Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/isikmxzPPDM-tJW8ZkFE9Abk3jc.roa
File:                     isikmxzPPDM-tJW8ZkFE9Abk3jc.roa (raw, json)
Hash identifier:          sghCd/Xm5aU4L4VdKIUcQYPyvi7ioe+5GLC0dZICukQ=
Subject key identifier:   8A:C8:A4:9B:1C:CF:3C:33:3E:B4:95:BC:66:41:44:F4:06:E4:DE:37
Certificate issuer:       /CN=88b213bf1627548efdfb1b2e2645baaf1d983aa0
Certificate serial:       018E7C2C0BBE7C21396028538AEBF5377D6C
Authority key identifier: 88:B2:13:BF:16:27:54:8E:FD:FB:1B:2E:26:45:BA:AF:1D:98:3A:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iLITvxYnVI79-xsuJkW6rx2YOqA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/isikmxzPPDM-tJW8ZkFE9Abk3jc.roa
Signing time:             Tue 26 Mar 2024 19:10:45 +0000
ROA not before:           Tue 26 Mar 2024 19:10:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     53358
IP address blocks:        2a05:f300::/29 maxlen: 64
                          2a12:4b40::/29 maxlen: 64
                          2a13:8e00::/29 maxlen: 29
                          2a13:9300::/29 maxlen: 29
                          2a13:a700::/29 maxlen: 29
                          2a13:b900::/29 maxlen: 29
                          2a13:c400::/29 maxlen: 64
                          2a13:c800::/29 maxlen: 64
                          2a13:da00::/29 maxlen: 29
                          2a13:e200::/29 maxlen: 29
                          2a13:fe00::/29 maxlen: 29

Validation:               Failed, certificate revoked on Wed 27 Mar 2024 12:53:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:7c:2c:0b:be:7c:21:39:60:28:53:8a:eb:f5:37:7d:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88b213bf1627548efdfb1b2e2645baaf1d983aa0
        Validity
            Not Before: Mar 26 19:10:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8ac8a49b1ccf3c333eb495bc664144f406e4de37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:05:fe:65:97:b9:0f:b3:9e:76:66:6d:93:67:
                    a5:9f:d0:31:da:97:7f:d7:4e:9f:40:0f:cb:9e:c8:
                    c5:d6:bf:0a:4f:24:08:e7:52:e1:36:27:00:cb:8d:
                    f9:f3:88:e5:60:43:26:8d:1a:61:a6:a2:74:9c:de:
                    3a:52:62:ae:e1:2d:47:d0:31:6a:8f:2d:75:ad:86:
                    db:67:78:bd:a4:b5:b5:b5:bc:28:03:92:74:df:18:
                    b1:54:e3:89:2e:9b:16:34:a2:46:a3:0b:84:cd:78:
                    12:d4:fd:b9:6a:c2:a1:af:14:d8:e8:a9:79:13:30:
                    8b:43:58:9d:a6:96:e5:18:5d:d0:0a:dc:c3:e6:db:
                    3b:22:90:0f:9c:85:6b:01:2a:42:91:ea:98:ce:e2:
                    7d:48:b4:8c:1e:e0:c7:dd:3c:d5:0c:0f:a1:e2:83:
                    46:61:6d:db:62:4b:2e:d9:16:9e:70:f0:36:f5:59:
                    5b:f8:e8:a1:45:3b:11:e0:79:61:c4:53:6a:b5:ee:
                    d7:11:3e:b4:3b:b9:07:a1:ef:85:3f:4b:a5:35:b7:
                    92:d3:e4:7c:26:29:84:73:cd:de:b1:19:2e:07:94:
                    58:14:f3:86:81:2d:35:4d:ba:6c:ed:c6:ee:de:cc:
                    43:62:66:4f:62:e0:ac:e2:81:e5:da:60:cb:6a:e7:
                    f0:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:C8:A4:9B:1C:CF:3C:33:3E:B4:95:BC:66:41:44:F4:06:E4:DE:37
            X509v3 Authority Key Identifier:
