Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/LDnztVBeHWzUAY6EkwDOyDsjk14.roa
File:                     LDnztVBeHWzUAY6EkwDOyDsjk14.roa (raw, json)
Hash identifier:          lNVHavAw2qwk9vHzkk3FHeASPIspFzim3L9HMHKFxfo=
Subject key identifier:   2C:39:F3:B5:50:5E:1D:6C:D4:01:8E:84:93:00:CE:C8:3B:23:93:5E
Certificate issuer:       /CN=4f9509b33da55f3e5d5283eb621d0d35d7aeed5c
Certificate serial:       018E32FADD0D23DA80C24703189B2B6A693C
Authority key identifier: 4F:95:09:B3:3D:A5:5F:3E:5D:52:83:EB:62:1D:0D:35:D7:AE:ED:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/LDnztVBeHWzUAY6EkwDOyDsjk14.roa
Signing time:             Tue 12 Mar 2024 14:04:45 +0000
ROA not before:           Tue 12 Mar 2024 14:04:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     22773
IP address blocks:        84.54.0.0/23 maxlen: 23
                          84.54.2.0/23 maxlen: 23
                          85.8.144.0/23 maxlen: 23
                          85.8.146.0/23 maxlen: 23
                          85.8.156.0/22 maxlen: 22
                          85.8.160.0/23 maxlen: 23
                          85.8.162.0/23 maxlen: 23
                          176.53.168.0/22 maxlen: 22
                          185.231.224.0/22 maxlen: 22
                          193.187.108.0/22 maxlen: 22
                          213.139.224.0/22 maxlen: 22

Validation:               Failed, certificate revoked on Thu 28 Mar 2024 17:30:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:32:fa:dd:0d:23:da:80:c2:47:03:18:9b:2b:6a:69:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f9509b33da55f3e5d5283eb621d0d35d7aeed5c
        Validity
            Not Before: Mar 12 14:04:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2c39f3b5505e1d6cd4018e849300cec83b23935e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:b3:81:c2:55:0f:8e:77:e2:d7:46:7b:82:5d:
                    f5:01:e8:82:15:8d:01:14:67:4c:a7:f4:8f:86:27:
                    c0:d0:56:54:fb:8a:fb:0a:35:ab:54:27:09:64:c7:
                    bd:04:e0:4e:5a:98:a0:07:07:85:04:b0:b3:5d:d0:
                    cb:52:62:e4:32:d6:23:7c:46:fc:d2:18:a0:bc:37:
                    30:27:1f:9a:d0:e9:a1:7f:cd:f0:a4:9d:3d:35:d1:
                    5d:e1:5f:38:83:7a:19:b3:f7:26:f5:04:11:ab:91:
                    28:d1:ec:4e:e5:21:45:ba:85:21:86:45:45:25:5e:
                    ec:ea:db:1a:f5:4d:f9:98:50:e4:f3:74:05:60:a8:
                    9b:fc:d8:73:36:0c:2c:fe:c1:ef:dd:21:f9:d1:c7:
                    69:cb:35:10:fc:0b:50:ee:5e:cd:c4:c1:b6:84:26:
                    eb:7e:ef:ec:69:90:dd:c9:40:e9:56:3a:39:23:49:
                    65:be:2a:c7:5f:3c:6e:ed:bb:98:08:05:24:66:b5:
                    de:c5:a7:02:81:10:ca:de:6c:0f:33:56:50:b1:b2:
                    17:7f:c9:4f:af:df:42:b7:3c:75:05:af:3c:a5:77:
                    60:3d:e5:be:51:62:4c:d6:19:89:9d:9c:4b:b6:2c:
                    a8:70:0d:23:98:3d:fc:e4:bb:9d:04:13:69:c0:52:
                    d3:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:39:F3:B5:50:5E:1D:6C:D4:01:8E:84:93:00:CE:C8:3B:23:93:5E
            X509v3 Authority Key Identifier:
