Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/afa106-6af8-4310-b4d4-e369d6602e6f/1/9K8cYruitXjUZGw0_na1qhn2W7g.roa
File:                     9K8cYruitXjUZGw0_na1qhn2W7g.roa (raw, json)
Hash identifier:          3QW0fLZ4mor3NCHnU/rSc4Shj6BCLwMi5Vmb4h8wA1U=
Subject key identifier:   F4:AF:1C:62:BB:A2:B5:78:D4:64:6C:34:FE:76:B5:AA:19:F6:5B:B8
Certificate issuer:       /CN=1e47e2bf3974721eafbfb8c31fc5273039d505f3
Certificate serial:       01903E9424B38F8E0F3A3D671D38BEB6B777
Authority key identifier: 1E:47:E2:BF:39:74:72:1E:AF:BF:B8:C3:1F:C5:27:30:39:D5:05:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hkfivzl0ch6vv7jDH8UnMDnVBfM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/afa106-6af8-4310-b4d4-e369d6602e6f/1/9K8cYruitXjUZGw0_na1qhn2W7g.roa
Signing time:             Sat 22 Jun 2024 06:13:34 +0000
ROA not before:           Sat 22 Jun 2024 06:13:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29031
IP address blocks:        91.201.108.0/22 maxlen: 22
                          91.201.108.0/24 maxlen: 24
                          91.201.109.0/24 maxlen: 24
                          91.201.110.0/24 maxlen: 24
                          91.201.111.0/24 maxlen: 24
                          193.239.24.0/24 maxlen: 24
                          193.239.25.0/24 maxlen: 24
                          193.239.26.0/24 maxlen: 24
                          193.239.27.0/24 maxlen: 24
                          195.3.132.0/23 maxlen: 23
                          195.3.134.0/23 maxlen: 23
                          195.3.134.0/24 maxlen: 24
                          195.3.135.0/24 maxlen: 24
                          195.69.200.0/22 maxlen: 22
Validation:               Failed, certificate revoked on Sun 23 Jun 2024 08:07:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:3e:94:24:b3:8f:8e:0f:3a:3d:67:1d:38:be:b6:b7:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e47e2bf3974721eafbfb8c31fc5273039d505f3
        Validity
            Not Before: Jun 22 06:13:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f4af1c62bba2b578d4646c34fe76b5aa19f65bb8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:b2:8b:c4:9b:39:b4:5e:7a:99:14:4a:52:5a:
                    64:44:5c:59:83:1a:8f:fd:5e:10:6b:66:55:0f:a2:
                    23:8a:64:69:e6:62:00:83:97:f9:14:ad:01:10:fa:
                    51:6a:cc:f2:11:24:11:9c:c7:d8:fc:42:09:59:d9:
                    ff:0a:cc:7b:95:01:32:83:50:87:bb:cc:2a:f0:71:
                    59:5d:37:2a:94:92:57:5e:6f:41:28:06:2f:7c:72:
                    1c:cb:6c:ef:8f:d0:ca:ce:3f:c1:e6:40:65:8a:19:
                    71:ed:8e:f1:1b:5a:03:ed:56:cb:15:ef:0c:b8:29:
                    92:86:e0:f2:8b:a6:8e:f1:5f:8e:25:62:e1:6a:1b:
                    da:71:40:45:99:95:1a:24:16:01:83:8a:52:1e:97:
                    09:f4:8a:64:1f:2d:67:17:0c:1b:a5:3f:b2:30:4b:
                    f5:ea:30:d9:a3:d9:92:0e:c2:b7:ad:6f:96:17:ad:
                    4a:77:7e:af:32:c8:36:2c:87:38:e0:25:eb:73:df:
                    a3:64:a1:69:b7:d4:48:c3:6b:81:ce:42:31:3d:05:
                    61:b7:0d:db:df:87:6b:cd:e4:7c:39:d6:95:5b:6e:
                    c8:b2:bd:04:a6:8e:b4:bb:84:7e:75:61:f2:0b:94:
                    e3:c9:e6:f9:c9:a9:71:9f:ec:1a:9b:06:33:51:f1:
                    83:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:AF:1C:62:BB:A2:B5:78:D4:64:6C:34:FE:76:B5:AA:19:F6:5B:B8
