Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/sNwVMwOByJ1pC2h60kBXlFlyovQ.roa
File:                     sNwVMwOByJ1pC2h60kBXlFlyovQ.roa (raw, json)
Hash identifier:          WRQf2v9/rK8Zyd4NHAeSitIxV+JBSrNKuSzFNZ55M6g=
Subject key identifier:   B0:DC:15:33:03:81:C8:9D:69:0B:68:7A:D2:40:57:94:59:72:A2:F4
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       018CCA2A78E40AA97374F080F1C7172BB9DD
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/sNwVMwOByJ1pC2h60kBXlFlyovQ.roa
Signing time:             Tue 02 Jan 2024 12:33:50 +0000
ROA not before:           Tue 02 Jan 2024 12:33:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212552
IP address blocks:        202.133.88.0/24 maxlen: 24
                          212.90.102.0/23 maxlen: 24
                          185.215.244.0/23 maxlen: 24
                          46.249.98.0/23 maxlen: 24
                          193.36.84.0/23 maxlen: 24
                          46.249.100.0/22 maxlen: 24
                          103.75.196.0/22 maxlen: 24
                          82.115.17.0/24 maxlen: 24
                          82.115.16.0/24 maxlen: 24
                          82.115.24.0/22 maxlen: 24
                          82.115.20.0/23 maxlen: 24
                          82.115.19.0/24 maxlen: 24
                          82.115.18.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 03 Jan 2024 16:38:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:78:e4:0a:a9:73:74:f0:80:f1:c7:17:2b:b9:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Jan  2 12:33:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b0dc15330381c89d690b687ad24057945972a2f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:27:bb:ec:ea:79:f9:e4:29:be:c2:ff:93:b2:
                    bf:fc:0e:c8:6e:6c:28:65:52:ee:11:a7:a5:b5:aa:
                    08:1d:1e:8b:77:64:f3:01:41:11:17:74:e7:34:30:
                    d3:cb:ff:30:80:ad:24:f7:bd:f1:98:11:d8:d0:53:
                    1d:e2:9a:ed:3e:b8:8b:4c:4e:90:2f:8b:74:a4:a6:
                    a1:ee:1b:87:de:6d:52:31:de:de:00:96:42:7e:f8:
                    04:a6:0c:f4:8d:dd:4e:05:42:04:fc:df:40:cb:e5:
                    6c:20:88:96:1b:51:bc:6d:10:85:0f:15:16:58:8f:
                    84:dc:91:60:8d:a4:67:30:8c:f4:d2:f7:7d:0d:84:
                    ba:b4:38:a7:46:ca:68:af:a9:41:e0:d7:bd:e3:ba:
                    00:f0:75:12:0e:41:f2:42:1e:f7:f9:2a:55:6b:05:
                    30:87:e2:8d:d2:7b:0d:8a:bc:e1:bc:d6:ac:ad:06:
                    41:25:ae:0a:88:b5:41:9e:c8:4d:30:ad:69:ab:0b:
                    a6:18:2a:40:64:d4:b9:5a:6a:cf:39:56:d7:ca:9c:
                    06:b0:8e:97:c1:f6:15:2b:63:73:00:67:e1:4c:ba:
                    ce:1c:2c:91:00:9f:d9:1b:7b:86:cb:a1:7a:88:bb:
                    66:74:c1:90:da:50:cc:60:d1:0c:ce:5f:68:03:86:
