Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/dd55e8-febd-49d0-a5a7-1cf15b2ba7be/1/nINxXNWjQKZJr-kvBC14n9F4TeM.roa
File:                     nINxXNWjQKZJr-kvBC14n9F4TeM.roa (raw, json)
Hash identifier:          neophNx+oTGv3r9Q82ziRG1NFJCwJj3ZdH2b3VkNZGI=
Subject key identifier:   9C:83:71:5C:D5:A3:40:A6:49:AF:E9:2F:04:2D:78:9F:D1:78:4D:E3
Certificate issuer:       /CN=ac7cc334f51d2b6eb4e27d6d56b9bce3e85560cc
Certificate serial:       01856FF036B6F9C82ECEB8D4D4F5E640FCF7
Authority key identifier: AC:7C:C3:34:F5:1D:2B:6E:B4:E2:7D:6D:56:B9:BC:E3:E8:55:60:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rHzDNPUdK2604n1tVrm84-hVYMw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/dd55e8-febd-49d0-a5a7-1cf15b2ba7be/1/nINxXNWjQKZJr-kvBC14n9F4TeM.roa
Signing time:             Mon 02 Jan 2023 00:44:51 +0000
ROA not before:           Mon 02 Jan 2023 00:44:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     47902
IP address blocks:        185.100.108.0/22 maxlen: 24
                          93.189.184.0/21 maxlen: 24
                          82.193.32.0/19 maxlen: 24
                          31.223.240.0/20 maxlen: 24
                          46.19.232.0/21 maxlen: 24
                          46.254.232.0/21 maxlen: 24
                          185.202.184.0/22 maxlen: 24
                          2a02:9a8::/29 maxlen: 48
                          2a03:6800::/29 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 18:31:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:f0:36:b6:f9:c8:2e:ce:b8:d4:d4:f5:e6:40:fc:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac7cc334f51d2b6eb4e27d6d56b9bce3e85560cc
        Validity
            Not Before: Jan  2 00:44:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9c83715cd5a340a649afe92f042d789fd1784de3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:74:e0:b2:73:75:44:14:5c:a7:af:d8:07:a2:
                    a7:34:f9:aa:50:23:09:05:46:2c:08:ae:c4:27:8d:
                    7e:fc:14:30:08:9b:a5:e6:be:cd:22:2a:c9:f5:9a:
                    0e:59:e6:d1:88:2e:7a:31:2c:2c:eb:85:29:b0:15:
                    dc:cf:02:7b:f2:a5:24:4a:3e:a4:13:56:cb:fc:eb:
                    35:81:d9:25:88:9d:3d:20:ed:70:a6:16:79:e7:4e:
                    8f:5b:ea:06:70:40:97:1b:3d:a4:1e:9a:c8:cc:77:
                    b6:14:2f:3a:8c:11:4c:e8:12:94:26:fe:8d:26:a7:
                    59:84:28:45:e4:80:20:7c:f4:e4:67:40:37:a3:01:
                    b1:21:7e:9e:f2:61:23:45:8b:16:dd:bc:b2:b0:f8:
                    d5:e4:12:9b:31:09:89:57:8d:29:63:76:53:93:75:
                    ef:79:44:3b:b5:5a:57:d9:d6:23:d8:39:58:09:17:
                    25:5d:16:d0:40:3e:0b:ab:a9:4c:fb:6d:aa:74:71:
                    c2:33:81:a9:5d:78:24:57:8f:81:48:8e:a0:6f:8b:
                    4e:75:77:cc:70:be:fb:6e:c1:dd:c4:4a:33:2f:41:
                    b5:61:2f:ce:5c:df:ab:8a:af:d4:4e:51:77:20:62:
                    e4:b4:05:cb:fe:b6:14:1f:e5:16:5e:30:3d:02:12:
                    88:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:83:71:5C:D5:A3:40:A6:49:AF:E9:2F:04:2D:78:9F:D1:78:4D:E3
            X509v3 Authority Key Identifier:
                keyid:AC:7C:C3:34:F5:1D:2B:6E:B4:E2:7D:6D:56:B9:BC:E3:E8:55:60:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rHzDNPUdK2604n1tVrm84-hVYMw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/dd55e8-febd-49d0-a5a7-1cf15b2ba7be/1/nINxXNWjQKZJr-kvBC14n9F4TeM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/dd55e8-febd-49d0-a5a7-1cf15b2ba7be/1/rHzDNPUdK2604n1tVrm84-hVYMw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.223.240.0/20
                  46.19.232.0/21
                  46.254.232.0/21
                  82.193.32.0/19
                  93.189.184.0/21
                  185.100.108.0/22
                  185.202.184.0/22
                IPv6:
                  2a02:9a8::/29
                  2a03:6800::/29

    Signature Algorithm: sha256WithRSAEncryption
         35:6b:6a:d9:18:d1:ca:50:11:96:3a:d5:a4:85:a7:ad:f7:3b:
         2f:54:3e:e3:5a:c9:5f:72:94:96:b8:9f:06:26:f0:82:cf:20:
         b3:aa:fb:b7:de:76:61:12:00:88:86:82:59:0a:fd:52:91:3f:
         f7:58:f7:4d:37:7c:87:6a:e7:03:df:e5:41:94:0d:8a:4f:eb:
         fd:ec:b7:d9:04:e6:30:a0:32:8b:55:bb:ae:ab:0b:5b:f0:26:
         0f:35:2c:43:38:cd:93:81:9a:cb:a6:6b:54:0f:7f:e6:2f:02:
         df:8e:af:3b:de:69:5c:34:e9:4b:1f:82:9b:1f:56:92:e2:12:
         3d:11:e8:77:70:eb:be:1b:5c:e9:88:97:4b:92:54:b3:78:08:
         ec:21:59:e2:98:ad:47:5d:ac:fa:d7:b9:30:32:eb:46:0f:75:
         e8:98:9d:97:ce:b5:e4:ee:11:05:d9:8a:a8:a5:92:d8:92:3c:
         03:59:2b:6f:db:9a:ea:fc:7a:b5:87:0a:ec:00:dc:b3:f3:3a:
         7a:53:45:d9:4c:e2:17:78:da:bd:d4:90:7d:8d:d5:41:6c:1d:
         55:e8:eb:7a:67:2d:46:93:6e:d8:f1:7e:b4:a7:05:e2:80:ce:
         76:b7:27:6d:ad:04:1c:d8:25:ca:87:64:f4:b8:06:3c:49:57:
         16:fd:18:ca
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAYVv8Da2+cguzrjU1PXmQPz3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjN2NjMzM0ZjUxZDJiNmViNGUyN2Q2ZDU2YjliY2UzZTg1
NTYwY2MwHhcNMjMwMTAyMDA0NDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzgzNzE1Y2Q1YTM0MGE2NDlhZmU5MmYwNDJkNzg5ZmQxNzg0ZGUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqHTgsnN1RBRcp6/YB6KnNPmqUCMJ
BUYsCK7EJ41+/BQwCJul5r7NIirJ9ZoOWebRiC56MSws64UpsBXczwJ78qUkSj6k
E1bL/Os1gdkliJ09IO1wphZ5506PW+oGcECXGz2kHprIzHe2FC86jBFM6BKUJv6N
JqdZhChF5IAgfPTkZ0A3owGxIX6e8mEjRYsW3byysPjV5BKbMQmJV40pY3ZTk3Xv
eUQ7tVpX2dYj2DlYCRclXRbQQD4Lq6lM+22qdHHCM4GpXXgkV4+BSI6gb4tOdXfM
cL77bsHdxEozL0G1YS/OXN+riq/UTlF3IGLktAXL/rYUH+UWXjA9AhKI/wIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFJyDcVzVo0CmSa/pLwQteJ/ReE3jMB8GA1UdIwQY
MBaAFKx8wzT1HStutOJ9bVa5vOPoVWDMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvckh6RE5QVWRLMjYwNG4xdFZybTg0LWhWWU13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS9kZDU1ZTgtZmViZC00OWQwLWE1YTct
MWNmMTViMmJhN2JlLzEvbklOeFhOV2pRS1pKci1rdkJDMTRuOUY0VGVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS9kZDU1ZTgtZmViZC00OWQwLWE1YTctMWNmMTViMmJhN2Jl
LzEvckh6RE5QVWRLMjYwNG4xdFZybTg0LWhWWU13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDAwBAIAATAqAwQEH9/wAwQD
LhPoAwQDLv7oAwQFUsEgAwQDXb24AwQCuWRsAwQCucq4MBQEAgACMA4DBQMqAgmo
AwUDKgNoADANBgkqhkiG9w0BAQsFAAOCAQEANWtq2RjRylARljrVpIWnrfc7L1Q+
41rJX3KUlrifBibwgs8gs6r7t952YRIAiIaCWQr9UpE/91j3TTd8h2rnA9/lQZQN
ik/r/ey32QTmMKAyi1W7rqsLW/AmDzUsQzjNk4Gay6ZrVA9/5i8C346vO95pXDTp
Sx+Cmx9WkuISPRHod3Drvhtc6YiXS5JUs3gI7CFZ4pitR12s+te5MDLrRg916Jid
l8615O4RBdmKqKWS2JI8A1krb9ua6vx6tYcK7ADcs/M6elNF2UziF3javdSQfY3V
QWwdVejremctRpNu2PF+tKcF4oDOdrcnba0EHNglyodk9LgGPElXFv0Yyg==
-----END CERTIFICATE-----