Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/0b7fd3-90f0-45d1-8a58-6785cd456871/1/10shvfitVyCl2hvCoSzhz-mRITw.roa
File:                     10shvfitVyCl2hvCoSzhz-mRITw.roa (raw, json)
Hash identifier:          Zm/xUnk1SlDYJ2bv4VHPIPbQsh598vaINtfpEWl/zy8=
Subject key identifier:   D7:4B:21:BD:F8:AD:57:20:A5:DA:1B:C2:A1:2C:E1:CF:E9:91:21:3C
Certificate issuer:       /CN=e138ec242a43e9c9d4ceb25dc90e5453373d3f46
Certificate serial:       018999ACD1DCC0303A3AAC90B17EA9157184
Authority key identifier: E1:38:EC:24:2A:43:E9:C9:D4:CE:B2:5D:C9:0E:54:53:37:3D:3F:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4TjsJCpD6cnUzrJdyQ5UUzc9P0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/0b7fd3-90f0-45d1-8a58-6785cd456871/1/10shvfitVyCl2hvCoSzhz-mRITw.roa
Signing time:             Thu 27 Jul 2023 23:26:27 +0000
ROA not before:           Thu 27 Jul 2023 23:26:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     60117
IP address blocks:        185.183.96.0/24 maxlen: 24
                          185.117.74.0/24 maxlen: 24
                          185.117.75.0/24 maxlen: 24
                          185.82.201.0/24 maxlen: 24
                          185.82.203.0/24 maxlen: 24
                          185.45.193.0/24 maxlen: 24
                          185.198.57.0/24 maxlen: 24
                          185.106.121.0/24 maxlen: 24
                          185.244.150.0/24 maxlen: 24
                          194.36.189.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 02:29:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:99:ac:d1:dc:c0:30:3a:3a:ac:90:b1:7e:a9:15:71:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e138ec242a43e9c9d4ceb25dc90e5453373d3f46
        Validity
            Not Before: Jul 27 23:26:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d74b21bdf8ad5720a5da1bc2a12ce1cfe991213c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:8e:12:33:9b:9d:29:d8:6f:39:37:8e:da:dc:
                    a3:99:81:40:03:a6:31:9a:e5:10:23:68:67:42:5e:
                    b6:43:e0:8d:a3:a9:45:08:ff:34:5a:2a:4f:f2:4c:
                    c6:a6:7b:3c:8c:8b:0b:0a:28:27:cf:f8:62:95:54:
                    3c:2b:5b:fe:54:8f:50:32:85:ac:24:c3:3e:ad:c3:
                    93:9c:a0:90:69:3a:99:a4:b5:dc:24:e2:62:44:b0:
                    24:5a:d4:bc:82:d0:a1:ab:c5:40:93:de:37:8c:55:
                    c5:9d:89:88:cd:73:57:db:39:41:8f:58:5d:d7:ff:
                    1d:f2:2d:bf:f9:9c:bf:59:92:e6:57:33:8f:c8:4e:
                    b2:03:d4:2e:80:ca:5f:92:e4:73:46:b5:e5:ca:65:
                    fd:58:9c:77:4b:2f:c6:78:c2:4a:10:cc:39:0a:db:
                    a3:91:48:43:43:32:42:66:07:f2:b8:1b:1d:d6:92:
                    ab:91:82:6a:2a:5d:97:ec:cd:4d:6a:0a:20:7c:4f:
                    ae:3f:e3:20:0d:ff:62:10:81:83:46:68:73:71:9a:
                    32:cf:cc:a5:17:2b:0b:1b:67:27:63:af:c8:76:cc:
                    e0:1d:18:6f:10:8d:1d:ff:70:9d:15:09:b8:7f:6f:
                    ec:32:d7:e3:36:5e:09:a3:f9:cb:3c:44:46:d7:e6:
                    8d:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:4B:21:BD:F8:AD:57:20:A5:DA:1B:C2:A1:2C:E1:CF:E9:91:21:3C
            X509v3 Authority Key Identifier:
                keyid:E1:38:EC:24:2A:43:E9:C9:D4:CE:B2:5D:C9:0E:54:53:37:3D:3F:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4TjsJCpD6cnUzrJdyQ5UUzc9P0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/0b7fd3-90f0-45d1-8a58-6785cd456871/1/10shvfitVyCl2hvCoSzhz-mRITw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/0b7fd3-90f0-45d1-8a58-6785cd456871/1/4TjsJCpD6cnUzrJdyQ5UUzc9P0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.45.193.0/24
                  185.82.201.0/24
                  185.82.203.0/24
                  185.106.121.0/24
                  185.117.74.0/23
                  185.183.96.0/24
                  185.198.57.0/24
                  185.244.150.0/24
                  194.36.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:a6:95:08:43:76:39:1f:b5:f3:49:f0:fd:f5:fa:d2:b9:4c:
         16:64:1d:a6:c8:9d:41:9d:1e:22:2e:8d:79:3e:3d:e6:0b:71:
         9c:a7:f1:9a:62:4e:f5:08:86:56:99:85:41:31:0f:ca:e5:68:
         9a:41:65:57:e9:63:74:76:ef:36:1d:85:61:a6:d6:53:31:5c:
         55:f8:8e:af:86:78:0b:dc:73:e7:86:1c:4a:16:68:35:5f:2b:
         2b:4d:a3:bd:b1:ec:6a:05:bc:d9:76:9e:bb:04:f4:38:a5:bf:
         99:70:33:24:1f:78:0d:95:a0:22:fb:43:04:1b:80:eb:1e:04:
         84:e3:53:8f:00:c6:3a:f7:b7:ca:ea:9a:f7:c3:cd:1d:f3:f2:
         af:c9:13:58:7b:9c:95:e5:ad:05:7f:98:16:be:30:cd:36:2f:
         11:3f:6b:0e:7f:64:0d:73:00:90:d1:34:3c:8c:08:8f:fd:01:
         d8:2d:70:27:32:35:b7:76:90:31:58:75:e9:3b:f1:5f:17:2d:
         43:02:0a:7e:7d:b1:9e:82:6d:52:fa:d5:e4:d5:71:da:50:3b:
         be:d4:4a:e9:ca:d2:cb:f1:90:c8:cd:df:73:bf:63:d3:49:61:
         f3:a5:26:08:d2:16:4a:bf:c9:c6:9c:37:0a:46:68:4f:be:21:
         12:68:db:af
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYmZrNHcwDA6OqyQsX6pFXGEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxMzhlYzI0MmE0M2U5YzlkNGNlYjI1ZGM5MGU1NDUzMzcz
ZDNmNDYwHhcNMjMwNzI3MjMyNjI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzRiMjFiZGY4YWQ1NzIwYTVkYTFiYzJhMTJjZTFjZmU5OTEyMTNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzo4SM5udKdhvOTeO2tyjmYFAA6Yx
muUQI2hnQl62Q+CNo6lFCP80WipP8kzGpns8jIsLCignz/hilVQ8K1v+VI9QMoWs
JMM+rcOTnKCQaTqZpLXcJOJiRLAkWtS8gtChq8VAk943jFXFnYmIzXNX2zlBj1hd
1/8d8i2/+Zy/WZLmVzOPyE6yA9QugMpfkuRzRrXlymX9WJx3Sy/GeMJKEMw5Ctuj
kUhDQzJCZgfyuBsd1pKrkYJqKl2X7M1NagogfE+uP+MgDf9iEIGDRmhzcZoyz8yl
FysLG2cnY6/IdszgHRhvEI0d/3CdFQm4f2/sMtfjNl4Jo/nLPERG1+aNaQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFNdLIb34rVcgpdobwqEs4c/pkSE8MB8GA1UdIwQY
MBaAFOE47CQqQ+nJ1M6yXckOVFM3PT9GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFRqc0pDcEQ2Y25VenJKZHlRNVVVemM5UDBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi8wYjdmZDMtOTBmMC00NWQxLThhNTgt
Njc4NWNkNDU2ODcxLzEvMTBzaHZmaXRWeUNsMmh2Q29Temh6LW1SSVR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi8wYjdmZDMtOTBmMC00NWQxLThhNTgtNjc4NWNkNDU2ODcx
LzEvNFRqc0pDcEQ2Y25VenJKZHlRNVVVemM5UDBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAuS3BAwQA
uVLJAwQAuVLLAwQAuWp5AwQBuXVKAwQAubdgAwQAucY5AwQAufSWAwQAwiS9MA0G
CSqGSIb3DQEBCwUAA4IBAQA4ppUIQ3Y5H7XzSfD99frSuUwWZB2myJ1BnR4iLo15
Pj3mC3Gcp/GaYk71CIZWmYVBMQ/K5WiaQWVX6WN0du82HYVhptZTMVxV+I6vhngL
3HPnhhxKFmg1XysrTaO9sexqBbzZdp67BPQ4pb+ZcDMkH3gNlaAi+0MEG4DrHgSE
41OPAMY697fK6pr3w80d8/KvyRNYe5yV5a0Ff5gWvjDNNi8RP2sOf2QNcwCQ0TQ8
jAiP/QHYLXAnMjW3dpAxWHXpO/FfFy1DAgp+fbGegm1S+tXk1XHaUDu+1ErpytLL
8ZDIzd9zv2PTSWHzpSYI0hZKv8nGnDcKRmhPviESaNuv
-----END CERTIFICATE-----