Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/Yj1Igz8M1n99FSdaHjf9YpWPiME.roa
File:                     Yj1Igz8M1n99FSdaHjf9YpWPiME.roa (raw, json)
Hash identifier:          1xGhdwJ+icS48a7t/ar/n18Pz5PlxAeTFAbGLmdw/R4=
Subject key identifier:   62:3D:48:83:3F:0C:D6:7F:7D:15:27:5A:1E:37:FD:62:95:8F:88:C1
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       018C000C17BFA86C363AB2650937B874F62E
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/Yj1Igz8M1n99FSdaHjf9YpWPiME.roa
Signing time:             Fri 24 Nov 2023 06:37:21 +0000
ROA not before:           Fri 24 Nov 2023 06:37:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61317
IP address blocks:        109.122.44.0/24 maxlen: 24
                          109.122.43.0/24 maxlen: 24
                          109.122.40.0/24 maxlen: 24
                          89.251.18.0/24 maxlen: 24
                          89.251.23.0/24 maxlen: 24
                          89.251.22.0/24 maxlen: 24
                          89.251.24.0/24 maxlen: 24
                          89.251.20.0/24 maxlen: 24
                          89.251.29.0/24 maxlen: 24
                          89.251.31.0/24 maxlen: 24
                          89.251.25.0/24 maxlen: 24
                          146.19.56.0/24 maxlen: 24
                          91.200.221.0/24 maxlen: 24
                          91.226.59.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 11 Dec 2023 06:16:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:00:0c:17:bf:a8:6c:36:3a:b2:65:09:37:b8:74:f6:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Nov 24 06:37:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=623d48833f0cd67f7d15275a1e37fd62958f88c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:28:a5:19:ee:25:05:5f:5c:11:9d:4a:75:32:
                    95:e7:70:4c:50:0e:fa:42:71:09:98:fc:e1:91:73:
                    c0:c3:56:71:8e:cc:07:ea:99:34:16:d9:66:1e:9f:
                    43:76:06:d4:84:2f:32:25:00:ce:8c:b0:2d:32:30:
                    1e:68:9c:2a:b0:2b:6b:d9:74:a8:80:bd:5b:81:5b:
                    eb:92:95:42:80:e6:8c:bd:ec:39:46:fa:37:1e:41:
                    b1:fe:0d:c8:e1:91:9f:7f:59:6d:1e:e3:4d:46:9c:
                    6f:8f:e2:8d:57:16:32:3f:7b:c6:e9:c7:db:c9:52:
                    7a:c2:8e:b7:38:d9:e9:bb:da:eb:49:0c:a7:85:2b:
                    63:ce:f5:f6:75:44:88:fa:89:0c:f6:1c:d0:6b:54:
                    4d:40:83:da:3e:96:5f:1b:fb:2e:0b:5d:dc:85:ef:
                    d2:85:9f:d2:b0:8f:bd:a4:10:f0:36:2c:5b:13:c1:
                    a0:ec:4b:65:05:8d:8e:be:13:28:f6:2b:fb:d0:1b:
                    43:0d:76:99:d0:98:7f:d0:9a:f0:66:67:24:17:e6:
                    5e:d4:11:08:ed:de:9f:04:2f:72:60:72:a8:ce:bb:
                    6e:9a:e0:51:fd:77:46:31:c6:27:f4:bf:22:33:80:
                    a3:c8:5f:87:6a:ee:1c:dc:ac:3c:24:fa:ca:48:0c:
                    57:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:3D:48:83:3F:0C:D6:7F:7D:15:27:5A:1E:37:FD:62:95:8F:88:C1
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/Yj1Igz8M1n99FSdaHjf9YpWPiME.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.251.18.0/24
                  89.251.20.0/24
                  89.251.22.0-89.251.25.255
                  89.251.29.0/24
                  89.251.31.0/24
                  91.200.221.0/24
                  91.226.59.0/24
                  109.122.40.0/24
                  109.122.43.0-109.122.44.255
                  146.19.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:66:65:07:04:c4:52:c9:a3:7b:e9:ed:41:4c:5c:bc:e6:ee:
         9f:f5:a8:a1:98:20:b6:23:3f:58:7f:59:3f:cb:7d:b2:67:ea:
         46:77:bb:6a:b4:bb:73:94:3d:c2:8c:17:f9:35:40:d3:af:00:
         3a:69:76:35:74:38:86:cc:f2:fb:87:1d:c8:39:59:c1:60:c4:
         0f:37:84:cc:dc:23:48:40:b6:0e:4f:f1:12:5c:8f:20:c5:76:
         01:6a:4c:50:38:d9:3a:01:4d:d7:78:ea:c1:f5:7e:a6:77:f6:
         91:fc:bc:fa:53:a6:7f:fa:28:e1:2b:cc:a3:94:aa:37:bc:62:
         dc:96:ed:ef:35:08:9a:4c:28:45:7f:4f:95:ff:8e:76:3b:69:
         d2:7a:85:e3:96:f8:53:45:48:a9:f0:9a:03:3d:8e:4f:4f:d9:
         cb:eb:5b:88:f2:ce:69:27:9f:c9:c6:a9:1b:97:a0:72:6c:1f:
         a0:ca:8b:e6:fe:9e:50:64:70:5a:4c:b0:f9:ff:5f:0a:44:08:
         41:43:28:07:8b:1c:8b:fc:93:e6:8a:c5:83:7f:2a:b9:61:24:
         52:db:19:ab:cd:4a:b1:6d:bf:bf:c8:29:a3:91:a3:b0:74:7a:
         c6:2b:44:c9:f7:50:45:b6:32:46:61:14:ea:a4:01:3c:5b:d0:
         88:18:1d:77
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAYwADBe/qGw2OrJlCTe4dPYuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjMxMTI0MDYzNzIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjNkNDg4MzNmMGNkNjdmN2QxNTI3NWExZTM3ZmQ2Mjk1OGY4OGMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlSilGe4lBV9cEZ1KdTKV53BMUA76
QnEJmPzhkXPAw1ZxjswH6pk0FtlmHp9DdgbUhC8yJQDOjLAtMjAeaJwqsCtr2XSo
gL1bgVvrkpVCgOaMvew5Rvo3HkGx/g3I4ZGff1ltHuNNRpxvj+KNVxYyP3vG6cfb
yVJ6wo63ONnpu9rrSQynhStjzvX2dUSI+okM9hzQa1RNQIPaPpZfG/suC13che/S
hZ/SsI+9pBDwNixbE8Gg7EtlBY2OvhMo9iv70BtDDXaZ0Jh/0JrwZmckF+Ze1BEI
7d6fBC9yYHKozrtumuBR/XdGMcYn9L8iM4CjyF+Hau4c3Kw8JPrKSAxXqwIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFGI9SIM/DNZ/fRUnWh43/WKVj4jBMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvWWoxSWd6OE0xbjk5RlNkYUhqZjlZcFdQaU1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAATBMAwQAWfsSAwQA
WfsUMAwDBAFZ+xYDBAFZ+xgDBABZ+x0DBABZ+x8DBABbyN0DBABb4jsDBABteigw
DAMEAG16KwMEAG16LAMEAJITODANBgkqhkiG9w0BAQsFAAOCAQEACWZlBwTEUsmj
e+ntQUxcvObun/WooZggtiM/WH9ZP8t9smfqRne7arS7c5Q9wowX+TVA068AOml2
NXQ4hszy+4cdyDlZwWDEDzeEzNwjSEC2Dk/xElyPIMV2AWpMUDjZOgFN13jqwfV+
pnf2kfy8+lOmf/oo4SvMo5SqN7xi3Jbt7zUImkwoRX9Plf+Odjtp0nqF45b4U0VI
qfCaAz2OT0/Zy+tbiPLOaSefycapG5egcmwfoMqL5v6eUGRwWkyw+f9fCkQIQUMo
B4sci/yT5orFg38quWEkUtsZq81KsW2/v8gpo5GjsHR6xitEyfdQRbYyRmEU6qQB
PFvQiBgddw==
-----END CERTIFICATE-----