Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/x74rFH53PYzaIrYxq78xzF8h_4o.roa
File:                     x74rFH53PYzaIrYxq78xzF8h_4o.roa (raw, json)
Hash identifier:          nvx85ob+NTvA1EtEiKfJ9H86+JUvgPaSIcT4PpR2DmU=
Subject key identifier:   C7:BE:2B:14:7E:77:3D:8C:DA:22:B6:31:AB:BF:31:CC:5F:21:FF:8A
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       018CC5DC3F041CD991D5B07F13B9EC2A435B
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/x74rFH53PYzaIrYxq78xzF8h_4o.roa
Signing time:             Mon 01 Jan 2024 16:29:54 +0000
ROA not before:           Mon 01 Jan 2024 16:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3218
IP address blocks:        193.232.192.0/22 maxlen: 22
                          193.232.196.0/23 maxlen: 23
                          193.232.206.0/23 maxlen: 23
                          193.232.212.0/24 maxlen: 24
                          193.232.208.0/23 maxlen: 23
                          194.85.212.0/23 maxlen: 23
                          194.85.208.0/23 maxlen: 23
                          193.232.2.0/24 maxlen: 24
                          193.232.218.0/23 maxlen: 23
                          193.232.0.0/22 maxlen: 22
                          193.232.4.0/23 maxlen: 23
                          193.232.6.0/24 maxlen: 24
                          193.232.8.0/21 maxlen: 21
                          193.232.16.0/22 maxlen: 22
                          193.232.22.0/23 maxlen: 23
                          193.232.24.0/21 maxlen: 21

Validation:               Failed, certificate revoked on Wed 17 Jan 2024 07:39:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:3f:04:1c:d9:91:d5:b0:7f:13:b9:ec:2a:43:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: Jan  1 16:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c7be2b147e773d8cda22b631abbf31cc5f21ff8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:d8:03:67:16:7b:47:bd:00:8d:ef:9f:d3:da:
                    72:da:85:ad:a9:f5:9b:35:eb:68:9c:14:a9:a5:59:
                    85:bd:c3:bd:03:db:8f:17:45:db:09:dd:cd:c2:f5:
                    6f:0b:bb:6c:5d:e7:bd:79:63:01:cb:64:1d:b9:07:
                    b2:c0:a2:7f:8c:91:db:99:2e:a4:fc:08:e6:fc:27:
                    14:44:80:1b:d4:a2:d0:5f:06:03:10:5a:f7:17:c9:
                    93:d0:1c:5f:ff:71:22:34:62:e0:a3:9c:9b:6c:1f:
                    5b:4b:00:e0:7a:e3:2a:7e:b4:3c:d5:19:33:d1:a3:
                    e1:be:e6:f5:70:3c:c3:d5:e7:f4:bf:29:49:57:71:
                    ed:ae:09:89:2c:28:80:ca:20:d6:07:bc:61:a3:1c:
                    1a:66:56:84:1f:95:6d:aa:35:4a:29:eb:45:c7:eb:
                    4c:e6:c4:bf:f1:f0:dd:30:64:eb:45:06:fc:d2:d3:
                    73:a4:bc:0b:fb:dc:b1:37:b8:ce:74:cf:e9:96:e0:
                    86:cf:f2:be:d2:26:c1:19:ac:bc:9d:55:fc:fb:fe:
                    96:14:d3:bf:79:9a:fc:ba:61:62:54:64:e1:53:11:
                    9f:6d:01:af:5d:cc:c2:7f:ef:23:9c:4b:81:17:c0:
                    95:55:e5:22:be:03:5d:01:ba:95:95:57:b6:b7:bb:
                    9e:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:BE:2B:14:7E:77:3D:8C:DA:22:B6:31:AB:BF:31:CC:5F:21:FF:8A
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/x74rFH53PYzaIrYxq78xzF8h_4o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.232.0.0-193.232.6.255
                  193.232.8.0-193.232.19.255
                  193.232.22.0-193.232.31.255
                  193.232.192.0-193.232.197.255
                  193.232.206.0-193.232.209.255
                  193.232.212.0/24
                  193.232.218.0/23
                  194.85.208.0/23
                  194.85.212.0/23

    Signature Algorithm: sha256WithRSAEncryption
         42:a6:d6:bc:63:84:19:d3:f5:13:bd:6d:56:ff:d3:f6:a5:4f:
         cc:24:4e:08:83:33:ff:a1:c5:dc:f5:12:7f:3c:5e:ae:bd:6a:
         88:c1:8b:a9:f8:b2:75:e6:08:68:db:5a:b3:f3:8a:01:06:ee:
         81:fa:03:5a:c6:b6:8e:f2:6a:38:67:9f:08:6a:19:89:a2:c5:
         22:83:0e:5b:e4:c9:df:b8:fc:45:95:28:d2:2a:82:cf:92:9c:
         d1:2a:ce:2e:67:d9:87:7c:01:44:d7:b1:5d:75:2e:84:b4:1a:
         94:3a:af:d3:9a:f5:32:f1:55:ff:05:a3:35:ed:52:0d:3d:d5:
         26:d2:75:d7:c6:cc:d6:a8:19:0f:80:7f:d8:80:48:44:8d:73:
         ea:1f:9c:1e:2f:b7:bf:e3:5b:74:7b:82:c0:8b:d3:b8:a3:d6:
         20:e8:39:bc:98:0d:7b:03:06:88:d9:8a:fa:64:4d:70:9f:fa:
         1e:c9:2a:3d:13:59:4a:d6:75:32:87:30:14:b8:da:f5:91:d6:
         42:4d:25:ab:44:e4:29:8d:dd:08:03:13:7e:91:41:92:80:25:
         5e:c5:8e:f1:23:19:19:0e:31:5d:66:fc:39:8d:e8:04:39:1f:
         53:45:2c:43:66:cf:12:c6:1e:0a:30:79:ce:a9:f3:f4:8f:eb:
         1e:b8:a8:35
-----BEGIN CERTIFICATE-----
MIIFVDCCBDygAwIBAgISAYzF3D8EHNmR1bB/E7nsKkNbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjQwMTAxMTYyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2JlMmIxNDdlNzczZDhjZGEyMmI2MzFhYmJmMzFjYzVmMjFmZjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAodgDZxZ7R70Aje+f09py2oWtqfWb
NetonBSppVmFvcO9A9uPF0XbCd3NwvVvC7tsXee9eWMBy2QduQeywKJ/jJHbmS6k
/Ajm/CcURIAb1KLQXwYDEFr3F8mT0Bxf/3EiNGLgo5ybbB9bSwDgeuMqfrQ81Rkz
0aPhvub1cDzD1ef0vylJV3HtrgmJLCiAyiDWB7xhoxwaZlaEH5VtqjVKKetFx+tM
5sS/8fDdMGTrRQb80tNzpLwL+9yxN7jOdM/pluCGz/K+0ibBGay8nVX8+/6WFNO/
eZr8umFiVGThUxGfbQGvXczCf+8jnEuBF8CVVeUivgNdAbqVlVe2t7uetwIDAQAB
o4ICYDCCAlwwHQYDVR0OBBYEFMe+KxR+dz2M2iK2Mau/McxfIf+KMB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEveDc0ckZINTNQWXphSXJZeHE3OHh6RjhoXzRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHYGCCsGAQUFBwEHAQH/BGcwZTBjBAIAATBdMAsDAwPB6AME
AMHoBjAMAwQDwegIAwQCwegQMAwDBAHB6BYDBAXB6AAwDAMEBsHowAMEAcHoxDAM
AwQBwejOAwQBwejQAwQAwejUAwQBwejaAwQBwlXQAwQBwlXUMA0GCSqGSIb3DQEB
CwUAA4IBAQBCpta8Y4QZ0/UTvW1W/9P2pU/MJE4IgzP/ocXc9RJ/PF6uvWqIwYup
+LJ15gho21qz84oBBu6B+gNaxraO8mo4Z58IahmJosUigw5b5MnfuPxFlSjSKoLP
kpzRKs4uZ9mHfAFE17FddS6EtBqUOq/TmvUy8VX/BaM17VINPdUm0nXXxszWqBkP
gH/YgEhEjXPqH5weL7e/41t0e4LAi9O4o9Yg6Dm8mA17AwaI2Yr6ZE1wn/oeySo9
E1lK1nUyhzAUuNr1kdZCTSWrROQpjd0IAxN+kUGSgCVexY7xIxkZDjFdZvw5jegE
OR9TRSxDZs8Sxh4KMHnOqfP0j+seuKg1
-----END CERTIFICATE-----