Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/pBgBZZGQmC7hwQADKTYL0NAWarc.roa
File:                     pBgBZZGQmC7hwQADKTYL0NAWarc.roa (raw, json)
Hash identifier:          4PJl6Y5INAEoYorF7xMefs6qPl0QDlGurlO/Elagsgk=
Subject key identifier:   A4:18:01:65:91:90:98:2E:E1:C1:00:03:29:36:0B:D0:D0:16:6A:B7
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       018E611E14A8B53DAA34297C043DF207D373
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/pBgBZZGQmC7hwQADKTYL0NAWarc.roa
Signing time:             Thu 21 Mar 2024 13:05:45 +0000
ROA not before:           Thu 21 Mar 2024 13:05:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     136787
IP address blocks:        85.254.47.0/24 maxlen: 24
                          85.254.62.0/24 maxlen: 24
                          85.254.104.0/21 maxlen: 21
                          85.254.116.0/24 maxlen: 24
                          85.254.122.0/24 maxlen: 24
                          159.148.125.0/24 maxlen: 24
                          159.148.138.0/24 maxlen: 24
                          159.148.150.0/24 maxlen: 24
                          159.148.222.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 27 Mar 2024 12:18:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:61:1e:14:a8:b5:3d:aa:34:29:7c:04:3d:f2:07:d3:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Mar 21 13:05:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a41801659190982ee1c1000329360bd0d0166ab7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:f7:8b:ea:56:41:46:86:df:0b:e4:02:d2:0d:
                    69:24:62:ef:91:8b:99:ac:99:bb:92:a9:17:78:d5:
                    7f:ec:be:d3:f9:42:3a:75:d1:d2:67:c9:af:e3:d3:
                    4d:30:c3:8b:a2:05:99:71:ce:6e:e1:dc:a2:13:52:
                    94:0e:c9:10:04:72:f9:10:9f:de:b7:1f:28:7b:80:
                    a1:92:3e:2c:93:c5:b9:99:01:00:62:5e:49:25:8f:
                    83:46:9b:43:15:77:9f:ed:ee:86:36:58:92:d9:b7:
                    ae:c8:58:e1:8d:1f:67:75:8a:06:40:3d:7e:1d:b5:
                    b9:ad:75:f8:61:23:53:0c:5a:03:32:89:63:52:4c:
                    cd:7b:ea:f1:f7:e7:9f:7f:56:64:99:97:b8:45:38:
                    16:a4:86:9a:4c:f6:f6:9e:c8:29:9f:1e:5c:dc:d1:
                    bc:f4:24:86:6e:52:40:12:6a:4f:12:92:87:52:8a:
                    ac:25:04:db:c2:24:29:3c:2e:b9:00:fe:6f:07:74:
                    96:ce:03:a8:72:a1:4c:b8:1d:18:d5:d9:3c:ac:bb:
                    7b:09:d9:0f:46:40:b5:51:87:fa:86:69:a5:57:e6:
                    7c:d1:03:59:1d:97:ae:55:b4:9b:52:13:04:6c:e8:
                    40:95:bf:a0:f3:48:e3:eb:2a:e8:d5:38:95:55:54:
                    45:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:18:01:65:91:90:98:2E:E1:C1:00:03:29:36:0B:D0:D0:16:6A:B7
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/pBgBZZGQmC7hwQADKTYL0NAWarc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.254.47.0/24
                  85.254.62.0/24
                  85.254.104.0/21
                  85.254.116.0/24
                  85.254.122.0/24
                  159.148.125.0/24
                  159.148.138.0/24
                  159.148.150.0/24
                  159.148.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:cb:a3:be:17:d4:89:9e:e6:29:96:32:7c:1d:8c:ff:bd:9f:
         17:5c:69:f0:35:cd:33:44:1e:8d:74:c8:2e:c9:1d:cc:10:4d:
         68:6e:b5:9e:5f:a3:e5:ea:4a:55:4c:dd:06:11:29:f1:4c:4a:
         6b:3f:75:4e:19:e5:48:4a:4c:af:96:43:9f:58:74:5e:f8:cf:
         e5:dd:f7:24:19:54:79:85:56:a5:1e:c0:76:d2:68:62:90:f5:
         1f:61:bf:b9:79:7e:c2:1b:1c:40:c5:12:46:c6:80:06:bc:04:
         07:ec:7a:00:fb:5e:59:cb:e2:ce:7e:17:e7:44:ba:d4:d6:0d:
         59:e6:33:fc:95:9c:3c:15:80:e5:66:fd:2e:b3:44:36:9a:78:
         7e:72:3b:ab:e2:c1:8a:cc:da:9f:d2:ab:fd:65:ae:e1:ab:66:
         58:64:56:27:4f:0a:03:be:23:11:6c:bf:53:d6:56:70:3f:80:
         50:62:0d:64:0a:0e:69:06:85:4d:01:6a:c3:35:7a:b5:68:25:
         04:23:63:f8:f1:e7:14:0c:60:75:ae:99:ca:a4:0e:e8:a6:8a:
         ca:e2:67:fa:06:c4:81:78:6c:88:dc:5d:2d:6f:8d:21:1c:f6:
         a0:35:dd:3c:48:bb:5a:ee:cd:61:1d:00:1a:09:d5:ad:f8:66:
         3e:59:d0:8b
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAY5hHhSotT2qNCl8BD3yB9NzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjQwMzIxMTMwNTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDE4MDE2NTkxOTA5ODJlZTFjMTAwMDMyOTM2MGJkMGQwMTY2YWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4feL6lZBRobfC+QC0g1pJGLvkYuZ
rJm7kqkXeNV/7L7T+UI6ddHSZ8mv49NNMMOLogWZcc5u4dyiE1KUDskQBHL5EJ/e
tx8oe4Chkj4sk8W5mQEAYl5JJY+DRptDFXef7e6GNliS2beuyFjhjR9ndYoGQD1+
HbW5rXX4YSNTDFoDMoljUkzNe+rx9+eff1ZkmZe4RTgWpIaaTPb2nsgpnx5c3NG8
9CSGblJAEmpPEpKHUoqsJQTbwiQpPC65AP5vB3SWzgOocqFMuB0Y1dk8rLt7CdkP
RkC1UYf6hmmlV+Z80QNZHZeuVbSbUhMEbOhAlb+g80jj6yro1TiVVVRFnwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFKQYAWWRkJgu4cEAAyk2C9DQFmq3MB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvcEJnQlpaR1FtQzdod1FBREtUWUwwTkFXYXJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAVf4vAwQA
Vf4+AwQDVf5oAwQAVf50AwQAVf56AwQAn5R9AwQAn5SKAwQAn5SWAwQAn5TeMA0G
CSqGSIb3DQEBCwUAA4IBAQB0y6O+F9SJnuYpljJ8HYz/vZ8XXGnwNc0zRB6NdMgu
yR3MEE1obrWeX6Pl6kpVTN0GESnxTEprP3VOGeVISkyvlkOfWHRe+M/l3fckGVR5
hValHsB20mhikPUfYb+5eX7CGxxAxRJGxoAGvAQH7HoA+15Zy+LOfhfnRLrU1g1Z
5jP8lZw8FYDlZv0us0Q2mnh+cjur4sGKzNqf0qv9Za7hq2ZYZFYnTwoDviMRbL9T
1lZwP4BQYg1kCg5pBoVNAWrDNXq1aCUEI2P48ecUDGB1rpnKpA7oporK4mf6BsSB
eGyI3F0tb40hHPagNd08SLta7s1hHQAaCdWt+GY+WdCL
-----END CERTIFICATE-----