Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/Ij-yV53m5KZsq7130jDwyjoWS2g.roa
File:                     Ij-yV53m5KZsq7130jDwyjoWS2g.roa (raw, json)
Hash identifier:          GXleHmIxXolTapnhZRMAr8S/9VJ3gHKQ+3+SaIPQzks=
Subject key identifier:   22:3F:B2:57:9D:E6:E4:A6:6C:AB:BD:77:D2:30:F0:CA:3A:16:4B:68
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0190A561E453C9EAFEE65A38B87B1313CC45
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/Ij-yV53m5KZsq7130jDwyjoWS2g.roa
Signing time:             Fri 12 Jul 2024 05:19:34 +0000
ROA not before:           Fri 12 Jul 2024 05:19:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        194.58.56.0/23 maxlen: 23
                          194.87.169.0/24 maxlen: 24
                          195.133.25.0/24 maxlen: 24
                          195.133.39.0/24 maxlen: 24
                          195.133.50.0/23 maxlen: 23
                          195.133.92.0/23 maxlen: 23
                          212.192.1.0/24 maxlen: 24
                          2a01:57c0::/29 maxlen: 29
                          2a0c:ff40::/29 maxlen: 29

Validation:               Failed, certificate revoked on Fri 12 Jul 2024 11:16:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:a5:61:e4:53:c9:ea:fe:e6:5a:38:b8:7b:13:13:cc:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jul 12 05:19:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=223fb2579de6e4a66cabbd77d230f0ca3a164b68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:6b:92:0f:f7:38:93:af:8c:5a:a7:cc:35:c0:
                    63:a6:6d:9c:00:c8:3b:fe:02:08:7b:dd:34:4f:29:
                    5c:23:7c:21:64:92:a5:3c:2f:d2:1e:c7:fd:bb:e6:
                    aa:46:aa:ea:7a:72:80:f3:04:08:90:3c:4b:33:f5:
                    81:73:c3:af:68:3a:7a:e0:81:10:bc:ed:c6:c9:a5:
                    28:e5:00:be:5f:5e:3b:24:ff:67:85:16:c3:bc:01:
                    8a:fc:a5:b9:2b:b6:07:d4:f9:a7:27:92:25:6f:ee:
                    95:57:4b:6a:a7:c8:01:a2:81:41:d3:3f:bd:8a:72:
                    f9:bf:5f:aa:c7:24:ff:ed:c4:69:14:b3:54:52:92:
                    68:55:6b:d0:a5:fc:8a:38:7a:a9:71:72:a0:66:43:
                    48:23:59:13:4b:36:b0:1f:a6:cb:ad:ec:28:13:6f:
                    89:91:ec:f3:73:1e:a3:34:72:0f:82:4c:04:1e:26:
                    85:0a:d1:8b:80:78:bc:3a:db:b9:8d:f0:41:6d:00:
                    e4:4d:b3:6c:15:55:bf:d1:11:21:75:2f:d8:6e:d0:
                    58:3b:82:c7:32:f4:51:b8:50:cd:b0:b6:2a:ab:aa:
                    04:b7:8c:78:ec:ef:70:17:27:52:1b:35:47:bd:78:
                    10:75:0b:cd:11:ab:90:72:0c:f4:e6:e5:24:fb:1e:
                    d2:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:3F:B2:57:9D:E6:E4:A6:6C:AB:BD:77:D2:30:F0:CA:3A:16:4B:68
