Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/dcfa2a-76f7-4443-a495-6bb30a8730ed/1/pw1cF6b4pXMgZWGzHeerFpNAo6Q.roa
File:                     pw1cF6b4pXMgZWGzHeerFpNAo6Q.roa (raw, json)
Hash identifier:          E0uc73U0B1iCxyVs9HubYh9Wevix4y1lEhRV2LEjvfw=
Subject key identifier:   A7:0D:5C:17:A6:F8:A5:73:20:65:61:B3:1D:E7:AB:16:93:40:A3:A4
Certificate issuer:       /CN=3556e7fb5772f979edd5e5c5aa63eb2b9c0ddc8e
Certificate serial:       018AA6CB53E5DC0F7FF98752061537C04353
Authority key identifier: 35:56:E7:FB:57:72:F9:79:ED:D5:E5:C5:AA:63:EB:2B:9C:0D:DC:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NVbn-1dy-Xnt1eXFqmPrK5wN3I4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/dcfa2a-76f7-4443-a495-6bb30a8730ed/1/pw1cF6b4pXMgZWGzHeerFpNAo6Q.roa
Signing time:             Mon 18 Sep 2023 05:37:37 +0000
ROA not before:           Mon 18 Sep 2023 05:37:37 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61135
IP address blocks:        46.31.76.0/24 maxlen: 24
                          185.73.203.0/24 maxlen: 24
                          185.73.201.0/24 maxlen: 24
                          185.73.200.0/24 maxlen: 24
                          185.73.202.0/24 maxlen: 32
                          185.17.112.0/24 maxlen: 24
                          185.17.113.0/24 maxlen: 32
                          185.17.115.0/24 maxlen: 24
                          185.17.114.0/24 maxlen: 24
                          2a05:4640::/29 maxlen: 48
                          2a04:7c0:1::/48 maxlen: 48
                          2a04:7c0::/29 maxlen: 48
                          2a04:7c0::/33 maxlen: 48
                          2a04:7c0:2::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 02:31:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:a6:cb:53:e5:dc:0f:7f:f9:87:52:06:15:37:c0:43:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3556e7fb5772f979edd5e5c5aa63eb2b9c0ddc8e
        Validity
            Not Before: Sep 18 05:37:37 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a70d5c17a6f8a573206561b31de7ab169340a3a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:e3:8e:53:db:8c:f5:3a:5d:d7:52:1d:9f:f4:
                    98:58:3e:4f:4c:33:0c:78:04:0a:3a:93:74:03:7c:
                    7a:da:91:7c:6f:0d:50:1d:ca:ef:8c:8b:87:d5:be:
                    39:2d:d5:49:cb:48:47:e1:07:51:62:4f:41:91:66:
                    e4:30:e4:0c:49:ce:42:0d:6b:54:a3:a4:a3:22:f7:
                    be:49:06:20:55:73:5c:50:3d:b1:85:e1:ed:37:4e:
                    6b:c3:aa:f6:92:10:07:23:58:e2:90:21:96:fe:d9:
                    66:ea:7e:da:f9:65:af:2d:8b:42:09:a1:96:fb:ed:
                    0b:f0:b1:3b:5b:ba:83:f8:d2:22:11:cc:d7:ee:28:
                    23:2b:16:64:20:24:1c:e4:d9:fb:ac:30:57:20:e6:
                    84:8f:48:5e:9b:af:20:f5:ac:4d:99:58:ee:4a:e7:
                    c5:e8:de:04:7f:70:e0:e2:d4:25:02:71:a7:29:d7:
                    c1:da:95:1b:29:71:3b:5d:45:4b:10:be:93:b2:cd:
                    47:1a:2b:63:d2:64:b2:4a:f4:eb:33:ac:7f:46:34:
                    05:6f:98:ee:9a:89:aa:38:a8:39:3a:9f:11:b0:23:
                    d6:11:f2:a7:8d:9f:50:9b:45:3a:eb:30:06:86:f7:
                    49:c5:a1:c9:3b:82:92:4f:d2:12:36:de:a3:39:45:
                    2a:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:0D:5C:17:A6:F8:A5:73:20:65:61:B3:1D:E7:AB:16:93:40:A3:A4
