Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/a4a260-84b0-468e-b497-5a41926fed7c/1/kNBGPEGAYKWBrvnvPj-T9RP7BBo.roa
File:                     kNBGPEGAYKWBrvnvPj-T9RP7BBo.roa (raw, json)
Hash identifier:          /ubln8HU+6tELJkttJKzlHZizmwa1sXiOTGM+1qT/l0=
Subject key identifier:   90:D0:46:3C:41:80:60:A5:81:AE:F9:EF:3E:3F:93:F5:13:FB:04:1A
Certificate issuer:       /CN=88727fad5b5c06852e1dafa071ce4767a799e050
Certificate serial:       018CC56EEEBCC6854E40086724FA1E2805CE
Authority key identifier: 88:72:7F:AD:5B:5C:06:85:2E:1D:AF:A0:71:CE:47:67:A7:99:E0:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iHJ_rVtcBoUuHa-gcc5HZ6eZ4FA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/a4a260-84b0-468e-b497-5a41926fed7c/1/kNBGPEGAYKWBrvnvPj-T9RP7BBo.roa
Signing time:             Mon 01 Jan 2024 14:30:30 +0000
ROA not before:           Mon 01 Jan 2024 14:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48944
IP address blocks:        185.214.37.0/24 maxlen: 24
                          185.214.36.0/24 maxlen: 24
                          185.214.36.0/23 maxlen: 23
                          185.214.36.0/22 maxlen: 22
                          185.214.38.0/24 maxlen: 24
                          185.214.39.0/24 maxlen: 24
                          185.214.38.0/23 maxlen: 23
                          185.226.135.0/24 maxlen: 24
                          185.226.134.0/24 maxlen: 24
                          185.226.133.0/24 maxlen: 24
                          185.193.211.0/24 maxlen: 24
                          185.193.210.0/24 maxlen: 24
                          185.193.210.0/23 maxlen: 23
                          185.193.209.0/24 maxlen: 24
                          185.193.208.0/22 maxlen: 22
                          185.193.208.0/23 maxlen: 23
                          185.193.208.0/24 maxlen: 24
                          185.226.132.0/22 maxlen: 22
                          185.226.132.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 14 Jun 2024 06:48:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:ee:bc:c6:85:4e:40:08:67:24:fa:1e:28:05:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88727fad5b5c06852e1dafa071ce4767a799e050
        Validity
            Not Before: Jan  1 14:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=90d0463c418060a581aef9ef3e3f93f513fb041a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:0c:f1:12:f0:34:84:e6:ee:67:70:66:cb:5b:
                    27:35:7b:7c:d3:3a:f7:89:d7:17:62:87:28:3d:37:
                    10:42:3f:40:34:42:ee:f5:f1:2b:8e:ac:32:2b:53:
                    a7:9c:8f:01:cb:49:e0:d2:4c:23:fc:b6:b1:8d:eb:
                    1d:6e:ab:2f:40:c0:ea:9f:7d:c1:86:f0:64:da:d0:
                    29:d0:1b:33:74:f6:46:17:04:bc:df:ff:b5:92:6b:
                    4e:00:3c:47:46:e3:c4:87:cb:3a:31:3c:62:6e:12:
                    f5:39:eb:49:1b:7f:09:9e:12:c4:8c:d1:c9:60:52:
                    de:c5:17:16:04:6a:3e:29:fe:17:dc:4e:bd:4a:1c:
                    7a:ba:be:d7:03:29:0d:fe:7e:c6:f4:bc:9c:4e:96:
                    68:66:4c:5e:b7:b2:7f:8b:39:fb:e2:6d:89:dc:75:
                    a7:81:a0:62:4c:04:49:3d:c7:a8:19:f0:f3:8f:48:
                    97:2a:ed:a5:7e:b0:8c:81:1c:ce:72:01:ec:96:42:
                    fe:2b:2a:6e:e2:19:d1:a8:c4:82:0e:bc:93:68:69:
                    b2:ca:fe:7c:36:57:06:54:d7:82:ef:85:9a:97:39:
                    91:62:57:e2:7d:97:0e:28:09:c0:d6:c6:23:af:46:
