Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NPHTuTaXlaZxlwFYkVLopc-GAKA.roa
File:                     NPHTuTaXlaZxlwFYkVLopc-GAKA.roa (raw, json)
Hash identifier:          5gXp7Jc4JIBy064FoyBJAO7YSNcdcq1YXe/xxQtpmxw=
Subject key identifier:   34:F1:D3:B9:36:97:95:A6:71:97:01:58:91:52:E8:A5:CF:86:00:A0
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018D45F4311551EED8E94DBD8FF28A95E559
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NPHTuTaXlaZxlwFYkVLopc-GAKA.roa
Signing time:             Fri 26 Jan 2024 13:27:27 +0000
ROA not before:           Fri 26 Jan 2024 13:27:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     398343
IP address blocks:        193.124.15.0/24 maxlen: 24
                          193.124.24.0/24 maxlen: 24
                          194.58.223.0/24 maxlen: 24
                          194.87.29.0/24 maxlen: 24
                          194.87.123.0/24 maxlen: 24
                          194.135.104.0/24 maxlen: 24
                          195.133.26.0/23 maxlen: 23
                          195.133.30.0/24 maxlen: 24
                          195.133.83.0/24 maxlen: 24
                          212.193.6.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 02 Feb 2024 08:20:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:45:f4:31:15:51:ee:d8:e9:4d:bd:8f:f2:8a:95:e5:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan 26 13:27:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=34f1d3b9369795a6719701589152e8a5cf8600a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:c8:2d:1b:04:2b:35:03:49:d6:bb:43:e9:f3:
                    0c:7c:2e:d7:cf:9d:de:d3:6e:4d:95:15:7e:e2:43:
                    9b:72:30:0a:f5:58:c0:ad:7d:0f:04:6f:ee:dd:9b:
                    84:32:b6:ef:ed:1a:f6:cb:11:9a:cf:87:c9:02:9f:
                    3c:86:0e:6b:5d:b6:fe:f7:e9:48:7c:4d:3f:f7:75:
                    51:29:39:8b:cb:77:2c:6c:9b:eb:b6:52:b0:50:34:
                    6c:6f:e6:a3:d3:ef:6a:36:8e:6d:e6:a7:17:2b:54:
                    86:9f:46:84:49:2c:2c:b3:db:0e:98:f8:d4:44:27:
                    9e:d2:01:f7:fa:98:08:58:e7:51:52:63:2a:b5:5d:
                    f6:48:d1:79:3d:43:82:92:55:f8:17:f4:3b:9b:1f:
                    f3:fe:84:a5:d7:97:7d:26:86:b0:85:af:97:e6:41:
                    4b:07:50:f2:71:79:d5:94:8e:47:a3:0c:a3:3e:a0:
                    0a:c5:54:ce:fc:05:f0:18:8b:e7:3e:c6:92:70:aa:
                    50:0c:6f:0a:4a:fc:a3:11:aa:81:ce:09:e3:04:f9:
                    91:f7:47:dd:58:85:6d:40:bc:53:5c:12:7a:b8:fc:
                    42:d6:31:a4:8d:0a:6c:57:47:ac:7d:f4:4d:ed:6e:
                    9e:f3:9f:f6:5f:bb:aa:bb:3b:7c:60:05:34:a1:16:
                    0f:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:F1:D3:B9:36:97:95:A6:71:97:01:58:91:52:E8:A5:CF:86:00:A0
