Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/qkbDZ3Rz1PRbK1GaRV1IVFfsSQ4.roa
File:                     qkbDZ3Rz1PRbK1GaRV1IVFfsSQ4.roa (raw, json)
Hash identifier:          gN/uRiU3VVl05fjVS6P4hsXyRPYoh8/YEiD9p/g4LEA=
Subject key identifier:   AA:46:C3:67:74:73:D4:F4:5B:2B:51:9A:45:5D:48:54:57:EC:49:0E
Certificate issuer:       /CN=d60475ebe7f07d74153cb1cca338c16d801f45f7
Certificate serial:       018D8D4F7546186670B6B1D4E4014406EA04
Authority key identifier: D6:04:75:EB:E7:F0:7D:74:15:3C:B1:CC:A3:38:C1:6D:80:1F:45:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/qkbDZ3Rz1PRbK1GaRV1IVFfsSQ4.roa
Signing time:             Fri 09 Feb 2024 10:00:11 +0000
ROA not before:           Fri 09 Feb 2024 10:00:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        31.170.55.0/24 maxlen: 24
                          94.74.152.0/22 maxlen: 24
                          109.203.160.0/24 maxlen: 24
                          109.203.168.0/21 maxlen: 24
                          109.203.176.0/21 maxlen: 24
                          109.203.184.0/21 maxlen: 24
                          176.46.132.0/24 maxlen: 24
                          176.46.140.0/24 maxlen: 24
                          176.46.151.0/24 maxlen: 24
                          185.34.160.0/22 maxlen: 24
Validation:               Failed, certificate revoked on Sat 10 Feb 2024 09:42:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:8d:4f:75:46:18:66:70:b6:b1:d4:e4:01:44:06:ea:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d60475ebe7f07d74153cb1cca338c16d801f45f7
        Validity
            Not Before: Feb  9 10:00:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aa46c3677473d4f45b2b519a455d485457ec490e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:46:d4:77:5f:8c:55:0d:ad:a3:c2:35:94:5e:
                    84:f1:6b:7a:1e:08:bc:f8:cc:5d:d1:02:d0:a7:24:
                    26:ef:30:67:f6:c1:eb:37:d0:8f:35:8f:a8:76:97:
                    b6:72:76:88:ad:52:1b:80:74:91:f6:66:c0:f9:ec:
                    44:0d:54:73:c8:8a:0d:e8:d3:50:00:7d:a6:82:58:
                    a9:1b:b9:ad:88:64:3a:ac:8c:38:d2:ee:82:bc:c3:
                    2c:38:1d:ab:31:11:f4:f1:08:7a:4d:67:13:0e:ad:
                    fe:e2:73:6f:8e:65:65:50:d0:8a:a2:18:3e:43:b8:
                    8f:7f:c0:7c:7b:fd:48:a8:13:5a:5a:40:91:0f:1a:
                    49:de:45:54:17:8e:0c:6a:37:fe:fe:d4:c6:55:9f:
                    d5:9e:f0:2e:2f:09:3b:46:94:74:90:59:8b:cd:14:
                    23:0f:46:44:5a:c4:56:b3:d7:aa:83:40:78:4e:f5:
                    31:63:ea:1a:9a:80:ae:38:4d:53:85:66:40:c5:65:
                    02:fa:23:18:27:6a:e0:13:61:a9:f1:b3:9e:55:12:
                    97:13:a4:d3:29:8a:60:57:f9:5b:3a:20:6d:23:07:
                    18:38:11:1f:15:df:44:a7:bf:6b:b3:94:32:e9:4a:
                    01:b3:ec:e1:b3:00:66:fd:fd:c9:ef:20:3b:02:60:
                    c2:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:46:C3:67:74:73:D4:F4:5B:2B:51:9A:45:5D:48:54:57:EC:49:0E
            X509v3 Authority Key Identifier:
                keyid:D6:04:75:EB:E7:F0:7D:74:15:3C:B1:CC:A3:38:C1:6D:80:1F:45:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/qkbDZ3Rz1PRbK1GaRV1IVFfsSQ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.170.55.0/24
                  94.74.152.0/22
                  109.203.160.0/24
                  109.203.168.0-109.203.191.255
                  176.46.132.0/24
                  176.46.140.0/24
                  176.46.151.0/24
                  185.34.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         31:a7:5f:e0:2a:9f:d5:da:5b:d8:71:7f:f2:f7:fd:25:0c:eb:
         6e:70:12:0e:7c:86:66:67:88:7d:18:1a:6c:ff:2c:03:81:ab:
         14:4a:b2:a9:36:74:66:8e:6b:9d:3c:3b:22:75:2c:20:8e:9f:
         e1:ef:63:17:25:ac:d1:4f:bc:20:0e:14:6c:54:12:fa:f9:0c:
         fb:1d:16:5e:d5:b7:f5:9a:7e:ad:f6:4e:a5:bd:f0:bb:99:5f:
         e7:90:44:c7:80:88:ce:b3:bc:e2:23:dd:33:0b:ed:e9:a8:31:
         ff:60:ff:aa:35:94:ec:9e:b7:81:2d:e2:98:6a:6c:2e:bd:67:
         58:fe:db:b5:b5:02:44:9b:fb:78:34:00:73:10:ca:e1:91:e8:
         6d:48:89:28:51:22:6e:be:3e:74:0b:96:68:14:47:91:3c:c3:
         e8:79:8f:3d:88:35:c3:6b:db:26:74:65:e2:e6:2b:14:e4:79:
         31:0a:d2:26:09:9e:d3:d6:3e:f9:a8:69:e5:26:f9:29:61:8c:
         b2:68:15:6e:b8:0b:83:13:98:06:30:09:b7:cb:af:7a:dc:d5:
         8f:1f:d1:d0:b2:be:67:0e:89:1a:cb:b4:9e:fa:14:27:97:67:
         55:1e:af:38:0e:4c:7a:2f:1c:55:97:0b:e9:3e:63:3f:53:37:
         c9:dd:fd:58
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAY2NT3VGGGZwtrHU5AFEBuoEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2MDQ3NWViZTdmMDdkNzQxNTNjYjFjY2EzMzhjMTZkODAx
ZjQ1ZjcwHhcNMjQwMjA5MTAwMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTQ2YzM2Nzc0NzNkNGY0NWIyYjUxOWE0NTVkNDg1NDU3ZWM0OTBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl0bUd1+MVQ2to8I1lF6E8Wt6Hgi8
+Mxd0QLQpyQm7zBn9sHrN9CPNY+odpe2cnaIrVIbgHSR9mbA+exEDVRzyIoN6NNQ
AH2mglipG7mtiGQ6rIw40u6CvMMsOB2rMRH08Qh6TWcTDq3+4nNvjmVlUNCKohg+
Q7iPf8B8e/1IqBNaWkCRDxpJ3kVUF44Majf+/tTGVZ/VnvAuLwk7RpR0kFmLzRQj
D0ZEWsRWs9eqg0B4TvUxY+oamoCuOE1ThWZAxWUC+iMYJ2rgE2Gp8bOeVRKXE6TT
KYpgV/lbOiBtIwcYOBEfFd9Ep79rs5Qy6UoBs+zhswBm/f3J7yA7AmDC9QIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFKpGw2d0c9T0WytRmkVdSFRX7EkOMB8GA1UdIwQY
MBaAFNYEdevn8H10FTyxzKM4wW2AH0X3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWdSMTYtZndmWFFWUExITW96akJiWUFmUmZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC81MmViYWUtZTAwNi00Nzc4LWFjM2Mt
NDk2ZjhlYmIyZDYxLzEvcWtiRFozUnoxUFJiSzFHYVJWMUlWRmZzU1E0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC81MmViYWUtZTAwNi00Nzc4LWFjM2MtNDk2ZjhlYmIyZDYx
LzEvMWdSMTYtZndmWFFWUExITW96akJiWUFmUmZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQAH6o3AwQC
XkqYAwQAbcugMAwDBANty6gDBAZty4ADBACwLoQDBACwLowDBACwLpcDBAK5IqAw
DQYJKoZIhvcNAQELBQADggEBADGnX+Aqn9XaW9hxf/L3/SUM625wEg58hmZniH0Y
Gmz/LAOBqxRKsqk2dGaOa508OyJ1LCCOn+HvYxclrNFPvCAOFGxUEvr5DPsdFl7V
t/Wafq32TqW98LuZX+eQRMeAiM6zvOIj3TML7emoMf9g/6o1lOyet4Et4phqbC69
Z1j+27W1AkSb+3g0AHMQyuGR6G1IiShRIm6+PnQLlmgUR5E8w+h5jz2INcNr2yZ0
ZeLmKxTkeTEK0iYJntPWPvmoaeUm+SlhjLJoFW64C4MTmAYwCbfLr3rc1Y8f0dCy
vmcOiRrLtJ76FCeXZ1UerzgOTHovHFWXC+k+Yz9TN8nd/Vg=
-----END CERTIFICATE-----