Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/3baacc-4201-4951-8354-f85f721fb1b8/1/T9rPfo4LDj8gB3hjnxsmCm7HDSA.roa
File:                     T9rPfo4LDj8gB3hjnxsmCm7HDSA.roa (raw, json)
Hash identifier:          XpPSrUSQTVNycjplhOT+otGogk+CcF47DXkOBHjIwaE=
Subject key identifier:   4F:DA:CF:7E:8E:0B:0E:3F:20:07:78:63:9F:1B:26:0A:6E:C7:0D:20
Certificate issuer:       /CN=88678ca34c3c6365fb616a66077160a494a6e9d6
Certificate serial:       018DC5F3683026E71996F33F0C29F2417095
Authority key identifier: 88:67:8C:A3:4C:3C:63:65:FB:61:6A:66:07:71:60:A4:94:A6:E9:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iGeMo0w8Y2X7YWpmB3FgpJSm6dY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/3baacc-4201-4951-8354-f85f721fb1b8/1/T9rPfo4LDj8gB3hjnxsmCm7HDSA.roa
Signing time:             Tue 20 Feb 2024 09:57:59 +0000
ROA not before:           Tue 20 Feb 2024 09:57:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12479
IP address blocks:        62.32.128.0/19 maxlen: 24
                          62.32.160.0/19 maxlen: 24
                          62.32.192.0/20 maxlen: 24
                          62.32.208.0/20 maxlen: 24
                          62.32.224.0/19 maxlen: 24
                          83.231.0.0/17 maxlen: 17
                          83.231.0.0/19 maxlen: 24
                          83.231.48.0/21 maxlen: 24
                          83.231.56.0/21 maxlen: 24
                          83.231.64.0/18 maxlen: 24
                          185.124.28.0/22 maxlen: 24
                          212.169.128.0/17 maxlen: 24
                          213.143.32.0/19 maxlen: 19
                          213.143.32.0/24 maxlen: 24
                          213.143.44.0/22 maxlen: 24
                          213.143.48.0/22 maxlen: 24
                          213.143.56.0/21 maxlen: 24
Validation:               Failed, certificate revoked on Tue 02 Jul 2024 06:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c5:f3:68:30:26:e7:19:96:f3:3f:0c:29:f2:41:70:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88678ca34c3c6365fb616a66077160a494a6e9d6
        Validity
            Not Before: Feb 20 09:57:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4fdacf7e8e0b0e3f200778639f1b260a6ec70d20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:0d:e4:98:e9:1a:cf:d4:08:a8:99:0d:80:1e:
                    87:1e:26:7f:31:59:e8:1c:43:1d:2c:5e:38:34:db:
                    14:dc:62:0a:e6:b8:e1:64:0a:78:28:e8:18:be:62:
                    0d:3b:b0:9b:f1:27:13:8b:53:29:a2:62:a1:00:d0:
                    80:d5:3a:e0:f2:92:d1:f9:7d:0d:09:77:5c:5c:82:
                    d9:37:16:c9:8a:81:96:14:a0:2f:dd:98:d4:58:bc:
                    c9:b8:6b:3d:3a:6e:64:3e:13:a5:4e:9b:76:46:6a:
                    bc:cb:ab:5c:42:8d:90:20:8f:cc:17:2e:cf:00:0f:
                    bc:c0:96:ab:6f:eb:93:e8:21:00:4f:73:99:93:de:
                    a0:bc:6e:74:b0:1d:46:08:d8:fd:41:4e:a7:68:c7:
                    1c:77:80:ed:9f:a5:10:06:ac:38:12:f6:89:23:ee:
                    89:7c:40:5b:11:af:e2:8b:30:96:79:c1:ee:00:00:
                    c3:2b:42:e3:16:01:1d:78:1f:84:9a:39:e4:c8:0c:
                    47:8b:66:0f:db:9c:7c:09:a4:68:63:fd:b2:13:56:
                    56:7c:d9:f5:67:92:d9:ae:cb:19:d2:03:cd:e9:15:
                    9d:e7:54:9a:64:21:6f:15:ca:35:0b:25:ca:50:36:
                    b4:de:8d:82:d8:52:47:04:d2:9f:b8:b8:02:32:a2:
                    0d:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:DA:CF:7E:8E:0B:0E:3F:20:07:78:63:9F:1B:26:0A:6E:C7:0D:20
            X509v3 Authority Key Identifier:
                keyid:88:67:8C:A3:4C:3C:63:65:FB:61:6A:66:07:71:60:A4:94:A6:E9:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iGeMo0w8Y2X7YWpmB3FgpJSm6dY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/3baacc-4201-4951-8354-f85f721fb1b8/1/T9rPfo4LDj8gB3hjnxsmCm7HDSA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/3baacc-4201-4951-8354-f85f721fb1b8/1/iGeMo0w8Y2X7YWpmB3FgpJSm6dY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.32.128.0/17
                  83.231.0.0/17
                  185.124.28.0/22
                  212.169.128.0/17
                  213.143.32.0/19

    Signature Algorithm: sha256WithRSAEncryption
         50:e8:9d:66:13:dc:23:8c:f8:46:b7:5d:81:13:6e:b4:c3:ad:
         ee:cb:3c:79:c3:32:84:eb:08:bc:e6:12:73:ab:64:bc:19:7c:
         90:6a:66:95:f5:49:8f:2d:78:cd:36:ec:6a:53:5d:a8:e1:0f:
         d4:d0:9a:3f:fc:d1:65:b8:07:56:f1:73:90:88:30:5a:27:24:
         0c:15:b5:96:e9:26:e5:4c:e0:5d:71:b5:5e:97:ec:6a:27:40:
         55:da:c7:5d:e6:6d:cc:5d:48:b7:3f:10:fc:68:d8:98:94:a0:
         b3:23:b1:68:af:7e:74:4a:46:aa:ff:76:17:33:34:af:c2:8e:
         db:73:0c:85:dc:25:40:23:33:25:27:c8:ec:19:ce:7d:47:a8:
         e5:db:d2:f5:96:40:23:94:02:52:ed:8c:b5:46:f6:94:37:57:
         65:c5:61:12:bc:a1:ce:0c:d1:46:3a:98:1b:a9:bc:2c:af:ba:
         81:b7:d5:8b:ce:a3:16:6d:f6:57:2d:8f:de:46:3b:be:9c:80:
         29:51:0d:dc:1f:ad:16:cd:06:47:83:b4:a4:f4:f9:a9:9c:1b:
         d0:8a:4a:c4:f3:c8:63:c1:e7:a5:c0:5b:9d:40:c8:46:4c:1e:
         a6:43:92:b7:ed:50:09:5e:c8:cc:f2:a4:d3:da:aa:6e:40:1a:
         de:b9:8a:2f
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAY3F82gwJucZlvM/DCnyQXCVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4Njc4Y2EzNGMzYzYzNjVmYjYxNmE2NjA3NzE2MGE0OTRh
NmU5ZDYwHhcNMjQwMjIwMDk1NzU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmRhY2Y3ZThlMGIwZTNmMjAwNzc4NjM5ZjFiMjYwYTZlYzcwZDIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlw3kmOkaz9QIqJkNgB6HHiZ/MVno
HEMdLF44NNsU3GIK5rjhZAp4KOgYvmINO7Cb8ScTi1MpomKhANCA1Trg8pLR+X0N
CXdcXILZNxbJioGWFKAv3ZjUWLzJuGs9Om5kPhOlTpt2Rmq8y6tcQo2QII/MFy7P
AA+8wJarb+uT6CEAT3OZk96gvG50sB1GCNj9QU6naMccd4Dtn6UQBqw4EvaJI+6J
fEBbEa/iizCWecHuAADDK0LjFgEdeB+EmjnkyAxHi2YP25x8CaRoY/2yE1ZWfNn1
Z5LZrssZ0gPN6RWd51SaZCFvFco1CyXKUDa03o2C2FJHBNKfuLgCMqINLQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFE/az36OCw4/IAd4Y58bJgpuxw0gMB8GA1UdIwQY
MBaAFIhnjKNMPGNl+2FqZgdxYKSUpunWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUdlTW8wdzhZMlg3WVdwbUIzRmdwSlNtNmRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS8zYmFhY2MtNDIwMS00OTUxLTgzNTQt
Zjg1ZjcyMWZiMWI4LzEvVDlyUGZvNExEajhnQjNoam54c21DbTdIRFNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS8zYmFhY2MtNDIwMS00OTUxLTgzNTQtZjg1ZjcyMWZiMWI4
LzEvaUdlTW8wdzhZMlg3WVdwbUIzRmdwSlNtNmRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQHPiCAAwQH
U+cAAwQCuXwcAwQH1KmAAwQF1Y8gMA0GCSqGSIb3DQEBCwUAA4IBAQBQ6J1mE9wj
jPhGt12BE260w63uyzx5wzKE6wi85hJzq2S8GXyQamaV9UmPLXjNNuxqU12o4Q/U
0Jo//NFluAdW8XOQiDBaJyQMFbWW6SblTOBdcbVel+xqJ0BV2sdd5m3MXUi3PxD8
aNiYlKCzI7For350Skaq/3YXMzSvwo7bcwyF3CVAIzMlJ8jsGc59R6jl29L1lkAj
lAJS7Yy1RvaUN1dlxWESvKHODNFGOpgbqbwsr7qBt9WLzqMWbfZXLY/eRju+nIAp
UQ3cH60WzQZHg7Sk9PmpnBvQikrE88hjweelwFudQMhGTB6mQ5K37VAJXsjM8qTT
2qpuQBreuYov
-----END CERTIFICATE-----