Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/83df5b-d153-4cb6-baf3-4cd38b758d5c/1/OfdaB714VrOA15Y9LL3qtaaF-8A.roa
File:                     OfdaB714VrOA15Y9LL3qtaaF-8A.roa (raw, json)
Hash identifier:          iF7LkU2Xxl2bUPvxMBeSsGRDECB7jYeA6tlPGtgov/g=
Subject key identifier:   39:F7:5A:07:BD:78:56:B3:80:D7:96:3D:2C:BD:EA:B5:A6:85:FB:C0
Certificate issuer:       /CN=1e5aaf3d0683dc8a0d58c643826e166d3c28cca9
Certificate serial:       018E18AD676EEA49CAD40159514231E64D16
Authority key identifier: 1E:5A:AF:3D:06:83:DC:8A:0D:58:C6:43:82:6E:16:6D:3C:28:CC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HlqvPQaD3IoNWMZDgm4WbTwozKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/83df5b-d153-4cb6-baf3-4cd38b758d5c/1/OfdaB714VrOA15Y9LL3qtaaF-8A.roa
Signing time:             Thu 07 Mar 2024 11:30:01 +0000
ROA not before:           Thu 07 Mar 2024 11:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57910
IP address blocks:        46.18.72.0/21 maxlen: 24
                          185.11.236.0/22 maxlen: 24
                          185.161.12.0/22 maxlen: 24
                          185.226.236.0/22 maxlen: 24
                          194.56.236.0/22 maxlen: 24
                          194.127.158.0/23 maxlen: 24
                          194.127.162.0/23 maxlen: 24
                          2a00:b5c0::/32 maxlen: 32
                          2a02:2110::/32 maxlen: 32
                          2a0c:7a00::/29 maxlen: 29
Validation:               Failed, certificate revoked on Thu 07 Mar 2024 16:21:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:18:ad:67:6e:ea:49:ca:d4:01:59:51:42:31:e6:4d:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e5aaf3d0683dc8a0d58c643826e166d3c28cca9
        Validity
            Not Before: Mar  7 11:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=39f75a07bd7856b380d7963d2cbdeab5a685fbc0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:ad:ff:e8:80:00:cd:83:66:e1:9c:5f:ca:bc:
                    91:98:31:84:6d:f8:85:e8:8f:5f:63:66:0f:d4:24:
                    cd:5a:89:05:e3:a8:ea:bf:c8:6a:b8:99:d4:b8:58:
                    0c:50:d1:77:10:6c:13:7d:cc:ad:a5:8f:8b:6b:c8:
                    51:9a:57:30:40:61:39:b5:a7:55:f5:46:8f:c7:17:
                    bb:8b:29:b7:9a:a9:41:af:ee:ec:7f:e0:65:b8:9c:
                    0f:8d:61:6f:10:91:e7:67:0a:d4:e9:0c:b8:3a:93:
                    83:e4:a8:59:24:7e:c8:77:73:d6:72:65:c6:e2:0d:
                    d1:3a:a1:f6:7c:8e:2b:15:08:20:0e:03:1f:45:4c:
                    db:dd:aa:7f:dd:38:f2:4b:a7:e1:5c:9c:9f:0f:9f:
                    71:ae:88:15:b3:a8:63:ca:6b:8a:e8:bd:51:7a:7b:
                    8f:f9:24:ed:c7:71:1b:1a:ae:bf:e5:16:57:de:c4:
                    11:23:c4:d1:d8:78:48:9d:48:4d:72:d0:54:51:15:
                    6a:6f:f3:f7:8e:15:21:e3:5b:02:7e:bd:1d:4c:55:
                    1e:b2:3b:75:91:d0:c2:90:05:ad:58:a0:66:9c:81:
                    a9:45:98:e0:6e:4e:c3:dd:1e:d4:d6:76:e5:3e:7e:
                    ce:87:58:9c:2d:93:08:12:8d:e8:47:7e:fe:da:f5:
                    df:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:F7:5A:07:BD:78:56:B3:80:D7:96:3D:2C:BD:EA:B5:A6:85:FB:C0
            X509v3 Authority Key Identifier:
