Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/SizlzkAe8aIVazsqMclh27q3HBo.roa
File:                     SizlzkAe8aIVazsqMclh27q3HBo.roa (raw, json)
Hash identifier:          OosSiBbpQGDuT7zMF5Si+r4zJSInYTgNEMxoxBiNILY=
Subject key identifier:   4A:2C:E5:CE:40:1E:F1:A2:15:6B:3B:2A:31:C9:61:DB:BA:B7:1C:1A
Certificate issuer:       /CN=8778ad8168e09cf92d4e0498257f8e9ceabf0692
Certificate serial:       0190FC8E5566C312FBD5B2789E6E3680C000
Authority key identifier: 87:78:AD:81:68:E0:9C:F9:2D:4E:04:98:25:7F:8E:9C:EA:BF:06:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h3itgWjgnPktTgSYJX-OnOq_BpI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/SizlzkAe8aIVazsqMclh27q3HBo.roa
Signing time:             Mon 29 Jul 2024 03:35:04 +0000
ROA not before:           Mon 29 Jul 2024 03:35:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49549
IP address blocks:        146.19.128.0/24 maxlen: 24
                          178.250.191.0/24 maxlen: 24
                          193.0.227.0/24 maxlen: 24
                          193.0.230.0/24 maxlen: 24
                          193.0.239.0/24 maxlen: 24
                          193.163.203.0/24 maxlen: 24
                          217.119.129.0/24 maxlen: 24
                          2a0f:cdc2::/32 maxlen: 32
                          2a0f:cdc4::/32 maxlen: 32
                          2a0f:cdc5::/32 maxlen: 32

Validation:               Failed, certificate revoked on Thu 01 Aug 2024 08:37:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:fc:8e:55:66:c3:12:fb:d5:b2:78:9e:6e:36:80:c0:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8778ad8168e09cf92d4e0498257f8e9ceabf0692
        Validity
            Not Before: Jul 29 03:35:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4a2ce5ce401ef1a2156b3b2a31c961dbbab71c1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:d2:ed:a8:d0:f9:f1:77:99:a1:04:42:47:f7:
                    e1:a9:c4:f3:f9:a4:a9:b1:22:ec:0a:9f:03:60:33:
                    da:14:d8:d7:05:38:8c:e2:a3:22:22:f9:39:c5:e6:
                    35:d4:dd:9f:82:17:e0:a0:e9:29:f8:e1:57:43:3e:
                    3f:da:54:1f:2d:78:50:f5:7d:d3:4e:8e:d8:a9:45:
                    7c:d6:81:e1:ab:c0:19:58:22:3b:45:c8:11:4d:75:
                    35:dd:51:77:d2:24:b4:6f:d1:c4:5e:5f:58:e5:b5:
                    c6:52:da:4e:10:3d:6e:2d:94:33:92:f1:a2:99:34:
                    a2:2d:01:42:85:76:ac:91:af:c2:38:c6:ae:40:9c:
                    8e:97:63:2e:06:38:9a:0e:ea:ac:76:3d:c5:f3:32:
                    d0:d7:f7:11:d7:6a:05:cb:3d:21:7e:f5:ba:be:c7:
                    b5:3b:46:94:93:f4:6f:d8:ef:57:ee:eb:ff:dd:fe:
                    c5:fc:2d:3c:1d:1b:ab:c4:2a:01:8c:cd:cc:10:b8:
                    04:d9:d0:7a:b7:c1:61:0f:9b:30:f9:59:1a:e8:74:
                    bf:a0:97:5b:9b:02:73:e8:04:23:b5:19:e7:81:68:
                    0e:df:b3:db:ba:0f:a6:0e:77:c8:f1:e0:6b:a2:58:
                    75:e9:14:f3:35:17:43:d8:fc:bb:be:7e:d5:4e:4b:
                    95:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:2C:E5:CE:40:1E:F1:A2:15:6B:3B:2A:31:C9:61:DB:BA:B7:1C:1A
            X509v3 Authority Key Identifier:
                keyid:87:78:AD:81:68:E0:9C:F9:2D:4E:04:98:25:7F:8E:9C:EA:BF:06:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h3itgWjgnPktTgSYJX-OnOq_BpI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/SizlzkAe8aIVazsqMclh27q3HBo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/h3itgWjgnPktTgSYJX-OnOq_BpI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.128.0/24
                  178.250.191.0/24
                  193.0.227.0/24
                  193.0.230.0/24
                  193.0.239.0/24
                  193.163.203.0/24
                  217.119.129.0/24
                IPv6:
                  2a0f:cdc2::/32
                  2a0f:cdc4::/31

    Signature Algorithm: sha256WithRSAEncryption
         ae:90:2f:e3:36:f0:b2:41:0b:1b:68:04:88:4f:65:7a:39:41:
         99:27:cf:4e:43:b8:e6:27:aa:d9:4f:09:2e:c8:a6:5c:90:8f:
         4b:a6:24:c0:32:90:78:82:43:d2:b5:9b:c8:b4:d8:45:98:15:
         b1:28:6d:96:04:b0:fe:3e:60:a2:62:70:6f:cc:52:bf:7f:71:
         a2:22:f4:e0:c8:4d:1c:94:a2:31:c9:2b:37:08:5d:f0:79:94:
         55:82:e6:4d:01:08:1b:7a:f4:d8:09:5e:eb:2f:bb:77:d1:17:
         59:7c:f0:65:f6:a7:eb:5c:14:d4:73:0d:e3:72:67:20:20:b7:
         c1:4f:74:bf:ad:e2:67:90:77:b9:55:e0:91:9c:34:39:50:e8:
         d5:86:42:36:1a:04:31:48:dd:4a:dd:3e:6c:e6:64:37:0a:4c:
         e0:88:a7:17:81:a1:26:69:59:64:f8:0e:66:68:7c:30:df:3e:
         c3:ab:1e:ee:b7:05:a5:37:6a:e4:9f:0e:ab:51:cd:9b:7e:ff:
         4f:b3:eb:a5:53:96:6e:30:77:40:19:fb:b6:ca:c7:c2:8a:e6:
         9d:40:f4:c8:0d:9a:28:e1:dd:ca:42:58:f2:c7:4e:61:7b:e9:
         d2:3d:be:16:a7:ca:16:b9:20:92:6e:1a:9e:80:52:53:22:6d:
         5f:04:ff:b2
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAZD8jlVmwxL71bJ4nm42gMAAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3NzhhZDgxNjhlMDljZjkyZDRlMDQ5ODI1N2Y4ZTljZWFi
ZjA2OTIwHhcNMjQwNzI5MDMzNTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTJjZTVjZTQwMWVmMWEyMTU2YjNiMmEzMWM5NjFkYmJhYjcxYzFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArdLtqND58XeZoQRCR/fhqcTz+aSp
sSLsCp8DYDPaFNjXBTiM4qMiIvk5xeY11N2fghfgoOkp+OFXQz4/2lQfLXhQ9X3T
To7YqUV81oHhq8AZWCI7RcgRTXU13VF30iS0b9HEXl9Y5bXGUtpOED1uLZQzkvGi
mTSiLQFChXaska/COMauQJyOl2MuBjiaDuqsdj3F8zLQ1/cR12oFyz0hfvW6vse1
O0aUk/Rv2O9X7uv/3f7F/C08HRurxCoBjM3MELgE2dB6t8FhD5sw+Vka6HS/oJdb
mwJz6AQjtRnngWgO37Pbug+mDnfI8eBrolh16RTzNRdD2Py7vn7VTkuVFwIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFEos5c5AHvGiFWs7KjHJYdu6txwaMB8GA1UdIwQY
MBaAFId4rYFo4Jz5LU4EmCV/jpzqvwaSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDNpdGdXamduUGt0VGdTWUpYLU9uT3FfQnBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9mMDdmOGQtOWRmMC00OWM2LWIyZjAt
YWE5ZDY5MTgxMWU3LzEvU2l6bHprQWU4YUlWYXpzcU1jbGgyN3EzSEJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi9mMDdmOGQtOWRmMC00OWM2LWIyZjAtYWE5ZDY5MTgxMWU3
LzEvaDNpdGdXamduUGt0VGdTWUpYLU9uT3FfQnBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDAwBAIAATAqAwQAkhOAAwQA
svq/AwQAwQDjAwQAwQDmAwQAwQDvAwQAwaPLAwQA2XeBMBQEAgACMA4DBQAqD83C
AwUBKg/NxDANBgkqhkiG9w0BAQsFAAOCAQEArpAv4zbwskELG2gEiE9lejlBmSfP
TkO45ieq2U8JLsimXJCPS6YkwDKQeIJD0rWbyLTYRZgVsShtlgSw/j5gomJwb8xS
v39xoiL04MhNHJSiMckrNwhd8HmUVYLmTQEIG3r02Ale6y+7d9EXWXzwZfan61wU
1HMN43JnICC3wU90v63iZ5B3uVXgkZw0OVDo1YZCNhoEMUjdSt0+bOZkNwpM4Iin
F4GhJmlZZPgOZmh8MN8+w6se7rcFpTdq5J8Oq1HNm37/T7PrpVOWbjB3QBn7tsrH
wormnUD0yA2aKOHdykJY8sdOYXvp0j2+FqfKFrkgkm4anoBSUyJtXwT/sg==
-----END CERTIFICATE-----