Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/7HCI93EOp_B9-lWV-iAj-jRNJh0.roa
File:                     7HCI93EOp_B9-lWV-iAj-jRNJh0.roa (raw, json)
Hash identifier:          fl1ohKjtHQWzAVTaOW20fqQZLLQg/Xpxsf8goIjdse0=
Subject key identifier:   EC:70:88:F7:71:0E:A7:F0:7D:FA:55:95:FA:20:23:FA:34:4D:26:1D
Certificate issuer:       /CN=66df7742890173927935206a28efbf48123e787c
Certificate serial:       018ED2F66689B7E5F3A678A2240881934653
Authority key identifier: 66:DF:77:42:89:01:73:92:79:35:20:6A:28:EF:BF:48:12:3E:78:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/7HCI93EOp_B9-lWV-iAj-jRNJh0.roa
Signing time:             Fri 12 Apr 2024 15:39:07 +0000
ROA not before:           Fri 12 Apr 2024 15:39:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206576
IP address blocks:        5.181.72.0/22 maxlen: 24
                          45.137.44.0/22 maxlen: 24
                          83.150.252.0/22 maxlen: 24
                          185.90.0.0/22 maxlen: 24
                          185.182.200.0/23 maxlen: 24
                          185.229.4.0/22 maxlen: 24
                          185.246.132.0/22 maxlen: 24
                          185.247.200.0/22 maxlen: 24
                          185.248.252.0/24 maxlen: 24
                          185.248.254.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 15 Apr 2024 08:06:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:d2:f6:66:89:b7:e5:f3:a6:78:a2:24:08:81:93:46:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66df7742890173927935206a28efbf48123e787c
        Validity
            Not Before: Apr 12 15:39:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ec7088f7710ea7f07dfa5595fa2023fa344d261d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:f8:21:c4:8d:61:cc:f2:c4:6f:bf:12:3d:60:
                    9c:9d:57:87:96:ac:d0:4e:f0:a2:b7:75:1e:66:a5:
                    f5:1c:7a:80:61:af:34:3a:3b:ea:2a:12:e3:36:04:
                    79:96:b6:a5:88:e3:eb:00:66:69:c8:39:5a:17:a5:
                    29:16:8a:76:4e:b5:b6:67:e1:d2:21:e8:70:88:09:
                    6b:c7:6b:5b:40:1c:0e:85:f8:bb:1d:dd:e2:58:d7:
                    30:75:fc:bf:1b:da:5a:92:09:60:f0:dc:8c:9b:e3:
                    8c:d6:db:58:2e:f8:36:31:27:5d:59:c4:ba:4a:8a:
                    7c:79:c1:5c:91:c4:88:9e:c1:96:a6:03:79:8b:e0:
                    49:b1:da:f1:f3:90:90:20:24:22:09:09:27:bb:fe:
                    ed:2e:d6:9d:62:83:98:a2:13:34:8e:0a:22:b6:12:
                    9d:ea:9b:62:ec:c0:ee:4f:25:c3:a2:94:f7:25:bb:
                    c6:77:eb:f1:85:39:91:5e:b1:2e:e5:61:e1:7c:3b:
                    c7:ce:20:cd:ea:5f:6d:09:43:e9:f8:14:8d:a0:ea:
                    41:44:5b:fa:34:4a:60:c6:1a:db:44:e7:17:62:f0:
                    0e:72:60:b5:c6:a4:14:38:9c:65:93:bf:e6:fb:34:
                    62:29:2f:5b:2e:d5:aa:a4:50:ce:a4:db:3d:17:49:
                    01:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:70:88:F7:71:0E:A7:F0:7D:FA:55:95:FA:20:23:FA:34:4D:26:1D
            X509v3 Authority Key Identifier:
                keyid:66:DF:77:42:89:01:73:92:79:35:20:6A:28:EF:BF:48:12:3E:78:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/7HCI93EOp_B9-lWV-iAj-jRNJh0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.72.0/22
                  45.137.44.0/22
                  83.150.252.0/22
                  185.90.0.0/22
                  185.182.200.0/23
                  185.229.4.0/22
                  185.246.132.0/22
                  185.247.200.0/22
                  185.248.252.0/24
                  185.248.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:b0:4c:6f:5c:5a:6b:f7:12:c0:7e:3d:63:31:44:4f:3b:4c:
         9b:3f:c5:60:6b:8a:f6:8c:47:ab:49:c4:84:10:3a:aa:13:92:
         00:3b:cd:7c:4f:70:b6:db:9e:d4:d1:e7:57:46:7e:a6:f2:b7:
         1c:c8:dd:68:3c:ff:10:c5:b1:d2:f4:2a:7e:84:10:f2:bf:5d:
         b5:9d:96:ef:12:3b:aa:5f:38:0d:25:22:e7:2a:af:dc:90:03:
         3c:f0:b3:3e:2d:31:b2:13:cc:73:6b:1f:fd:a7:fb:7a:97:5f:
         7f:60:9b:ad:c9:b0:6d:e0:51:ec:0b:b7:d2:15:fc:c5:16:02:
         15:80:17:91:28:51:91:e1:a9:3f:9d:c5:19:e0:26:d3:6e:6d:
         9f:9e:f5:ed:2f:69:05:7c:25:fb:e6:05:a9:5d:67:8c:aa:ff:
         b3:85:15:7c:3a:a7:52:75:6b:0f:5e:1f:fd:6b:df:c0:cf:bb:
         86:a6:b4:66:0f:38:f6:b5:53:04:5f:49:bf:84:d8:fb:31:b7:
         b2:fd:3f:a1:55:c0:23:22:09:04:3d:5e:5e:b6:bf:dd:6a:ad:
         28:7d:c8:cf:e0:aa:70:0c:94:c0:c8:91:80:c0:45:db:77:b5:
         06:e7:97:8b:00:8d:dc:67:2b:8d:bf:c5:70:9c:52:55:49:bc:
         fc:09:b2:00
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAY7S9maJt+XzpniiJAiBk0ZTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZGY3NzQyODkwMTczOTI3OTM1MjA2YTI4ZWZiZjQ4MTIz
ZTc4N2MwHhcNMjQwNDEyMTUzOTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzcwODhmNzcxMGVhN2YwN2RmYTU1OTVmYTIwMjNmYTM0NGQyNjFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArPghxI1hzPLEb78SPWCcnVeHlqzQ
TvCit3UeZqX1HHqAYa80OjvqKhLjNgR5lraliOPrAGZpyDlaF6UpFop2TrW2Z+HS
IehwiAlrx2tbQBwOhfi7Hd3iWNcwdfy/G9pakglg8NyMm+OM1ttYLvg2MSddWcS6
Sop8ecFckcSInsGWpgN5i+BJsdrx85CQICQiCQknu/7tLtadYoOYohM0jgoithKd
6pti7MDuTyXDopT3JbvGd+vxhTmRXrEu5WHhfDvHziDN6l9tCUPp+BSNoOpBRFv6
NEpgxhrbROcXYvAOcmC1xqQUOJxlk7/m+zRiKS9bLtWqpFDOpNs9F0kB2wIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFOxwiPdxDqfwffpVlfogI/o0TSYdMB8GA1UdIwQY
MBaAFGbfd0KJAXOSeTUgaijvv0gSPnh8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnQ5M1Fva0JjNUo1TlNCcUtPLV9TQkktZUh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS9lODQzNDAtMTI4YS00NDk3LTk0NmYt
MDk3ODdmMTUyYWRlLzEvN0hDSTkzRU9wX0I5LWxXVi1pQWotalJOSmgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS9lODQzNDAtMTI4YS00NDk3LTk0NmYtMDk3ODdmMTUyYWRl
LzEvWnQ5M1Fva0JjNUo1TlNCcUtPLV9TQkktZUh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQCBbVIAwQC
LYksAwQCU5b8AwQCuVoAAwQBubbIAwQCueUEAwQCufaEAwQCuffIAwQAufj8AwQA
ufj+MA0GCSqGSIb3DQEBCwUAA4IBAQBFsExvXFpr9xLAfj1jMURPO0ybP8Vga4r2
jEerScSEEDqqE5IAO818T3C2257U0edXRn6m8rccyN1oPP8QxbHS9Cp+hBDyv121
nZbvEjuqXzgNJSLnKq/ckAM88LM+LTGyE8xzax/9p/t6l19/YJutybBt4FHsC7fS
FfzFFgIVgBeRKFGR4ak/ncUZ4CbTbm2fnvXtL2kFfCX75gWpXWeMqv+zhRV8OqdS
dWsPXh/9a9/Az7uGprRmDzj2tVMEX0m/hNj7Mbey/T+hVcAjIgkEPV5etr/daq0o
fcjP4KpwDJTAyJGAwEXbd7UG55eLAI3cZyuNv8VwnFJVSbz8CbIA
-----END CERTIFICATE-----