Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/rdrLU0-obbfwnRF2aMhA1Ewmu7Q.roa
File:                     rdrLU0-obbfwnRF2aMhA1Ewmu7Q.roa (raw, json)
Hash identifier:          tk3+qB7V+mGDfa4UB4IohHb8xyxQBcEwTfJMN3EyN64=
Subject key identifier:   AD:DA:CB:53:4F:A8:6D:B7:F0:9D:11:76:68:C8:40:D4:4C:26:BB:B4
Certificate issuer:       /CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Certificate serial:       018AEF97399AF1CE3559035270193FDF3D35
Authority key identifier: 6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/rdrLU0-obbfwnRF2aMhA1Ewmu7Q.roa
Signing time:             Mon 02 Oct 2023 08:52:59 +0000
ROA not before:           Mon 02 Oct 2023 08:52:59 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     198357
IP address blocks:        185.3.202.0/24 maxlen: 24
                          185.3.201.0/24 maxlen: 24
                          185.3.203.0/24 maxlen: 24
                          5.159.48.0/24 maxlen: 24
                          5.159.50.0/24 maxlen: 24
                          5.159.51.0/24 maxlen: 24
                          5.159.52.0/24 maxlen: 24
                          5.159.53.0/24 maxlen: 24
                          5.159.55.0/24 maxlen: 24
                          89.46.216.0/24 maxlen: 24
                          89.46.218.0/24 maxlen: 24
                          89.46.219.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 02 Oct 2023 09:35:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:ef:97:39:9a:f1:ce:35:59:03:52:70:19:3f:df:3d:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ddb38b343da2d119309edaa19c7a78870327ebe
        Validity
            Not Before: Oct  2 08:52:59 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=addacb534fa86db7f09d117668c840d44c26bbb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:92:c6:bd:8e:5d:e2:44:28:b9:34:9e:57:f8:
                    ef:ca:02:9d:7a:ce:10:ef:e4:a7:b1:0c:82:7b:ac:
                    e2:0e:07:6b:67:87:fd:eb:4a:e7:01:51:c9:cf:ea:
                    bd:56:d7:f4:03:3f:0d:b6:cf:ec:60:a7:df:1a:0d:
                    9a:aa:c5:26:30:33:71:bc:e9:e3:1d:47:25:7e:57:
                    dd:d4:63:4d:a0:25:60:ff:1e:16:9f:20:5f:cb:d1:
                    d4:e2:95:aa:87:1e:0a:1c:3d:54:bc:be:3a:ac:21:
                    ee:98:d4:69:77:d9:88:1e:c2:6a:1d:26:8d:f4:84:
                    0a:b0:e0:b6:f3:65:b1:27:fd:56:73:d4:5d:66:1f:
                    d7:32:e0:f9:aa:88:65:ca:0c:fb:55:c3:94:a4:dc:
                    aa:b0:b0:99:cd:f6:7f:f7:b8:a0:07:b9:da:a5:41:
                    54:ef:54:98:63:2f:3d:ac:c9:43:0e:51:c3:aa:fb:
                    da:4f:eb:d0:4c:85:e6:ae:15:5f:cc:5c:6a:e5:96:
                    dc:b3:f1:29:85:eb:59:97:ad:5d:38:e8:cc:fc:7c:
                    d6:5e:68:68:f3:f0:9e:b1:f6:1b:22:4e:b8:9a:b3:
                    c1:51:76:81:46:6b:07:af:e3:62:25:ff:7d:4c:c5:
                    2b:34:28:d6:8c:5d:bd:ae:84:7d:da:c5:2c:8a:fe:
                    e1:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:DA:CB:53:4F:A8:6D:B7:F0:9D:11:76:68:C8:40:D4:4C:26:BB:B4