                keyid:1E:5A:AF:3D:06:83:DC:8A:0D:58:C6:43:82:6E:16:6D:3C:28:CC:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HlqvPQaD3IoNWMZDgm4WbTwozKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/83df5b-d153-4cb6-baf3-4cd38b758d5c/1/OfdaB714VrOA15Y9LL3qtaaF-8A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/83df5b-d153-4cb6-baf3-4cd38b758d5c/1/HlqvPQaD3IoNWMZDgm4WbTwozKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.18.72.0/21
                  185.11.236.0/22
                  185.161.12.0/22
                  185.226.236.0/22
                  194.56.236.0/22
                  194.127.158.0/23
                  194.127.162.0/23
                IPv6:
                  2a00:b5c0::/32
                  2a02:2110::/32
                  2a0c:7a00::/29

    Signature Algorithm: sha256WithRSAEncryption
         72:36:84:25:40:73:08:4e:c8:4e:b7:f5:bb:2a:17:2f:e7:aa:
         8d:b1:9f:e6:52:58:2a:48:9c:7b:a2:52:2c:26:ea:20:71:22:
         cc:02:f0:05:c2:05:f8:bc:c0:8b:39:13:d4:5a:52:25:f0:ac:
         42:10:ec:2e:f2:f6:44:64:cc:94:95:d3:c9:a7:8b:42:96:49:
         e3:a2:52:b2:dd:7d:d0:74:4f:5e:0a:d7:b7:70:7d:c8:d8:db:
         9d:68:90:c7:6d:7b:6f:14:05:63:54:6d:68:dc:61:03:d6:2e:
         17:d2:e0:a6:f9:01:cf:4c:b9:2c:19:7b:21:88:e9:9a:3a:86:
         21:37:14:49:d3:e0:62:1f:2d:13:f9:b7:66:39:87:84:94:4a:
         ba:d5:ec:2c:cd:ff:a5:36:12:9a:cd:cd:ab:dd:74:4f:7f:bc:
         3c:5a:d0:bc:2b:53:b1:64:31:7c:73:87:80:c1:4a:9f:b7:f3:
         7c:26:60:d3:a8:ff:3b:25:b4:e9:43:5e:df:c1:c9:6c:98:07:
         4a:f3:8b:67:ba:3e:eb:e5:e8:bf:77:ec:01:c6:af:66:39:00:
         b5:4c:75:4b:8a:d5:09:fc:92:1d:56:5b:8c:85:86:b5:58:a3:
         3d:8e:37:89:d7:6c:9e:cc:56:ff:6b:dd:5f:4e:3e:a5:e9:ae:
         3f:7b:07:ce
-----BEGIN CERTIFICATE-----
MIIFPjCCBCagAwIBAgISAY4YrWdu6knK1AFZUUIx5k0WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNWFhZjNkMDY4M2RjOGEwZDU4YzY0MzgyNmUxNjZkM2My
OGNjYTkwHhcNMjQwMzA3MTEzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWY3NWEwN2JkNzg1NmIzODBkNzk2M2QyY2JkZWFiNWE2ODVmYmMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtq3/6IAAzYNm4ZxfyryRmDGEbfiF
6I9fY2YP1CTNWokF46jqv8hquJnUuFgMUNF3EGwTfcytpY+La8hRmlcwQGE5tadV
9UaPxxe7iym3mqlBr+7sf+BluJwPjWFvEJHnZwrU6Qy4OpOD5KhZJH7Id3PWcmXG
4g3ROqH2fI4rFQggDgMfRUzb3ap/3TjyS6fhXJyfD59xrogVs6hjymuK6L1RenuP
+STtx3EbGq6/5RZX3sQRI8TR2HhInUhNctBUURVqb/P3jhUh41sCfr0dTFUesjt1
kdDCkAWtWKBmnIGpRZjgbk7D3R7U1nblPn7Oh1icLZMIEo3oR37+2vXfIQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFDn3Wge9eFazgNeWPSy96rWmhfvAMB8GA1UdIwQY
MBaAFB5arz0Gg9yKDVjGQ4JuFm08KMypMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGxxdlBRYUQzSW9OV01aRGdtNFdiVHdvektrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi84M2RmNWItZDE1My00Y2I2LWJhZjMt
NGNkMzhiNzU4ZDVjLzEvT2ZkYUI3MTRWck9BMTVZOUxMM3F0YWFGLThBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi84M2RmNWItZDE1My00Y2I2LWJhZjMtNGNkMzhiNzU4ZDVj
LzEvSGxxdlBRYUQzSW9OV01aRGdtNFdiVHdvektrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGAGCCsGAQUFBwEHAQH/BFEwTzAwBAIAATAqAwQDLhJIAwQC
uQvsAwQCuaEMAwQCueLsAwQCwjjsAwQBwn+eAwQBwn+iMBsEAgACMBUDBQAqALXA
AwUAKgIhEAMFAyoMegAwDQYJKoZIhvcNAQELBQADggEBAHI2hCVAcwhOyE639bsq
Fy/nqo2xn+ZSWCpInHuiUiwm6iBxIswC8AXCBfi8wIs5E9RaUiXwrEIQ7C7y9kRk
zJSV08mni0KWSeOiUrLdfdB0T14K17dwfcjY251okMdte28UBWNUbWjcYQPWLhfS
4Kb5Ac9MuSwZeyGI6Zo6hiE3FEnT4GIfLRP5t2Y5h4SUSrrV7CzN/6U2EprNzavd
dE9/vDxa0LwrU7FkMXxzh4DBSp+383wmYNOo/zsltOlDXt/ByWyYB0rzi2e6Puvl
6L937AHGr2Y5ALVMdUuK1Qn8kh1WW4yFhrVYoz2ON4nXbJ7MVv9r3V9OPqXprj97
B84=
-----END CERTIFICATE-----