Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/262a4b-c701-48dc-9ae5-346368827e68/1/TOJQn1aqzT8g0Qc7Pd9lfoeL-5E.roa
File:                     TOJQn1aqzT8g0Qc7Pd9lfoeL-5E.roa (raw, json)
Hash identifier:          EDZUQsk5lS2c95K1+RE8yJLoweyhulTacrE6ABh1Sns=
Subject key identifier:   4C:E2:50:9F:56:AA:CD:3F:20:D1:07:3B:3D:DF:65:7E:87:8B:FB:91
Certificate issuer:       /CN=622ecc6cc5903aea0db61200f4ccd4f824cdd54f
Certificate serial:       018AD6BA8CC12DB35826655D12756D149879
Authority key identifier: 62:2E:CC:6C:C5:90:3A:EA:0D:B6:12:00:F4:CC:D4:F8:24:CD:D5:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yi7MbMWQOuoNthIA9MzU-CTN1U8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/262a4b-c701-48dc-9ae5-346368827e68/1/TOJQn1aqzT8g0Qc7Pd9lfoeL-5E.roa
Signing time:             Wed 27 Sep 2023 13:01:04 +0000
ROA not before:           Wed 27 Sep 2023 13:01:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43519
IP address blocks:        213.248.216.0/24 maxlen: 24
                          213.248.219.0/24 maxlen: 24
                          213.248.218.0/24 maxlen: 24
                          213.248.217.0/24 maxlen: 24
                          213.248.222.0/24 maxlen: 24
                          213.248.254.0/24 maxlen: 24
                          2a01:618:405::/48 maxlen: 48
                          2a01:618:400::/48 maxlen: 48
                          2a01:618:403::/48 maxlen: 48
                          2a01:618:404::/48 maxlen: 48
                          2a01:618:407::/48 maxlen: 48
                          2a01:618:402::/48 maxlen: 48
                          2a01:618:406::/48 maxlen: 48
                          2a01:618:401::/48 maxlen: 48

Validation:               Failed, certificate revoked on Wed 27 Sep 2023 14:28:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:d6:ba:8c:c1:2d:b3:58:26:65:5d:12:75:6d:14:98:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=622ecc6cc5903aea0db61200f4ccd4f824cdd54f
        Validity
            Not Before: Sep 27 13:01:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4ce2509f56aacd3f20d1073b3ddf657e878bfb91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:57:43:23:2a:0b:84:0b:7b:84:ce:5e:73:f0:
                    71:d4:8f:eb:d6:d4:d4:b3:f0:7d:5e:eb:0d:34:be:
                    1f:3f:51:10:b1:7f:9f:1b:ad:cc:fe:8e:69:44:0c:
                    c2:ba:6d:10:b8:ab:83:54:4a:2f:df:b1:f6:60:31:
                    b4:60:56:d4:77:80:6c:0e:48:50:98:29:4c:ed:f0:
                    6e:6d:00:73:fc:74:69:a6:72:e2:c4:7b:a6:85:bd:
                    77:23:55:99:fc:4f:db:24:98:4a:16:97:73:03:21:
                    8c:52:e9:e7:ef:c4:29:c2:fa:dc:a7:ea:64:69:64:
                    30:91:bc:c7:ec:ca:b6:9b:19:ff:35:7d:0d:f4:bc:
                    c5:a4:07:ce:46:b8:6c:17:de:33:2e:7c:ac:17:d7:
                    38:07:1d:6f:6d:b8:33:2c:3f:fb:0f:dd:f1:84:92:
                    3c:81:f1:03:39:76:71:41:8c:53:43:cc:b2:00:f4:
                    80:ac:4f:fd:c0:94:d6:f0:c2:fc:97:19:c3:79:56:
                    36:24:4b:c3:7b:95:5a:da:a5:2c:1f:d3:bd:e6:c8:
                    99:b0:3b:9d:ba:f2:91:12:3f:c8:07:0f:bc:ae:32:
                    55:e9:70:ce:8b:6f:47:1c:6c:f5:9d:b4:c1:08:73:
                    0e:71:62:32:fc:57:e4:d9:41:0e:a0:ea:cf:c5:94:
                    33:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:E2:50:9F:56:AA:CD:3F:20:D1:07:3B:3D:DF:65:7E:87:8B:FB:91