                    c2:9f:05:19:d0:de:5a:c7:31:1d:f9:9e:4e:64:8f:
                    c7:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:D0:46:3C:41:80:60:A5:81:AE:F9:EF:3E:3F:93:F5:13:FB:04:1A
            X509v3 Authority Key Identifier:
                keyid:88:72:7F:AD:5B:5C:06:85:2E:1D:AF:A0:71:CE:47:67:A7:99:E0:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iHJ_rVtcBoUuHa-gcc5HZ6eZ4FA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/a4a260-84b0-468e-b497-5a41926fed7c/1/kNBGPEGAYKWBrvnvPj-T9RP7BBo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/a4a260-84b0-468e-b497-5a41926fed7c/1/iHJ_rVtcBoUuHa-gcc5HZ6eZ4FA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.193.208.0/22
                  185.214.36.0/22
                  185.226.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3d:87:c2:db:5d:d2:31:c3:3c:dd:a2:31:fc:03:8e:9a:8e:42:
         1a:fa:0a:b1:c2:1c:1a:15:da:5c:dc:f4:38:d4:b5:d4:b2:88:
         b2:6b:dc:68:60:5b:a8:18:bd:a4:6b:12:f7:73:5b:b1:2d:f0:
         c6:83:9c:e5:3d:4c:e0:15:63:40:02:2f:b0:ea:ca:42:1b:6c:
         01:14:f8:ae:57:49:70:7a:2f:79:55:e8:a2:32:83:96:18:f3:
         89:51:7f:05:56:92:e9:40:67:02:0b:5d:6d:3f:92:d0:8d:3b:
         1f:b3:a7:fd:e1:34:36:50:d4:f6:bb:f8:20:01:7c:32:a0:7c:
         ac:79:1c:9d:5d:76:e7:a6:6b:40:ec:e4:4e:d7:b3:83:82:1a:
         58:9e:c1:ad:be:e3:a0:f2:bb:d2:8f:73:1c:a4:90:a4:df:9d:
         6d:d9:f2:cf:2c:cf:8e:34:d6:55:fa:f4:dd:e0:9a:ed:72:36:
         1a:cc:75:aa:2c:5c:ff:84:9d:06:c7:0b:36:46:ba:8f:db:38:
         b4:ac:18:7d:43:8e:a7:0b:40:25:54:a6:21:d8:39:9d:7f:af:
         b7:a2:4d:e8:9f:e6:1b:1b:ed:44:95:7d:9b:ac:5a:3f:92:48:
         85:66:7d:40:3b:4a:8b:e1:be:9e:cf:e8:ea:c1:43:98:92:e9:
         02:20:ae:e1
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzFbu68xoVOQAhnJPoeKAXOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NzI3ZmFkNWI1YzA2ODUyZTFkYWZhMDcxY2U0NzY3YTc5
OWUwNTAwHhcNMjQwMTAxMTQzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGQwNDYzYzQxODA2MGE1ODFhZWY5ZWYzZTNmOTNmNTEzZmIwNDFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgAzxEvA0hObuZ3Bmy1snNXt80zr3
idcXYocoPTcQQj9ANELu9fErjqwyK1OnnI8By0ng0kwj/LaxjesdbqsvQMDqn33B
hvBk2tAp0BszdPZGFwS83/+1kmtOADxHRuPEh8s6MTxibhL1OetJG38JnhLEjNHJ
YFLexRcWBGo+Kf4X3E69Shx6ur7XAykN/n7G9LycTpZoZkxet7J/izn74m2J3HWn
gaBiTARJPceoGfDzj0iXKu2lfrCMgRzOcgHslkL+Kypu4hnRqMSCDryTaGmyyv58
NlcGVNeC74WalzmRYlfifZcOKAnA1sYjr0bCnwUZ0N5axzEd+Z5OZI/HUwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJDQRjxBgGClga757z4/k/UT+wQaMB8GA1UdIwQY
MBaAFIhyf61bXAaFLh2voHHOR2enmeBQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUhKX3JWdGNCb1V1SGEtZ2NjNUhaNmVaNEZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC9hNGEyNjAtODRiMC00NjhlLWI0OTct
NWE0MTkyNmZlZDdjLzEva05CR1BFR0FZS1dCcnZudlBqLVQ5UlA3QkJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC9hNGEyNjAtODRiMC00NjhlLWI0OTctNWE0MTkyNmZlZDdj
LzEvaUhKX3JWdGNCb1V1SGEtZ2NjNUhaNmVaNEZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCucHQAwQC
udYkAwQCueKEMA0GCSqGSIb3DQEBCwUAA4IBAQA9h8LbXdIxwzzdojH8A46ajkIa
+gqxwhwaFdpc3PQ41LXUsoiya9xoYFuoGL2kaxL3c1uxLfDGg5zlPUzgFWNAAi+w
6spCG2wBFPiuV0lwei95VeiiMoOWGPOJUX8FVpLpQGcCC11tP5LQjTsfs6f94TQ2
UNT2u/ggAXwyoHyseRydXXbnpmtA7ORO17ODghpYnsGtvuOg8rvSj3McpJCk351t
2fLPLM+ONNZV+vTd4JrtcjYazHWqLFz/hJ0Gxws2RrqP2zi0rBh9Q46nC0AlVKYh
2Dmdf6+3ok3on+YbG+1ElX2brFo/kkiFZn1AO0qL4b6ez+jqwUOYkukCIK7h
-----END CERTIFICATE-----