Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/vYZvir0xVJVbWUQE6or9vY1fDpU.roa
File:                     vYZvir0xVJVbWUQE6or9vY1fDpU.roa (raw, json)
Hash identifier:          aiLMJwfi6eXoigHR8k8hHdHI8ySq+tUDHAc7FkzUtf8=
Subject key identifier:   BD:86:6F:8A:BD:31:54:95:5B:59:44:04:EA:8A:FD:BD:8D:5F:0E:95
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018CC8DCD5C471AEED0ECDE1372409253A6C
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/vYZvir0xVJVbWUQE6or9vY1fDpU.roa
Signing time:             Tue 02 Jan 2024 06:29:24 +0000
ROA not before:           Tue 02 Jan 2024 06:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25206
IP address blocks:        87.120.112.0/24 maxlen: 24
                          87.120.115.0/24 maxlen: 24
                          87.120.112.0/21 maxlen: 21
                          87.120.112.0/20 maxlen: 20
                          87.120.116.0/24 maxlen: 24
                          87.120.113.0/24 maxlen: 24
                          87.120.117.0/24 maxlen: 24
                          87.120.114.0/24 maxlen: 24
                          87.120.118.0/24 maxlen: 24
                          87.120.119.0/24 maxlen: 24
                          87.120.123.0/24 maxlen: 24
                          87.120.120.0/21 maxlen: 21
                          87.120.120.0/24 maxlen: 24
                          87.120.124.0/24 maxlen: 24
                          87.120.121.0/24 maxlen: 24
                          87.120.125.0/24 maxlen: 24
                          87.120.122.0/24 maxlen: 24
                          87.120.127.0/24 maxlen: 24
                          87.120.126.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 27 Aug 2024 11:33:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:d5:c4:71:ae:ed:0e:cd:e1:37:24:09:25:3a:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 06:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bd866f8abd3154955b594404ea8afdbd8d5f0e95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:2a:20:8c:6f:b7:c9:55:c2:e2:83:5e:c4:79:
                    6d:9b:cf:a5:aa:61:06:fc:db:aa:d7:be:b6:52:56:
                    fd:da:1d:cb:86:33:84:73:33:82:f0:99:8d:64:40:
                    e0:ab:06:34:54:02:39:6f:a9:4b:9e:da:af:3c:d8:
                    11:36:e1:53:79:72:df:95:91:dc:29:e9:68:45:9c:
                    72:e0:25:c3:ab:d0:62:2c:a4:a6:a6:28:2a:9a:c5:
                    da:c8:d2:71:2c:cc:5b:da:13:b6:c1:2f:c5:54:5d:
                    b8:b4:f9:20:ce:68:38:0e:6f:7b:b7:fd:cb:ad:11:
                    b0:bb:09:6c:ce:95:81:af:ae:7b:b6:d8:23:82:41:
                    8e:63:90:65:33:4e:37:2a:7e:4d:15:c9:97:48:dc:
                    d6:b9:5c:24:2f:05:71:a2:7b:13:18:e6:08:09:c0:
                    ef:b8:3b:b5:09:94:c3:b1:0b:72:da:05:54:37:7a:
                    05:31:47:74:da:04:9d:eb:d7:f0:ea:c6:fa:91:4b:
                    72:29:e4:e9:4f:93:10:fe:2a:03:61:0d:21:9b:da:
                    6a:2b:19:63:5e:3b:4e:c6:c7:34:9f:9e:82:e3:33:
                    e5:be:66:fb:52:f0:5b:44:c2:f2:32:10:88:c3:c2:
                    a1:05:f5:df:3a:69:7b:58:a4:9a:04:a4:5e:9b:a2:
                    7b:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:86:6F:8A:BD:31:54:95:5B:59:44:04:EA:8A:FD:BD:8D:5F:0E:95
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/vYZvir0xVJVbWUQE6or9vY1fDpU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.120.112.0/20

    Signature Algorithm: sha256WithRSAEncryption
         73:f5:e5:fb:07:86:d7:96:59:53:ed:34:5d:a5:0b:26:cb:73:
         f9:77:37:22:77:58:43:10:c6:3b:91:80:51:e4:73:9e:9f:4c:
         9a:54:0e:d0:95:c2:b5:82:66:da:fa:81:00:d1:59:a0:88:d3:
         f2:dd:03:3a:f0:41:4a:4c:34:62:46:d0:53:86:8d:1a:c1:9b:
         9f:2d:15:fc:36:26:50:84:03:23:f5:05:5d:9c:98:d1:68:f0:
         e5:e6:9a:df:ad:a9:53:d7:df:82:c0:c6:41:64:89:6f:d1:89:
         60:69:62:b2:54:5f:d1:ad:ea:2f:d7:bb:fe:f5:b1:dc:3f:31:
         7c:5b:04:e8:b4:82:85:0d:18:d3:d1:e4:8b:de:a6:dc:aa:4b:
         48:48:b5:1c:56:d1:97:dc:44:c4:53:de:f7:1c:12:8c:cd:38:
         f6:07:fe:11:d4:49:c2:84:6f:8a:1d:3a:fc:f3:5c:ab:8d:8a:
         81:4c:87:5c:93:31:2d:4e:51:0d:b1:f1:3d:c8:c2:83:fe:16:
         f6:90:b3:b8:ee:0b:f1:82:cf:3d:41:a7:2a:46:75:99:81:1e:
         2c:3b:9d:18:fc:a7:88:6d:d5:df:fa:90:81:ba:96:72:a5:cf:
         87:52:d4:34:81:b0:eb:2f:ab:91:79:c4:d2:b1:69:c3:44:25:
         6a:40:3e:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3NXEca7tDs3hNyQJJTpsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTAyMDYyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDg2NmY4YWJkMzE1NDk1NWI1OTQ0MDRlYThhZmRiZDhkNWYwZTk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhiogjG+3yVXC4oNexHltm8+lqmEG
/Nuq1762Ulb92h3LhjOEczOC8JmNZEDgqwY0VAI5b6lLntqvPNgRNuFTeXLflZHc
KeloRZxy4CXDq9BiLKSmpigqmsXayNJxLMxb2hO2wS/FVF24tPkgzmg4Dm97t/3L
rRGwuwlszpWBr657ttgjgkGOY5BlM043Kn5NFcmXSNzWuVwkLwVxonsTGOYICcDv
uDu1CZTDsQty2gVUN3oFMUd02gSd69fw6sb6kUtyKeTpT5MQ/ioDYQ0hm9pqKxlj
XjtOxsc0n56C4zPlvmb7UvBbRMLyMhCIw8KhBfXfOml7WKSaBKRem6J7awIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL2Gb4q9MVSVW1lEBOqK/b2NXw6VMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvdlladmlyMHhWSlZiV1VRRTZvcjl2WTFmRHBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEV3hwMA0G
CSqGSIb3DQEBCwUAA4IBAQBz9eX7B4bXlllT7TRdpQsmy3P5dzcid1hDEMY7kYBR
5HOen0yaVA7QlcK1gmba+oEA0VmgiNPy3QM68EFKTDRiRtBTho0awZufLRX8NiZQ
hAMj9QVdnJjRaPDl5prfralT19+CwMZBZIlv0YlgaWKyVF/Rreov17v+9bHcPzF8
WwTotIKFDRjT0eSL3qbcqktISLUcVtGX3ETEU973HBKMzTj2B/4R1EnChG+KHTr8
81yrjYqBTIdckzEtTlENsfE9yMKD/hb2kLO47gvxgs89QacqRnWZgR4sO50Y/KeI
bdXf+pCBupZypc+HUtQ0gbDrL6uRecTSsWnDRCVqQD7+
-----END CERTIFICATE-----