            X509v3 Authority Key Identifier:
                keyid:62:2E:CC:6C:C5:90:3A:EA:0D:B6:12:00:F4:CC:D4:F8:24:CD:D5:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yi7MbMWQOuoNthIA9MzU-CTN1U8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/262a4b-c701-48dc-9ae5-346368827e68/1/TOJQn1aqzT8g0Qc7Pd9lfoeL-5E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/262a4b-c701-48dc-9ae5-346368827e68/1/Yi7MbMWQOuoNthIA9MzU-CTN1U8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.248.216.0/22
                  213.248.222.0/24
                  213.248.254.0/24
                IPv6:
                  2a01:618:400::/45

    Signature Algorithm: sha256WithRSAEncryption
         17:8e:d4:b3:2f:16:88:4f:69:39:28:22:c4:c1:d4:8e:5b:15:
         99:4a:0f:15:21:21:9f:3f:23:e8:37:34:92:7d:68:df:d0:b6:
         ca:28:bb:98:eb:06:e7:c9:52:ef:22:1e:14:2f:50:30:44:1f:
         a5:d6:74:b0:d3:0e:7d:17:2a:79:a8:1d:31:83:4a:02:bc:03:
         fb:e4:09:a7:d3:97:3d:27:ea:95:b9:70:65:c2:79:1a:b8:92:
         8b:02:2c:43:dc:76:91:51:de:cf:b7:2e:96:cb:38:1f:ce:c9:
         43:f0:6e:bd:a7:0e:d8:ff:72:c9:bc:b4:e1:44:4e:2a:c6:a3:
         d4:ae:0c:6f:26:91:01:ae:cd:ab:a9:a8:00:a2:4d:c0:6e:92:
         96:52:7a:96:ed:a9:ad:dd:73:81:c3:70:e7:db:38:ac:47:19:
         75:ef:92:48:4a:a9:7a:64:7f:69:7e:38:75:de:94:5f:36:ea:
         c7:9b:65:43:a4:25:17:c5:54:53:67:56:15:9a:d3:bd:9c:ad:
         e5:a2:e0:62:1e:85:24:28:f6:01:b5:f6:69:30:8a:fb:61:a7:
         d8:31:73:27:05:74:1c:20:ce:fd:d9:90:e0:49:c9:c8:66:3c:
         83:e4:93:24:1d:0d:dc:f7:ea:9b:70:a2:f4:da:e2:33:54:62:
         87:83:b0:01
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAYrWuozBLbNYJmVdEnVtFJh5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMmVjYzZjYzU5MDNhZWEwZGI2MTIwMGY0Y2NkNGY4MjRj
ZGQ1NGYwHhcNMjMwOTI3MTMwMTA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2UyNTA5ZjU2YWFjZDNmMjBkMTA3M2IzZGRmNjU3ZTg3OGJmYjkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwldDIyoLhAt7hM5ec/Bx1I/r1tTU
s/B9XusNNL4fP1EQsX+fG63M/o5pRAzCum0QuKuDVEov37H2YDG0YFbUd4BsDkhQ
mClM7fBubQBz/HRppnLixHumhb13I1WZ/E/bJJhKFpdzAyGMUunn78Qpwvrcp+pk
aWQwkbzH7Mq2mxn/NX0N9LzFpAfORrhsF94zLnysF9c4Bx1vbbgzLD/7D93xhJI8
gfEDOXZxQYxTQ8yyAPSArE/9wJTW8ML8lxnDeVY2JEvDe5Va2qUsH9O95siZsDud
uvKREj/IBw+8rjJV6XDOi29HHGz1nbTBCHMOcWIy/Ffk2UEOoOrPxZQzAQIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFEziUJ9Wqs0/INEHOz3fZX6Hi/uRMB8GA1UdIwQY
MBaAFGIuzGzFkDrqDbYSAPTM1PgkzdVPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWk3TWJNV1FPdW9OdGhJQTlNelUtQ1ROMVU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy8yNjJhNGItYzcwMS00OGRjLTlhZTUt
MzQ2MzY4ODI3ZTY4LzEvVE9KUW4xYXF6VDhnMFFjN1BkOWxmb2VMLTVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy8yNjJhNGItYzcwMS00OGRjLTlhZTUtMzQ2MzY4ODI3ZTY4
LzEvWWk3TWJNV1FPdW9OdGhJQTlNelUtQ1ROMVU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAYBAIAATASAwQC1fjYAwQA
1fjeAwQA1fj+MA8EAgACMAkDBwMqAQYYBAAwDQYJKoZIhvcNAQELBQADggEBABeO
1LMvFohPaTkoIsTB1I5bFZlKDxUhIZ8/I+g3NJJ9aN/Qtsoou5jrBufJUu8iHhQv
UDBEH6XWdLDTDn0XKnmoHTGDSgK8A/vkCafTlz0n6pW5cGXCeRq4kosCLEPcdpFR
3s+3LpbLOB/OyUPwbr2nDtj/csm8tOFETirGo9SuDG8mkQGuzaupqACiTcBukpZS
epbtqa3dc4HDcOfbOKxHGXXvkkhKqXpkf2l+OHXelF826sebZUOkJRfFVFNnVhWa
072creWi4GIehSQo9gG19mkwivthp9gxcycFdBwgzv3ZkOBJychmPIPkkyQdDdz3
6ptwovTa4jNUYoeDsAE=
-----END CERTIFICATE-----