Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/74frFC7GNAQ-8yDIPGbreJbGiLA.roa
File:                     74frFC7GNAQ-8yDIPGbreJbGiLA.roa (raw, json)
Hash identifier:          QEmHAc41CamOpI24d9l8xYcwpCf6Br1pxGl2JmKCWko=
Subject key identifier:   EF:87:EB:14:2E:C6:34:04:3E:F3:20:C8:3C:66:EB:78:96:C6:88:B0
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018C407C93E44DC2B114A896CCAC3546B8A9
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/74frFC7GNAQ-8yDIPGbreJbGiLA.roa
Signing time:             Wed 06 Dec 2023 18:55:55 +0000
ROA not before:           Wed 06 Dec 2023 18:55:55 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     51659
IP address blocks:        193.124.7.0/24 maxlen: 24
                          194.87.106.0/24 maxlen: 24
                          195.133.5.0/24 maxlen: 24
                          194.87.48.0/24 maxlen: 24
                          195.133.23.0/24 maxlen: 24
                          195.58.48.0/23 maxlen: 23
                          194.87.70.0/24 maxlen: 24
                          194.87.68.0/23 maxlen: 23
                          194.87.196.0/23 maxlen: 23

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 12:33:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:40:7c:93:e4:4d:c2:b1:14:a8:96:cc:ac:35:46:b8:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Dec  6 18:55:55 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ef87eb142ec634043ef320c83c66eb7896c688b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:ce:4e:43:01:93:63:d5:4b:77:35:9a:c6:65:
                    cd:53:64:e5:d7:15:58:ac:87:55:fc:0d:25:69:c8:
                    6a:5e:f6:09:ee:c7:6b:ae:90:5d:e3:60:65:90:5a:
                    15:f7:3b:71:68:6e:f4:3c:b5:6d:b8:72:d2:32:31:
                    33:63:d0:47:69:07:f4:8c:61:a6:1e:c8:23:51:f6:
                    fc:3c:ae:4e:b7:08:70:67:75:f1:9d:c4:39:47:74:
                    e1:4c:84:f7:da:2d:48:97:ce:64:2b:f1:ef:9c:d6:
                    bb:8d:6b:3f:03:e6:c9:cb:55:da:b8:59:ee:bb:8b:
                    2e:96:8a:04:39:ed:64:52:a8:c2:8f:5e:9a:2a:dc:
                    95:ca:1c:8e:40:64:08:36:48:69:fb:73:a4:c5:85:
                    62:fa:45:53:f8:84:81:fd:08:80:51:86:a7:a7:12:
                    20:8d:cd:06:6f:3e:4a:b8:1b:0c:f4:09:33:24:28:
                    20:67:0e:77:56:22:47:56:70:e6:9a:ce:a7:91:51:
                    4c:8b:39:64:2f:cc:e8:38:3e:3c:51:11:56:49:49:
                    9e:86:92:4f:8a:2c:17:f8:ed:c6:60:0b:db:91:e9:
                    92:77:6d:f3:7c:7f:3e:b9:7f:2c:0c:0a:00:04:62:
                    23:02:a0:ba:a5:71:7c:0a:70:85:db:bc:0c:89:8f:
                    f1:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:87:EB:14:2E:C6:34:04:3E:F3:20:C8:3C:66:EB:78:96:C6:88:B0
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/74frFC7GNAQ-8yDIPGbreJbGiLA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.7.0/24
                  194.87.48.0/24
                  194.87.68.0-194.87.70.255
                  194.87.106.0/24
                  194.87.196.0/23
                  195.58.48.0/23
                  195.133.5.0/24
                  195.133.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:06:a8:3b:19:42:52:63:3d:fa:1b:9e:de:4a:6e:34:84:8b:
         78:9a:5e:b3:88:41:9c:7c:31:13:ed:bb:36:72:ed:d3:50:c7:
         47:55:45:ca:1f:aa:bd:f0:73:c7:44:fa:72:07:25:3f:2c:af:
         73:30:6b:34:b7:73:53:6d:4b:1f:81:21:29:b6:67:bf:08:0a:
         c0:18:85:a5:31:f5:bc:04:4d:9e:8e:d5:14:62:ce:85:fa:a0:
         9b:84:b2:96:5f:2b:9a:1a:8b:2f:49:04:55:38:94:7e:98:d9:
         f4:a3:ad:05:84:a0:65:64:f3:c8:00:ad:da:35:26:df:43:86:
         1e:f4:4a:3b:f6:0e:b5:40:a6:b2:84:c9:dd:00:fe:58:7e:02:
         a7:2b:f0:b1:b2:42:df:07:ec:d5:21:40:0a:e9:c8:05:37:9b:
         95:24:bf:00:d1:27:39:64:e7:da:c9:87:45:09:7f:89:ec:4d:
         3b:25:99:f6:31:ce:5b:ec:29:2e:a8:17:75:1d:59:64:fe:3a:
         c8:58:a1:0e:36:e5:45:90:43:90:1a:f2:3c:3d:90:80:62:64:
         aa:c3:62:9c:df:d9:2a:bc:23:04:e6:b8:df:29:5a:ec:b5:52:
         a3:bb:8f:91:3a:8c:46:b4:6e:7a:70:f6:e5:16:76:d5:06:83:
         6d:50:60:bf
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYxAfJPkTcKxFKiWzKw1RripMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMxMjA2MTg1NTU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjg3ZWIxNDJlYzYzNDA0M2VmMzIwYzgzYzY2ZWI3ODk2YzY4OGIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm85OQwGTY9VLdzWaxmXNU2Tl1xVY
rIdV/A0lachqXvYJ7sdrrpBd42BlkFoV9ztxaG70PLVtuHLSMjEzY9BHaQf0jGGm
HsgjUfb8PK5OtwhwZ3XxncQ5R3ThTIT32i1Il85kK/HvnNa7jWs/A+bJy1XauFnu
u4sulooEOe1kUqjCj16aKtyVyhyOQGQINkhp+3OkxYVi+kVT+ISB/QiAUYanpxIg
jc0Gbz5KuBsM9AkzJCggZw53ViJHVnDmms6nkVFMizlkL8zoOD48URFWSUmehpJP
iiwX+O3GYAvbkemSd23zfH8+uX8sDAoABGIjAqC6pXF8CnCF27wMiY/xwQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFO+H6xQuxjQEPvMgyDxm63iWxoiwMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvNzRmckZDN0dOQVEtOHlESVBHYnJlSmJHaUxBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQAwXwHAwQA
wlcwMAwDBALCV0QDBADCV0YDBADCV2oDBAHCV8QDBAHDOjADBADDhQUDBADDhRcw
DQYJKoZIhvcNAQELBQADggEBAHkGqDsZQlJjPfobnt5KbjSEi3iaXrOIQZx8MRPt
uzZy7dNQx0dVRcofqr3wc8dE+nIHJT8sr3MwazS3c1NtSx+BISm2Z78ICsAYhaUx
9bwETZ6O1RRizoX6oJuEspZfK5oaiy9JBFU4lH6Y2fSjrQWEoGVk88gArdo1Jt9D
hh70Sjv2DrVAprKEyd0A/lh+Aqcr8LGyQt8H7NUhQArpyAU3m5UkvwDRJzlk59rJ
h0UJf4nsTTslmfYxzlvsKS6oF3UdWWT+OshYoQ425UWQQ5Aa8jw9kIBiZKrDYpzf
2Sq8IwTmuN8pWuy1UqO7j5E6jEa0bnpw9uUWdtUGg21QYL8=
-----END CERTIFICATE-----