Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/wxEcFaZaAm-HtVKFTsKQoW0jgs8.roa
File:                     wxEcFaZaAm-HtVKFTsKQoW0jgs8.roa (raw, json)
Hash identifier:          R112QIl2DODnRKpa3KE6KGPmdvwNdtQHbrhCHeNT8BY=
Subject key identifier:   C3:11:1C:15:A6:5A:02:6F:87:B5:52:85:4E:C2:90:A1:6D:23:82:CF
Certificate issuer:       /CN=352ae33b11b36a319ba81347d852480d8e74c87d
Certificate serial:       018A217D62230620F9DBD378B07BF6EE803C
Authority key identifier: 35:2A:E3:3B:11:B3:6A:31:9B:A8:13:47:D8:52:48:0D:8E:74:C8:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NSrjOxGzajGbqBNH2FJIDY50yH0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/wxEcFaZaAm-HtVKFTsKQoW0jgs8.roa
Signing time:             Wed 23 Aug 2023 08:22:59 +0000
ROA not before:           Wed 23 Aug 2023 08:22:59 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     206837
IP address blocks:        46.25.127.0/24 maxlen: 24
                          77.224.174.0/24 maxlen: 24
                          77.224.180.0/24 maxlen: 24
                          46.25.145.0/24 maxlen: 24
                          46.24.82.0/24 maxlen: 24
                          46.25.159.0/24 maxlen: 24
                          46.24.91.0/24 maxlen: 24
                          77.224.201.0/24 maxlen: 24
                          46.24.98.0/24 maxlen: 24
                          46.24.100.0/24 maxlen: 24
                          77.224.218.0/24 maxlen: 24
                          46.25.185.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 14:35:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:21:7d:62:23:06:20:f9:db:d3:78:b0:7b:f6:ee:80:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=352ae33b11b36a319ba81347d852480d8e74c87d
        Validity
            Not Before: Aug 23 08:22:59 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c3111c15a65a026f87b552854ec290a16d2382cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:74:5e:52:c6:60:df:80:b6:94:d2:cf:6f:69:
                    d9:7c:51:69:5d:22:24:7e:8f:ba:69:8d:e4:df:b1:
                    63:cc:4e:d0:83:b5:06:fb:81:17:7d:39:23:48:20:
                    a5:a1:30:0a:79:7a:de:32:05:d0:44:b6:ed:3f:71:
                    49:20:e4:17:37:e7:3f:2d:95:25:a3:16:95:52:42:
                    19:3c:3e:c0:22:46:ad:0d:7d:f0:4d:c6:40:47:85:
                    a0:30:5a:11:6f:68:30:0d:2b:8a:01:59:cd:26:3a:
                    a0:1e:14:3c:89:74:3c:2b:86:6d:05:1b:fc:83:73:
                    22:0e:c0:47:ef:d4:00:6d:80:45:cf:f2:ca:10:fb:
                    6c:d5:3a:ef:82:90:bd:94:e4:b7:3d:1d:01:97:75:
                    4e:e6:6d:2f:e6:2a:93:83:c1:66:4d:af:61:1c:38:
                    4f:ab:6c:17:a9:25:ad:8f:05:6e:08:ff:c6:ff:d4:
                    e5:08:b9:78:20:fb:cb:c9:80:08:1d:29:fa:f4:e0:
                    27:ff:d0:a6:0a:44:c0:78:a8:87:00:7c:c7:bc:91:
                    fa:3b:12:10:5a:35:78:de:43:b0:31:86:e2:91:5f:
                    47:2e:e2:61:2b:c2:0e:45:1e:76:b3:57:d2:a6:b1:
                    5d:36:53:92:62:6f:41:49:c3:90:1d:13:dc:8b:4e:
                    34:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:11:1C:15:A6:5A:02:6F:87:B5:52:85:4E:C2:90:A1:6D:23:82:CF
            X509v3 Authority Key Identifier:
                keyid:35:2A:E3:3B:11:B3:6A:31:9B:A8:13:47:D8:52:48:0D:8E:74:C8:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NSrjOxGzajGbqBNH2FJIDY50yH0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/wxEcFaZaAm-HtVKFTsKQoW0jgs8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/NSrjOxGzajGbqBNH2FJIDY50yH0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.24.82.0/24
                  46.24.91.0/24
                  46.24.98.0/24
                  46.24.100.0/24
                  46.25.127.0/24
                  46.25.145.0/24
                  46.25.159.0/24
                  46.25.185.0/24
                  77.224.174.0/24
                  77.224.180.0/24
                  77.224.201.0/24
                  77.224.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:a1:f7:7d:80:35:c7:8b:e0:2a:8a:7d:5c:d2:7e:d5:39:82:
         66:4c:ee:63:39:33:36:06:3c:b4:f4:ac:d9:a0:b5:74:fa:83:
         d0:9c:28:57:82:4e:04:d5:7e:fc:f2:37:fb:28:80:0d:83:09:
         38:92:67:07:32:aa:34:60:87:63:32:2f:a9:18:c5:5b:b8:71:
         31:bd:2f:14:6b:1b:e5:d9:b8:be:86:be:4c:09:d5:be:e7:5f:
         51:6b:f4:8a:37:f6:83:b4:f3:62:20:18:e6:a4:53:d2:cb:51:
         da:85:f7:7c:25:14:36:89:34:de:be:2a:58:ab:94:cf:7a:c4:
         05:4b:f7:0e:73:bf:18:60:25:9d:f5:28:cf:66:d5:7b:5a:6a:
         50:b6:2f:4c:bd:53:05:bf:cb:db:e2:8f:95:c7:d6:c2:c0:12:
         30:54:a7:51:dd:f0:ac:30:c1:bf:0a:c9:c6:cd:2c:35:ef:55:
         54:94:67:54:f8:70:e5:ee:aa:35:6d:61:d5:d8:fb:67:b7:92:
         ff:ba:2e:8c:fb:23:65:e9:8f:da:04:65:7c:79:c0:88:10:73:
         31:37:87:06:bb:d3:9b:67:7a:92:49:e4:64:83:f3:e6:63:98:
         7b:6f:94:fc:47:a9:8d:5d:cb:06:eb:e6:d6:57:86:f6:fd:77:
         cd:ea:96:a6
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYohfWIjBiD529N4sHv27oA8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MmFlMzNiMTFiMzZhMzE5YmE4MTM0N2Q4NTI0ODBkOGU3
NGM4N2QwHhcNMjMwODIzMDgyMjU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzExMWMxNWE2NWEwMjZmODdiNTUyODU0ZWMyOTBhMTZkMjM4MmNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhnReUsZg34C2lNLPb2nZfFFpXSIk
fo+6aY3k37FjzE7Qg7UG+4EXfTkjSCCloTAKeXreMgXQRLbtP3FJIOQXN+c/LZUl
oxaVUkIZPD7AIkatDX3wTcZAR4WgMFoRb2gwDSuKAVnNJjqgHhQ8iXQ8K4ZtBRv8
g3MiDsBH79QAbYBFz/LKEPts1TrvgpC9lOS3PR0Bl3VO5m0v5iqTg8FmTa9hHDhP
q2wXqSWtjwVuCP/G/9TlCLl4IPvLyYAIHSn69OAn/9CmCkTAeKiHAHzHvJH6OxIQ
WjV43kOwMYbikV9HLuJhK8IORR52s1fSprFdNlOSYm9BScOQHRPci0400QIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFMMRHBWmWgJvh7VShU7CkKFtI4LPMB8GA1UdIwQY
MBaAFDUq4zsRs2oxm6gTR9hSSA2OdMh9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlNyak94R3phakdicUJOSDJGSklEWTUweUgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9jNTVhYjAtZWEyMi00YTE5LThiMzMt
MjUwNTBjNTkzYWExLzEvd3hFY0ZhWmFBbS1IdFZLRlRzS1FvVzBqZ3M4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9jNTVhYjAtZWEyMi00YTE5LThiMzMtMjUwNTBjNTkzYWEx
LzEvTlNyak94R3phakdicUJOSDJGSklEWTUweUgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQALhhSAwQA
LhhbAwQALhhiAwQALhhkAwQALhl/AwQALhmRAwQALhmfAwQALhm5AwQATeCuAwQA
TeC0AwQATeDJAwQATeDaMA0GCSqGSIb3DQEBCwUAA4IBAQBQofd9gDXHi+Aqin1c
0n7VOYJmTO5jOTM2Bjy09KzZoLV0+oPQnChXgk4E1X788jf7KIANgwk4kmcHMqo0
YIdjMi+pGMVbuHExvS8Uaxvl2bi+hr5MCdW+519Ra/SKN/aDtPNiIBjmpFPSy1Ha
hfd8JRQ2iTTevipYq5TPesQFS/cOc78YYCWd9SjPZtV7WmpQti9MvVMFv8vb4o+V
x9bCwBIwVKdR3fCsMMG/CsnGzSw171VUlGdU+HDl7qo1bWHV2Ptnt5L/ui6M+yNl
6Y/aBGV8ecCIEHMxN4cGu9ObZ3qSSeRkg/PmY5h7b5T8R6mNXcsG6+bWV4b2/XfN
6pam
-----END CERTIFICATE-----