Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/zTSdiMZ_8myFGPx0cn386729hbs.roa
File:                     zTSdiMZ_8myFGPx0cn386729hbs.roa (raw, json)
Hash identifier:          z7xTpbYuIGHgBd/2Bd3lZAQnSgOGy3U09v3a1nM2YFw=
Subject key identifier:   CD:34:9D:88:C6:7F:F2:6C:85:18:FC:74:72:7D:FC:EB:BD:BD:85:BB
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018EC1DF859E4C3C3DE765D4CC81E2BE3009
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/zTSdiMZ_8myFGPx0cn386729hbs.roa
Signing time:             Tue 09 Apr 2024 08:00:35 +0000
ROA not before:           Tue 09 Apr 2024 08:00:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        82.152.176.0/23 maxlen: 23
                          82.153.136.0/22 maxlen: 22
                          82.153.245.0/24 maxlen: 24
                          89.213.133.0/24 maxlen: 24
                          89.213.148.0/22 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          89.213.172.0/22 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          213.130.149.0/24 maxlen: 24
                          213.152.42.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 11 Apr 2024 12:06:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c1:df:85:9e:4c:3c:3d:e7:65:d4:cc:81:e2:be:30:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr  9 08:00:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cd349d88c67ff26c8518fc74727dfcebbdbd85bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:d3:14:28:d8:af:03:fc:3c:05:57:b2:a3:c1:
                    98:16:8d:83:84:4a:ce:8a:f6:04:08:01:ea:67:1a:
                    71:27:74:55:c2:3e:93:ca:dc:e9:08:be:f8:62:80:
                    97:20:55:52:f4:fc:ef:6f:3b:11:87:3a:58:41:00:
                    0d:84:0e:ad:68:b5:6a:74:0a:3d:a2:15:1b:74:81:
                    ef:01:6c:ab:31:df:fc:54:2e:6a:53:46:56:9a:56:
                    f4:42:00:e4:22:21:69:12:0c:11:37:7a:d8:5b:0e:
                    0e:d5:27:44:7f:79:98:d9:3c:03:f2:09:43:94:99:
                    6f:1a:4e:64:d2:1e:b0:52:92:e2:49:9b:5c:18:a5:
                    b6:b8:b9:d0:27:b0:0e:f7:d0:fc:67:a3:4a:ad:a5:
                    8a:a7:6c:39:29:85:71:ed:87:f3:a0:ad:29:12:bb:
                    dc:13:f8:f3:b7:b4:92:8e:2a:f7:3f:9f:13:1b:38:
                    fa:a1:61:f6:1c:e1:45:94:d4:52:6e:ec:60:1b:af:
                    8c:78:03:2d:f9:8b:5a:93:cf:92:5d:af:0f:7b:f8:
                    00:2c:b6:e8:4b:9c:52:99:95:65:3d:aa:f5:64:83:
                    86:0b:62:9c:06:cb:87:58:d2:62:fb:f8:0e:f9:8b:
                    fb:aa:26:95:2a:4a:fa:c9:ab:b8:de:89:00:7e:52:
                    86:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:34:9D:88:C6:7F:F2:6C:85:18:FC:74:72:7D:FC:EB:BD:BD:85:BB
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/zTSdiMZ_8myFGPx0cn386729hbs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.176.0/23
                  82.153.136.0/22
                  82.153.245.0/24
                  89.213.133.0/24
                  89.213.148.0-89.213.159.255
                  89.213.172.0/22
                  89.213.180.0/24
                  185.49.126.0/23
                  213.130.149.0/24
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:ae:a5:91:b1:fb:00:22:47:bb:57:50:c4:51:1b:5c:63:c7:
         75:a3:8b:76:81:42:8e:3f:c8:a1:5a:dd:14:75:ed:2e:e6:48:
         c4:6c:e9:33:79:b4:c0:d2:82:89:8f:7e:f3:48:a7:a7:cf:6f:
         4c:d3:1e:3a:c9:b8:59:55:93:6b:ac:2a:30:ec:3e:b4:de:f0:
         75:ba:7b:a0:dd:4c:7b:1f:0b:2f:be:17:d9:08:92:3b:57:bb:
         ea:24:c8:cb:26:23:5e:d7:92:3f:f4:16:f8:41:19:ad:c9:27:
         df:2d:f8:ca:98:4c:4d:83:64:e4:ea:39:dd:4d:13:bc:ae:60:
         c8:f0:cc:6d:e3:3e:b1:a3:d8:d5:f5:f4:f4:e5:d9:41:f4:92:
         0d:79:40:3c:65:51:f3:a6:e8:0f:c2:08:ba:96:cb:5a:1e:ae:
         03:b0:a6:a8:43:be:dc:a1:4a:43:75:e9:05:e7:b6:ca:72:d2:
         19:bf:d8:6f:7b:7a:90:55:7b:d2:67:20:3c:69:b8:b7:5e:16:
         dc:c0:95:cf:5b:d9:89:3b:6c:6c:f6:85:e5:4a:b0:5a:96:c7:
         e5:cd:73:56:3e:f3:b7:98:cf:c2:ae:de:f5:11:34:13:2b:ed:
         3d:6b:f2:82:0f:23:39:db:2d:f8:2b:8a:91:d6:33:4c:26:cb:
         80:af:3e:5f
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAY7B34WeTDw952XUzIHivjAJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNDA5MDgwMDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDM0OWQ4OGM2N2ZmMjZjODUxOGZjNzQ3MjdkZmNlYmJkYmQ4NWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsdMUKNivA/w8BVeyo8GYFo2DhErO
ivYECAHqZxpxJ3RVwj6TytzpCL74YoCXIFVS9PzvbzsRhzpYQQANhA6taLVqdAo9
ohUbdIHvAWyrMd/8VC5qU0ZWmlb0QgDkIiFpEgwRN3rYWw4O1SdEf3mY2TwD8glD
lJlvGk5k0h6wUpLiSZtcGKW2uLnQJ7AO99D8Z6NKraWKp2w5KYVx7YfzoK0pErvc
E/jzt7SSjir3P58TGzj6oWH2HOFFlNRSbuxgG6+MeAMt+Ytak8+SXa8Pe/gALLbo
S5xSmZVlPar1ZIOGC2KcBsuHWNJi+/gO+Yv7qiaVKkr6yau43okAflKGXQIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFM00nYjGf/JshRj8dHJ9/Ou9vYW7MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvelRTZGlNWl84bXlGR1B4MGNuMzg2NzI5aGJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQBUpiwAwQC
UpmIAwQAUpn1AwQAWdWFMAwDBAJZ1ZQDBAVZ1YADBAJZ1awDBABZ1bQDBAG5MX4D
BADVgpUDBADVmCowDQYJKoZIhvcNAQELBQADggEBAHyupZGx+wAiR7tXUMRRG1xj
x3Wji3aBQo4/yKFa3RR17S7mSMRs6TN5tMDSgomPfvNIp6fPb0zTHjrJuFlVk2us
KjDsPrTe8HW6e6DdTHsfCy++F9kIkjtXu+okyMsmI17Xkj/0FvhBGa3JJ98t+MqY
TE2DZOTqOd1NE7yuYMjwzG3jPrGj2NX19PTl2UH0kg15QDxlUfOm6A/CCLqWy1oe
rgOwpqhDvtyhSkN16QXntspy0hm/2G97epBVe9JnIDxpuLdeFtzAlc9b2Yk7bGz2
heVKsFqWx+XNc1Y+87eYz8Ku3vURNBMr7T1r8oIPIznbLfgripHWM0wmy4CvPl8=
-----END CERTIFICATE-----