Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/b0uOoybRN4hCpAIGz4ZvEHCYzMs.roa
File:                     b0uOoybRN4hCpAIGz4ZvEHCYzMs.roa (raw, json)
Hash identifier:          ut9rmdGWwVkRFzJHLG89nUDA8p0SPbsIXMMEchFEdWg=
Subject key identifier:   6F:4B:8E:A3:26:D1:37:88:42:A4:02:06:CF:86:6F:10:70:98:CC:CB
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019049C5C3E1F2F1875902B346FB47F1FE86
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/b0uOoybRN4hCpAIGz4ZvEHCYzMs.roa
Signing time:             Mon 24 Jun 2024 10:23:35 +0000
ROA not before:           Mon 24 Jun 2024 10:23:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        194.58.56.0/23 maxlen: 23
                          194.87.169.0/24 maxlen: 24
                          195.58.39.0/24 maxlen: 24
                          195.133.25.0/24 maxlen: 24
                          195.133.50.0/23 maxlen: 23
                          195.133.92.0/23 maxlen: 23
                          212.192.1.0/24 maxlen: 24
                          2a01:57c0::/29 maxlen: 29
                          2a0c:ff40::/29 maxlen: 29

Validation:               Failed, certificate revoked on Tue 25 Jun 2024 16:06:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:49:c5:c3:e1:f2:f1:87:59:02:b3:46:fb:47:f1:fe:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jun 24 10:23:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6f4b8ea326d1378842a40206cf866f107098cccb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:2e:c8:1c:47:08:68:3b:37:59:bc:18:12:84:
                    4f:70:d7:05:5b:f7:86:4a:87:c0:c3:fe:cd:6a:28:
                    5e:21:33:b0:91:ef:79:ff:f1:ad:a1:52:0e:34:22:
                    7d:eb:46:60:16:8d:65:19:d8:1d:b3:c0:2d:b9:12:
                    f8:5d:3c:03:72:53:d8:b6:06:c1:df:d0:0f:75:c9:
                    a4:2e:c4:01:02:94:7d:0c:39:14:ea:32:59:79:ab:
                    da:39:29:b5:f3:72:d9:00:6c:ec:8c:16:7b:d6:37:
                    66:e3:7b:a8:ee:c1:e8:6b:59:29:b9:aa:59:3b:49:
                    ce:eb:9e:59:4c:b9:3d:96:8f:c8:0e:33:98:bd:7c:
                    14:a7:09:c8:0f:1e:7a:62:10:aa:54:1d:98:29:d9:
                    3f:62:09:14:1a:75:93:a0:d2:ee:30:89:9d:15:e0:
                    4f:38:d7:b2:da:ab:1c:1f:64:5e:91:72:36:30:04:
                    69:d3:04:09:98:51:70:f0:02:fa:c7:de:dd:00:0f:
                    16:15:ca:ff:b8:eb:18:f4:b9:16:a5:e5:ba:5f:81:
                    9c:24:23:03:1d:2e:3d:02:61:95:8a:69:57:27:65:
                    17:9e:3b:d9:07:56:ef:b1:99:a8:c6:a2:28:a5:75:
                    ee:58:ac:f6:23:0a:8f:ed:f5:d7:b1:35:24:ce:26:
                    f5:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:4B:8E:A3:26:D1:37:88:42:A4:02:06:CF:86:6F:10:70:98:CC:CB
