Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/yqUPHI9P8v1dvGkmN9w2TWLTzmY.roa
File:                     yqUPHI9P8v1dvGkmN9w2TWLTzmY.roa (raw, json)
Hash identifier:          TavRoiQGRrBS9J38tGV0iZ51+hwm9ycLGA0fKrlJuhE=
Subject key identifier:   CA:A5:0F:1C:8F:4F:F2:FD:5D:BC:69:26:37:DC:36:4D:62:D3:CE:66
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018D74173CC5CE48E5206BA6DDADFA66BA86
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/yqUPHI9P8v1dvGkmN9w2TWLTzmY.roa
Signing time:             Sun 04 Feb 2024 12:28:16 +0000
ROA not before:           Sun 04 Feb 2024 12:28:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        82.153.136.0/22 maxlen: 22
                          89.213.148.0/22 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          89.213.165.0/24 maxlen: 24
                          89.213.172.0/22 maxlen: 24
                          89.213.173.0/24 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          109.176.244.0/24 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          185.49.126.0/24 maxlen: 24
                          213.152.42.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 05 Feb 2024 09:38:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:74:17:3c:c5:ce:48:e5:20:6b:a6:dd:ad:fa:66:ba:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Feb  4 12:28:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=caa50f1c8f4ff2fd5dbc692637dc364d62d3ce66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:55:a5:b2:3b:93:d1:3f:2b:2f:d6:e6:8c:eb:
                    60:18:ef:09:aa:f8:fb:14:ac:78:e5:6c:ac:9a:74:
                    86:b8:a5:f4:42:05:3c:70:70:ad:52:84:41:6f:34:
                    e2:d9:eb:e0:aa:3a:16:4c:3f:aa:2e:1a:a8:aa:19:
                    e0:d4:f9:aa:7b:14:2a:5c:ef:86:99:1d:08:bc:28:
                    06:36:80:2e:0e:df:d8:91:83:95:48:b9:4f:d7:6c:
                    08:4b:56:dc:56:00:d7:1b:d4:73:ad:0d:3a:02:16:
                    0a:db:57:ad:2d:d8:12:cd:e9:19:c2:ba:a0:68:c9:
                    4e:6b:c1:19:74:15:46:f5:3e:ea:01:28:fa:c2:58:
                    1a:f9:12:a8:6f:bf:7f:1b:53:1f:9c:55:f3:bf:2d:
                    55:30:7d:10:f2:e5:14:46:5c:88:98:f5:bd:3f:b2:
                    bf:e6:cf:7f:61:43:cb:00:78:da:d9:36:a0:6a:7a:
                    1e:3f:b4:19:6d:b8:3d:de:08:3a:e0:ef:a2:b9:99:
                    42:a3:6e:78:7a:bc:3d:af:40:98:bc:42:02:3b:3b:
                    30:60:ae:7f:ec:f6:00:fc:14:fa:65:fc:63:54:54:
                    f6:49:da:10:a6:bd:9a:a7:b9:9d:3d:df:88:46:89:
                    f9:ff:7a:13:56:48:b1:a7:1f:91:7d:e2:32:90:b9:
                    85:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:A5:0F:1C:8F:4F:F2:FD:5D:BC:69:26:37:DC:36:4D:62:D3:CE:66
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/yqUPHI9P8v1dvGkmN9w2TWLTzmY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.136.0/22
                  89.213.148.0-89.213.159.255
                  89.213.165.0/24
                  89.213.172.0/22
                  89.213.180.0/24
                  109.176.244.0/24
                  185.49.126.0/23
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:cd:0e:6e:ff:56:ac:f6:f1:17:43:93:72:10:7b:60:aa:3c:
         45:ad:75:f3:b6:87:e5:ef:7d:f6:b7:bd:a4:9c:13:15:7b:8b:
         50:35:3f:43:90:ce:94:87:4b:d1:14:c2:3b:94:6f:17:1d:bb:
         a7:38:20:e3:bc:c8:f0:53:7a:4a:e4:1f:bb:c1:50:62:65:80:
         8b:fb:ba:aa:b4:fb:3d:5e:78:15:ed:02:3c:27:ea:e5:0f:cb:
         d8:3d:f5:2b:54:da:6a:bc:20:0a:16:e5:28:89:58:be:f8:2a:
         cc:9f:7a:24:e2:27:5c:b3:6b:3e:b3:11:ea:4b:b1:2a:29:f3:
         66:69:31:1f:55:f6:8f:f7:34:41:fc:27:e8:a1:da:86:e6:2c:
         7d:5f:08:9b:6a:cd:48:55:b6:b1:e6:64:d6:a4:ba:5c:14:85:
         2b:a4:95:92:cc:88:80:f5:14:fc:16:26:05:34:a8:9a:ff:82:
         94:95:c5:47:4f:f4:b5:27:f5:16:fd:ac:bd:7d:15:98:73:b8:
         b3:c2:ff:da:05:c3:63:5a:b2:7f:3a:40:12:6b:7e:9e:68:3b:
         31:8f:5e:db:cb:a6:40:5c:20:f2:e6:2c:46:79:f6:13:ea:95:
         72:ae:5e:a7:85:79:f8:e7:ab:16:e2:9e:d0:ac:01:c3:c9:a3:
         8b:e1:79:cb
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAY10FzzFzkjlIGum3a36ZrqGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMjA0MTIyODE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWE1MGYxYzhmNGZmMmZkNWRiYzY5MjYzN2RjMzY0ZDYyZDNjZTY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiVWlsjuT0T8rL9bmjOtgGO8Jqvj7
FKx45WysmnSGuKX0QgU8cHCtUoRBbzTi2evgqjoWTD+qLhqoqhng1PmqexQqXO+G
mR0IvCgGNoAuDt/YkYOVSLlP12wIS1bcVgDXG9RzrQ06AhYK21etLdgSzekZwrqg
aMlOa8EZdBVG9T7qASj6wlga+RKob79/G1MfnFXzvy1VMH0Q8uUURlyImPW9P7K/
5s9/YUPLAHja2TaganoeP7QZbbg93gg64O+iuZlCo254erw9r0CYvEICOzswYK5/
7PYA/BT6ZfxjVFT2SdoQpr2ap7mdPd+IRon5/3oTVkixpx+RfeIykLmFRwIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFMqlDxyPT/L9XbxpJjfcNk1i085mMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEveXFVUEhJOVA4djFkdkdrbU45dzJUV0xUem1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQCUpmIMAwD
BAJZ1ZQDBAVZ1YADBABZ1aUDBAJZ1awDBABZ1bQDBABtsPQDBAG5MX4DBADVmCow
DQYJKoZIhvcNAQELBQADggEBAAbNDm7/Vqz28RdDk3IQe2CqPEWtdfO2h+Xvffa3
vaScExV7i1A1P0OQzpSHS9EUwjuUbxcdu6c4IOO8yPBTekrkH7vBUGJlgIv7uqq0
+z1eeBXtAjwn6uUPy9g99StU2mq8IAoW5SiJWL74KsyfeiTiJ1yzaz6zEepLsSop
82ZpMR9V9o/3NEH8J+ih2obmLH1fCJtqzUhVtrHmZNakulwUhSuklZLMiID1FPwW
JgU0qJr/gpSVxUdP9LUn9Rb9rL19FZhzuLPC/9oFw2Nasn86QBJrfp5oOzGPXtvL
pkBcIPLmLEZ59hPqlXKuXqeFefjnqxbintCsAcPJo4vhecs=
-----END CERTIFICATE-----