                keyid:4F:95:09:B3:3D:A5:5F:3E:5D:52:83:EB:62:1D:0D:35:D7:AE:ED:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/LDnztVBeHWzUAY6EkwDOyDsjk14.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.54.0.0/22
                  85.8.144.0/22
                  85.8.156.0-85.8.163.255
                  176.53.168.0/22
                  185.231.224.0/22
                  193.187.108.0/22
                  213.139.224.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7e:fa:f3:ac:c2:35:9c:7a:50:8c:d4:9b:c5:a9:df:1f:87:e9:
         a8:78:70:c4:75:86:8a:ae:64:0f:da:7d:c5:49:1a:48:82:f9:
         3f:19:00:b1:5c:8c:1f:85:72:24:54:f2:93:ae:41:25:cc:45:
         df:6e:b6:31:b9:c9:47:ef:63:a2:ba:a1:0f:19:e7:1a:bd:6d:
         78:78:65:b8:fd:c7:54:ad:3f:1b:f7:d1:d5:74:d8:ba:2c:e8:
         ad:39:31:8c:8d:cb:44:e3:e7:9c:0b:a8:e4:ec:df:35:22:1a:
         68:c2:29:ce:ce:2c:81:02:1c:72:15:d9:a3:2a:7c:14:35:60:
         d8:8b:a3:12:c0:ca:19:47:fb:8a:fd:2f:2f:54:e4:0c:d8:15:
         4a:19:93:b9:4c:db:6c:95:bb:40:3e:af:89:d6:fc:48:3a:28:
         77:64:1f:18:94:2a:e2:62:5a:11:a3:c2:aa:b3:4a:06:a4:12:
         cf:a6:31:af:05:94:b3:83:b7:1c:30:f4:1c:bb:0a:df:67:08:
         be:79:8e:cd:33:21:63:e9:7a:db:80:fe:a4:ee:dd:84:d1:fd:
         8c:da:ab:62:8d:70:c6:7b:2b:cb:e3:88:6f:8a:41:a4:2e:47:
         30:a0:fa:5e:c0:60:c3:7f:c0:c6:5c:4a:a9:b0:12:38:22:c6:
         ba:bc:8a:9b
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAY4y+t0NI9qAwkcDGJsramk8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOTUwOWIzM2RhNTVmM2U1ZDUyODNlYjYyMWQwZDM1ZDdh
ZWVkNWMwHhcNMjQwMzEyMTQwNDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzM5ZjNiNTUwNWUxZDZjZDQwMThlODQ5MzAwY2VjODNiMjM5MzVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuLOBwlUPjnfi10Z7gl31AeiCFY0B
FGdMp/SPhifA0FZU+4r7CjWrVCcJZMe9BOBOWpigBweFBLCzXdDLUmLkMtYjfEb8
0higvDcwJx+a0Omhf83wpJ09NdFd4V84g3oZs/cm9QQRq5Eo0exO5SFFuoUhhkVF
JV7s6tsa9U35mFDk83QFYKib/NhzNgws/sHv3SH50cdpyzUQ/AtQ7l7NxMG2hCbr
fu/saZDdyUDpVjo5I0llvirHXzxu7buYCAUkZrXexacCgRDK3mwPM1ZQsbIXf8lP
r99Ctzx1Ba88pXdgPeW+UWJM1hmJnZxLtiyocA0jmD385LudBBNpwFLTcwIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFCw587VQXh1s1AGOhJMAzsg7I5NeMB8GA1UdIwQY
MBaAFE+VCbM9pV8+XVKD62IdDTXXru1cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDVVSnN6MmxYejVkVW9QclloME5OZGV1N1Z3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi82ZmMxYmMtYTVmOC00MmE4LTk1ZTQt
NjAxMDdlMmI1MTA5LzEvTERuenRWQmVIV3pVQVk2RWt3RE95RHNqazE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi82ZmMxYmMtYTVmOC00MmE4LTk1ZTQtNjAxMDdlMmI1MTA5
LzEvVDVVSnN6MmxYejVkVW9QclloME5OZGV1N1Z3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQCVDYAAwQC
VQiQMAwDBAJVCJwDBAJVCKADBAKwNagDBAK55+ADBALBu2wDBALVi+AwDQYJKoZI
hvcNAQELBQADggEBAH7686zCNZx6UIzUm8Wp3x+H6ah4cMR1hoquZA/afcVJGkiC
+T8ZALFcjB+FciRU8pOuQSXMRd9utjG5yUfvY6K6oQ8Z5xq9bXh4Zbj9x1StPxv3
0dV02Los6K05MYyNy0Tj55wLqOTs3zUiGmjCKc7OLIECHHIV2aMqfBQ1YNiLoxLA
yhlH+4r9Ly9U5AzYFUoZk7lM22yVu0A+r4nW/Eg6KHdkHxiUKuJiWhGjwqqzSgak
Es+mMa8FlLODtxww9By7Ct9nCL55js0zIWPpetuA/qTu3YTR/Yzaq2KNcMZ7K8vj
iG+KQaQuRzCg+l7AYMN/wMZcSqmwEjgixrq8ips=
-----END CERTIFICATE-----