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/b0uOoybRN4hCpAIGz4ZvEHCYzMs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.58.56.0/23
                  194.87.169.0/24
                  195.58.39.0/24
                  195.133.25.0/24
                  195.133.50.0/23
                  195.133.92.0/23
                  212.192.1.0/24
                IPv6:
                  2a01:57c0::/29
                  2a0c:ff40::/29

    Signature Algorithm: sha256WithRSAEncryption
         73:86:5e:12:07:ea:b0:f1:86:bb:76:26:c6:da:4e:66:cf:f3:
         1c:54:dc:ba:53:ab:a6:b0:03:3a:f8:60:dd:8c:2f:40:5d:28:
         78:79:b2:28:a8:7a:75:c6:c2:b1:b8:ee:54:0f:77:28:8b:82:
         fa:a9:1f:38:8e:ff:71:4e:db:95:33:0d:ed:9b:14:62:25:27:
         de:bd:07:d3:cc:f9:db:06:2e:ab:6b:81:c6:b8:57:2d:b4:45:
         ce:be:11:f2:7b:f8:8d:fc:c8:b2:58:95:1d:09:e0:06:8c:1a:
         88:1d:51:72:a0:60:0f:32:5e:ed:93:05:67:89:00:63:c0:58:
         00:13:29:b1:8e:d6:d1:2e:92:59:6f:98:a7:64:19:28:96:6e:
         ad:83:aa:d7:b1:43:1f:a5:d5:30:bc:35:7e:31:dd:65:af:93:
         4b:8d:15:e2:c5:93:a3:96:ca:21:91:78:f3:12:d5:02:b8:e9:
         08:96:ed:02:5e:8c:14:c1:88:de:ee:94:c4:a2:c4:c5:f3:7f:
         c3:9a:24:c5:25:b9:d4:fb:b5:cb:44:31:9c:28:80:cb:50:ba:
         1b:12:31:fd:b6:5f:38:88:df:6b:30:da:de:af:e9:76:29:e0:
         cc:76:9c:e8:93:c8:0a:1b:51:44:af:cc:9a:fd:25:80:63:30:
         4f:96:57:6f
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAZBJxcPh8vGHWQKzRvtH8f6GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwNjI0MTAyMzM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjRiOGVhMzI2ZDEzNzg4NDJhNDAyMDZjZjg2NmYxMDcwOThjY2NiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzS7IHEcIaDs3WbwYEoRPcNcFW/eG
SofAw/7NaiheITOwke95//GtoVIONCJ960ZgFo1lGdgds8AtuRL4XTwDclPYtgbB
39APdcmkLsQBApR9DDkU6jJZeavaOSm183LZAGzsjBZ71jdm43uo7sHoa1kpuapZ
O0nO655ZTLk9lo/IDjOYvXwUpwnIDx56YhCqVB2YKdk/YgkUGnWToNLuMImdFeBP
ONey2qscH2RekXI2MARp0wQJmFFw8AL6x97dAA8WFcr/uOsY9LkWpeW6X4GcJCMD
HS49AmGVimlXJ2UXnjvZB1bvsZmoxqIopXXuWKz2IwqP7fXXsTUkzib1HQIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFG9LjqMm0TeIQqQCBs+GbxBwmMzLMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvYjB1T295YlJONGhDcEFJR3o0WnZFSENZek1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDAwBAIAATAqAwQBwjo4AwQA
wlepAwQAwzonAwQAw4UZAwQBw4UyAwQBw4VcAwQA1MABMBQEAgACMA4DBQMqAVfA
AwUDKgz/QDANBgkqhkiG9w0BAQsFAAOCAQEAc4ZeEgfqsPGGu3YmxtpOZs/zHFTc
ulOrprADOvhg3YwvQF0oeHmyKKh6dcbCsbjuVA93KIuC+qkfOI7/cU7blTMN7ZsU
YiUn3r0H08z52wYuq2uBxrhXLbRFzr4R8nv4jfzIsliVHQngBowaiB1RcqBgDzJe
7ZMFZ4kAY8BYABMpsY7W0S6SWW+Yp2QZKJZurYOq17FDH6XVMLw1fjHdZa+TS40V
4sWTo5bKIZF48xLVArjpCJbtAl6MFMGI3u6UxKLExfN/w5okxSW51Pu1y0QxnCiA
y1C6GxIx/bZfOIjfazDa3q/pdingzHac6JPIChtRRK/Mmv0lgGMwT5ZXbw==
-----END CERTIFICATE-----