                keyid:88:B2:13:BF:16:27:54:8E:FD:FB:1B:2E:26:45:BA:AF:1D:98:3A:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iLITvxYnVI79-xsuJkW6rx2YOqA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/isikmxzPPDM-tJW8ZkFE9Abk3jc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/iLITvxYnVI79-xsuJkW6rx2YOqA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:f300::/29
                  2a12:4b40::/29
                  2a13:8e00::/29
                  2a13:9300::/29
                  2a13:a700::/29
                  2a13:b900::/29
                  2a13:c400::/29
                  2a13:c800::/29
                  2a13:da00::/29
                  2a13:e200::/29
                  2a13:fe00::/29

    Signature Algorithm: sha256WithRSAEncryption
         31:58:58:c5:5a:03:a1:63:51:68:93:ad:68:89:98:62:d3:c1:
         63:b5:ac:ff:e0:e8:f5:bb:c9:09:bb:eb:7b:8f:82:b3:15:40:
         74:e9:2f:dc:30:a4:04:13:a7:a8:48:4c:a5:2d:a5:24:f3:f6:
         56:70:00:13:6a:80:32:e9:37:95:39:d6:68:1c:17:8e:88:2e:
         4a:af:0e:ee:f8:44:d5:8e:12:dd:79:fe:2b:91:4a:ac:93:88:
         f8:f4:7f:7c:5a:85:c5:1d:0c:a4:50:ea:b9:17:d3:c5:35:f3:
         5a:28:6c:7a:da:37:b9:c7:8b:7d:19:be:1c:85:af:3d:46:f3:
         fe:16:32:73:22:bc:a0:a7:3a:78:36:b4:24:8a:a2:77:3c:92:
         92:df:ae:1f:8f:f6:ea:86:55:2e:76:88:87:08:5b:42:13:10:
         db:f8:0e:16:ca:0b:7c:31:2a:72:29:c2:52:ec:4f:2d:54:2f:
         ff:50:2a:fe:ab:02:11:d0:91:e8:6f:93:c2:b0:f4:6e:51:91:
         48:69:a8:e7:07:fc:55:f1:fc:4f:f1:6d:44:85:ac:ea:69:0c:
         64:72:16:a5:2a:32:df:31:05:c0:50:dd:34:e1:6e:97:5a:87:
         7a:bf:32:59:41:d2:54:94:78:ac:5a:ad:4f:95:e1:32:7e:25:
         d4:30:df:68
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAY58LAu+fCE5YChTiuv1N31sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YjIxM2JmMTYyNzU0OGVmZGZiMWIyZTI2NDViYWFmMWQ5
ODNhYTAwHhcNMjQwMzI2MTkxMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWM4YTQ5YjFjY2YzYzMzM2ViNDk1YmM2NjQxNDRmNDA2ZTRkZTM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwQX+ZZe5D7OedmZtk2eln9Ax2pd/
106fQA/LnsjF1r8KTyQI51LhNicAy43584jlYEMmjRphpqJ0nN46UmKu4S1H0DFq
jy11rYbbZ3i9pLW1tbwoA5J03xixVOOJLpsWNKJGowuEzXgS1P25asKhrxTY6Kl5
EzCLQ1idppblGF3QCtzD5ts7IpAPnIVrASpCkeqYzuJ9SLSMHuDH3TzVDA+h4oNG
YW3bYksu2RaecPA29Vlb+OihRTsR4HlhxFNqte7XET60O7kHoe+FP0ulNbeS0+R8
JimEc83esRkuB5RYFPOGgS01Tbps7cbu3sxDYmZPYuCs4oHl2mDLaufwvwIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFIrIpJsczzwzPrSVvGZBRPQG5N43MB8GA1UdIwQY
MBaAFIiyE78WJ1SO/fsbLiZFuq8dmDqgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUxJVHZ4WW5WSTc5LXhzdUprVzZyeDJZT3FBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8zYzAyNjktYzE5NC00ZTZkLWFiY2Ut
NzI3MzVlMTE4ZDUxLzEvaXNpa214elBQRE0tdEpXOFprRkU5QWJrM2pjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8zYzAyNjktYzE5NC00ZTZkLWFiY2UtNzI3MzVlMTE4ZDUx
LzEvaUxJVHZ4WW5WSTc5LXhzdUprVzZyeDJZT3FBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTBTBAIAAjBNAwUDKgXzAAMF
AyoSS0ADBQMqE44AAwUDKhOTAAMFAyoTpwADBQMqE7kAAwUDKhPEAAMFAyoTyAAD
BQMqE9oAAwUDKhPiAAMFAyoT/gAwDQYJKoZIhvcNAQELBQADggEBADFYWMVaA6Fj
UWiTrWiJmGLTwWO1rP/g6PW7yQm763uPgrMVQHTpL9wwpAQTp6hITKUtpSTz9lZw
ABNqgDLpN5U51mgcF46ILkqvDu74RNWOEt15/iuRSqyTiPj0f3xahcUdDKRQ6rkX
08U181oobHraN7nHi30ZvhyFrz1G8/4WMnMivKCnOng2tCSKonc8kpLfrh+P9uqG
VS52iIcIW0ITENv4DhbKC3wxKnIpwlLsTy1UL/9QKv6rAhHQkehvk8Kw9G5RkUhp
qOcH/FXx/E/xbUSFrOppDGRyFqUqMt8xBcBQ3TThbpdah3q/MllB0lSUeKxarU+V
4TJ+JdQw32g=
-----END CERTIFICATE-----