBIGnBf3JtP4ps7khsOOBWOgeaw0ujLGw
PvZSBGi9OEK2sbbryt/p3ygInSKnDagGc9u2FCshRx8RTK5YpFlbhZHr6r8Ho8y5
8BLtDE+n/Yn8uFENG2CdQ9dqjQjpa+OSOPFAu/MC599yRCPNW4ZoA4WksJINfW2s
wpas3JW49D0/IRBmnqTaISH0SNTNu9E4KyOne1HEDX0KyWkB2zJLvp3wWwIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFMDhB/IPAP6X098w3TCVTiLhVfvEMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvd09FSDhnOEFfcGZUM3pEZE1KVk9JdUZWLThRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQAUpkBAwQC
UpmIMAwDBAJZ1ZQDBAVZ1YADBABZ1aUDBAJZ1awDBABZ1bQDBAG5MX4DBADVmCow
DQYJKoZIhvcNAQELBQADggEBAGu2xwL9zorWIF5JKo7sK3hiSLlWTF9gWNWzGfwM
YX0pxTeNn7SzoG0o0MHINdu95jLhQu0lt8iIvevbg1g4lrBgNcoRDELYK7JDIA2A
8pHBYe6qQho/d/JvfF3XDtdp79DDRo6uoss7VgHwUMDZs//9S+7VYMJ80ODCzb+D
DuianTtVoD2GlmiUe0fdGIrnWve9xUmyzRwmwVkMu45oNMEnyc3IL4BDvpiLRgEn
7BVVMFeO12ODkscQ/CySQQp0XLwH7wMBsdtqt/vYxX/vv4DVmoUeb0eeOXZRHynh
XgqWA3SmOTazZdAkARuw1nc434HPs3NXbck3eLNfiTOXaYQ=
-----END CERTIFICATE-----