Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/e4912b-5484-4ac0-8768-535bf9b1e8b7/1/95iBGp4ocC-L9C7iMIlBLuSw-2k.roa
File:                     95iBGp4ocC-L9C7iMIlBLuSw-2k.roa (raw, json)
Hash identifier:          VW50w+UhOo9qynyoL7snHqZ6KP2Qwu8Q5Wv1iaAZsZg=
Subject key identifier:   F7:98:81:1A:9E:28:70:2F:8B:F4:2E:E2:30:89:41:2E:E4:B0:FB:69
Certificate issuer:       /CN=278f62f3a5f84722852fc70f052cf13dea2374d0
Certificate serial:       018D0C27A3095D8A13ADD74D44726485644A
Authority key identifier: 27:8F:62:F3:A5:F8:47:22:85:2F:C7:0F:05:2C:F1:3D:EA:23:74:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J49i86X4RyKFL8cPBSzxPeojdNA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/e4912b-5484-4ac0-8768-535bf9b1e8b7/1/95iBGp4ocC-L9C7iMIlBLuSw-2k.roa
Signing time:             Mon 15 Jan 2024 08:05:40 +0000
ROA not before:           Mon 15 Jan 2024 08:05:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205741
IP address blocks:        94.136.179.0/24 maxlen: 24
                          94.136.178.0/24 maxlen: 24
                          94.136.177.0/24 maxlen: 24
                          94.136.176.0/22 maxlen: 24
                          94.136.176.0/24 maxlen: 24
                          94.136.176.0/23 maxlen: 23
                          185.141.67.0/24 maxlen: 24
                          185.141.66.0/24 maxlen: 24
                          185.141.65.0/24 maxlen: 24
                          185.207.209.0/24 maxlen: 24
                          185.207.208.0/24 maxlen: 24
                          185.207.208.0/22 maxlen: 22
                          185.207.211.0/24 maxlen: 24
                          185.207.210.0/24 maxlen: 24
                          185.141.64.0/24 maxlen: 24
                          185.141.64.0/22 maxlen: 22
                          2a0b:2c40::/29 maxlen: 29

Validation:               Failed, certificate revoked on Tue 12 Mar 2024 14:09:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:0c:27:a3:09:5d:8a:13:ad:d7:4d:44:72:64:85:64:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278f62f3a5f84722852fc70f052cf13dea2374d0
        Validity
            Not Before: Jan 15 08:05:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f798811a9e28702f8bf42ee23089412ee4b0fb69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:76:1f:80:87:85:2c:49:45:51:6f:d2:9e:cb:
                    ac:ae:70:f3:84:43:ca:7a:69:d0:06:33:87:b4:3a:
                    47:58:25:5b:71:ab:d6:bf:f5:e3:cd:95:e6:71:99:
                    e6:1f:a8:27:fa:e8:26:49:b3:df:7a:98:74:32:cd:
                    ab:b8:b7:b8:b5:04:68:2b:6d:21:e7:9b:f6:20:50:
                    f5:a7:c9:77:fb:fe:65:95:79:ec:f5:22:65:72:ba:
                    44:2b:4d:3f:cb:53:f5:83:f8:ed:b5:37:45:2d:45:
                    87:72:a2:ff:98:b4:b4:03:71:57:82:0c:d1:ed:30:
                    64:3e:4e:dc:e4:2d:3c:92:6e:c6:22:70:d1:5a:bb:
                    6f:f2:6c:4e:86:36:f4:98:d2:a4:3b:74:9e:70:68:
                    a5:a8:9d:ca:67:e6:37:7e:4a:e4:a8:54:1e:2e:86:
                    22:75:ce:85:78:23:e5:67:3c:41:b1:76:85:e3:1b:
                    2b:af:27:e2:f6:f9:82:50:e8:ac:fb:8b:58:3c:47:
                    3d:96:90:10:3e:eb:49:1b:e4:40:ce:f7:bc:a0:28:
                    40:95:ac:14:e8:18:a7:c2:4f:fe:8d:ee:ff:95:8b:
                    31:20:34:19:95:cf:be:db:9b:00:1f:fd:88:8d:b7:
                    5d:1e:6e:03:aa:92:dc:7e:1c:0f:5c:c9:b0:91:49:
                    3f:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:98:81:1A:9E:28:70:2F:8B:F4:2E:E2:30:89:41:2E:E4:B0:FB:69
            X509v3 Authority Key Identifier:
                keyid:27:8F:62:F3:A5:F8:47:22:85:2F:C7:0F:05:2C:F1:3D:EA:23:74:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J49i86X4RyKFL8cPBSzxPeojdNA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/e4912b-5484-4ac0-8768-535bf9b1e8b7/1/95iBGp4ocC-L9C7iMIlBLuSw-2k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/e4912b-5484-4ac0-8768-535bf9b1e8b7/1/J49i86X4RyKFL8cPBSzxPeojdNA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.136.176.0/22
                  185.141.64.0/22
                  185.207.208.0/22
                IPv6:
                  2a0b:2c40::/29

    Signature Algorithm: sha256WithRSAEncryption
         16:57:e0:f0:dd:be:03:37:69:51:b2:26:ba:c2:21:3b:44:ec:
         e1:86:be:ef:bc:44:cf:42:fe:01:32:bd:cc:67:4c:45:1f:bd:
         4b:df:a6:68:7c:8b:83:79:29:a9:ec:ea:f0:f7:da:a7:d1:c9:
         b2:0c:4e:7c:66:a1:99:8f:4a:3d:ef:c4:db:24:91:b3:4a:52:
         0f:52:40:93:00:cb:04:6d:c1:9c:cd:3a:de:a5:ac:1b:a8:5d:
         61:62:1b:6f:4b:9b:a7:25:26:42:f0:9f:6d:20:a4:85:51:4f:
         7e:f1:8e:e4:0d:4d:be:7f:13:74:71:87:f9:56:81:1c:10:27:
         33:d8:b2:30:5c:fa:56:ff:71:73:49:67:a7:b2:7d:53:13:02:
         8b:ad:ef:4e:6f:af:51:83:7c:a1:bc:57:d4:80:95:ea:15:4d:
         5d:45:8d:e9:a6:40:bd:d5:c2:87:0d:27:c8:bf:f4:c3:e4:03:
         ad:90:1f:65:87:90:b5:1e:3b:67:09:1f:04:9e:37:20:07:71:
         fd:c8:1d:7c:2f:33:e0:0c:79:2a:57:0b:e7:f5:da:f1:ca:b8:
         18:d2:fc:21:ca:f9:62:fe:ad:2a:7b:3b:37:b6:3e:4b:ca:a6:
         dc:ab:c0:ce:08:93:c9:10:42:50:a4:58:65:0a:4e:23:28:93:
         38:16:ee:bc
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAY0MJ6MJXYoTrddNRHJkhWRKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OGY2MmYzYTVmODQ3MjI4NTJmYzcwZjA1MmNmMTNkZWEy
Mzc0ZDAwHhcNMjQwMTE1MDgwNTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzk4ODExYTllMjg3MDJmOGJmNDJlZTIzMDg5NDEyZWU0YjBmYjY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtXYfgIeFLElFUW/SnsusrnDzhEPK
emnQBjOHtDpHWCVbcavWv/XjzZXmcZnmH6gn+ugmSbPfeph0Ms2ruLe4tQRoK20h
55v2IFD1p8l3+/5llXns9SJlcrpEK00/y1P1g/jttTdFLUWHcqL/mLS0A3FXggzR
7TBkPk7c5C08km7GInDRWrtv8mxOhjb0mNKkO3SecGilqJ3KZ+Y3fkrkqFQeLoYi
dc6FeCPlZzxBsXaF4xsrryfi9vmCUOis+4tYPEc9lpAQPutJG+RAzve8oChAlawU
6Binwk/+je7/lYsxIDQZlc++25sAH/2IjbddHm4DqpLcfhwPXMmwkUk/bwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFPeYgRqeKHAvi/Qu4jCJQS7ksPtpMB8GA1UdIwQY
MBaAFCePYvOl+EcihS/HDwUs8T3qI3TQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjQ5aTg2WDRSeUtGTDhjUEJTenhQZW9qZE5BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9lNDkxMmItNTQ4NC00YWMwLTg3Njgt
NTM1YmY5YjFlOGI3LzEvOTVpQkdwNG9jQy1MOUM3aU1JbEJMdVN3LTJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9lNDkxMmItNTQ4NC00YWMwLTg3NjgtNTM1YmY5YjFlOGI3
LzEvSjQ5aTg2WDRSeUtGTDhjUEJTenhQZW9qZE5BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQCXoiwAwQC
uY1AAwQCuc/QMA0EAgACMAcDBQMqCyxAMA0GCSqGSIb3DQEBCwUAA4IBAQAWV+Dw
3b4DN2lRsia6wiE7ROzhhr7vvETPQv4BMr3MZ0xFH71L36ZofIuDeSmp7Orw99qn
0cmyDE58ZqGZj0o978TbJJGzSlIPUkCTAMsEbcGczTrepawbqF1hYhtvS5unJSZC
8J9tIKSFUU9+8Y7kDU2+fxN0cYf5VoEcECcz2LIwXPpW/3FzSWensn1TEwKLre9O
b69Rg3yhvFfUgJXqFU1dRY3ppkC91cKHDSfIv/TD5AOtkB9lh5C1HjtnCR8Enjcg
B3H9yB18LzPgDHkqVwvn9drxyrgY0vwhyvli/q0qezs3tj5Lyqbcq8DOCJPJEEJQ
pFhlCk4jKJM4Fu68
-----END CERTIFICATE-----