Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/Wp_oPTmWbCbc5k5hAmD_iWZICNc.roa
File:                     Wp_oPTmWbCbc5k5hAmD_iWZICNc.roa (raw, json)
Hash identifier:          8AQQoZ1bfgYeK6YGPKhKI/RwkE/rQ2E/S9VcD5G//ds=
Subject key identifier:   5A:9F:E8:3D:39:96:6C:26:DC:E6:4E:61:02:60:FF:89:66:48:08:D7
Certificate issuer:       /CN=d08da9cf00d4d58b854ffc62010f235b06df354a
Certificate serial:       0191D71DA080F3E70BAE722C21945501AD2B
Authority key identifier: D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/Wp_oPTmWbCbc5k5hAmD_iWZICNc.roa
Signing time:             Mon 09 Sep 2024 14:08:48 +0000
ROA not before:           Mon 09 Sep 2024 14:08:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60150
IP address blocks:        43.240.148.0/22 maxlen: 24
                          45.12.100.0/22 maxlen: 24
                          147.185.206.0/23 maxlen: 24
                          185.96.56.0/22 maxlen: 24
                          185.136.16.0/22 maxlen: 24
                          193.168.200.0/22 maxlen: 24
                          194.38.48.0/22 maxlen: 24
                          2a05:ff00::/29 maxlen: 48
                          2a07:5b40::/29 maxlen: 48

Validation:               Failed, certificate revoked on Mon 16 Sep 2024 10:35:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:d7:1d:a0:80:f3:e7:0b:ae:72:2c:21:94:55:01:ad:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d08da9cf00d4d58b854ffc62010f235b06df354a
        Validity
            Not Before: Sep  9 14:08:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5a9fe83d39966c26dce64e610260ff89664808d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:41:b0:d9:57:a1:8a:8a:68:5a:c0:7e:6b:83:
                    bc:6b:b3:a2:fb:84:63:fe:9f:5d:d2:bd:3e:53:22:
                    a6:0c:e3:24:57:e2:96:cb:f0:47:88:e5:be:7f:a1:
                    d1:bc:6f:64:a7:a4:b4:7e:e4:b2:38:8e:2a:21:3b:
                    5f:18:82:c7:35:d9:89:f5:1d:0a:91:ff:57:ea:ae:
                    87:ef:28:62:8e:5c:77:0c:f7:fc:36:0a:e9:78:76:
                    41:f2:5e:1d:04:ef:a0:1f:f4:f1:d5:61:e0:1c:6b:
                    e3:81:c3:7c:01:42:57:d5:39:ef:ef:c9:f8:4b:b0:
                    36:27:a2:e5:58:43:55:aa:2b:32:39:ee:e8:a2:ea:
                    48:3e:d9:a3:f4:d3:34:ce:bc:bb:68:71:da:b8:9f:
                    33:2a:50:cf:96:2e:07:d4:4f:f3:de:58:6b:0a:eb:
                    c0:2c:b3:04:38:1b:5b:1d:3d:b9:01:fc:7d:e2:5b:
                    0d:e6:fa:6d:bb:ff:1c:e4:81:3f:f6:15:24:54:80:
                    41:49:1e:95:93:ed:fd:8f:d2:15:ed:14:ea:b7:a8:
                    24:3f:68:16:fa:a6:b4:d9:4f:26:43:62:01:d0:f1:
                    68:ec:3c:a6:2e:f9:4d:f2:1a:55:82:57:87:8a:d5:
                    fb:65:fd:d6:05:1e:04:93:f6:67:f9:83:29:c8:5b:
                    0e:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:9F:E8:3D:39:96:6C:26:DC:E6:4E:61:02:60:FF:89:66:48:08:D7
            X509v3 Authority Key Identifier:
                keyid:D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/Wp_oPTmWbCbc5k5hAmD_iWZICNc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.240.148.0/22
                  45.12.100.0/22
                  147.185.206.0/23
                  185.96.56.0/22
                  185.136.16.0/22
                  193.168.200.0/22
                  194.38.48.0/22
                IPv6:
                  2a05:ff00::/29
                  2a07:5b40::/29

    Signature Algorithm: sha256WithRSAEncryption
         26:31:b9:79:42:ec:3c:0a:54:ff:9a:8b:35:ef:d4:fc:38:2f:
         64:d2:41:1e:f2:ba:f8:7c:f8:d4:b8:f0:39:ad:c9:a9:cd:c1:
         ed:93:75:be:a1:f3:18:d1:2a:35:8b:9e:c8:cd:6f:d0:ae:95:
         a3:4c:7d:0b:96:f4:c3:18:c5:ec:ff:10:be:d0:b5:7e:62:23:
         ce:67:1e:f4:91:8e:93:23:53:7e:a9:11:b1:9f:23:de:ea:3b:
         fe:c8:83:2a:a9:96:29:f7:c4:2a:3d:71:f1:3d:44:77:16:97:
         c7:07:ea:ed:a9:a7:10:8a:b6:35:07:a6:23:6d:26:08:3b:dc:
         8a:08:2d:03:c4:88:81:98:6a:eb:b6:e2:3f:17:69:1c:23:1c:
         8e:88:22:aa:6f:49:66:b6:84:8a:34:4a:b2:24:5b:cb:98:ba:
         5b:4c:5e:70:c4:66:26:74:05:b6:c3:ff:aa:28:19:03:ce:94:
         9b:8b:d6:48:6b:4a:4e:31:5e:58:d0:52:7a:bd:8c:4c:54:8b:
         ee:3a:10:b6:de:1f:5d:ae:5b:81:c6:82:3f:eb:6a:ae:42:d1:
         9a:e3:77:08:16:9f:7e:33:de:1d:e8:64:bf:da:a4:c3:ad:eb:
         6f:59:cd:6a:f6:4a:f1:e3:92:dc:c4:a8:f6:5b:d9:57:9d:6f:
         36:3a:b4:85
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAZHXHaCA8+cLrnIsIZRVAa0rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwOGRhOWNmMDBkNGQ1OGI4NTRmZmM2MjAxMGYyMzViMDZk
ZjM1NGEwHhcNMjQwOTA5MTQwODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTlmZTgzZDM5OTY2YzI2ZGNlNjRlNjEwMjYwZmY4OTY2NDgwOGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAokGw2VehiopoWsB+a4O8a7Oi+4Rj
/p9d0r0+UyKmDOMkV+KWy/BHiOW+f6HRvG9kp6S0fuSyOI4qITtfGILHNdmJ9R0K
kf9X6q6H7yhijlx3DPf8NgrpeHZB8l4dBO+gH/Tx1WHgHGvjgcN8AUJX1Tnv78n4
S7A2J6LlWENVqisyOe7ooupIPtmj9NM0zry7aHHauJ8zKlDPli4H1E/z3lhrCuvA
LLMEOBtbHT25Afx94lsN5vptu/8c5IE/9hUkVIBBSR6Vk+39j9IV7RTqt6gkP2gW
+qa02U8mQ2IB0PFo7DymLvlN8hpVgleHitX7Zf3WBR4Ek/Zn+YMpyFsOrQIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFFqf6D05lmwm3OZOYQJg/4lmSAjXMB8GA1UdIwQY
MBaAFNCNqc8A1NWLhU/8YgEPI1sG3zVKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYt
MjBlMTk3ODBjYjJlLzEvV3Bfb1BUbVdiQ2JjNWs1aEFtRF9pV1pJQ05jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYtMjBlMTk3ODBjYjJl
LzEvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDAwBAIAATAqAwQCK/CUAwQC
LQxkAwQBk7nOAwQCuWA4AwQCuYgQAwQCwajIAwQCwiYwMBQEAgACMA4DBQMqBf8A
AwUDKgdbQDANBgkqhkiG9w0BAQsFAAOCAQEAJjG5eULsPApU/5qLNe/U/DgvZNJB
HvK6+Hz41LjwOa3Jqc3B7ZN1vqHzGNEqNYueyM1v0K6Vo0x9C5b0wxjF7P8QvtC1
fmIjzmce9JGOkyNTfqkRsZ8j3uo7/siDKqmWKffEKj1x8T1EdxaXxwfq7amnEIq2
NQemI20mCDvciggtA8SIgZhq67biPxdpHCMcjogiqm9JZraEijRKsiRby5i6W0xe
cMRmJnQFtsP/qigZA86Um4vWSGtKTjFeWNBSer2MTFSL7joQtt4fXa5bgcaCP+tq
rkLRmuN3CBaffjPeHehkv9qkw63rb1nNavZK8eOS3MSo9lvZV51vNjq0hQ==
-----END CERTIFICATE-----