            X509v3 Authority Key Identifier:
                keyid:1E:47:E2:BF:39:74:72:1E:AF:BF:B8:C3:1F:C5:27:30:39:D5:05:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hkfivzl0ch6vv7jDH8UnMDnVBfM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/afa106-6af8-4310-b4d4-e369d6602e6f/1/9K8cYruitXjUZGw0_na1qhn2W7g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/afa106-6af8-4310-b4d4-e369d6602e6f/1/Hkfivzl0ch6vv7jDH8UnMDnVBfM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.201.108.0/22
                  193.239.24.0/22
                  195.3.132.0/22
                  195.69.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         96:1b:3d:79:52:cd:db:95:75:91:32:fe:8c:56:5d:f0:90:23:
         da:a0:63:64:6e:62:e3:8a:8b:68:93:34:1c:ed:8e:75:37:92:
         5d:62:80:13:5f:25:9b:00:0c:98:d8:5c:90:d0:82:d3:a8:82:
         b9:ea:46:bb:57:5b:a5:54:59:e9:50:9d:d9:1c:cd:f8:6a:3a:
         76:1d:d8:bd:74:89:04:88:ef:73:a2:0b:69:af:b1:fb:a3:bf:
         57:78:cd:d1:35:9e:93:54:ec:f5:be:df:2a:f8:34:89:02:2e:
         ce:bc:d6:3f:15:ab:c0:93:f2:da:43:b8:dc:d9:12:49:58:52:
         89:20:79:a0:4e:e9:b4:e2:fc:b1:6c:1b:6d:6b:02:b3:f1:77:
         39:9b:56:d0:bd:4a:5f:5d:66:30:fb:ad:5a:bd:f9:66:29:96:
         24:37:40:5e:28:11:cf:39:b2:f5:aa:65:d0:f7:66:b3:76:65:
         ab:68:a9:a9:7c:a2:aa:4f:04:17:e6:29:c4:70:83:5c:f5:fd:
         c2:35:a1:a5:3d:26:58:ac:64:e0:90:83:c6:cc:cd:c2:d9:b4:
         83:1c:d3:c1:42:3a:39:6b:f4:18:64:33:87:1f:e9:26:4b:8a:
         e9:ef:95:a6:c9:9c:dc:08:97:28:51:a4:7f:83:46:95:63:cb:
         e9:b2:4b:37
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZA+lCSzj44POj1nHTi+trd3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNDdlMmJmMzk3NDcyMWVhZmJmYjhjMzFmYzUyNzMwMzlk
NTA1ZjMwHhcNMjQwNjIyMDYxMzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGFmMWM2MmJiYTJiNTc4ZDQ2NDZjMzRmZTc2YjVhYTE5ZjY1YmI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuLKLxJs5tF56mRRKUlpkRFxZgxqP
/V4Qa2ZVD6IjimRp5mIAg5f5FK0BEPpRaszyESQRnMfY/EIJWdn/Csx7lQEyg1CH
u8wq8HFZXTcqlJJXXm9BKAYvfHIcy2zvj9DKzj/B5kBlihlx7Y7xG1oD7VbLFe8M
uCmShuDyi6aO8V+OJWLhahvacUBFmZUaJBYBg4pSHpcJ9IpkHy1nFwwbpT+yMEv1
6jDZo9mSDsK3rW+WF61Kd36vMsg2LIc44CXrc9+jZKFpt9RIw2uBzkIxPQVhtw3b
34drzeR8OdaVW27Isr0Epo60u4R+dWHyC5Tjyeb5yalxn+wamwYzUfGDaQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFPSvHGK7orV41GRsNP52taoZ9lu4MB8GA1UdIwQY
MBaAFB5H4r85dHIer7+4wx/FJzA51QXzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGtmaXZ6bDBjaDZ2djdqREg4VW5NRG5WQmZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi9hZmExMDYtNmFmOC00MzEwLWI0ZDQt
ZTM2OWQ2NjAyZTZmLzEvOUs4Y1lydWl0WGpVWkd3MF9uYTFxaG4yVzdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi9hZmExMDYtNmFmOC00MzEwLWI0ZDQtZTM2OWQ2NjAyZTZm
LzEvSGtmaXZ6bDBjaDZ2djdqREg4VW5NRG5WQmZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCW8lsAwQC
we8YAwQCwwOEAwQCw0XIMA0GCSqGSIb3DQEBCwUAA4IBAQCWGz15Us3blXWRMv6M
Vl3wkCPaoGNkbmLjiotokzQc7Y51N5JdYoATXyWbAAyY2FyQ0ILTqIK56ka7V1ul
VFnpUJ3ZHM34ajp2Hdi9dIkEiO9zogtpr7H7o79XeM3RNZ6TVOz1vt8q+DSJAi7O
vNY/FavAk/LaQ7jc2RJJWFKJIHmgTum04vyxbBttawKz8Xc5m1bQvUpfXWYw+61a
vflmKZYkN0BeKBHPObL1qmXQ92azdmWraKmpfKKqTwQX5inEcINc9f3CNaGlPSZY
rGTgkIPGzM3C2bSDHNPBQjo5a/QYZDOHH+kmS4rp75WmyZzcCJcoUaR/g0aVY8vp
sks3
-----END CERTIFICATE-----