Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/262a4b-c701-48dc-9ae5-346368827e68/1/L0cSuSVdF9w32pOSSf5ANj0b_l4.roa
File:                     L0cSuSVdF9w32pOSSf5ANj0b_l4.roa (raw, json)
Hash identifier:          1XcVyN80DOoJN3FRMStVSV2m0gWOtkJhhR/6q447h2A=
Subject key identifier:   2F:47:12:B9:25:5D:17:DC:37:DA:93:92:49:FE:40:36:3D:1B:FE:5E
Certificate issuer:       /CN=622ecc6cc5903aea0db61200f4ccd4f824cdd54f
Certificate serial:       018AD70A8B73A0D0757A3D4F6392C8BBEE19
Authority key identifier: 62:2E:CC:6C:C5:90:3A:EA:0D:B6:12:00:F4:CC:D4:F8:24:CD:D5:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yi7MbMWQOuoNthIA9MzU-CTN1U8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/262a4b-c701-48dc-9ae5-346368827e68/1/L0cSuSVdF9w32pOSSf5ANj0b_l4.roa
Signing time:             Wed 27 Sep 2023 14:28:27 +0000
ROA not before:           Wed 27 Sep 2023 14:28:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43519
IP address blocks:        213.248.216.0/24 maxlen: 24
                          213.248.219.0/24 maxlen: 24
                          213.248.218.0/24 maxlen: 24
                          213.248.217.0/24 maxlen: 24
                          213.248.220.0/24 maxlen: 24
                          213.248.222.0/24 maxlen: 24
                          213.248.254.0/24 maxlen: 24
                          2a01:618:405::/48 maxlen: 48
                          2a01:618:400::/48 maxlen: 48
                          2a01:618:403::/48 maxlen: 48
                          2a01:618:404::/48 maxlen: 48
                          2a01:618:407::/48 maxlen: 48
                          2a01:618:402::/48 maxlen: 48
                          2a01:618:406::/48 maxlen: 48
                          2a01:618:401::/48 maxlen: 48

Validation:               Failed, certificate revoked on Thu 28 Sep 2023 08:03:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:d7:0a:8b:73:a0:d0:75:7a:3d:4f:63:92:c8:bb:ee:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=622ecc6cc5903aea0db61200f4ccd4f824cdd54f
        Validity
            Not Before: Sep 27 14:28:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2f4712b9255d17dc37da939249fe40363d1bfe5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:44:da:ef:8a:31:38:db:ba:52:ee:30:4d:6f:
                    7b:20:d6:89:b2:e8:58:bc:8a:20:9d:e6:b4:3e:68:
                    73:d2:f0:26:d6:5c:cf:27:05:5c:12:e3:97:51:76:
                    25:d7:6e:b8:e5:b1:3b:22:36:d0:34:9d:09:49:d3:
                    ed:02:1e:d5:1a:d6:88:aa:34:c1:69:a9:b9:d7:44:
                    1b:de:63:ea:8f:a6:17:94:45:01:34:69:66:34:a9:
                    06:99:3c:87:17:85:ed:6e:3e:4b:f7:97:b9:1a:e8:
                    02:19:49:f0:70:e4:b8:2e:39:54:11:f8:2d:63:6c:
                    f9:80:5f:21:38:b0:29:eb:56:30:6c:3e:90:ad:03:
                    00:bc:10:69:b4:5f:dd:b0:d1:05:8a:cd:c3:f1:fe:
                    9c:52:6a:7c:41:bd:48:1b:cb:e2:2e:55:dc:6f:2c:
                    9d:0c:f8:7b:64:d5:b5:95:f4:d5:84:df:0a:6e:92:
                    84:2d:b0:b5:93:f1:b9:d1:05:af:69:78:57:f1:06:
                    7e:47:51:a8:fa:a9:9f:ae:69:16:df:a0:ae:66:3d:
                    42:fe:ac:ca:30:55:e4:5d:75:64:de:36:5f:6d:23:
                    64:30:8a:76:3a:f2:92:3e:01:df:8a:c0:78:75:c0:
                    78:90:55:e7:0a:d4:8b:60:62:28:97:ae:c2:e6:9a:
                    10:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:47:12:B9:25:5D:17:DC:37:DA:93:92:49:FE:40:36:3D:1B:FE:5E
