Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/IPv4z6zi8t_YAMkFT5eUlK54bBA.roa
File:                     IPv4z6zi8t_YAMkFT5eUlK54bBA.roa (raw, json)
Hash identifier:          33drFwrr5lYovc4E52tQhIXoYfRVWz6+6oG/sgSF26A=
Subject key identifier:   20:FB:F8:CF:AC:E2:F2:DF:D8:00:C9:05:4F:97:94:94:AE:78:6C:10
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0192D8D121EE4654AB217B7B1AA45D279E90
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/IPv4z6zi8t_YAMkFT5eUlK54bBA.roa
Signing time:             Tue 29 Oct 2024 15:07:17 +0000
ROA not before:           Tue 29 Oct 2024 15:07:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15731
IP address blocks:        194.85.251.0/24 maxlen: 24
                          194.87.114.0/23 maxlen: 23
                          194.87.119.0/24 maxlen: 24
                          194.87.134.0/23 maxlen: 23
                          194.87.168.0/24 maxlen: 24
                          195.58.58.0/23 maxlen: 23
                          195.58.62.0/23 maxlen: 23
                          195.133.0.0/24 maxlen: 24
                          195.133.84.0/23 maxlen: 23
                          212.192.222.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 04 Nov 2024 19:11:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d8:d1:21:ee:46:54:ab:21:7b:7b:1a:a4:5d:27:9e:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Oct 29 15:07:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=20fbf8cface2f2dfd800c9054f979494ae786c10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:8c:49:2b:28:54:d4:47:30:79:95:8f:2b:31:
                    d2:63:46:30:e2:0e:cd:19:65:2f:21:b6:71:09:b3:
                    b3:17:4b:4b:ff:88:06:26:b0:0e:4a:ab:b9:88:10:
                    e0:e2:1b:03:5f:e7:c3:7b:8e:bb:8e:38:ca:ea:b4:
                    92:bc:d7:f8:ec:3d:0e:15:fa:0d:95:df:e0:b5:83:
                    d2:ed:1f:b4:ae:e1:49:a8:99:e9:aa:6a:fe:53:3d:
                    c8:1c:2a:e1:44:ca:d4:5f:42:20:28:15:35:bc:ac:
                    b4:36:0c:75:0a:72:fc:b9:7b:e7:ce:86:2e:ce:df:
                    a1:b1:78:c6:cb:33:43:44:cf:c7:72:27:e8:bc:da:
                    7d:c4:a3:7e:c3:94:3c:2a:f5:2c:1f:97:a8:dd:e0:
                    62:5d:35:71:d4:1c:e5:8a:59:f3:d5:c8:11:86:dc:
                    53:93:f5:79:3d:1f:0a:ec:43:a8:fd:d9:38:7e:58:
                    fc:f7:2f:e8:82:e2:65:3b:5a:d2:10:40:c7:09:a8:
                    3d:16:78:b5:dc:89:a9:6b:fb:90:fc:9a:8c:d2:1f:
                    1a:3a:75:33:01:d0:f6:0f:52:31:70:38:d8:0f:bb:
                    e8:79:d6:3d:57:c5:99:24:a5:c2:60:bb:12:ec:a6:
                    0d:f1:90:f8:d9:cf:2f:d1:2f:dc:ae:ed:da:d9:9b:
                    5d:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:FB:F8:CF:AC:E2:F2:DF:D8:00:C9:05:4F:97:94:94:AE:78:6C:10