            X509v3 Authority Key Identifier:
                keyid:6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/rdrLU0-obbfwnRF2aMhA1Ewmu7Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.159.48.0/24
                  5.159.50.0-5.159.53.255
                  5.159.55.0/24
                  89.46.216.0/24
                  89.46.218.0/23
                  185.3.201.0-185.3.203.255

    Signature Algorithm: sha256WithRSAEncryption
         1e:70:95:db:d2:ae:b3:fd:b2:c2:e5:a2:2b:6f:fb:e5:da:e0:
         5d:4b:d8:12:12:13:10:75:d0:c4:1c:ef:e1:56:17:5b:32:15:
         1e:0d:eb:b9:e4:62:ac:26:cb:42:4d:5a:66:9c:1e:b5:be:07:
         f9:6a:7b:b4:51:d8:05:81:08:0e:9a:e8:22:76:c9:64:47:36:
         3c:dc:0c:b3:c7:6c:17:9a:95:d8:d2:f2:20:66:76:26:4d:9f:
         5f:3f:bf:eb:84:49:02:f9:0f:c3:8a:85:92:13:34:91:f8:e6:
         b0:8d:d1:3c:bf:58:0a:f1:ee:a5:3d:e9:49:ad:5f:da:97:54:
         48:62:6d:ce:0f:0f:af:21:d1:35:c8:bf:28:f3:3a:4b:f8:c5:
         71:81:06:de:76:a7:68:2e:13:83:4b:5a:ba:1b:f9:70:01:96:
         ad:db:86:37:11:c3:ae:38:e1:dc:b4:5d:ea:c6:f9:07:ce:25:
         66:be:c2:91:ab:b7:e6:c4:3f:77:90:d4:d5:82:24:77:9c:2c:
         57:bb:8f:3d:3f:92:46:c9:ef:72:56:03:d9:9d:2e:24:a2:93:
         57:67:d0:fa:a2:d9:9e:79:58:a6:7a:d6:3a:ff:8a:3c:ff:5a:
         2c:2a:bf:0a:cf:8e:ec:3e:5d:cb:47:b2:83:66:39:e7:6c:88:
         0e:07:91:cf
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAYrvlzma8c41WQNScBk/3z01MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZGIzOGIzNDNkYTJkMTE5MzA5ZWRhYTE5YzdhNzg4NzAz
MjdlYmUwHhcNMjMxMDAyMDg1MjU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZGRhY2I1MzRmYTg2ZGI3ZjA5ZDExNzY2OGM4NDBkNDRjMjZiYmI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqZLGvY5d4kQouTSeV/jvygKdes4Q
7+SnsQyCe6ziDgdrZ4f960rnAVHJz+q9Vtf0Az8Nts/sYKffGg2aqsUmMDNxvOnj
HUclflfd1GNNoCVg/x4WnyBfy9HU4pWqhx4KHD1UvL46rCHumNRpd9mIHsJqHSaN
9IQKsOC282WxJ/1Wc9RdZh/XMuD5qohlygz7VcOUpNyqsLCZzfZ/97igB7napUFU
71SYYy89rMlDDlHDqvvaT+vQTIXmrhVfzFxq5Zbcs/EphetZl61dOOjM/HzWXmho
8/CesfYbIk64mrPBUXaBRmsHr+NiJf99TMUrNCjWjF29roR92sUsiv7haQIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFK3ay1NPqG238J0RdmjIQNRMJru0MB8GA1UdIwQY
MBaAFG3bOLND2i0RkwntqhnHp4hwMn6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQt
M2RmYTUxMGQ2YjE2LzEvcmRyTFUwLW9iYmZ3blJGMmFNaEExRXdtdTdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQtM2RmYTUxMGQ2YjE2
LzEvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDA6BAIAATA0AwQABZ8wMAwD
BAEFnzIDBAEFnzQDBAAFnzcDBABZLtgDBAFZLtowDAMEALkDyQMEArkDyDANBgkq
hkiG9w0BAQsFAAOCAQEAHnCV29Kus/2ywuWiK2/75drgXUvYEhITEHXQxBzv4VYX
WzIVHg3rueRirCbLQk1aZpwetb4H+Wp7tFHYBYEIDproInbJZEc2PNwMs8dsF5qV
2NLyIGZ2Jk2fXz+/64RJAvkPw4qFkhM0kfjmsI3RPL9YCvHupT3pSa1f2pdUSGJt
zg8PryHRNci/KPM6S/jFcYEG3nanaC4Tg0tauhv5cAGWrduGNxHDrjjh3LRd6sb5
B84lZr7Ckau35sQ/d5DU1YIkd5wsV7uPPT+SRsnvclYD2Z0uJKKTV2fQ+qLZnnlY
pnrWOv+KPP9aLCq/Cs+O7D5dy0eyg2Y552yIDgeRzw==
-----END CERTIFICATE-----