Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/27b62e-3639-4e74-affe-2b2f2b8908cc/1/dNiNUTbnu-expUdt5EuHRZd5PXU.roa
File:                     dNiNUTbnu-expUdt5EuHRZd5PXU.roa (raw, json)
Hash identifier:          C1V0GsvcFeG+l2CiZA5FzzlEYVJbPUXycEa/8yX3nNk=
Subject key identifier:   74:D8:8D:51:36:E7:BB:E7:B1:A5:47:6D:E4:4B:87:45:97:79:3D:75
Certificate issuer:       /CN=2901f5019a970ba5be0c754d20f78671818f4a2e
Certificate serial:       01899B6E567AFB2709D5136329A0D19A63F0
Authority key identifier: 29:01:F5:01:9A:97:0B:A5:BE:0C:75:4D:20:F7:86:71:81:8F:4A:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KQH1AZqXC6W-DHVNIPeGcYGPSi4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/27b62e-3639-4e74-affe-2b2f2b8908cc/1/dNiNUTbnu-expUdt5EuHRZd5PXU.roa
Signing time:             Fri 28 Jul 2023 07:37:26 +0000
ROA not before:           Fri 28 Jul 2023 07:37:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     51698
IP address blocks:        91.227.152.0/24 maxlen: 24
                          91.227.152.0/23 maxlen: 23
                          91.227.153.0/24 maxlen: 24
                          178.159.254.0/23 maxlen: 23
                          178.159.254.0/24 maxlen: 24
                          178.159.255.0/24 maxlen: 24
                          185.65.138.0/23 maxlen: 24
                          178.159.248.0/21 maxlen: 21
                          178.159.250.0/23 maxlen: 23
                          178.159.250.0/24 maxlen: 24
                          178.159.251.0/24 maxlen: 24
                          178.159.252.0/24 maxlen: 24
                          178.159.252.0/23 maxlen: 23
                          178.159.253.0/24 maxlen: 24
                          178.159.248.0/23 maxlen: 23
                          185.47.154.0/23 maxlen: 24
                          2a01:9160::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 22:29:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:9b:6e:56:7a:fb:27:09:d5:13:63:29:a0:d1:9a:63:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2901f5019a970ba5be0c754d20f78671818f4a2e
        Validity
            Not Before: Jul 28 07:37:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=74d88d5136e7bbe7b1a5476de44b874597793d75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:c9:ca:f3:e4:91:48:82:58:f6:6b:6b:e8:16:
                    cf:21:61:b2:f5:48:63:b1:3a:0f:09:aa:49:40:9c:
                    d7:d7:25:a5:32:fe:20:be:b5:c0:ef:40:fd:bf:12:
                    20:57:4f:92:43:c8:83:41:aa:3b:1b:9f:d1:b9:ae:
                    e1:63:29:00:f0:91:e4:54:ac:3c:84:d3:b5:48:b9:
                    32:0a:ac:c0:90:a0:2c:a5:74:17:82:35:58:00:55:
                    2d:c7:7b:13:8b:3a:e3:72:6f:30:1e:65:e0:7e:8f:
                    70:bd:ee:bd:2c:78:f0:2c:55:e6:c0:4d:e1:3f:fd:
                    22:eb:1b:6a:84:e2:3b:49:d5:6d:8c:61:d5:e5:61:
                    c4:32:8a:6c:1f:3b:c4:9a:78:d8:f2:c9:d7:06:db:
                    8a:19:08:bd:ce:01:bd:ef:4b:e5:98:a2:65:9f:02:
                    30:ab:f7:24:e4:10:6c:23:d9:85:6b:a2:c0:1a:d7:
                    72:cd:da:a3:ab:9c:2b:bc:0d:7c:47:b2:f0:d8:ea:
                    6e:18:ee:82:d8:06:f0:c3:16:ca:45:ec:9d:65:47:
                    46:f1:7b:6e:2d:54:10:94:2b:e6:34:c0:1c:03:18:
                    f3:88:11:e4:6c:b3:49:1b:26:40:14:5f:eb:b3:47:
                    54:1c:75:df:48:da:64:e6:dd:23:2c:dc:75:09:de:
                    20:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:D8:8D:51:36:E7:BB:E7:B1:A5:47:6D:E4:4B:87:45:97:79:3D:75
            X509v3 Authority Key Identifier:
                keyid:29:01:F5:01:9A:97:0B:A5:BE:0C:75:4D:20:F7:86:71:81:8F:4A:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KQH1AZqXC6W-DHVNIPeGcYGPSi4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/27b62e-3639-4e74-affe-2b2f2b8908cc/1/dNiNUTbnu-expUdt5EuHRZd5PXU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/27b62e-3639-4e74-affe-2b2f2b8908cc/1/KQH1AZqXC6W-DHVNIPeGcYGPSi4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.227.152.0/23
                  178.159.248.0/21
                  185.47.154.0/23
                  185.65.138.0/23
                IPv6:
                  2a01:9160::/48

    Signature Algorithm: sha256WithRSAEncryption
         70:61:fc:c7:6c:97:e6:de:8d:ba:1d:25:3f:8c:dc:ed:81:24:
         c4:5c:e5:32:ba:7c:d8:1e:e4:a2:23:4d:01:be:b1:04:33:8c:
         2e:1b:ca:dc:aa:f0:a0:37:81:d0:d0:76:6e:4d:27:a3:54:f1:
         19:0a:bb:12:6f:58:a1:6b:3e:b3:ea:03:18:f9:1e:10:a2:60:
         96:d0:3d:51:8b:5a:9a:0b:52:fb:f9:25:dd:72:3d:06:67:66:
         86:5f:3c:b6:31:c3:12:8d:c8:aa:bb:37:36:b9:90:61:e3:67:
         15:ee:0e:4b:f8:1f:9d:60:5d:c5:12:b1:96:30:b9:9e:9c:22:
         87:a9:ca:51:1e:ea:e7:05:26:af:a2:d4:d3:1e:ad:5d:31:2b:
         3d:21:15:df:4b:ec:d1:30:72:86:1c:1f:08:27:52:86:c3:05:
         b4:91:f3:ab:db:bd:69:99:10:d3:5a:1e:cb:73:c5:ad:57:96:
         72:04:4c:c7:2c:14:0c:5b:d9:2f:e5:5e:90:61:0f:c0:3d:19:
         29:fd:a4:06:04:c1:c3:f1:7a:56:bb:a6:0d:27:47:bf:05:9f:
         34:a8:23:9e:e4:68:9e:45:62:f3:59:16:18:59:93:ae:af:60:
         d3:a5:5a:c3:13:15:3c:7a:81:66:5b:32:3a:53:25:d2:9a:d1:
         83:dd:80:61
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISAYmbblZ6+ycJ1RNjKaDRmmPwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5MDFmNTAxOWE5NzBiYTViZTBjNzU0ZDIwZjc4NjcxODE4
ZjRhMmUwHhcNMjMwNzI4MDczNzI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGQ4OGQ1MTM2ZTdiYmU3YjFhNTQ3NmRlNDRiODc0NTk3NzkzZDc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApMnK8+SRSIJY9mtr6BbPIWGy9Uhj
sToPCapJQJzX1yWlMv4gvrXA70D9vxIgV0+SQ8iDQao7G5/Rua7hYykA8JHkVKw8
hNO1SLkyCqzAkKAspXQXgjVYAFUtx3sTizrjcm8wHmXgfo9wve69LHjwLFXmwE3h
P/0i6xtqhOI7SdVtjGHV5WHEMopsHzvEmnjY8snXBtuKGQi9zgG970vlmKJlnwIw
q/ck5BBsI9mFa6LAGtdyzdqjq5wrvA18R7Lw2OpuGO6C2AbwwxbKReydZUdG8Xtu
LVQQlCvmNMAcAxjziBHkbLNJGyZAFF/rs0dUHHXfSNpk5t0jLNx1Cd4gUQIDAQAB
o4ICLDCCAigwHQYDVR0OBBYEFHTYjVE257vnsaVHbeRLh0WXeT11MB8GA1UdIwQY
MBaAFCkB9QGalwulvgx1TSD3hnGBj0ouMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1FIMUFacVhDNlctREhWTklQZUdjWUdQU2k0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8yN2I2MmUtMzYzOS00ZTc0LWFmZmUt
MmIyZjJiODkwOGNjLzEvZE5pTlVUYm51LWV4cFVkdDVFdUhSWmQ1UFhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8yN2I2MmUtMzYzOS00ZTc0LWFmZmUtMmIyZjJiODkwOGNj
LzEvS1FIMUFacVhDNlctREhWTklQZUdjWUdQU2k0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEIGCCsGAQUFBwEHAQH/BDMwMTAeBAIAATAYAwQBW+OYAwQD
sp/4AwQBuS+aAwQBuUGKMA8EAgACMAkDBwAqAZFgAAAwDQYJKoZIhvcNAQELBQAD
ggEBAHBh/Mdsl+bejbodJT+M3O2BJMRc5TK6fNge5KIjTQG+sQQzjC4bytyq8KA3
gdDQdm5NJ6NU8RkKuxJvWKFrPrPqAxj5HhCiYJbQPVGLWpoLUvv5Jd1yPQZnZoZf
PLYxwxKNyKq7Nza5kGHjZxXuDkv4H51gXcUSsZYwuZ6cIoepylEe6ucFJq+i1NMe
rV0xKz0hFd9L7NEwcoYcHwgnUobDBbSR86vbvWmZENNaHstzxa1XlnIETMcsFAxb
2S/lXpBhD8A9GSn9pAYEwcPxela7pg0nR78FnzSoI57kaJ5FYvNZFhhZk66vYNOl
WsMTFTx6gWZbMjpTJdKa0YPdgGE=
-----END CERTIFICATE-----