Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/863ba0-0476-43d7-8be7-66eda228fec7/1/4ru6JU7eKTeUdTuhfm3A-gQA5nc.roa
File:                     4ru6JU7eKTeUdTuhfm3A-gQA5nc.roa (raw, json)
Hash identifier:          /4U0rvIgm/Pq1KnVjAgeL3oL/ro/4tk0vJEV3t2ChPc=
Subject key identifier:   E2:BB:BA:25:4E:DE:29:37:94:75:3B:A1:7E:6D:C0:FA:04:00:E6:77
Certificate issuer:       /CN=bc4703e08ca0d6a310cbc643ffcb307ff6cdc65c
Certificate serial:       018C6C9B9C1482CD8F9246D844ADA7C96300
Authority key identifier: BC:47:03:E0:8C:A0:D6:A3:10:CB:C6:43:FF:CB:30:7F:F6:CD:C6:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vEcD4Iyg1qMQy8ZD_8swf_bNxlw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/863ba0-0476-43d7-8be7-66eda228fec7/1/4ru6JU7eKTeUdTuhfm3A-gQA5nc.roa
Signing time:             Fri 15 Dec 2023 08:33:06 +0000
ROA not before:           Fri 15 Dec 2023 08:33:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     50606
IP address blocks:        194.126.245.0/24 maxlen: 24
                          194.127.97.0/24 maxlen: 24
                          185.56.172.0/22 maxlen: 22
                          194.126.251.0/24 maxlen: 24
                          193.42.154.0/24 maxlen: 24
                          109.232.28.0/22 maxlen: 22
                          185.215.72.0/23 maxlen: 23
                          194.126.233.0/24 maxlen: 24
                          213.156.100.0/22 maxlen: 22
                          2a02:54e0::/29 maxlen: 29

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 04:29:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:6c:9b:9c:14:82:cd:8f:92:46:d8:44:ad:a7:c9:63:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc4703e08ca0d6a310cbc643ffcb307ff6cdc65c
        Validity
            Not Before: Dec 15 08:33:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e2bbba254ede293794753ba17e6dc0fa0400e677
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:8b:77:0f:70:ef:f1:3c:93:43:c5:75:d6:15:
                    bc:e3:bb:c9:1d:e4:c8:a2:e5:d6:26:15:5b:df:06:
                    64:d9:0d:46:23:f9:f2:1c:05:76:62:31:1d:4b:1f:
                    d2:51:48:de:5e:3d:72:36:45:3a:fd:bb:b5:58:96:
                    90:3d:13:2e:3e:e3:15:54:87:40:a9:74:c6:c9:b7:
                    2a:5a:ed:ab:41:46:7e:4a:19:64:32:79:62:cb:ce:
                    a5:bb:ab:6a:9b:26:1d:65:d2:a3:e7:6d:a7:3f:3a:
                    16:c5:53:bd:c4:50:19:b9:43:ff:07:08:b4:f1:4d:
                    af:b4:52:54:6e:34:bb:f2:70:cd:b2:ba:43:ea:48:
                    ec:1f:77:0a:4f:52:b0:44:8e:d4:5d:db:1e:6d:f4:
                    1a:4f:98:b2:ef:c1:4d:52:e7:82:2c:95:ed:98:fb:
                    8d:99:8d:b6:92:ec:b5:45:68:11:78:62:c3:da:80:
                    52:34:53:fc:7e:7a:24:8f:16:b6:8c:e4:9b:20:b8:
                    a3:44:a7:9c:0c:3d:95:5e:d7:d8:bf:5b:bd:22:76:
                    d4:15:c8:09:6e:43:08:95:a7:20:9e:01:b6:ea:c6:
                    72:84:3a:c6:f6:37:71:2e:ee:d5:63:e0:1b:d9:16:
                    fe:f3:41:d7:ba:a3:c2:59:28:ab:c3:54:5a:13:10:
                    14:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:BB:BA:25:4E:DE:29:37:94:75:3B:A1:7E:6D:C0:FA:04:00:E6:77
            X509v3 Authority Key Identifier:
                keyid:BC:47:03:E0:8C:A0:D6:A3:10:CB:C6:43:FF:CB:30:7F:F6:CD:C6:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vEcD4Iyg1qMQy8ZD_8swf_bNxlw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/863ba0-0476-43d7-8be7-66eda228fec7/1/4ru6JU7eKTeUdTuhfm3A-gQA5nc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/863ba0-0476-43d7-8be7-66eda228fec7/1/vEcD4Iyg1qMQy8ZD_8swf_bNxlw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.232.28.0/22
                  185.56.172.0/22
                  185.215.72.0/23
                  193.42.154.0/24
                  194.126.233.0/24
                  194.126.245.0/24
                  194.126.251.0/24
                  194.127.97.0/24
                  213.156.100.0/22
                IPv6:
                  2a02:54e0::/29

    Signature Algorithm: sha256WithRSAEncryption
         6b:aa:67:a9:76:ad:37:26:bc:d9:29:ed:d7:a4:e5:47:ea:2c:
         f8:4f:27:71:98:c5:3d:c5:92:b6:b8:b0:00:34:5d:4b:bf:b1:
         81:77:17:ab:6e:04:2c:2e:40:63:2f:3c:7a:0c:b2:ff:92:dd:
         d4:43:96:89:a4:65:e8:08:0b:d2:3d:4a:a5:40:00:96:a0:0e:
         a9:f9:aa:17:05:dd:93:6d:f9:57:9a:a4:1e:4c:25:0b:b3:55:
         39:76:c7:3c:d0:5f:e9:d8:47:40:c4:20:58:db:ab:02:93:57:
         69:8f:59:eb:03:88:a5:49:e1:88:45:3d:64:2f:fa:d1:72:e6:
         b8:95:8a:f2:47:82:a5:62:cb:67:80:ab:92:b9:c7:eb:a0:cc:
         13:6d:bd:98:9e:eb:3a:ed:29:5d:de:c3:7f:c9:3e:52:45:fa:
         1e:dc:d2:c9:16:5d:27:47:a1:ed:a2:10:2b:26:59:37:aa:80:
         52:65:ef:b0:8a:e9:53:e4:dd:58:e2:5c:bd:83:bc:21:43:6f:
         da:cb:b7:a9:89:ac:89:ee:c1:8c:e5:e7:92:7d:fa:c7:1d:f0:
         3c:0a:c1:9d:65:b6:37:39:c1:ab:d2:4c:3c:11:27:51:27:09:
         9c:1c:f9:29:95:6c:6f:2f:68:fb:05:22:a0:ac:71:76:fa:73:
         51:20:c0:e5
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAYxsm5wUgs2PkkbYRK2nyWMAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjNDcwM2UwOGNhMGQ2YTMxMGNiYzY0M2ZmY2IzMDdmZjZj
ZGM2NWMwHhcNMjMxMjE1MDgzMzA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmJiYmEyNTRlZGUyOTM3OTQ3NTNiYTE3ZTZkYzBmYTA0MDBlNjc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA14t3D3Dv8TyTQ8V11hW847vJHeTI
ouXWJhVb3wZk2Q1GI/nyHAV2YjEdSx/SUUjeXj1yNkU6/bu1WJaQPRMuPuMVVIdA
qXTGybcqWu2rQUZ+ShlkMnliy86lu6tqmyYdZdKj522nPzoWxVO9xFAZuUP/Bwi0
8U2vtFJUbjS78nDNsrpD6kjsH3cKT1KwRI7UXdsebfQaT5iy78FNUueCLJXtmPuN
mY22kuy1RWgReGLD2oBSNFP8fnokjxa2jOSbILijRKecDD2VXtfYv1u9InbUFcgJ
bkMIlacgngG26sZyhDrG9jdxLu7VY+Ab2Rb+80HXuqPCWSirw1RaExAU7wIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFOK7uiVO3ik3lHU7oX5twPoEAOZ3MB8GA1UdIwQY
MBaAFLxHA+CMoNajEMvGQ//LMH/2zcZcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkVjRDRJeWcxcU1ReThaRF84c3dmX2JOeGx3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy84NjNiYTAtMDQ3Ni00M2Q3LThiZTct
NjZlZGEyMjhmZWM3LzEvNHJ1NkpVN2VLVGVVZFR1aGZtM0EtZ1FBNW5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy84NjNiYTAtMDQ3Ni00M2Q3LThiZTctNjZlZGEyMjhmZWM3
LzEvdkVjRDRJeWcxcU1ReThaRF84c3dmX2JOeGx3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQCbegcAwQC
uTisAwQBuddIAwQAwSqaAwQAwn7pAwQAwn71AwQAwn77AwQAwn9hAwQC1ZxkMA0E
AgACMAcDBQMqAlTgMA0GCSqGSIb3DQEBCwUAA4IBAQBrqmepdq03JrzZKe3XpOVH
6iz4TydxmMU9xZK2uLAANF1Lv7GBdxerbgQsLkBjLzx6DLL/kt3UQ5aJpGXoCAvS
PUqlQACWoA6p+aoXBd2TbflXmqQeTCULs1U5dsc80F/p2EdAxCBY26sCk1dpj1nr
A4ilSeGIRT1kL/rRcua4lYryR4KlYstngKuSucfroMwTbb2Ynus67Sld3sN/yT5S
Rfoe3NLJFl0nR6HtohArJlk3qoBSZe+wiulT5N1Y4ly9g7whQ2/ay7epiayJ7sGM
5eeSffrHHfA8CsGdZbY3OcGr0kw8ESdRJwmcHPkplWxvL2j7BSKgrHF2+nNRIMDl
-----END CERTIFICATE-----