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/IPv4z6zi8t_YAMkFT5eUlK54bBA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.85.251.0/24
                  194.87.114.0/23
                  194.87.119.0/24
                  194.87.134.0/23
                  194.87.168.0/24
                  195.58.58.0/23
                  195.58.62.0/23
                  195.133.0.0/24
                  195.133.84.0/23
                  212.192.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:72:e7:f4:75:c3:14:36:dc:8a:17:67:18:fb:09:a6:21:72:
         38:f3:35:8d:24:58:96:75:f1:e2:da:c9:0b:cc:41:ae:f5:b8:
         12:e0:04:d6:ef:e8:4f:65:81:c8:21:21:e3:9e:6d:0b:27:83:
         cc:41:4d:35:54:63:55:00:36:d2:cf:50:51:13:0a:8e:50:23:
         d3:be:ac:fe:5e:2f:e8:fe:e4:6d:e4:39:6e:a2:64:26:5f:ba:
         52:b6:0d:f2:69:bb:2c:18:dc:9e:1f:5f:5f:3a:8a:0c:82:51:
         62:0b:f2:22:39:89:9d:40:7f:ae:54:12:81:c1:cf:f2:e5:6d:
         b0:3f:8f:16:f1:50:73:c9:07:b8:04:da:e1:a1:08:7b:a8:21:
         26:2d:50:2a:24:68:a3:30:12:33:9b:79:f8:f8:9f:cc:6b:0e:
         78:0c:4c:b8:af:d6:7b:99:2a:88:e6:0f:90:33:a7:b7:b5:86:
         e7:88:6b:a9:e8:54:9e:8f:24:e2:53:d3:fe:8e:f5:b8:f6:f6:
         0c:c4:78:fd:60:c1:23:f1:65:35:df:8a:d6:2b:c8:0e:cc:9e:
         37:1d:c6:09:0f:e3:c2:c9:42:03:41:19:03:73:e3:80:89:69:
         89:9b:a8:65:4d:72:ee:c9:ee:49:02:27:96:4e:43:fb:1a:47:
         52:e0:8a:0e
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZLY0SHuRlSrIXt7GqRdJ56QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQxMDI5MTUwNzE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGZiZjhjZmFjZTJmMmRmZDgwMGM5MDU0Zjk3OTQ5NGFlNzg2YzEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA44xJKyhU1EcweZWPKzHSY0Yw4g7N
GWUvIbZxCbOzF0tL/4gGJrAOSqu5iBDg4hsDX+fDe467jjjK6rSSvNf47D0OFfoN
ld/gtYPS7R+0ruFJqJnpqmr+Uz3IHCrhRMrUX0IgKBU1vKy0Ngx1CnL8uXvnzoYu
zt+hsXjGyzNDRM/HcifovNp9xKN+w5Q8KvUsH5eo3eBiXTVx1Bzlilnz1cgRhtxT
k/V5PR8K7EOo/dk4flj89y/oguJlO1rSEEDHCag9Fni13Impa/uQ/JqM0h8aOnUz
AdD2D1IxcDjYD7voedY9V8WZJKXCYLsS7KYN8ZD42c8v0S/cru3a2ZtddwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFCD7+M+s4vLf2ADJBU+XlJSueGwQMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvSVB2NHo2emk4dF9ZQU1rRlQ1ZVVsSzU0YkJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQAwlX7AwQB
wldyAwQAwld3AwQBwleGAwQAwleoAwQBwzo6AwQBwzo+AwQAw4UAAwQBw4VUAwQA
1MDeMA0GCSqGSIb3DQEBCwUAA4IBAQBYcuf0dcMUNtyKF2cY+wmmIXI48zWNJFiW
dfHi2skLzEGu9bgS4ATW7+hPZYHIISHjnm0LJ4PMQU01VGNVADbSz1BREwqOUCPT
vqz+Xi/o/uRt5DluomQmX7pStg3yabssGNyeH19fOooMglFiC/IiOYmdQH+uVBKB
wc/y5W2wP48W8VBzyQe4BNrhoQh7qCEmLVAqJGijMBIzm3n4+J/Maw54DEy4r9Z7
mSqI5g+QM6e3tYbniGup6FSejyTiU9P+jvW49vYMxHj9YMEj8WU134rWK8gOzJ43
HcYJD+PCyUIDQRkDc+OAiWmJm6hlTXLuye5JAieWTkP7GkdS4IoO
-----END CERTIFICATE-----