Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/FFPutxiE5Fw_x2si6HaxvxOKQiA.roa
File:                     FFPutxiE5Fw_x2si6HaxvxOKQiA.roa (raw, json)
Hash identifier:          9P+w91GSysyppPgQs5r+qe0g0njPztvcCIg+jXvVXZM=
Subject key identifier:   14:53:EE:B7:18:84:E4:5C:3F:C7:6B:22:E8:76:B1:BF:13:8A:42:20
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       018571D7DC93BCD7F05CBEF17E35D712E11D
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/FFPutxiE5Fw_x2si6HaxvxOKQiA.roa
Signing time:             Mon 02 Jan 2023 09:37:30 +0000
ROA not before:           Mon 02 Jan 2023 09:37:30 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     198961
IP address blocks:        37.221.176.0/24 maxlen: 24
                          37.221.177.0/24 maxlen: 24
                          37.221.178.0/24 maxlen: 24
                          37.221.179.0/24 maxlen: 24
                          37.221.181.0/24 maxlen: 24
                          37.221.182.0/24 maxlen: 24
                          37.221.183.0/24 maxlen: 24
                          188.255.237.0/24 maxlen: 24
                          188.255.131.0/24 maxlen: 24
                          188.255.132.0/24 maxlen: 24
                          212.69.24.0/22 maxlen: 22
                          212.69.22.0/23 maxlen: 23

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 14:29:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:d7:dc:93:bc:d7:f0:5c:be:f1:7e:35:d7:12:e1:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Jan  2 09:37:30 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1453eeb71884e45c3fc76b22e876b1bf138a4220
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:a3:71:ff:00:ac:d1:84:36:68:13:8b:d3:bb:
                    5a:4e:78:9d:89:e6:af:ec:6a:48:40:dd:21:41:7e:
                    82:af:4d:e2:3e:b4:3b:7d:f8:ee:4f:c1:9b:4c:a0:
                    2d:d5:8e:99:2a:0d:1d:cc:ac:99:dc:0c:33:29:0f:
                    a5:de:a8:9f:22:a1:6a:c7:5b:42:b0:47:66:ca:3d:
                    bd:d9:48:df:0e:e3:61:10:d1:ed:01:dd:c8:bf:b1:
                    12:a7:c9:2e:ca:02:15:e9:fe:08:65:54:07:e2:78:
                    bb:f7:71:84:9a:e1:e0:a8:bc:75:5a:2a:7e:3b:19:
                    03:1c:b6:3c:07:2b:c3:df:76:07:b8:4c:5d:e1:ba:
                    21:8e:07:e4:a8:12:69:4d:17:cc:7e:b2:a1:8a:cb:
                    5f:ec:2f:24:0a:4e:15:44:5b:68:c8:6f:37:ec:70:
                    18:69:a6:df:2d:b1:5d:73:f9:d1:f7:9a:d9:d9:b5:
                    58:67:c2:c0:f4:bd:58:92:a6:b8:70:86:09:10:b5:
                    2d:38:50:40:50:32:48:f9:37:23:14:84:f0:cd:13:
                    4b:49:17:52:e7:31:10:8a:5d:3c:8d:c7:3e:c3:fe:
                    b6:bb:c0:ac:da:e5:17:8b:1a:04:03:14:37:f9:fa:
                    2d:1a:2f:82:7f:03:a7:f8:d4:de:cd:75:fd:18:cc:
                    e3:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:53:EE:B7:18:84:E4:5C:3F:C7:6B:22:E8:76:B1:BF:13:8A:42:20
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/FFPutxiE5Fw_x2si6HaxvxOKQiA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.221.176.0/22
                  37.221.181.0-37.221.183.255
                  188.255.131.0-188.255.132.255
                  188.255.237.0/24
                  212.69.22.0-212.69.27.255

    Signature Algorithm: sha256WithRSAEncryption
         5d:fd:bd:1b:5e:1f:da:c4:b8:7b:57:cb:4e:69:aa:b4:96:e5:
         30:6c:bc:29:e0:b9:fe:e3:11:de:e4:1f:77:36:84:f5:39:ad:
         8b:9b:41:17:55:55:73:e0:b6:8f:37:d4:d7:5d:40:c8:06:6f:
         2c:46:e1:c4:98:48:20:f9:2d:93:af:36:fc:e3:8e:d2:03:a9:
         e9:a1:f2:20:df:47:6e:06:f8:ed:84:51:5c:b8:f1:07:79:83:
         63:8e:ed:b5:e1:26:ff:39:ac:b2:83:c1:41:0d:70:f4:2f:b4:
         47:42:f9:90:7c:8e:d7:ee:8a:da:08:0a:98:99:6c:f8:8f:99:
         06:77:4a:15:a1:37:9f:a7:47:b2:49:d6:ea:a2:22:49:7e:6e:
         30:97:07:a8:f7:53:07:90:e6:78:e1:20:ba:9c:8f:e2:6a:11:
         14:cd:e0:d6:93:31:f3:6e:30:3e:2a:c1:89:af:df:12:c1:b9:
         47:92:fb:93:32:c6:4a:00:85:4c:76:e0:e1:4a:bd:8f:8a:fd:
         86:b6:d1:3d:28:46:ff:8a:6d:8d:75:0a:1f:f2:c5:1e:4d:a2:
         b3:14:2a:8a:47:80:11:28:c7:96:20:95:e0:13:83:ed:c3:5c:
         1e:0b:4e:7f:b1:e9:cf:15:a7:4b:26:e4:76:cd:68:3f:67:b0:
         de:d3:e0:68
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYVx19yTvNfwXL7xfjXXEuEdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjMwMTAyMDkzNzMwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDUzZWViNzE4ODRlNDVjM2ZjNzZiMjJlODc2YjFiZjEzOGE0MjIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqKNx/wCs0YQ2aBOL07taTnidieav
7GpIQN0hQX6Cr03iPrQ7ffjuT8GbTKAt1Y6ZKg0dzKyZ3AwzKQ+l3qifIqFqx1tC
sEdmyj292UjfDuNhENHtAd3Iv7ESp8kuygIV6f4IZVQH4ni793GEmuHgqLx1Wip+
OxkDHLY8ByvD33YHuExd4bohjgfkqBJpTRfMfrKhistf7C8kCk4VRFtoyG837HAY
aabfLbFdc/nR95rZ2bVYZ8LA9L1Ykqa4cIYJELUtOFBAUDJI+TcjFITwzRNLSRdS
5zEQil08jcc+w/62u8Cs2uUXixoEAxQ3+fotGi+CfwOn+NTezXX9GMzjYwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFBRT7rcYhORcP8drIuh2sb8TikIgMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvRkZQdXR4aUU1RndfeDJzaTZIYXh2eE9LUWlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQCJd2wMAwD
BAAl3bUDBAMl3bAwDAMEALz/gwMEALz/hAMEALz/7TAMAwQB1EUWAwQC1EUYMA0G
CSqGSIb3DQEBCwUAA4IBAQBd/b0bXh/axLh7V8tOaaq0luUwbLwp4Ln+4xHe5B93
NoT1Oa2Lm0EXVVVz4LaPN9TXXUDIBm8sRuHEmEgg+S2Trzb8447SA6npofIg30du
BvjthFFcuPEHeYNjju214Sb/Oayyg8FBDXD0L7RHQvmQfI7X7oraCAqYmWz4j5kG
d0oVoTefp0eySdbqoiJJfm4wlweo91MHkOZ44SC6nI/iahEUzeDWkzHzbjA+KsGJ
r98SwblHkvuTMsZKAIVMduDhSr2Piv2GttE9KEb/im2NdQof8sUeTaKzFCqKR4AR
KMeWIJXgE4Ptw1weC05/senPFadLJuR2zWg/Z7De0+Bo
-----END CERTIFICATE-----