            X509v3 Authority Key Identifier:
                keyid:62:2E:CC:6C:C5:90:3A:EA:0D:B6:12:00:F4:CC:D4:F8:24:CD:D5:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yi7MbMWQOuoNthIA9MzU-CTN1U8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/262a4b-c701-48dc-9ae5-346368827e68/1/L0cSuSVdF9w32pOSSf5ANj0b_l4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/262a4b-c701-48dc-9ae5-346368827e68/1/Yi7MbMWQOuoNthIA9MzU-CTN1U8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.248.216.0-213.248.220.255
                  213.248.222.0/24
                  213.248.254.0/24
                IPv6:
                  2a01:618:400::/45

    Signature Algorithm: sha256WithRSAEncryption
         24:a7:a2:3e:ba:d9:7a:d5:af:d7:e2:b4:36:01:f8:f3:d1:ab:
         35:83:56:6d:2f:7c:4c:8c:9a:41:91:53:47:c4:df:43:85:3c:
         36:1e:35:94:e1:c6:54:fa:73:2f:77:36:94:07:dc:99:cf:20:
         1b:b3:59:a4:05:87:a1:37:33:58:2c:b3:64:cb:62:ea:12:66:
         c0:cb:97:9d:ed:32:de:03:03:a6:29:de:db:ea:e3:05:26:f9:
         d0:d1:13:f4:86:e8:05:a7:31:69:ab:84:66:8c:f9:10:0b:09:
         8a:97:c8:a7:4e:75:b5:66:5f:07:fb:19:92:c9:61:a8:e4:d6:
         a4:a7:a8:0e:be:55:3e:1e:1e:df:77:89:81:a7:f6:a5:48:2e:
         d2:9f:15:12:95:30:7d:ea:fb:87:6f:ac:a0:b6:45:21:ff:2c:
         0c:0f:7c:91:e4:4c:60:48:ed:d1:e9:8d:99:86:55:84:7e:bb:
         61:91:1e:5c:28:f4:20:eb:46:1e:24:1b:bf:ae:2b:87:ed:9e:
         8c:2d:0e:e0:36:e1:3a:5d:10:64:51:53:0e:03:d7:b4:cf:1e:
         82:8c:d1:d3:13:6a:a8:2a:a1:84:58:b0:70:a9:d8:54:43:71:
         32:93:50:3f:06:77:a2:77:27:fd:f1:5b:a8:6c:7a:1c:9a:e2:
         46:72:c7:60
-----BEGIN CERTIFICATE-----
MIIFIjCCBAqgAwIBAgISAYrXCotzoNB1ej1PY5LIu+4ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMmVjYzZjYzU5MDNhZWEwZGI2MTIwMGY0Y2NkNGY4MjRj
ZGQ1NGYwHhcNMjMwOTI3MTQyODI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjQ3MTJiOTI1NWQxN2RjMzdkYTkzOTI0OWZlNDAzNjNkMWJmZTVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvUTa74oxONu6Uu4wTW97INaJsuhY
vIognea0Pmhz0vAm1lzPJwVcEuOXUXYl12645bE7IjbQNJ0JSdPtAh7VGtaIqjTB
aam510Qb3mPqj6YXlEUBNGlmNKkGmTyHF4Xtbj5L95e5GugCGUnwcOS4LjlUEfgt
Y2z5gF8hOLAp61YwbD6QrQMAvBBptF/dsNEFis3D8f6cUmp8Qb1IG8viLlXcbyyd
DPh7ZNW1lfTVhN8KbpKELbC1k/G50QWvaXhX8QZ+R1Go+qmfrmkW36CuZj1C/qzK
MFXkXXVk3jZfbSNkMIp2OvKSPgHfisB4dcB4kFXnCtSLYGIol67C5poQpwIDAQAB
o4ICLjCCAiowHQYDVR0OBBYEFC9HErklXRfcN9qTkkn+QDY9G/5eMB8GA1UdIwQY
MBaAFGIuzGzFkDrqDbYSAPTM1PgkzdVPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWk3TWJNV1FPdW9OdGhJQTlNelUtQ1ROMVU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy8yNjJhNGItYzcwMS00OGRjLTlhZTUt
MzQ2MzY4ODI3ZTY4LzEvTDBjU3VTVmRGOXczMnBPU1NmNUFOajBiX2w0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy8yNjJhNGItYzcwMS00OGRjLTlhZTUtMzQ2MzY4ODI3ZTY4
LzEvWWk3TWJNV1FPdW9OdGhJQTlNelUtQ1ROMVU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEQGCCsGAQUFBwEHAQH/BDUwMzAgBAIAATAaMAwDBAPV+NgD
BADV+NwDBADV+N4DBADV+P4wDwQCAAIwCQMHAyoBBhgEADANBgkqhkiG9w0BAQsF
AAOCAQEAJKeiPrrZetWv1+K0NgH489GrNYNWbS98TIyaQZFTR8TfQ4U8Nh41lOHG
VPpzL3c2lAfcmc8gG7NZpAWHoTczWCyzZMti6hJmwMuXne0y3gMDpine2+rjBSb5
0NET9IboBacxaauEZoz5EAsJipfIp051tWZfB/sZkslhqOTWpKeoDr5VPh4e33eJ
gaf2pUgu0p8VEpUwfer7h2+soLZFIf8sDA98keRMYEjt0emNmYZVhH67YZEeXCj0
IOtGHiQbv64rh+2ejC0O4DbhOl0QZFFTDgPXtM8egozR0xNqqCqhhFiwcKnYVENx
MpNQPwZ3oncn/fFbqGx6HJriRnLHYA==
-----END CERTIFICATE-----