Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/bS0fPhwYuv0ELMLR9-lUwchfS4A.roa
File:                     bS0fPhwYuv0ELMLR9-lUwchfS4A.roa (raw, json)
Hash identifier:          li7olV31uPUM9HJHjfbmgKoKJQbjIJLt3ox5Dwb3A5Q=
Subject key identifier:   6D:2D:1F:3E:1C:18:BA:FD:04:2C:C2:D1:F7:E9:54:C1:C8:5F:4B:80
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       018D93A22D775F24DFCD5CDAA1B4C9446373
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/bS0fPhwYuv0ELMLR9-lUwchfS4A.roa
Signing time:             Sat 10 Feb 2024 15:28:15 +0000
ROA not before:           Sat 10 Feb 2024 15:28:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215590
IP address blocks:        147.45.66.0/24 maxlen: 24
                          147.45.67.0/24 maxlen: 24
                          185.103.100.0/24 maxlen: 24
                          185.103.101.0/24 maxlen: 24
                          185.103.102.0/24 maxlen: 24
                          185.103.103.0/24 maxlen: 24
                          193.233.74.0/24 maxlen: 24
                          193.233.75.0/24 maxlen: 24
                          193.233.80.0/24 maxlen: 24
                          193.233.164.0/24 maxlen: 24
                          193.233.252.0/24 maxlen: 24
                          193.233.253.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 03 Apr 2024 08:26:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:93:a2:2d:77:5f:24:df:cd:5c:da:a1:b4:c9:44:63:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Feb 10 15:28:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d2d1f3e1c18bafd042cc2d1f7e954c1c85f4b80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:9d:e6:08:a4:d9:e1:94:5d:a9:e3:2d:85:64:
                    74:56:55:30:8b:73:4a:10:09:45:c8:d2:17:76:40:
                    5d:07:e2:5f:3e:2b:80:ba:8b:5c:15:13:e5:9c:f5:
                    d7:e5:32:b4:5a:6c:b6:a1:0a:a7:f7:77:c8:f2:27:
                    04:e3:33:50:30:b7:62:be:d5:8e:3f:f6:3a:81:45:
                    52:45:46:fa:15:c9:79:72:e9:cd:d7:46:13:89:62:
                    1a:d0:3c:17:fa:47:5f:6e:ed:d8:ed:74:a2:7f:e2:
                    c2:3c:41:92:13:26:9e:0e:0c:b0:36:94:89:9c:59:
                    ed:7b:02:a8:e2:19:1b:bb:08:6a:77:68:1f:af:7d:
                    59:16:6b:f1:79:4f:7f:95:b8:82:b8:83:10:ca:be:
                    58:4a:5e:46:e6:78:22:dd:ca:5a:a5:59:ef:70:e4:
                    d3:64:28:20:77:96:c1:98:b5:f0:e3:4e:ea:c7:b5:
                    71:ee:0c:41:a9:a5:c5:35:0d:5d:16:5b:0d:eb:e4:
                    bc:75:e6:d8:b2:59:43:72:cc:9e:b9:2c:b2:2b:c0:
                    bf:32:f0:a2:16:be:74:c4:51:39:a7:53:43:9a:0a:
                    2d:e3:f8:24:a8:1f:fc:2b:f6:1d:06:c9:21:70:37:
                    86:69:45:89:db:56:f1:3b:20:b3:25:a1:42:db:6c:
                    05:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:2D:1F:3E:1C:18:BA:FD:04:2C:C2:D1:F7:E9:54:C1:C8:5F:4B:80
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/bS0fPhwYuv0ELMLR9-lUwchfS4A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.45.66.0/23
                  185.103.100.0/22
                  193.233.74.0/23
                  193.233.80.0/24
                  193.233.164.0/24
                  193.233.252.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4d:da:9e:60:f3:22:d0:4e:01:d0:9e:58:fc:ff:fa:f2:35:90:
         49:1b:21:a0:7a:3e:aa:05:84:5e:9b:21:c2:15:32:62:02:e5:
         bd:b2:c7:7b:02:61:5d:70:7e:da:e2:c8:cd:21:53:9d:8e:be:
         e0:7f:cc:8b:7a:97:70:7b:9f:2b:9a:d3:85:50:53:1d:28:f1:
         65:f3:10:2d:6c:7a:41:9c:2e:15:c5:57:fe:99:1a:44:22:4f:
         2f:4a:79:35:1b:70:54:61:c3:b0:0e:68:71:7e:8a:00:fe:b8:
         dd:91:8f:34:64:a8:05:c9:3a:f3:b9:d2:e7:e7:55:71:73:97:
         5a:85:6d:4a:50:1d:36:54:1f:93:85:61:1d:7a:1b:bf:45:17:
         53:a4:2b:41:4c:43:d8:e0:cd:e1:b5:e5:b2:54:05:2e:88:4b:
         f8:af:d7:67:4d:53:3b:63:36:87:93:61:45:2d:ae:52:d3:03:
         6d:a1:7b:cb:d7:5c:12:99:b1:22:bb:0b:ed:b7:27:41:47:1c:
         a1:c7:cb:c4:5a:0b:19:9a:63:10:ca:30:9b:d7:54:9c:fa:21:
         34:f5:6b:1d:c3:df:13:63:e8:08:33:5c:a4:b3:b8:c2:44:4f:
         9d:f3:b6:78:17:b6:9d:f7:40:7d:60:0b:27:6c:55:fe:c6:37:
         9c:1d:8e:12
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAY2Toi13XyTfzVzaobTJRGNzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjQwMjEwMTUyODE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDJkMWYzZTFjMThiYWZkMDQyY2MyZDFmN2U5NTRjMWM4NWY0YjgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs53mCKTZ4ZRdqeMthWR0VlUwi3NK
EAlFyNIXdkBdB+JfPiuAuotcFRPlnPXX5TK0Wmy2oQqn93fI8icE4zNQMLdivtWO
P/Y6gUVSRUb6Fcl5cunN10YTiWIa0DwX+kdfbu3Y7XSif+LCPEGSEyaeDgywNpSJ
nFntewKo4hkbuwhqd2gfr31ZFmvxeU9/lbiCuIMQyr5YSl5G5ngi3cpapVnvcOTT
ZCggd5bBmLXw407qx7Vx7gxBqaXFNQ1dFlsN6+S8debYsllDcsyeuSyyK8C/MvCi
Fr50xFE5p1NDmgot4/gkqB/8K/YdBskhcDeGaUWJ21bxOyCzJaFC22wF1wIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFG0tHz4cGLr9BCzC0ffpVMHIX0uAMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvYlMwZlBod1l1djBFTE1MUjktbFV3Y2hmUzRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQBky1CAwQC
uWdkAwQBwelKAwQAwelQAwQAwemkAwQBwen8MA0GCSqGSIb3DQEBCwUAA4IBAQBN
2p5g8yLQTgHQnlj8//ryNZBJGyGgej6qBYRemyHCFTJiAuW9ssd7AmFdcH7a4sjN
IVOdjr7gf8yLepdwe58rmtOFUFMdKPFl8xAtbHpBnC4VxVf+mRpEIk8vSnk1G3BU
YcOwDmhxfooA/rjdkY80ZKgFyTrzudLn51Vxc5dahW1KUB02VB+ThWEdehu/RRdT
pCtBTEPY4M3hteWyVAUuiEv4r9dnTVM7YzaHk2FFLa5S0wNtoXvL11wSmbEiuwvt
tydBRxyhx8vEWgsZmmMQyjCb11Sc+iE09Wsdw98TY+gIM1yks7jCRE+d87Z4F7ad
90B9YAsnbFX+xjecHY4S
-----END CERTIFICATE-----