Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/e75e41-a828-4dc5-8ed3-9fc36411accc/1/ec3aHhTvTsx4I7OruB7jJQb8CBY.roa
File:                     ec3aHhTvTsx4I7OruB7jJQb8CBY.roa (raw, json)
Hash identifier:          0zG9uNMeij80SA16j7cyur8N3afek2zCAIX8StCvE7E=
Subject key identifier:   79:CD:DA:1E:14:EF:4E:CC:78:23:B3:AB:B8:1E:E3:25:06:FC:08:16
Certificate issuer:       /CN=3939f92b825ce110903c31d522b0f50cafd74a6f
Certificate serial:       018EACFC36EFB6AE1B3860BC606B1F64B9FF
Authority key identifier: 39:39:F9:2B:82:5C:E1:10:90:3C:31:D5:22:B0:F5:0C:AF:D7:4A:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OTn5K4Jc4RCQPDHVIrD1DK_XSm8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/e75e41-a828-4dc5-8ed3-9fc36411accc/1/ec3aHhTvTsx4I7OruB7jJQb8CBY.roa
Signing time:             Fri 05 Apr 2024 06:39:54 +0000
ROA not before:           Fri 05 Apr 2024 06:39:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34285
IP address blocks:        185.197.244.0/22 maxlen: 22
                          217.12.16.0/22 maxlen: 22
                          217.12.16.0/24 maxlen: 24
                          217.12.17.0/24 maxlen: 24
                          217.12.18.0/24 maxlen: 24
                          217.12.19.0/24 maxlen: 24
                          217.12.20.0/22 maxlen: 22
                          217.12.20.0/23 maxlen: 23
                          217.12.22.0/23 maxlen: 23
                          217.12.24.0/22 maxlen: 22
                          217.12.24.0/24 maxlen: 24
                          217.12.25.0/24 maxlen: 24
                          217.12.26.0/24 maxlen: 24
                          217.12.27.0/24 maxlen: 24
                          217.12.28.0/22 maxlen: 22
                          217.12.28.0/24 maxlen: 24
                          217.12.29.0/24 maxlen: 24
                          217.12.30.0/24 maxlen: 24
                          217.12.31.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 27 Sep 2024 07:30:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:ac:fc:36:ef:b6:ae:1b:38:60:bc:60:6b:1f:64:b9:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3939f92b825ce110903c31d522b0f50cafd74a6f
        Validity
            Not Before: Apr  5 06:39:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=79cdda1e14ef4ecc7823b3abb81ee32506fc0816
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:89:f9:6f:72:7e:76:c3:b6:67:e7:c8:cc:49:
                    f7:7a:b3:48:28:a5:76:69:66:6f:43:58:f1:23:31:
                    01:ac:d3:a0:17:93:2c:34:a8:35:3d:c8:49:f9:a6:
                    68:2f:57:47:9e:9c:dd:f6:26:c8:d8:c3:cf:d1:f4:
                    a1:69:f9:b1:b6:df:4e:1c:8d:23:34:eb:a9:bd:ee:
                    26:2d:7f:53:12:ab:ff:e2:ca:60:5a:74:06:c3:c3:
                    b6:d6:a7:9a:a2:5d:a8:29:f8:18:42:86:d5:ac:68:
                    a7:73:07:7b:33:fc:d7:be:e3:4c:ed:02:68:32:6f:
                    ed:e5:0f:5b:67:4e:51:77:8e:89:02:8b:f8:b0:c7:
                    d4:d3:93:65:35:21:e3:3f:57:cc:b3:e5:71:f0:72:
                    53:76:c5:4b:90:7f:50:ad:a9:cc:fc:33:fc:49:e5:
                    e6:06:4f:3d:c6:a5:53:bc:69:61:06:8d:e5:f0:8c:
                    30:e0:01:50:8f:1a:64:bf:06:41:37:19:ad:49:b5:
                    c8:09:a4:86:9e:12:6f:e4:87:90:32:d7:61:a3:1e:
                    c0:07:99:e3:b5:27:11:97:a2:c4:4c:1b:d8:f8:71:
                    e5:0b:7b:41:6d:22:80:ab:f9:a3:44:fb:16:db:91:
                    de:5c:0d:c9:08:a9:29:87:38:5d:4c:fa:78:33:46:
                    55:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:CD:DA:1E:14:EF:4E:CC:78:23:B3:AB:B8:1E:E3:25:06:FC:08:16
            X509v3 Authority Key Identifier:
                keyid:39:39:F9:2B:82:5C:E1:10:90:3C:31:D5:22:B0:F5:0C:AF:D7:4A:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OTn5K4Jc4RCQPDHVIrD1DK_XSm8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/e75e41-a828-4dc5-8ed3-9fc36411accc/1/ec3aHhTvTsx4I7OruB7jJQb8CBY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/e75e41-a828-4dc5-8ed3-9fc36411accc/1/OTn5K4Jc4RCQPDHVIrD1DK_XSm8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.197.244.0/22
                  217.12.16.0/20

    Signature Algorithm: sha256WithRSAEncryption
         4e:6e:37:ce:6f:4a:da:68:d5:72:89:43:74:cb:13:e4:9f:71:
         c3:e3:2c:d8:56:14:33:a7:73:cb:5f:67:1b:ab:a9:66:77:31:
         96:f4:3e:92:64:16:45:a7:b3:9c:b2:75:f4:5d:be:a8:82:88:
         01:a0:d9:b3:ab:92:31:1b:e3:24:76:71:7f:80:5d:67:99:a0:
         c3:ce:7d:7f:44:a6:1e:b9:bf:11:30:0e:b0:08:f0:5d:d6:e4:
         c4:b5:09:a3:2b:38:e9:4e:f0:9c:e8:e0:d0:20:bb:a1:fc:e7:
         07:0b:b7:fe:8c:5e:70:a4:ed:67:94:75:c3:1b:40:ac:80:f5:
         a1:38:2a:96:4a:a3:aa:9e:c0:7a:41:e8:d4:15:4c:25:af:0e:
         7d:89:d5:9d:3d:7f:12:ea:35:08:00:23:93:4b:1b:1d:99:00:
         74:62:c8:b5:50:31:db:4c:06:ac:53:75:86:9c:1f:80:47:3a:
         ba:c3:6d:2e:d9:a2:70:e7:e8:74:4b:3a:fa:65:14:03:e1:7f:
         f6:72:3e:1c:41:6a:c3:78:b6:90:12:40:49:15:f4:36:0a:4b:
         0e:a2:4d:fd:d1:74:59:36:9d:c5:f4:b8:c7:5b:24:01:14:3e:
         f4:d8:fa:0a:ea:3e:c1:81:dc:96:7b:f5:e5:02:b6:24:c2:16:
         a6:c4:79:97
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY6s/Dbvtq4bOGC8YGsfZLn/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5MzlmOTJiODI1Y2UxMTA5MDNjMzFkNTIyYjBmNTBjYWZk
NzRhNmYwHhcNMjQwNDA1MDYzOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OWNkZGExZTE0ZWY0ZWNjNzgyM2IzYWJiODFlZTMyNTA2ZmMwODE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj4n5b3J+dsO2Z+fIzEn3erNIKKV2
aWZvQ1jxIzEBrNOgF5MsNKg1PchJ+aZoL1dHnpzd9ibI2MPP0fShafmxtt9OHI0j
NOupve4mLX9TEqv/4spgWnQGw8O21qeaol2oKfgYQobVrGincwd7M/zXvuNM7QJo
Mm/t5Q9bZ05Rd46JAov4sMfU05NlNSHjP1fMs+Vx8HJTdsVLkH9QranM/DP8SeXm
Bk89xqVTvGlhBo3l8Iww4AFQjxpkvwZBNxmtSbXICaSGnhJv5IeQMtdhox7AB5nj
tScRl6LETBvY+HHlC3tBbSKAq/mjRPsW25HeXA3JCKkphzhdTPp4M0ZVYwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHnN2h4U707MeCOzq7ge4yUG/AgWMB8GA1UdIwQY
MBaAFDk5+SuCXOEQkDwx1SKw9Qyv10pvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1RuNUs0SmM0UkNRUERIVklyRDFES19YU204LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS9lNzVlNDEtYTgyOC00ZGM1LThlZDMt
OWZjMzY0MTFhY2NjLzEvZWMzYUhoVHZUc3g0STdPcnVCN2pKUWI4Q0JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS9lNzVlNDEtYTgyOC00ZGM1LThlZDMtOWZjMzY0MTFhY2Nj
LzEvT1RuNUs0SmM0UkNRUERIVklyRDFES19YU204LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCucX0AwQE
2QwQMA0GCSqGSIb3DQEBCwUAA4IBAQBObjfOb0raaNVyiUN0yxPkn3HD4yzYVhQz
p3PLX2cbq6lmdzGW9D6SZBZFp7OcsnX0Xb6ogogBoNmzq5IxG+MkdnF/gF1nmaDD
zn1/RKYeub8RMA6wCPBd1uTEtQmjKzjpTvCc6ODQILuh/OcHC7f+jF5wpO1nlHXD
G0CsgPWhOCqWSqOqnsB6QejUFUwlrw59idWdPX8S6jUIACOTSxsdmQB0Ysi1UDHb
TAasU3WGnB+ARzq6w20u2aJw5+h0Szr6ZRQD4X/2cj4cQWrDeLaQEkBJFfQ2CksO
ok390XRZNp3F9LjHWyQBFD702PoK6j7BgdyWe/XlArYkwhamxHmX
-----END CERTIFICATE-----