Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/x1fWb2lYrCWzUq1edOwIaG73K24.roa
File:                     x1fWb2lYrCWzUq1edOwIaG73K24.roa (raw, json)
Hash identifier:          s1dVGnCzAIGrdgVuzXep9ZIpp4SkQ3wi9wxPOw0rBAg=
Subject key identifier:   C7:57:D6:6F:69:58:AC:25:B3:52:AD:5E:74:EC:08:68:6E:F7:2B:6E
Certificate issuer:       /CN=67b5b02dc401666ee045ab90cc88817fe09d706a
Certificate serial:       018AB6B56B16DFD26CF664CEE136D899F8E3
Authority key identifier: 67:B5:B0:2D:C4:01:66:6E:E0:45:AB:90:CC:88:81:7F:E0:9D:70:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/x1fWb2lYrCWzUq1edOwIaG73K24.roa
Signing time:             Thu 21 Sep 2023 07:47:37 +0000
ROA not before:           Thu 21 Sep 2023 07:47:37 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2914
IP address blocks:        163.171.77.0/24 maxlen: 24
                          163.171.90.0/24 maxlen: 24
                          163.171.91.0/24 maxlen: 24
                          148.253.239.0/24 maxlen: 24
                          148.253.240.0/24 maxlen: 24
                          148.253.242.0/24 maxlen: 24
                          148.253.243.0/24 maxlen: 24
                          148.253.241.0/24 maxlen: 24
                          148.253.249.0/24 maxlen: 24
                          148.253.250.0/24 maxlen: 24
                          185.27.228.0/24 maxlen: 24
                          163.171.246.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 21 Sep 2023 07:48:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:b6:b5:6b:16:df:d2:6c:f6:64:ce:e1:36:d8:99:f8:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67b5b02dc401666ee045ab90cc88817fe09d706a
        Validity
            Not Before: Sep 21 07:47:37 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c757d66f6958ac25b352ad5e74ec08686ef72b6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:80:23:ed:72:75:b1:68:bd:6f:44:e1:4a:a9:
                    35:29:67:1d:09:b7:61:7f:24:82:f3:18:34:21:e6:
                    3a:dc:c8:38:87:04:cd:73:39:28:4b:98:3c:a3:c4:
                    07:96:e4:95:10:2b:8b:5b:0e:ea:79:93:31:17:98:
                    21:bf:22:9b:2d:05:04:a1:13:45:e1:7c:10:7d:8b:
                    a8:22:1d:c7:dd:99:ea:dc:23:c1:eb:7e:98:a6:97:
                    62:62:f6:00:4b:fa:e7:3d:be:b4:c0:53:91:5d:94:
                    4d:24:f0:9f:db:98:dd:9d:cc:96:9f:83:34:b3:69:
                    4b:8d:58:78:3a:e0:9a:b9:4b:4a:55:96:0b:db:98:
                    f0:05:50:13:db:52:b4:2c:a0:59:ca:9f:5a:73:78:
                    36:ed:de:22:7a:4c:43:e8:bb:89:41:eb:38:32:e6:
                    84:42:ac:8b:cc:88:0f:e4:8c:ac:3d:86:1d:17:de:
                    f5:b0:90:a1:1b:4f:c8:22:54:4e:d3:a3:c5:84:62:
                    0c:e0:ea:a5:e2:7b:09:3c:90:5d:5e:13:f0:d4:c7:
                    46:01:ab:67:b4:c1:b1:83:1f:37:2e:2a:96:8e:05:
                    8e:80:d4:62:c7:9e:b1:75:92:9f:f6:84:80:ad:6a:
                    69:10:35:b4:74:fc:b6:3a:e8:ff:44:5c:7c:ac:ce:
                    f3:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:57:D6:6F:69:58:AC:25:B3:52:AD:5E:74:EC:08:68:6E:F7:2B:6E
            X509v3 Authority Key Identifier:
                keyid:67:B5:B0:2D:C4:01:66:6E:E0:45:AB:90:CC:88:81:7F:E0:9D:70:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/x1fWb2lYrCWzUq1edOwIaG73K24.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Z7WwLcQBZm7gRauQzIiBf-CdcGo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  148.253.239.0-148.253.243.255
                  148.253.249.0-148.253.250.255
                  163.171.77.0/24
                  163.171.90.0/23
                  163.171.246.0/24
                  185.27.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:3e:c8:f6:32:4e:e8:00:ba:2c:91:86:1e:2e:21:b2:6a:e1:
         1a:2e:48:6a:46:0e:00:ed:ea:82:db:6f:3e:b6:5e:75:18:e9:
         d3:21:84:b4:18:dd:e3:c6:86:f7:9a:3d:4d:cc:49:06:76:ca:
         b8:40:98:68:7a:77:02:02:50:82:9c:62:07:83:63:5d:4b:2e:
         6a:6e:e5:43:ff:08:0b:3d:db:43:04:60:01:b1:6b:a5:8d:15:
         b9:ae:56:dc:66:1c:f1:ab:c7:63:6c:05:a6:d7:cc:68:4e:c4:
         cb:40:30:70:11:61:17:07:6b:30:c2:70:e0:e1:b4:d2:8a:ff:
         03:2b:fe:55:92:d8:52:0a:46:45:d4:3d:1a:89:7f:62:66:80:
         c7:52:41:ad:86:09:ab:de:7c:51:b4:13:3d:2e:36:b1:e2:66:
         b0:99:a0:54:ad:d4:5b:4c:e1:62:88:4e:9a:df:e7:5e:3e:3f:
         9a:96:98:17:c6:27:36:7d:72:ea:1b:1f:b1:23:12:45:8c:1b:
         25:87:70:98:61:69:50:ef:ac:99:59:c7:43:14:a8:31:0b:62:
         c3:95:2f:06:59:f8:ef:3b:12:57:a7:ce:1a:b9:58:12:7e:ee:
         9c:c3:83:6f:a2:02:19:08:46:78:90:4b:00:7c:af:b5:48:45:
         dd:74:bc:cd
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAYq2tWsW39Js9mTO4TbYmfjjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3YjViMDJkYzQwMTY2NmVlMDQ1YWI5MGNjODg4MTdmZTA5
ZDcwNmEwHhcNMjMwOTIxMDc0NzM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzU3ZDY2ZjY5NThhYzI1YjM1MmFkNWU3NGVjMDg2ODZlZjcyYjZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmoAj7XJ1sWi9b0ThSqk1KWcdCbdh
fySC8xg0IeY63Mg4hwTNczkoS5g8o8QHluSVECuLWw7qeZMxF5ghvyKbLQUEoRNF
4XwQfYuoIh3H3Znq3CPB636YppdiYvYAS/rnPb60wFORXZRNJPCf25jdncyWn4M0
s2lLjVh4OuCauUtKVZYL25jwBVAT21K0LKBZyp9ac3g27d4iekxD6LuJQes4MuaE
QqyLzIgP5IysPYYdF971sJChG0/IIlRO06PFhGIM4Oql4nsJPJBdXhPw1MdGAatn
tMGxgx83LiqWjgWOgNRix56xdZKf9oSArWppEDW0dPy2Ouj/RFx8rM7zHQIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFMdX1m9pWKwls1KtXnTsCGhu9ytuMB8GA1UdIwQY
MBaAFGe1sC3EAWZu4EWrkMyIgX/gnXBqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjdXd0xjUUJabTdnUmF1UXpJaUJmLUNkY0dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82NGEzZGUtODEyYS00YWNlLTgxNGQt
YjVkODg4YWRmZDM3LzEveDFmV2IybFlyQ1d6VXExZWRPd0lhRzczSzI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82NGEzZGUtODEyYS00YWNlLTgxNGQtYjVkODg4YWRmZDM3
LzEvWjdXd0xjUUJabTdnUmF1UXpJaUJmLUNkY0dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDA6BAIAATA0MAwDBACU/e8D
BAKU/fAwDAMEAJT9+QMEAJT9+gMEAKOrTQMEAaOrWgMEAKOr9gMEALkb5DANBgkq
hkiG9w0BAQsFAAOCAQEAIj7I9jJO6AC6LJGGHi4hsmrhGi5IakYOAO3qgttvPrZe
dRjp0yGEtBjd48aG95o9TcxJBnbKuECYaHp3AgJQgpxiB4NjXUsuam7lQ/8ICz3b
QwRgAbFrpY0Vua5W3GYc8avHY2wFptfMaE7Ey0AwcBFhFwdrMMJw4OG00or/Ayv+
VZLYUgpGRdQ9Gol/YmaAx1JBrYYJq958UbQTPS42seJmsJmgVK3UW0zhYohOmt/n
Xj4/mpaYF8YnNn1y6hsfsSMSRYwbJYdwmGFpUO+smVnHQxSoMQtiw5UvBln47zsS
V6fOGrlYEn7unMODb6ICGQhGeJBLAHyvtUhF3XS8zQ==
-----END CERTIFICATE-----