Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/f617a5-3240-48c4-b716-741c1d8dea2b/1/68oBaBPMNiFQzOp7O8r4G5W9MYk.roa
File:                     68oBaBPMNiFQzOp7O8r4G5W9MYk.roa (raw, json)
Hash identifier:          Y9R7zptqhmUntO6M6TB4OVFpiGSxT8VCBuplhmC/ZCo=
Subject key identifier:   EB:CA:01:68:13:CC:36:21:50:CC:EA:7B:3B:CA:F8:1B:95:BD:31:89
Certificate issuer:       /CN=c42708df93954aac601aef1835bd5d69245fb02f
Certificate serial:       018C62CA7C379331C538CEF0BCA38857501A
Authority key identifier: C4:27:08:DF:93:95:4A:AC:60:1A:EF:18:35:BD:5D:69:24:5F:B0:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xCcI35OVSqxgGu8YNb1daSRfsC8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/f617a5-3240-48c4-b716-741c1d8dea2b/1/68oBaBPMNiFQzOp7O8r4G5W9MYk.roa
Signing time:             Wed 13 Dec 2023 10:48:06 +0000
ROA not before:           Wed 13 Dec 2023 10:48:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     8648
IP address blocks:        192.162.84.0/22 maxlen: 24
                          213.146.96.0/19 maxlen: 24
                          82.141.0.0/18 maxlen: 24
                          212.110.96.0/19 maxlen: 24
                          195.62.96.0/19 maxlen: 24
                          185.117.248.0/22 maxlen: 24
                          81.88.27.0/24 maxlen: 24
                          185.84.80.0/23 maxlen: 24
                          185.84.82.0/24 maxlen: 24
                          2a02:248::/32 maxlen: 48
                          2001:880::/32 maxlen: 32

Validation:               Failed, certificate revoked on Wed 13 Dec 2023 11:22:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:62:ca:7c:37:93:31:c5:38:ce:f0:bc:a3:88:57:50:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c42708df93954aac601aef1835bd5d69245fb02f
        Validity
            Not Before: Dec 13 10:48:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ebca016813cc362150ccea7b3bcaf81b95bd3189
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:34:28:57:7c:2f:7e:70:dc:9c:df:7e:bf:78:
                    d1:d2:16:98:1c:e9:cf:12:c0:9f:aa:72:72:05:d3:
                    ae:1c:cc:7f:55:c9:d6:11:2d:52:11:3a:ab:c6:3d:
                    84:ca:7c:93:66:b9:af:7a:73:7a:c2:a7:c5:6d:5c:
                    1a:79:8b:e2:f7:ac:c2:dc:06:08:c1:d5:4e:a7:7b:
                    20:6d:8a:d4:90:d2:ac:79:2e:79:88:a3:ba:0a:93:
                    eb:37:4f:7e:3b:38:ec:2e:21:c5:0c:e0:3f:e5:b4:
                    96:18:1b:22:74:05:1d:92:c1:70:76:03:d9:8d:bf:
                    05:fc:5b:60:d5:c6:af:44:b7:3e:da:82:05:cb:ab:
                    16:f1:6f:89:f4:39:d4:88:87:30:9b:3c:1d:21:67:
                    b9:74:c6:72:1f:7b:91:8e:03:6f:38:6e:0b:18:a3:
                    91:7a:60:e9:0f:12:1e:bd:46:3c:7d:0f:c3:63:3a:
                    58:7b:20:de:2e:a0:7f:5e:1c:23:da:56:02:0e:6c:
                    61:53:43:66:12:3b:e9:37:84:42:1d:c4:2e:19:07:
                    8b:e4:47:92:8c:2e:6d:5c:95:3d:96:54:98:73:6f:
                    36:41:dc:b8:93:b7:d3:ba:dc:70:c2:90:04:77:01:
                    8a:32:eb:9f:65:c1:0e:e3:ff:d8:ae:b8:37:2d:1c:
                    b8:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:CA:01:68:13:CC:36:21:50:CC:EA:7B:3B:CA:F8:1B:95:BD:31:89
            X509v3 Authority Key Identifier:
                keyid:C4:27:08:DF:93:95:4A:AC:60:1A:EF:18:35:BD:5D:69:24:5F:B0:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xCcI35OVSqxgGu8YNb1daSRfsC8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/f617a5-3240-48c4-b716-741c1d8dea2b/1/68oBaBPMNiFQzOp7O8r4G5W9MYk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/f617a5-3240-48c4-b716-741c1d8dea2b/1/xCcI35OVSqxgGu8YNb1daSRfsC8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.88.27.0/24
                  82.141.0.0/18
                  185.84.80.0-185.84.82.255
                  185.117.248.0/22
                  192.162.84.0/22
                  195.62.96.0/19
                  212.110.96.0/19
                  213.146.96.0/19
                IPv6:
                  2001:880::/32
                  2a02:248::/32

    Signature Algorithm: sha256WithRSAEncryption
         3a:5d:e4:b7:d1:d6:09:e6:4f:3b:6e:37:a5:a2:6f:ef:8d:d3:
         ef:33:4e:e7:09:28:d9:1c:47:27:f1:6c:43:b8:82:d7:5e:12:
         bb:b5:6b:9b:dd:a4:1c:06:0d:4d:5d:1c:5d:97:47:12:5f:32:
         b2:d8:a3:8c:7e:dd:b4:82:1c:77:74:2b:64:e4:52:5b:09:b7:
         3d:a3:19:f6:8a:66:36:5e:05:6c:e7:d0:0d:c1:ae:68:2a:9b:
         ed:9c:05:9b:a2:2b:e2:ba:bf:d1:c1:39:0d:61:92:af:10:6b:
         d4:28:28:3d:96:89:e6:62:59:bf:8e:e8:81:a9:00:62:0b:bb:
         d8:ae:18:9a:da:55:f5:8f:32:81:0d:28:ff:62:bc:c9:9f:ec:
         e8:02:4f:41:f2:80:ac:3e:80:40:08:2e:7a:ef:86:5f:24:a1:
         9f:b0:69:37:af:95:55:ac:cc:17:45:89:b8:8a:28:4c:02:0e:
         8c:ed:6e:9b:21:9c:d9:f6:1b:5f:52:51:46:52:82:58:48:2b:
         c0:19:c0:e8:43:69:b7:96:f1:a3:33:6f:c3:a1:42:ee:1f:ad:
         8e:3d:cd:3e:17:71:73:4c:4d:eb:43:20:09:ad:9f:b1:ee:7b:
         21:3a:96:99:67:5c:c0:4d:3d:5c:45:82:bf:04:e2:33:3d:69:
         33:2f:89:8e
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAYxiynw3kzHFOM7wvKOIV1AaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0MjcwOGRmOTM5NTRhYWM2MDFhZWYxODM1YmQ1ZDY5MjQ1
ZmIwMmYwHhcNMjMxMjEzMTA0ODA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmNhMDE2ODEzY2MzNjIxNTBjY2VhN2IzYmNhZjgxYjk1YmQzMTg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqjQoV3wvfnDcnN9+v3jR0haYHOnP
EsCfqnJyBdOuHMx/VcnWES1SETqrxj2EynyTZrmvenN6wqfFbVwaeYvi96zC3AYI
wdVOp3sgbYrUkNKseS55iKO6CpPrN09+OzjsLiHFDOA/5bSWGBsidAUdksFwdgPZ
jb8F/Ftg1cavRLc+2oIFy6sW8W+J9DnUiIcwmzwdIWe5dMZyH3uRjgNvOG4LGKOR
emDpDxIevUY8fQ/DYzpYeyDeLqB/Xhwj2lYCDmxhU0NmEjvpN4RCHcQuGQeL5EeS
jC5tXJU9llSYc282Qdy4k7fTutxwwpAEdwGKMuufZcEO4//Yrrg3LRy4uQIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFOvKAWgTzDYhUMzqezvK+BuVvTGJMB8GA1UdIwQY
MBaAFMQnCN+TlUqsYBrvGDW9XWkkX7AvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveENjSTM1T1ZTcXhnR3U4WU5iMWRhU1Jmc0M4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC9mNjE3YTUtMzI0MC00OGM0LWI3MTYt
NzQxYzFkOGRlYTJiLzEvNjhvQmFCUE1OaUZRek9wN084cjRHNVc5TVlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC9mNjE3YTUtMzI0MC00OGM0LWI3MTYtNzQxYzFkOGRlYTJi
LzEveENjSTM1T1ZTcXhnR3U4WU5iMWRhU1Jmc0M4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjA+BAIAATA4AwQAUVgbAwQG
Uo0AMAwDBAS5VFADBAC5VFIDBAK5dfgDBALAolQDBAXDPmADBAXUbmADBAXVkmAw
FAQCAAIwDgMFACABCIADBQAqAgJIMA0GCSqGSIb3DQEBCwUAA4IBAQA6XeS30dYJ
5k87bjelom/vjdPvM07nCSjZHEcn8WxDuILXXhK7tWub3aQcBg1NXRxdl0cSXzKy
2KOMft20ghx3dCtk5FJbCbc9oxn2imY2XgVs59ANwa5oKpvtnAWboiviur/RwTkN
YZKvEGvUKCg9lonmYlm/juiBqQBiC7vYrhia2lX1jzKBDSj/YrzJn+zoAk9B8oCs
PoBACC5674ZfJKGfsGk3r5VVrMwXRYm4iihMAg6M7W6bIZzZ9htfUlFGUoJYSCvA
GcDoQ2m3lvGjM2/DoULuH62OPc0+F3FzTE3rQyAJrZ+x7nshOpaZZ1zATT1cRYK/
BOIzPWkzL4mO
-----END CERTIFICATE-----