                    12:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:DC:15:33:03:81:C8:9D:69:0B:68:7A:D2:40:57:94:59:72:A2:F4
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/sNwVMwOByJ1pC2h60kBXlFlyovQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.249.98.0-46.249.103.255
                  82.115.16.0-82.115.21.255
                  82.115.24.0/22
                  103.75.196.0/22
                  185.215.244.0/23
                  193.36.84.0/23
                  202.133.88.0/24
                  212.90.102.0/23

    Signature Algorithm: sha256WithRSAEncryption
         51:2c:b5:2a:b6:b6:40:e2:02:d6:c6:35:a8:8d:1d:1f:6e:d5:
         b2:48:c7:7a:84:59:d1:c6:23:10:eb:df:a8:6f:53:e9:16:8d:
         33:ca:b3:65:66:4b:88:20:a6:f1:48:be:7c:e1:ba:b1:0d:a0:
         3c:b2:e3:43:63:98:55:53:1d:68:ae:23:49:ea:7c:68:e8:d5:
         7d:13:f7:50:f6:b8:95:f9:66:f6:49:b0:f7:fe:b4:0e:7e:40:
         b5:35:ca:fb:1f:0c:db:89:bb:f2:f3:5f:e1:68:d1:00:93:f2:
         12:26:db:14:a2:19:2a:d3:63:b4:cb:69:88:f1:53:e3:aa:f3:
         6c:f4:16:26:25:90:68:2d:d2:0e:a6:a4:4c:18:60:27:5d:7b:
         fe:15:8a:58:8d:1b:40:a2:49:ee:c7:7b:c8:ae:82:52:33:d8:
         ab:4e:9a:01:b0:56:5f:c7:01:11:51:a8:88:16:d6:b9:b1:9c:
         ba:be:53:a3:d1:d3:79:f2:19:35:5f:f1:06:1a:c3:27:3d:42:
         55:dc:1a:d2:8c:aa:74:bf:3c:29:23:68:0e:55:7b:1f:30:77:
         fc:34:65:ea:c2:84:b4:31:73:9c:9e:5e:62:a7:5a:51:4b:6a:
         75:c2:02:bf:6f:f6:a7:7f:2f:de:da:77:57:62:61:3f:11:52:
         eb:93:9f:dd
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAYzKKnjkCqlzdPCA8ccXK7ndMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjQwMTAyMTIzMzUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGRjMTUzMzAzODFjODlkNjkwYjY4N2FkMjQwNTc5NDU5NzJhMmY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjie77Op5+eQpvsL/k7K//A7Ibmwo
ZVLuEaeltaoIHR6Ld2TzAUERF3TnNDDTy/8wgK0k973xmBHY0FMd4prtPriLTE6Q
L4t0pKah7huH3m1SMd7eAJZCfvgEpgz0jd1OBUIE/N9Ay+VsIIiWG1G8bRCFDxUW
WI+E3JFgjaRnMIz00vd9DYS6tDinRspor6lB4Ne947oA8HUSDkHyQh73+SpVawUw
h+KN0nsNirzhvNasrQZBJa4KiLVBnshNMK1pqwumGCpAZNS5WmrPOVbXypwGsI6X
wfYVK2NzAGfhTLrOHCyRAJ/ZG3uGy6F6iLtmdMGQ2lDMYNEMzl9oA4YSdQIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFLDcFTMDgcidaQtoetJAV5RZcqL0MB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvc053Vk13T0J5SjFwQzJoNjBrQlhsRmx5b3ZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDBGBAIAATBAMAwDBAEu+WID
BAMu+WAwDAMEBFJzEAMEAVJzFAMEAlJzGAMEAmdLxAMEAbnX9AMEAcEkVAMEAMqF
WAMEAdRaZjANBgkqhkiG9w0BAQsFAAOCAQEAUSy1Kra2QOIC1sY1qI0dH27VskjH
eoRZ0cYjEOvfqG9T6RaNM8qzZWZLiCCm8Ui+fOG6sQ2gPLLjQ2OYVVMdaK4jSep8
aOjVfRP3UPa4lflm9kmw9/60Dn5AtTXK+x8M24m78vNf4WjRAJPyEibbFKIZKtNj
tMtpiPFT46rzbPQWJiWQaC3SDqakTBhgJ117/hWKWI0bQKJJ7sd7yK6CUjPYq06a
AbBWX8cBEVGoiBbWubGcur5To9HTefIZNV/xBhrDJz1CVdwa0oyqdL88KSNoDlV7
HzB3/DRl6sKEtDFznJ5eYqdaUUtqdcICv2/2p38v3tp3V2JhPxFS65Of3Q==
-----END CERTIFICATE-----