Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/UbVD2E9YGjuActgJKyTibypXfYU.roa
File:                     UbVD2E9YGjuActgJKyTibypXfYU.roa (raw, json)
Hash identifier:          hLOra6YdznHipEhj2H4ph5pA9itgTZggmZIMbez6a4Q=
Subject key identifier:   51:B5:43:D8:4F:58:1A:3B:80:72:D8:09:2B:24:E2:6F:2A:57:7D:85
Certificate issuer:       /CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
Certificate serial:       018BFB7AF6FEBA1CF3F2CAC72951F8432A8E
Authority key identifier: 98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/UbVD2E9YGjuActgJKyTibypXfYU.roa
Signing time:             Thu 23 Nov 2023 09:20:21 +0000
ROA not before:           Thu 23 Nov 2023 09:20:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61317
IP address blocks:        81.22.135.0/24 maxlen: 24
                          109.72.118.0/24 maxlen: 24
                          109.72.117.0/24 maxlen: 24
                          109.72.120.0/24 maxlen: 24
                          109.72.127.0/24 maxlen: 24
                          89.185.1.0/24 maxlen: 24
                          89.185.3.0/24 maxlen: 24
                          81.22.128.0/24 maxlen: 24
                          81.22.129.0/24 maxlen: 24
                          81.22.130.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 19 Dec 2023 10:37:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:fb:7a:f6:fe:ba:1c:f3:f2:ca:c7:29:51:f8:43:2a:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
        Validity
            Not Before: Nov 23 09:20:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=51b543d84f581a3b8072d8092b24e26f2a577d85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:25:5f:d0:57:23:58:34:ce:63:97:92:6a:85:
                    2a:e8:14:bf:07:7c:a5:9b:dc:a9:e3:39:4e:ef:c3:
                    15:be:1f:6c:52:cd:36:7c:45:1d:be:ca:94:07:42:
                    24:02:4f:30:44:35:d5:f4:a3:53:76:1b:ac:59:c7:
                    86:c0:61:45:e4:d5:58:b7:07:09:97:b7:0e:ee:e7:
                    f9:7d:9b:d9:86:10:aa:b6:6c:b7:f7:43:d2:7f:c3:
                    c3:e3:69:72:df:2e:67:e7:f4:5f:17:5e:93:20:66:
                    34:30:8b:9c:cb:e5:4f:35:f2:2b:c4:d2:5f:4b:de:
                    7c:fe:59:13:0b:b9:40:16:5d:8a:7b:9e:91:46:a5:
                    aa:2f:f7:a7:1d:6d:34:6f:9b:8c:ec:e8:90:63:07:
                    e0:f2:f6:12:09:fa:2f:ce:ac:8d:01:4c:b0:ae:aa:
                    a8:ec:e2:bf:77:c2:ce:14:a3:40:2e:dc:13:e9:63:
                    99:ff:43:99:dc:e1:fa:3c:53:9d:60:02:5d:21:b4:
                    ea:9d:8c:82:fa:8b:76:4c:d1:51:77:55:7a:6b:ce:
                    e3:7b:2f:8c:a8:62:fc:83:5b:77:69:86:49:1d:60:
                    ea:7d:9c:3c:73:d5:a6:40:e3:6c:a0:2f:3a:30:c8:
                    f6:fb:63:8d:98:2b:33:39:0e:3f:ce:c0:7f:45:9f:
                    35:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:B5:43:D8:4F:58:1A:3B:80:72:D8:09:2B:24:E2:6F:2A:57:7D:85
            X509v3 Authority Key Identifier:
                keyid:98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/UbVD2E9YGjuActgJKyTibypXfYU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.22.128.0-81.22.130.255
                  81.22.135.0/24
                  89.185.1.0/24
                  89.185.3.0/24
                  109.72.117.0-109.72.118.255
                  109.72.120.0/24
                  109.72.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:b4:29:20:c6:a0:7e:1c:b4:eb:aa:30:43:52:73:f3:95:0c:
         e3:43:e1:05:46:08:8a:45:fa:02:88:a0:f0:4e:56:d8:df:97:
         ac:0e:f6:54:1c:bb:d8:31:f9:da:26:c9:54:7a:71:75:fc:bc:
         71:32:a5:e1:f2:a3:43:b1:c3:a5:8e:8d:4e:d9:b2:a1:f0:42:
         51:2a:1f:ac:e0:09:3c:03:d9:73:a9:ca:8e:2f:6a:91:c6:6f:
         80:63:23:7b:8c:ec:63:f2:b8:13:3c:ab:ac:48:cb:ca:7b:b5:
         01:5d:42:e4:b7:2d:29:5b:48:da:ea:20:52:ee:f3:85:b0:c2:
         68:f1:1a:2c:5d:d6:09:41:40:bb:ba:b3:d8:c7:97:21:54:5c:
         30:2f:69:4e:dc:b9:68:39:df:d1:b5:87:78:6b:e2:c0:a1:a6:
         d7:15:c5:0c:57:4a:a7:a7:c8:39:95:22:8d:2a:c9:36:2e:9a:
         ba:9f:ec:b3:ea:af:30:25:92:ed:c2:62:9b:d5:92:e3:08:4f:
         bf:bf:58:1f:f8:5a:92:42:b4:3e:40:84:9d:d1:dd:7a:e5:36:
         33:b0:29:33:d6:98:ec:50:65:bb:4a:25:28:54:53:f4:97:a9:
         ab:b2:65:01:3a:94:82:af:57:88:d3:ce:e1:d9:b7:1b:57:75:
         b3:18:d3:12
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAYv7evb+uhzz8srHKVH4QyqOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MmNmODA5YzBlM2U4ZTU1NTJmOWQwZGQyZTI3ZTBkZDJk
OGRhYmUwHhcNMjMxMTIzMDkyMDIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWI1NDNkODRmNTgxYTNiODA3MmQ4MDkyYjI0ZTI2ZjJhNTc3ZDg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkCVf0FcjWDTOY5eSaoUq6BS/B3yl
m9yp4zlO78MVvh9sUs02fEUdvsqUB0IkAk8wRDXV9KNTdhusWceGwGFF5NVYtwcJ
l7cO7uf5fZvZhhCqtmy390PSf8PD42ly3y5n5/RfF16TIGY0MIucy+VPNfIrxNJf
S958/lkTC7lAFl2Ke56RRqWqL/enHW00b5uM7OiQYwfg8vYSCfovzqyNAUywrqqo
7OK/d8LOFKNALtwT6WOZ/0OZ3OH6PFOdYAJdIbTqnYyC+ot2TNFRd1V6a87jey+M
qGL8g1t3aYZJHWDqfZw8c9WmQONsoC86MMj2+2ONmCszOQ4/zsB/RZ81YQIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFFG1Q9hPWBo7gHLYCSsk4m8qV32FMB8GA1UdIwQY
MBaAFJgs+AnA4+jlVS+dDdLifg3S2Nq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEt
ODJhZDE0NTU1ZWFhLzEvVWJWRDJFOVlHanVBY3RnSkt5VGlieXBYZllVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEtODJhZDE0NTU1ZWFh
LzEvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjBABAIAATA6MAwDBAdRFoAD
BABRFoIDBABRFocDBABZuQEDBABZuQMwDAMEAG1IdQMEAG1IdgMEAG1IeAMEAG1I
fzANBgkqhkiG9w0BAQsFAAOCAQEAOrQpIMagfhy066owQ1Jz85UM40PhBUYIikX6
Aoig8E5W2N+XrA72VBy72DH52ibJVHpxdfy8cTKl4fKjQ7HDpY6NTtmyofBCUSof
rOAJPAPZc6nKji9qkcZvgGMje4zsY/K4EzyrrEjLynu1AV1C5LctKVtI2uogUu7z
hbDCaPEaLF3WCUFAu7qz2MeXIVRcMC9pTty5aDnf0bWHeGviwKGm1xXFDFdKp6fI
OZUijSrJNi6aup/ss+qvMCWS7cJim9WS4whPv79YH/hakkK0PkCEndHdeuU2M7Ap
M9aY7FBlu0olKFRT9Jepq7JlATqUgq9XiNPO4dm3G1d1sxjTEg==
-----END CERTIFICATE-----