Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/b54641-a95a-4add-a45e-1cada6e8b1a9/1/1uwOjIun75v1ivmTutZKUYeq158.roa
File:                     1uwOjIun75v1ivmTutZKUYeq158.roa (raw, json)
Hash identifier:          bp8CcE/ZRtr/i87Yotz8YSNUnfa0xdh4ydJu/rsh210=
Subject key identifier:   D6:EC:0E:8C:8B:A7:EF:9B:F5:8A:F9:93:BA:D6:4A:51:87:AA:D7:9F
Certificate issuer:       /CN=9eb50e5386c809a0fae6530aa5e8d9825251ded0
Certificate serial:       018ACFACB633347A027D05A5C7C25B7E5C5C
Authority key identifier: 9E:B5:0E:53:86:C8:09:A0:FA:E6:53:0A:A5:E8:D9:82:52:51:DE:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nrUOU4bICaD65lMKpejZglJR3tA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/b54641-a95a-4add-a45e-1cada6e8b1a9/1/1uwOjIun75v1ivmTutZKUYeq158.roa
Signing time:             Tue 26 Sep 2023 04:08:37 +0000
ROA not before:           Tue 26 Sep 2023 04:08:37 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     25198
IP address blocks:        85.204.107.0/24 maxlen: 24
                          185.104.63.0/24 maxlen: 24
                          195.74.93.0/24 maxlen: 24
                          46.229.243.0/24 maxlen: 24
                          46.229.253.0/24 maxlen: 24
                          83.229.61.0/24 maxlen: 24
                          2a12:3200:3000::/36 maxlen: 36
                          2a12:3200:1000::/36 maxlen: 36
                          2a12:3200::/36 maxlen: 36
                          2a12:3200:2000::/36 maxlen: 36
                          2a12:3200:4000::/36 maxlen: 36

Validation:               Failed, certificate revoked on Fri 13 Oct 2023 12:28:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:cf:ac:b6:33:34:7a:02:7d:05:a5:c7:c2:5b:7e:5c:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9eb50e5386c809a0fae6530aa5e8d9825251ded0
        Validity
            Not Before: Sep 26 04:08:37 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d6ec0e8c8ba7ef9bf58af993bad64a5187aad79f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:68:d9:5d:8f:d1:c1:87:92:23:ed:8f:89:73:
                    c3:8b:6e:04:35:6d:9a:81:ae:04:d1:cb:bf:1a:84:
                    c5:c6:8e:61:99:25:c7:52:4d:c4:0b:ef:de:31:24:
                    f0:34:ea:b7:a7:5d:02:80:8e:ea:7b:f9:96:f9:89:
                    7f:4b:44:8e:1c:1a:6e:e7:c7:3a:16:3e:f1:51:40:
                    77:77:a7:2c:a3:34:89:0b:d4:11:e2:da:58:41:87:
                    f5:eb:ee:05:40:f2:c6:c0:e0:4d:31:37:42:81:c8:
                    87:2a:2d:e9:c9:a3:8c:a2:67:58:0a:c6:3d:e5:db:
                    04:5e:97:75:69:d0:b0:f5:ca:3e:89:86:bf:20:e9:
                    a5:22:93:5e:0a:2e:5b:22:d9:9a:f2:75:19:73:89:
                    4e:2f:8b:30:a1:66:3e:91:72:07:44:04:92:47:bf:
                    c6:ed:19:b1:d0:27:cc:76:ff:1b:d3:e7:c8:75:fa:
                    51:c1:a0:8f:eb:eb:72:09:0f:0e:b5:50:73:08:88:
                    86:08:01:74:20:74:82:7f:69:93:d1:ef:fd:b1:f4:
                    ad:13:9c:9f:1b:e3:16:78:2d:8b:f0:65:d0:1d:a7:
                    ba:86:c3:46:ae:c8:cc:8f:b6:f1:61:f5:6b:43:2d:
                    37:d1:56:cd:6a:e5:30:43:bd:74:81:ad:4a:44:39:
                    66:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:EC:0E:8C:8B:A7:EF:9B:F5:8A:F9:93:BA:D6:4A:51:87:AA:D7:9F
            X509v3 Authority Key Identifier:
                keyid:9E:B5:0E:53:86:C8:09:A0:FA:E6:53:0A:A5:E8:D9:82:52:51:DE:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nrUOU4bICaD65lMKpejZglJR3tA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/b54641-a95a-4add-a45e-1cada6e8b1a9/1/1uwOjIun75v1ivmTutZKUYeq158.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/b54641-a95a-4add-a45e-1cada6e8b1a9/1/nrUOU4bICaD65lMKpejZglJR3tA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.229.243.0/24
                  46.229.253.0/24
                  83.229.61.0/24
                  85.204.107.0/24
                  185.104.63.0/24
                  195.74.93.0/24
                IPv6:
                  2a12:3200::-2a12:3200:4fff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         85:bd:db:24:2f:5e:ce:a7:f8:26:96:65:2d:de:11:9c:3c:22:
         5a:31:c0:86:07:b8:ae:33:d0:84:93:6c:4d:23:67:71:3f:80:
         9b:f9:de:10:30:ed:d8:e9:c4:19:f3:91:27:a2:6c:55:5f:98:
         93:e0:32:b0:31:f7:6b:75:16:41:0c:4d:bb:99:6d:2d:3a:fb:
         d9:25:22:fc:e4:d5:3b:c1:94:5c:30:b1:cb:83:f7:33:e2:ad:
         6f:36:b3:9e:74:02:6d:7d:29:23:bf:30:f9:49:60:d0:f6:ae:
         9e:7f:2e:56:a3:c5:bb:8e:7a:ec:af:7c:78:2a:44:27:ea:c0:
         86:ba:da:03:01:ad:13:e4:75:5a:9f:e7:a9:99:18:9b:48:6d:
         b5:ed:92:4c:27:dd:71:71:ca:de:07:b7:8d:da:fe:c4:bd:0a:
         28:bd:95:2b:1b:61:b9:0b:b0:dc:31:32:45:22:5a:08:e7:12:
         2e:e3:1f:57:a2:8d:b2:b9:8a:9c:bc:8a:6a:96:5a:b0:d2:1c:
         a3:87:9d:de:c9:c9:28:a4:88:48:1e:9f:c5:e5:6c:3a:69:6c:
         5c:17:e2:bf:0d:88:33:2f:b1:56:51:16:95:86:63:33:6e:3f:
         55:c1:cd:db:ae:20:ad:86:72:7f:a5:6d:dc:6f:7f:bf:8d:ea:
         7a:05:ac:09
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYrPrLYzNHoCfQWlx8JbflxcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllYjUwZTUzODZjODA5YTBmYWU2NTMwYWE1ZThkOTgyNTI1
MWRlZDAwHhcNMjMwOTI2MDQwODM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmVjMGU4YzhiYTdlZjliZjU4YWY5OTNiYWQ2NGE1MTg3YWFkNzlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl2jZXY/RwYeSI+2PiXPDi24ENW2a
ga4E0cu/GoTFxo5hmSXHUk3EC+/eMSTwNOq3p10CgI7qe/mW+Yl/S0SOHBpu58c6
Fj7xUUB3d6csozSJC9QR4tpYQYf16+4FQPLGwOBNMTdCgciHKi3pyaOMomdYCsY9
5dsEXpd1adCw9co+iYa/IOmlIpNeCi5bItma8nUZc4lOL4swoWY+kXIHRASSR7/G
7Rmx0CfMdv8b0+fIdfpRwaCP6+tyCQ8OtVBzCIiGCAF0IHSCf2mT0e/9sfStE5yf
G+MWeC2L8GXQHae6hsNGrsjMj7bxYfVrQy030VbNauUwQ710ga1KRDlmkwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFNbsDoyLp++b9Yr5k7rWSlGHqtefMB8GA1UdIwQY
MBaAFJ61DlOGyAmg+uZTCqXo2YJSUd7QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnJVT1U0YklDYUQ2NWxNS3BlalpnbEpSM3RBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9iNTQ2NDEtYTk1YS00YWRkLWE0NWUt
MWNhZGE2ZThiMWE5LzEvMXV3T2pJdW43NXYxaXZtVHV0WktVWWVxMTU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9iNTQ2NDEtYTk1YS00YWRkLWE0NWUtMWNhZGE2ZThiMWE5
LzEvbnJVT1U0YklDYUQ2NWxNS3BlalpnbEpSM3RBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDAqBAIAATAkAwQALuXzAwQA
LuX9AwQAU+U9AwQAVcxrAwQAuWg/AwQAw0pdMBYEAgACMBAwDgMEASoSMgMGBCoS
MgBAMA0GCSqGSIb3DQEBCwUAA4IBAQCFvdskL17Op/gmlmUt3hGcPCJaMcCGB7iu
M9CEk2xNI2dxP4Cb+d4QMO3Y6cQZ85EnomxVX5iT4DKwMfdrdRZBDE27mW0tOvvZ
JSL85NU7wZRcMLHLg/cz4q1vNrOedAJtfSkjvzD5SWDQ9q6efy5Wo8W7jnrsr3x4
KkQn6sCGutoDAa0T5HVan+epmRibSG217ZJMJ91xccreB7eN2v7EvQoovZUrG2G5
C7DcMTJFIloI5xIu4x9Xoo2yuYqcvIpqllqw0hyjh53eyckopIhIHp/F5Ww6aWxc
F+K/DYgzL7FWURaVhmMzbj9Vwc3briCthnJ/pW3cb3+/jep6BawJ
-----END CERTIFICATE-----