Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/262a4b-c701-48dc-9ae5-346368827e68/1/2efbEBSERxmHabVZUhB9HgxWFEY.roa
File:                     2efbEBSERxmHabVZUhB9HgxWFEY.roa (raw, json)
Hash identifier:          QNankwBcUhHvvChijDHfYsrhzNI0JtOOmN8A8Bi4qI8=
Subject key identifier:   D9:E7:DB:10:14:84:47:19:87:69:B5:59:52:10:7D:1E:0C:56:14:46
Certificate issuer:       /CN=622ecc6cc5903aea0db61200f4ccd4f824cdd54f
Certificate serial:       018AD70A8BDA8007424BFF2D0298BC0F7ACE
Authority key identifier: 62:2E:CC:6C:C5:90:3A:EA:0D:B6:12:00:F4:CC:D4:F8:24:CD:D5:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yi7MbMWQOuoNthIA9MzU-CTN1U8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/262a4b-c701-48dc-9ae5-346368827e68/1/2efbEBSERxmHabVZUhB9HgxWFEY.roa
Signing time:             Wed 27 Sep 2023 14:28:27 +0000
ROA not before:           Wed 27 Sep 2023 14:28:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     137502
IP address blocks:        213.248.219.0/24 maxlen: 24
                          213.248.218.0/24 maxlen: 24
                          213.248.217.0/24 maxlen: 24
                          213.248.216.0/24 maxlen: 24
                          213.248.222.0/24 maxlen: 24
                          213.248.220.0/24 maxlen: 24
                          213.248.254.0/24 maxlen: 24
                          213.248.255.0/24 maxlen: 24
                          2a01:618:405::/48 maxlen: 48
                          2a01:618:400::/48 maxlen: 48
                          2a01:618:403::/48 maxlen: 48
                          2a01:618:404::/48 maxlen: 48
                          2a01:618:407::/48 maxlen: 48
                          2a01:618:402::/48 maxlen: 48
                          2a01:618:406::/48 maxlen: 48
                          2a01:618:401::/48 maxlen: 48

Validation:               Failed, certificate revoked on Thu 28 Sep 2023 08:03:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:d7:0a:8b:da:80:07:42:4b:ff:2d:02:98:bc:0f:7a:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=622ecc6cc5903aea0db61200f4ccd4f824cdd54f
        Validity
            Not Before: Sep 27 14:28:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d9e7db10148447198769b55952107d1e0c561446
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:78:c9:88:75:de:aa:74:d0:de:88:cf:a6:fc:
                    73:68:1e:00:2a:98:54:dc:53:a0:00:f7:c6:71:b3:
                    87:e8:31:c4:a4:35:37:9b:96:2b:99:4c:2b:b7:e2:
                    8b:3a:ec:5e:73:ee:ab:2a:4a:36:32:43:a3:40:37:
                    72:c0:c6:ed:60:27:10:91:db:23:4c:6b:c1:6b:8b:
                    0b:01:ef:53:7c:de:ad:f2:35:c3:d9:7e:db:56:d2:
                    f3:9d:84:ff:1f:23:a2:87:42:37:e7:10:53:42:c8:
                    35:5a:25:76:ff:ad:35:1d:9a:af:35:25:28:0b:5e:
                    09:75:af:58:80:98:c8:13:1a:ff:7f:d1:69:1e:10:
                    a9:a0:3e:c5:b6:e9:13:07:e4:25:8b:4c:de:cf:5d:
                    5f:40:09:9e:d6:e0:f9:9b:08:0f:5c:65:3e:60:ba:
                    8e:a9:7f:28:98:3d:a7:4c:28:4c:27:b3:75:51:0b:
                    0f:af:03:25:95:95:a1:1e:57:a6:95:e3:6d:52:80:
                    9d:ad:4b:e8:24:29:00:76:f9:3f:df:17:96:0d:45:
                    05:1d:46:ac:e7:ea:b0:3c:9e:a0:af:61:22:dd:99:
                    f6:1d:c1:bc:48:de:8b:d9:55:b1:15:d2:c3:f1:81:
                    aa:1e:13:81:d8:ba:f2:b7:f8:d2:82:ad:bf:6d:ee:
                    fa:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:E7:DB:10:14:84:47:19:87:69:B5:59:52:10:7D:1E:0C:56:14:46
            X509v3 Authority Key Identifier:
                keyid:62:2E:CC:6C:C5:90:3A:EA:0D:B6:12:00:F4:CC:D4:F8:24:CD:D5:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yi7MbMWQOuoNthIA9MzU-CTN1U8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/262a4b-c701-48dc-9ae5-346368827e68/1/2efbEBSERxmHabVZUhB9HgxWFEY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/262a4b-c701-48dc-9ae5-346368827e68/1/Yi7MbMWQOuoNthIA9MzU-CTN1U8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.248.216.0-213.248.220.255
                  213.248.222.0/24
                  213.248.254.0/23
                IPv6:
                  2a01:618:400::/45

    Signature Algorithm: sha256WithRSAEncryption
         53:07:ba:44:e1:c2:d1:a7:f4:c3:d2:8d:e5:e7:ea:97:37:ed:
         ef:58:e0:f3:20:f0:5a:df:f5:23:e8:d7:64:0e:e0:8b:96:66:
         c6:dc:56:88:87:b2:18:5b:c3:9a:97:42:7a:2f:34:c9:d5:90:
         b8:bd:fa:b5:a8:61:b4:40:d1:e2:76:3a:0a:5b:7c:68:f4:dc:
         2c:0a:1b:6c:fe:75:87:6e:49:76:88:30:d3:fb:98:5a:23:54:
         da:72:3d:bb:5c:73:48:e7:97:15:e1:d5:da:b0:d9:73:68:b0:
         61:f2:1a:b0:1f:03:f0:e9:36:40:8a:af:6a:47:5b:ae:e3:d5:
         00:d2:8f:f1:8a:71:ac:9d:18:c2:e7:0b:5c:5a:54:e4:ae:96:
         78:d7:2a:20:e0:d2:95:04:59:ad:bd:da:22:65:de:35:cf:4d:
         12:ee:55:6d:0b:a3:b6:15:03:03:07:73:e1:06:c4:1d:82:26:
         04:f6:04:56:54:19:ad:a9:04:8e:6b:47:ae:c2:26:f6:3d:b5:
         7c:87:70:8e:2b:37:e8:e2:26:8a:0d:7f:6c:f0:9e:8e:53:af:
         4e:18:55:bd:9f:9e:67:b6:8e:0e:13:86:05:4b:01:f0:1f:b7:
         08:a8:4b:8d:af:06:26:ec:02:e1:12:dd:a1:25:09:71:a3:b1:
         0a:95:81:45
-----BEGIN CERTIFICATE-----
MIIFIjCCBAqgAwIBAgISAYrXCovagAdCS/8tApi8D3rOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMmVjYzZjYzU5MDNhZWEwZGI2MTIwMGY0Y2NkNGY4MjRj
ZGQ1NGYwHhcNMjMwOTI3MTQyODI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWU3ZGIxMDE0ODQ0NzE5ODc2OWI1NTk1MjEwN2QxZTBjNTYxNDQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhXjJiHXeqnTQ3ojPpvxzaB4AKphU
3FOgAPfGcbOH6DHEpDU3m5YrmUwrt+KLOuxec+6rKko2MkOjQDdywMbtYCcQkdsj
TGvBa4sLAe9TfN6t8jXD2X7bVtLznYT/HyOih0I35xBTQsg1WiV2/601HZqvNSUo
C14Jda9YgJjIExr/f9FpHhCpoD7FtukTB+Qli0zez11fQAme1uD5mwgPXGU+YLqO
qX8omD2nTChMJ7N1UQsPrwMllZWhHlemleNtUoCdrUvoJCkAdvk/3xeWDUUFHUas
5+qwPJ6gr2Ei3Zn2HcG8SN6L2VWxFdLD8YGqHhOB2Lryt/jSgq2/be76zQIDAQAB
o4ICLjCCAiowHQYDVR0OBBYEFNnn2xAUhEcZh2m1WVIQfR4MVhRGMB8GA1UdIwQY
MBaAFGIuzGzFkDrqDbYSAPTM1PgkzdVPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWk3TWJNV1FPdW9OdGhJQTlNelUtQ1ROMVU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy8yNjJhNGItYzcwMS00OGRjLTlhZTUt
MzQ2MzY4ODI3ZTY4LzEvMmVmYkVCU0VSeG1IYWJWWlVoQjlIZ3hXRkVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy8yNjJhNGItYzcwMS00OGRjLTlhZTUtMzQ2MzY4ODI3ZTY4
LzEvWWk3TWJNV1FPdW9OdGhJQTlNelUtQ1ROMVU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEQGCCsGAQUFBwEHAQH/BDUwMzAgBAIAATAaMAwDBAPV+NgD
BADV+NwDBADV+N4DBAHV+P4wDwQCAAIwCQMHAyoBBhgEADANBgkqhkiG9w0BAQsF
AAOCAQEAUwe6ROHC0af0w9KN5efqlzft71jg8yDwWt/1I+jXZA7gi5ZmxtxWiIey
GFvDmpdCei80ydWQuL36tahhtEDR4nY6Clt8aPTcLAobbP51h25Jdogw0/uYWiNU
2nI9u1xzSOeXFeHV2rDZc2iwYfIasB8D8Ok2QIqvakdbruPVANKP8YpxrJ0YwucL
XFpU5K6WeNcqIODSlQRZrb3aImXeNc9NEu5VbQujthUDAwdz4QbEHYImBPYEVlQZ
rakEjmtHrsIm9j21fIdwjis36OImig1/bPCejlOvThhVvZ+eZ7aODhOGBUsB8B+3
CKhLja8GJuwC4RLdoSUJcaOxCpWBRQ==
-----END CERTIFICATE-----