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NPHTuTaXlaZxlwFYkVLopc-GAKA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.15.0/24
                  193.124.24.0/24
                  194.58.223.0/24
                  194.87.29.0/24
                  194.87.123.0/24
                  194.135.104.0/24
                  195.133.26.0/23
                  195.133.30.0/24
                  195.133.83.0/24
                  212.193.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:cc:94:1e:d0:ba:77:81:65:ea:6c:c2:23:5f:6e:3e:d6:a9:
         92:9b:d3:1f:96:fc:19:2f:1e:36:51:d5:f1:d3:33:c4:b7:8b:
         22:32:44:2f:ad:11:35:1b:78:e6:22:a1:9f:e1:0c:e1:9b:a4:
         79:89:8c:0f:ed:f5:e6:b7:95:bb:e2:d6:75:9c:be:9a:18:1b:
         c4:68:83:43:63:f8:ae:51:b6:43:a5:0d:39:03:46:7f:8e:bf:
         a6:6b:15:25:03:83:22:af:f9:4f:d4:c1:1a:c0:b1:04:3e:c0:
         af:23:35:dd:e2:50:10:0d:0f:60:df:fa:93:30:d4:39:bd:c3:
         f2:f9:c5:f3:b2:36:2a:fb:a6:40:53:30:0b:1a:38:c5:12:dd:
         03:73:26:7f:4f:6d:9a:c6:75:68:60:dd:33:8c:ad:5e:8a:7c:
         37:9b:98:cb:cd:3b:11:9b:01:59:8d:81:8b:74:3f:f2:9e:53:
         09:ac:4d:b6:c3:a9:11:7e:04:d4:6f:fc:8a:87:25:96:4e:d9:
         30:16:1a:7b:90:47:55:5a:4e:3f:5c:d2:b6:3a:33:5b:f6:4f:
         07:0c:61:90:33:40:4b:0a:bb:b1:03:55:6a:77:ae:90:a6:f6:
         12:8b:cd:37:73:cf:51:04:41:b6:32:88:d0:77:84:c1:57:b9:
         b6:f1:0d:db
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAY1F9DEVUe7Y6U29j/KKleVZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwMTI2MTMyNzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGYxZDNiOTM2OTc5NWE2NzE5NzAxNTg5MTUyZThhNWNmODYwMGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAksgtGwQrNQNJ1rtD6fMMfC7Xz53e
025NlRV+4kObcjAK9VjArX0PBG/u3ZuEMrbv7Rr2yxGaz4fJAp88hg5rXbb+9+lI
fE0/93VRKTmLy3csbJvrtlKwUDRsb+aj0+9qNo5t5qcXK1SGn0aESSwss9sOmPjU
RCee0gH3+pgIWOdRUmMqtV32SNF5PUOCklX4F/Q7mx/z/oSl15d9Joawha+X5kFL
B1DycXnVlI5HowyjPqAKxVTO/AXwGIvnPsaScKpQDG8KSvyjEaqBzgnjBPmR90fd
WIVtQLxTXBJ6uPxC1jGkjQpsV0esffRN7W6e85/2X7uquzt8YAU0oRYPFQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFDTx07k2l5WmcZcBWJFS6KXPhgCgMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvTlBIVHVUYVhsYVp4bHdGWWtWTG9wYy1HQUtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQAwXwPAwQA
wXwYAwQAwjrfAwQAwlcdAwQAwld7AwQAwodoAwQBw4UaAwQAw4UeAwQAw4VTAwQA
1MEGMA0GCSqGSIb3DQEBCwUAA4IBAQBSzJQe0Lp3gWXqbMIjX24+1qmSm9MflvwZ
Lx42UdXx0zPEt4siMkQvrRE1G3jmIqGf4Qzhm6R5iYwP7fXmt5W74tZ1nL6aGBvE
aINDY/iuUbZDpQ05A0Z/jr+maxUlA4Mir/lP1MEawLEEPsCvIzXd4lAQDQ9g3/qT
MNQ5vcPy+cXzsjYq+6ZAUzALGjjFEt0DcyZ/T22axnVoYN0zjK1einw3m5jLzTsR
mwFZjYGLdD/ynlMJrE22w6kRfgTUb/yKhyWWTtkwFhp7kEdVWk4/XNK2OjNb9k8H
DGGQM0BLCruxA1Vqd66QpvYSi803c89RBEG2MojQd4TBV7m28Q3b
-----END CERTIFICATE-----