Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/HphkA3LHLNlWS07g96qn6t2hB4o.roa
File:                     HphkA3LHLNlWS07g96qn6t2hB4o.roa (raw, json)
Hash identifier:          4M7DAwas8p+t3ruqwvKb+2W+Zj91FXPnp0mlByO4eiw=
Subject key identifier:   1E:98:64:03:72:C7:2C:D9:56:4B:4E:E0:F7:AA:A7:EA:DD:A1:07:8A
Certificate issuer:       /CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
Certificate serial:       018D2BB88D5570C11DE6F1766F510173F2D1
Authority key identifier: 77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/HphkA3LHLNlWS07g96qn6t2hB4o.roa
Signing time:             Sun 21 Jan 2024 11:12:11 +0000
ROA not before:           Sun 21 Jan 2024 11:12:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208161
IP address blocks:        87.248.130.0/24 maxlen: 24
                          87.248.131.0/24 maxlen: 24
                          87.248.133.0/24 maxlen: 24
                          87.248.137.0/24 maxlen: 24
                          87.248.138.0/24 maxlen: 24
                          87.248.139.0/24 maxlen: 24
                          87.248.150.0/24 maxlen: 24
                          87.248.151.0/24 maxlen: 24
                          87.248.152.0/23 maxlen: 24
                          87.248.155.0/24 maxlen: 24
                          87.248.156.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 14 Mar 2024 06:12:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:2b:b8:8d:55:70:c1:1d:e6:f1:76:6f:51:01:73:f2:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
        Validity
            Not Before: Jan 21 11:12:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1e98640372c72cd9564b4ee0f7aaa7eadda1078a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:73:b8:7e:15:c1:99:78:75:71:d4:0a:19:6d:
                    0c:8f:99:be:43:47:3f:03:17:74:b9:3c:10:a5:44:
                    50:b2:c8:28:1d:09:a8:49:05:58:39:99:be:9b:fd:
                    9a:fd:e0:2b:c8:f5:71:77:69:c0:de:3f:12:8c:99:
                    30:34:68:93:c1:fc:4d:89:f1:18:53:c6:f0:28:91:
                    84:25:aa:2b:58:7f:c2:a3:38:e8:5a:6e:49:e3:2a:
                    d8:24:8f:79:ce:74:82:e6:85:08:23:b2:64:17:05:
                    6f:43:43:f6:41:f6:f8:5b:43:5f:84:45:9f:64:9e:
                    d5:7b:cc:c3:61:50:21:3b:0b:1b:f0:94:1b:0f:df:
                    51:50:31:b4:69:af:dc:39:c8:0f:2f:ac:46:0f:8a:
                    a8:c8:2f:8f:e7:b0:67:17:96:bb:03:ae:ef:db:ab:
                    e3:10:11:18:d5:e4:54:14:f6:c4:45:2a:34:de:61:
                    ad:2e:a7:73:53:8a:a6:27:f7:02:15:b1:a7:dc:be:
                    97:18:9d:23:4e:fd:d3:95:ec:fb:97:cd:41:41:07:
                    ac:ad:0c:ad:12:ae:ed:a1:60:bf:fa:c7:45:0e:5b:
                    6c:3c:13:5e:cb:20:35:f4:dc:d8:5d:6c:a6:81:35:
                    4a:a9:e7:8b:15:4e:ed:c2:75:3b:5f:39:3a:e2:a0:
                    1a:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:98:64:03:72:C7:2C:D9:56:4B:4E:E0:F7:AA:A7:EA:DD:A1:07:8A
            X509v3 Authority Key Identifier:
                keyid:77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/HphkA3LHLNlWS07g96qn6t2hB4o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.248.130.0/23
                  87.248.133.0/24
                  87.248.137.0-87.248.139.255
                  87.248.150.0-87.248.153.255
                  87.248.155.0-87.248.156.255

    Signature Algorithm: sha256WithRSAEncryption
         44:42:25:50:03:3a:48:1e:4b:c8:af:c5:a3:d0:8f:0d:4c:ae:
         34:15:ee:c7:7c:20:c1:ab:ab:d5:45:c9:ed:d2:89:1c:fc:b7:
         32:02:60:10:54:a3:bd:df:9b:9b:80:f5:e1:72:d8:c2:b3:36:
         21:ef:ec:6b:47:40:7b:bf:7e:26:40:e3:b6:e4:5f:80:c6:2d:
         b4:70:e8:78:81:71:5b:fd:f0:7e:8f:9f:d7:67:ce:f3:70:85:
         b6:ee:85:7e:84:8b:2b:cc:5b:89:8a:b7:4f:59:5f:68:3d:00:
         c6:53:f4:2f:95:fd:a9:5f:be:42:e2:e0:c4:ca:52:ed:bc:62:
         10:c7:e4:b9:cd:ff:42:ba:7c:fc:9c:eb:a1:35:81:5e:27:0d:
         11:6a:8a:4e:bf:7b:8e:35:13:a8:29:6a:3a:f9:80:8e:2c:e0:
         81:22:4c:26:62:71:90:2c:71:08:3c:92:02:c4:c2:d7:75:b3:
         c4:65:cf:b7:18:b7:4d:89:03:fc:4e:af:d3:8c:8b:7e:46:67:
         f9:11:ef:bd:c3:6a:59:da:6b:b4:6d:a3:02:99:9c:eb:33:13:
         77:1c:e7:0f:fc:c8:56:11:9c:3a:3a:fe:7c:be:8a:b5:e5:d0:
         23:49:a3:17:91:6f:0c:de:48:4f:56:e1:4f:c1:a2:83:ae:66:
         ca:1b:89:d4
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAY0ruI1VcMEd5vF2b1EBc/LRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3ZjYxZmM3YzBhYjQxY2UxNTRlN2JjYjA4ZWY5NjIzNTFh
NDY3ODQwHhcNMjQwMTIxMTExMjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTk4NjQwMzcyYzcyY2Q5NTY0YjRlZTBmN2FhYTdlYWRkYTEwNzhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk3O4fhXBmXh1cdQKGW0Mj5m+Q0c/
Axd0uTwQpURQssgoHQmoSQVYOZm+m/2a/eAryPVxd2nA3j8SjJkwNGiTwfxNifEY
U8bwKJGEJaorWH/CozjoWm5J4yrYJI95znSC5oUII7JkFwVvQ0P2Qfb4W0NfhEWf
ZJ7Ve8zDYVAhOwsb8JQbD99RUDG0aa/cOcgPL6xGD4qoyC+P57BnF5a7A67v26vj
EBEY1eRUFPbERSo03mGtLqdzU4qmJ/cCFbGn3L6XGJ0jTv3Tlez7l81BQQesrQyt
Eq7toWC/+sdFDltsPBNeyyA19NzYXWymgTVKqeeLFU7twnU7Xzk64qAaOQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFB6YZANyxyzZVktO4Peqp+rdoQeKMB8GA1UdIwQY
MBaAFHf2H8fAq0HOFU57ywjvliNRpGeEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZF9ZZng4Q3JRYzRWVG52TENPLVdJMUdrWjRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC85MjEzZWMtODVhOS00OGQ2LWFhNjkt
ZWRjOWQwMmZhZjU0LzEvSHBoa0EzTEhMTmxXUzA3Zzk2cW42dDJoQjRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC85MjEzZWMtODVhOS00OGQ2LWFhNjktZWRjOWQwMmZhZjU0
LzEvZF9ZZng4Q3JRYzRWVG52TENPLVdJMUdrWjRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQBV/iCAwQA
V/iFMAwDBABX+IkDBAJX+IgwDAMEAVf4lgMEAVf4mDAMAwQAV/ibAwQAV/icMA0G
CSqGSIb3DQEBCwUAA4IBAQBEQiVQAzpIHkvIr8Wj0I8NTK40Fe7HfCDBq6vVRcnt
0okc/LcyAmAQVKO935ubgPXhctjCszYh7+xrR0B7v34mQOO25F+Axi20cOh4gXFb
/fB+j5/XZ87zcIW27oV+hIsrzFuJirdPWV9oPQDGU/Qvlf2pX75C4uDEylLtvGIQ
x+S5zf9Cunz8nOuhNYFeJw0RaopOv3uONROoKWo6+YCOLOCBIkwmYnGQLHEIPJIC
xMLXdbPEZc+3GLdNiQP8Tq/TjIt+Rmf5Ee+9w2pZ2mu0baMCmZzrMxN3HOcP/MhW
EZw6Ov58voq15dAjSaMXkW8M3khPVuFPwaKDrmbKG4nU
-----END CERTIFICATE-----