            X509v3 Authority Key Identifier:
                keyid:35:56:E7:FB:57:72:F9:79:ED:D5:E5:C5:AA:63:EB:2B:9C:0D:DC:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NVbn-1dy-Xnt1eXFqmPrK5wN3I4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/dcfa2a-76f7-4443-a495-6bb30a8730ed/1/pw1cF6b4pXMgZWGzHeerFpNAo6Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/dcfa2a-76f7-4443-a495-6bb30a8730ed/1/NVbn-1dy-Xnt1eXFqmPrK5wN3I4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.31.76.0/24
                  185.17.112.0/22
                  185.73.200.0/22
                IPv6:
                  2a04:7c0::/29
                  2a05:4640::/29

    Signature Algorithm: sha256WithRSAEncryption
         08:b3:72:cf:00:0e:f9:4a:6d:a5:5f:6c:fb:12:b3:d7:ac:12:
         b4:19:18:3a:f9:6a:62:75:79:e9:69:54:63:a3:d3:73:2a:ce:
         b8:1d:88:a2:fd:11:83:6c:61:3b:59:77:3a:52:1e:58:b6:d1:
         76:60:23:e3:df:c2:89:ca:97:52:eb:0e:fd:54:df:7a:fc:53:
         ca:55:53:f3:e0:0e:10:c9:79:df:ec:d4:b5:22:fc:55:e1:07:
         3f:55:89:5d:19:bc:7b:51:7c:ca:43:68:22:9d:70:4d:f8:ae:
         92:36:07:5d:1a:eb:a7:43:96:f4:1c:cb:82:6d:0d:1d:06:6b:
         15:9d:36:53:14:d4:92:26:3e:23:5c:d5:9b:af:8e:59:b2:66:
         92:b8:63:f6:5a:6d:9d:b5:67:5d:0d:8d:3b:8d:37:02:b5:09:
         1c:30:af:b0:8d:7a:02:fa:d9:71:5b:1d:f7:fb:53:4e:09:64:
         4b:2d:dd:e0:ba:40:ea:f5:dc:0e:10:e5:13:44:e0:b7:d5:3f:
         89:72:12:d0:d3:a1:aa:0b:f0:29:0b:f3:3e:43:33:58:7c:ea:
         db:86:b1:6c:15:79:df:fa:49:bb:7a:df:43:d5:55:8a:e4:95:
         b5:f3:ec:77:fd:35:c4:db:cf:30:87:ca:25:8d:24:79:6a:4a:
         bb:06:de:6c
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAYqmy1Pl3A9/+YdSBhU3wENTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NTZlN2ZiNTc3MmY5NzllZGQ1ZTVjNWFhNjNlYjJiOWMw
ZGRjOGUwHhcNMjMwOTE4MDUzNzM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzBkNWMxN2E2ZjhhNTczMjA2NTYxYjMxZGU3YWIxNjkzNDBhM2E0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAguOOU9uM9Tpd11Idn/SYWD5PTDMM
eAQKOpN0A3x62pF8bw1QHcrvjIuH1b45LdVJy0hH4QdRYk9BkWbkMOQMSc5CDWtU
o6SjIve+SQYgVXNcUD2xheHtN05rw6r2khAHI1jikCGW/tlm6n7a+WWvLYtCCaGW
++0L8LE7W7qD+NIiEczX7igjKxZkICQc5Nn7rDBXIOaEj0hem68g9axNmVjuSufF
6N4Ef3Dg4tQlAnGnKdfB2pUbKXE7XUVLEL6Tss1HGitj0mSySvTrM6x/RjQFb5ju
momqOKg5Op8RsCPWEfKnjZ9Qm0U66zAGhvdJxaHJO4KST9ISNt6jOUUq9wIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFKcNXBem+KVzIGVhsx3nqxaTQKOkMB8GA1UdIwQY
MBaAFDVW5/tXcvl57dXlxapj6yucDdyOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlZibi0xZHktWG50MWVYRnFtUHJLNXdOM0k0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS9kY2ZhMmEtNzZmNy00NDQzLWE0OTUt
NmJiMzBhODczMGVkLzEvcHcxY0Y2YjRwWE1nWldHekhlZXJGcE5BbzZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS9kY2ZhMmEtNzZmNy00NDQzLWE0OTUtNmJiMzBhODczMGVk
LzEvTlZibi0xZHktWG50MWVYRnFtUHJLNXdOM0k0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAYBAIAATASAwQALh9MAwQC
uRFwAwQCuUnIMBQEAgACMA4DBQMqBAfAAwUDKgVGQDANBgkqhkiG9w0BAQsFAAOC
AQEACLNyzwAO+UptpV9s+xKz16wStBkYOvlqYnV56WlUY6PTcyrOuB2Iov0Rg2xh
O1l3OlIeWLbRdmAj49/CicqXUusO/VTfevxTylVT8+AOEMl53+zUtSL8VeEHP1WJ
XRm8e1F8ykNoIp1wTfiukjYHXRrrp0OW9BzLgm0NHQZrFZ02UxTUkiY+I1zVm6+O
WbJmkrhj9lptnbVnXQ2NO403ArUJHDCvsI16AvrZcVsd9/tTTglkSy3d4LpA6vXc
DhDlE0Tgt9U/iXIS0NOhqgvwKQvzPkMzWHzq24axbBV53/pJu3rfQ9VViuSVtfPs
d/01xNvPMIfKJY0keWpKuwbebA==
-----END CERTIFICATE-----