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/Ij-yV53m5KZsq7130jDwyjoWS2g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.58.56.0/23
                  194.87.169.0/24
                  195.133.25.0/24
                  195.133.39.0/24
                  195.133.50.0/23
                  195.133.92.0/23
                  212.192.1.0/24
                IPv6:
                  2a01:57c0::/29
                  2a0c:ff40::/29

    Signature Algorithm: sha256WithRSAEncryption
         81:06:44:12:af:f0:98:0b:e4:eb:f8:c7:d7:a4:a7:36:1d:c9:
         87:7c:35:d9:fa:40:31:62:2a:e5:ee:fb:e8:ef:2c:32:d1:43:
         a1:28:24:b0:6a:e9:71:af:8c:fa:c5:13:0e:bd:74:03:b0:96:
         c6:3a:f7:f9:be:23:86:39:11:1e:bf:4f:79:4a:3a:83:73:b2:
         4c:99:1c:28:d2:f6:55:94:6a:4b:96:b5:e0:c3:2f:00:d1:a3:
         2c:d7:75:8b:dc:c7:87:2b:b1:64:d2:a1:47:e8:3c:03:bb:31:
         5d:05:d3:85:00:86:e4:a7:6f:bd:80:ce:5e:30:f5:88:eb:a5:
         d2:7b:04:48:bd:b0:f0:91:b4:52:c1:5d:05:57:1b:47:9e:2d:
         d1:05:a3:99:ad:e0:5c:23:24:2a:0d:22:e6:64:18:9d:b5:c9:
         67:da:cf:6a:22:81:8a:25:02:4e:9b:38:d2:93:97:f7:77:94:
         06:1a:90:c9:46:e5:46:27:b2:fc:36:bd:d1:83:49:95:f3:aa:
         d2:31:0d:89:a2:5b:09:07:42:34:91:62:b2:18:70:85:2e:25:
         51:4c:48:03:3e:18:15:31:8e:6e:85:8d:8f:01:1a:20:d9:fe:
         36:20:5a:28:bb:a9:e5:29:0d:eb:01:32:72:05:e4:a4:b3:8c:
         3f:f3:3f:02
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAZClYeRTyer+5lo4uHsTE8xFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwNzEyMDUxOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjNmYjI1NzlkZTZlNGE2NmNhYmJkNzdkMjMwZjBjYTNhMTY0YjY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtWuSD/c4k6+MWqfMNcBjpm2cAMg7
/gIIe900TylcI3whZJKlPC/SHsf9u+aqRqrqenKA8wQIkDxLM/WBc8OvaDp64IEQ
vO3GyaUo5QC+X147JP9nhRbDvAGK/KW5K7YH1PmnJ5Ilb+6VV0tqp8gBooFB0z+9
inL5v1+qxyT/7cRpFLNUUpJoVWvQpfyKOHqpcXKgZkNII1kTSzawH6bLrewoE2+J
kezzcx6jNHIPgkwEHiaFCtGLgHi8Otu5jfBBbQDkTbNsFVW/0REhdS/YbtBYO4LH
MvRRuFDNsLYqq6oEt4x47O9wFydSGzVHvXgQdQvNEauQcgz05uUk+x7S7wIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFCI/sled5uSmbKu9d9Iw8Mo6FktoMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvSWoteVY1M201S1pzcTcxMzBqRHd5am9XUzJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDAwBAIAATAqAwQBwjo4AwQA
wlepAwQAw4UZAwQAw4UnAwQBw4UyAwQBw4VcAwQA1MABMBQEAgACMA4DBQMqAVfA
AwUDKgz/QDANBgkqhkiG9w0BAQsFAAOCAQEAgQZEEq/wmAvk6/jH16SnNh3Jh3w1
2fpAMWIq5e776O8sMtFDoSgksGrpca+M+sUTDr10A7CWxjr3+b4jhjkRHr9PeUo6
g3OyTJkcKNL2VZRqS5a14MMvANGjLNd1i9zHhyuxZNKhR+g8A7sxXQXThQCG5Kdv
vYDOXjD1iOul0nsESL2w8JG0UsFdBVcbR54t0QWjma3gXCMkKg0i5mQYnbXJZ9rP
aiKBiiUCTps40pOX93eUBhqQyUblRiey/Da90YNJlfOq0jENiaJbCQdCNJFishhw
hS4lUUxIAz4YFTGOboWNjwEaINn+NiBaKLup5SkN6wEycgXkpLOMP/M/Ag==
-----END CERTIFICATE-----