Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/XKr_K3Lf_9dmDQIgLrSnEJDUcnI.roa
File:                     XKr_K3Lf_9dmDQIgLrSnEJDUcnI.roa (raw, json)
Hash identifier:          rx6obmnib7UBfahqGB7H2OEbPjzIlRO3jEnL//Efes4=
Subject key identifier:   5C:AA:FF:2B:72:DF:FF:D7:66:0D:02:20:2E:B4:A7:10:90:D4:72:72
Certificate issuer:       /CN=408af485b4fd0f03717cd4a709ef11c61d3ef46e
Certificate serial:       018CC2DAE1F7585D5A2B2B01F456E4D372F2
Authority key identifier: 40:8A:F4:85:B4:FD:0F:03:71:7C:D4:A7:09:EF:11:C6:1D:3E:F4:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/XKr_K3Lf_9dmDQIgLrSnEJDUcnI.roa
Signing time:             Mon 01 Jan 2024 02:29:33 +0000
ROA not before:           Mon 01 Jan 2024 02:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5606
IP address blocks:        195.246.242.0/23 maxlen: 23
                          89.33.236.0/23 maxlen: 23
                          185.171.186.0/24 maxlen: 24
                          93.119.152.0/24 maxlen: 24
                          93.119.153.0/24 maxlen: 24
                          89.40.16.0/24 maxlen: 24
                          89.40.17.0/24 maxlen: 24
                          188.214.105.0/24 maxlen: 24
                          89.40.19.0/24 maxlen: 24
                          89.40.18.0/24 maxlen: 24
                          89.46.6.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 15 Feb 2024 14:03:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:e1:f7:58:5d:5a:2b:2b:01:f4:56:e4:d3:72:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=408af485b4fd0f03717cd4a709ef11c61d3ef46e
        Validity
            Not Before: Jan  1 02:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5caaff2b72dfffd7660d02202eb4a71090d47272
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:66:cf:9c:16:21:0b:f0:0a:03:6a:b5:69:3b:
                    dd:e2:64:36:a5:d6:2f:e0:bd:b4:4b:be:1e:44:a8:
                    ad:7f:63:4e:27:9a:9b:24:02:54:bf:f3:c3:26:78:
                    3e:b5:98:45:30:36:33:11:4a:53:11:4a:d9:bb:67:
                    a6:de:89:b9:e8:37:eb:f1:5d:3a:46:3d:f4:5a:d4:
                    8a:7d:65:04:3d:7e:d5:13:5a:98:eb:aa:81:c8:de:
                    f0:c1:34:40:50:4f:72:e2:d1:28:c0:a9:e5:ce:a1:
                    c3:ac:d0:06:1c:41:55:39:b6:59:6a:2c:ff:ac:5d:
                    e2:54:a7:b7:39:6c:52:7f:5d:34:b1:9f:0a:87:36:
                    68:ca:84:e3:cc:20:c0:72:9d:85:83:9f:0d:3e:ed:
                    b5:18:78:a5:5d:2b:76:8e:da:6c:bd:e3:77:d3:22:
                    d6:aa:70:d1:65:86:ca:e0:8e:fb:10:f7:44:cd:96:
                    e8:6a:9b:c5:30:65:29:06:d9:d8:70:cc:1e:1b:99:
                    27:b8:c3:7e:63:96:63:72:77:87:88:a1:99:ce:68:
                    40:e0:4b:41:96:66:e1:67:a8:55:ab:2d:06:fa:1a:
                    06:0d:28:b8:de:ae:5c:0c:82:9f:f2:bf:c6:53:4b:
                    b7:1b:bf:53:9d:ee:0c:7b:6e:50:d2:12:2f:56:9c:
                    e1:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:AA:FF:2B:72:DF:FF:D7:66:0D:02:20:2E:B4:A7:10:90:D4:72:72
            X509v3 Authority Key Identifier:
                keyid:40:8A:F4:85:B4:FD:0F:03:71:7C:D4:A7:09:EF:11:C6:1D:3E:F4:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/XKr_K3Lf_9dmDQIgLrSnEJDUcnI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.33.236.0/23
                  89.40.16.0/22
                  89.46.6.0/24
                  93.119.152.0/23
                  185.171.186.0/24
                  188.214.105.0/24
                  195.246.242.0/23

    Signature Algorithm: sha256WithRSAEncryption
         58:b9:51:e0:67:3a:c8:ae:bc:88:3f:c8:f2:a8:d8:02:3b:8c:
         25:ac:1e:19:e8:bd:7d:c5:cb:d7:3a:a3:91:2b:43:19:9a:03:
         08:de:cb:91:ec:03:1f:52:b4:35:8f:f5:63:a2:8d:59:a0:0c:
         63:e6:50:bf:98:3f:6a:53:de:53:df:10:4f:36:7d:38:25:39:
         a9:4d:a1:5d:30:38:e6:af:b8:68:06:4f:e7:c1:ed:ce:64:1b:
         73:3c:fc:f9:e5:1a:3c:32:4d:e2:e6:23:4f:5a:95:ed:d9:67:
         c8:1f:97:d7:16:6b:2d:46:77:0c:dd:8a:4d:0a:42:7b:a4:b0:
         c9:43:02:94:19:1d:e6:e2:58:65:f8:65:17:b4:3a:c9:b0:54:
         d5:8a:7e:58:a0:7e:2c:e0:7a:95:87:1b:a9:85:cd:4c:50:6a:
         54:fa:65:cd:e8:1a:8c:4b:cf:52:e9:be:02:a3:37:33:75:cd:
         6b:ac:76:af:29:21:48:b5:ef:f0:52:33:7c:a1:4e:d1:83:95:
         ff:e6:bb:16:81:05:18:28:56:1f:64:78:7e:b8:ab:23:dd:22:
         72:fb:91:9d:13:d4:41:ac:48:01:8f:63:6f:cb:70:11:13:5e:
         4f:2e:74:86:34:e2:45:ea:f6:ab:49:1b:3d:b6:aa:e4:03:f9:
         35:c7:b4:e2
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYzC2uH3WF1aKysB9Fbk03LyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwOGFmNDg1YjRmZDBmMDM3MTdjZDRhNzA5ZWYxMWM2MWQz
ZWY0NmUwHhcNMjQwMTAxMDIyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2FhZmYyYjcyZGZmZmQ3NjYwZDAyMjAyZWI0YTcxMDkwZDQ3MjcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm2bPnBYhC/AKA2q1aTvd4mQ2pdYv
4L20S74eRKitf2NOJ5qbJAJUv/PDJng+tZhFMDYzEUpTEUrZu2em3om56Dfr8V06
Rj30WtSKfWUEPX7VE1qY66qByN7wwTRAUE9y4tEowKnlzqHDrNAGHEFVObZZaiz/
rF3iVKe3OWxSf100sZ8KhzZoyoTjzCDAcp2Fg58NPu21GHilXSt2jtpsveN30yLW
qnDRZYbK4I77EPdEzZboapvFMGUpBtnYcMweG5knuMN+Y5ZjcneHiKGZzmhA4EtB
lmbhZ6hVqy0G+hoGDSi43q5cDIKf8r/GU0u3G79Tne4Me25Q0hIvVpzhdQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFFyq/yty3//XZg0CIC60pxCQ1HJyMB8GA1UdIwQY
MBaAFECK9IW0/Q8DcXzUpwnvEcYdPvRuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUlyMGhiVDlEd054Zk5TbkNlOFJ4aDAtOUc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9lMTE3MWMtNTI3MC00OWNkLTkzNzkt
Yjk1YjA4YTIzYWUxLzEvWEtyX0szTGZfOWRtRFFJZ0xyU25FSkRVY25JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9lMTE3MWMtNTI3MC00OWNkLTkzNzktYjk1YjA4YTIzYWUx
LzEvUUlyMGhiVDlEd054Zk5TbkNlOFJ4aDAtOUc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQBWSHsAwQC
WSgQAwQAWS4GAwQBXXeYAwQAuau6AwQAvNZpAwQBw/byMA0GCSqGSIb3DQEBCwUA
A4IBAQBYuVHgZzrIrryIP8jyqNgCO4wlrB4Z6L19xcvXOqORK0MZmgMI3suR7AMf
UrQ1j/Vjoo1ZoAxj5lC/mD9qU95T3xBPNn04JTmpTaFdMDjmr7hoBk/nwe3OZBtz
PPz55Ro8Mk3i5iNPWpXt2WfIH5fXFmstRncM3YpNCkJ7pLDJQwKUGR3m4lhl+GUX
tDrJsFTVin5YoH4s4HqVhxuphc1MUGpU+mXN6BqMS89S6b4Cozczdc1rrHavKSFI
te/wUjN8oU7Rg5X/5rsWgQUYKFYfZHh+uKsj3SJy+5GdE9RBrEgBj2Nvy3ARE15P
LnSGNOJF6varSRs9tqrkA/k1x7Ti
-----END CERTIFICATE-----