Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/7a1eb4-290a-4686-8bba-dc7542138952/1/hWwhO1oi0quDFAe0yhKLTjK8gL0.roa
File:                     hWwhO1oi0quDFAe0yhKLTjK8gL0.roa (raw, json)
Hash identifier:          VXuULAmERL6jsDQ7Rzh/kznWp1N0ZYWGzJaBPo+jK4c=
Subject key identifier:   85:6C:21:3B:5A:22:D2:AB:83:14:07:B4:CA:12:8B:4E:32:BC:80:BD
Certificate issuer:       /CN=cddd902a1271270027e4577778ea35883b4515f6
Certificate serial:       0185718C49E763943FB7ADA39BEC65BEDAA4
Authority key identifier: CD:DD:90:2A:12:71:27:00:27:E4:57:77:78:EA:35:88:3B:45:15:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zd2QKhJxJwAn5Fd3eOo1iDtFFfY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/7a1eb4-290a-4686-8bba-dc7542138952/1/hWwhO1oi0quDFAe0yhKLTjK8gL0.roa
Signing time:             Mon 02 Jan 2023 08:14:57 +0000
ROA not before:           Mon 02 Jan 2023 08:14:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     42425
IP address blocks:        94.125.232.0/21 maxlen: 24
                          94.125.236.0/24 maxlen: 24
                          94.125.237.0/24 maxlen: 24
                          94.125.234.0/24 maxlen: 24
                          94.125.235.0/24 maxlen: 24
                          94.125.238.0/24 maxlen: 24
                          94.125.239.0/24 maxlen: 24
                          185.28.82.0/24 maxlen: 24
                          185.28.80.0/22 maxlen: 22
                          185.28.83.0/24 maxlen: 24
                          185.28.80.0/24 maxlen: 24
                          185.28.81.0/24 maxlen: 24
                          178.255.184.0/24 maxlen: 24
                          178.255.184.0/21 maxlen: 21
                          178.255.185.0/24 maxlen: 24
                          178.255.186.0/24 maxlen: 24
                          178.255.190.0/24 maxlen: 24
                          178.255.191.0/24 maxlen: 24
                          178.255.188.0/24 maxlen: 24
                          178.255.189.0/24 maxlen: 24
                          178.255.187.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 02:30:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:8c:49:e7:63:94:3f:b7:ad:a3:9b:ec:65:be:da:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cddd902a1271270027e4577778ea35883b4515f6
        Validity
            Not Before: Jan  2 08:14:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=856c213b5a22d2ab831407b4ca128b4e32bc80bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:df:a1:af:1e:94:91:76:37:b9:fc:f4:7c:40:
                    41:76:20:8a:b2:80:34:65:5d:2a:ad:3b:b4:3b:38:
                    e9:2d:49:47:61:44:92:37:b4:7c:29:2e:4b:7d:bb:
                    96:c3:d4:3e:4d:58:b2:74:bf:e1:3b:99:cb:85:d8:
                    3d:12:ae:ad:c8:de:31:83:54:05:87:ab:aa:8f:61:
                    55:c3:87:08:c8:1f:33:66:cc:8c:89:c7:0f:dd:56:
                    58:28:ca:6e:19:63:7e:83:93:e7:ab:31:b9:b1:92:
                    1c:13:d2:35:3b:8d:a2:fe:ea:dc:a8:42:3c:00:41:
                    05:4e:a5:ee:aa:c7:16:a0:7f:b1:3f:ac:fa:b0:b9:
                    1e:ac:bf:06:25:8e:f8:6b:de:60:4a:aa:ca:22:f1:
                    e5:86:2d:86:f9:b7:08:1a:f0:f6:f7:d6:2d:b2:8b:
                    41:7a:e6:e5:8d:a5:2f:a5:78:3b:0d:90:d7:47:3c:
                    dc:25:f8:79:33:d2:57:66:fe:76:e5:a5:38:88:d9:
                    fb:87:ad:79:18:ee:37:2d:80:18:2d:aa:b0:2f:61:
                    d4:a7:97:bc:d9:a6:cc:bb:ca:1c:6f:64:84:be:8b:
                    82:21:6d:5b:03:0b:24:3d:3f:52:64:a5:e7:62:5b:
                    3a:c4:b2:2b:82:b3:47:f1:1c:67:77:b3:a8:fd:1d:
                    94:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:6C:21:3B:5A:22:D2:AB:83:14:07:B4:CA:12:8B:4E:32:BC:80:BD
            X509v3 Authority Key Identifier:
                keyid:CD:DD:90:2A:12:71:27:00:27:E4:57:77:78:EA:35:88:3B:45:15:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zd2QKhJxJwAn5Fd3eOo1iDtFFfY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/7a1eb4-290a-4686-8bba-dc7542138952/1/hWwhO1oi0quDFAe0yhKLTjK8gL0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/7a1eb4-290a-4686-8bba-dc7542138952/1/zd2QKhJxJwAn5Fd3eOo1iDtFFfY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.125.232.0/21
                  178.255.184.0/21
                  185.28.80.0/22

    Signature Algorithm: sha256WithRSAEncryption
         04:15:77:8f:10:f6:49:d4:00:6f:5d:4a:67:dd:17:1e:ec:e4:
         03:eb:79:fe:c0:94:bd:71:fa:06:e6:03:bf:51:52:11:9b:0f:
         a0:93:03:84:20:b5:27:28:02:a3:df:95:2e:8c:dd:3c:05:03:
         2a:1e:94:6a:b7:0b:37:58:0e:60:7d:b5:0c:eb:5d:f9:ca:81:
         e2:36:fb:f6:43:c4:76:8b:a4:8c:61:53:70:68:0c:f0:68:78:
         3d:c4:87:24:7a:c0:15:de:d1:6b:ea:3f:fa:55:16:2d:b7:fb:
         73:0e:0b:e3:57:b7:82:36:3f:de:7b:a1:3d:66:82:26:f1:a7:
         4f:5a:07:43:dc:a0:87:46:bd:b4:d2:b2:06:f8:2b:57:78:9c:
         28:ee:f1:7b:c7:3a:42:d4:bc:9c:6a:d1:36:76:90:11:cc:5d:
         57:c7:dd:c9:0f:84:06:c1:4f:b1:84:55:6e:c2:d4:5f:8b:e1:
         e9:d3:80:28:61:67:3a:47:16:3e:ba:14:0d:22:57:b8:0d:f2:
         00:75:32:83:c5:fc:e0:96:32:c1:30:58:64:c8:9e:27:be:7b:
         b6:c0:2b:1f:3b:d2:ad:12:4f:9a:c5:ed:41:8b:7b:e3:f6:d0:
         b1:5b:c8:d5:dd:7d:92:0f:2c:98:30:73:1d:05:31:b1:d1:7a:
         14:8d:54:a8
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYVxjEnnY5Q/t62jm+xlvtqkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkZGQ5MDJhMTI3MTI3MDAyN2U0NTc3Nzc4ZWEzNTg4M2I0
NTE1ZjYwHhcNMjMwMTAyMDgxNDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTZjMjEzYjVhMjJkMmFiODMxNDA3YjRjYTEyOGI0ZTMyYmM4MGJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8d+hrx6UkXY3ufz0fEBBdiCKsoA0
ZV0qrTu0OzjpLUlHYUSSN7R8KS5LfbuWw9Q+TViydL/hO5nLhdg9Eq6tyN4xg1QF
h6uqj2FVw4cIyB8zZsyMiccP3VZYKMpuGWN+g5PnqzG5sZIcE9I1O42i/urcqEI8
AEEFTqXuqscWoH+xP6z6sLkerL8GJY74a95gSqrKIvHlhi2G+bcIGvD299YtsotB
eubljaUvpXg7DZDXRzzcJfh5M9JXZv525aU4iNn7h615GO43LYAYLaqwL2HUp5e8
2abMu8ocb2SEvouCIW1bAwskPT9SZKXnYls6xLIrgrNH8Rxnd7Oo/R2UCQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFIVsITtaItKrgxQHtMoSi04yvIC9MB8GA1UdIwQY
MBaAFM3dkCoScScAJ+RXd3jqNYg7RRX2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemQyUUtoSnhKd0FuNUZkM2VPbzFpRHRGRmZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS83YTFlYjQtMjkwYS00Njg2LThiYmEt
ZGM3NTQyMTM4OTUyLzEvaFd3aE8xb2kwcXVERkFlMHloS0xUaks4Z0wwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS83YTFlYjQtMjkwYS00Njg2LThiYmEtZGM3NTQyMTM4OTUy
LzEvemQyUUtoSnhKd0FuNUZkM2VPbzFpRHRGRmZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDXn3oAwQD
sv+4AwQCuRxQMA0GCSqGSIb3DQEBCwUAA4IBAQAEFXePEPZJ1ABvXUpn3Rce7OQD
63n+wJS9cfoG5gO/UVIRmw+gkwOEILUnKAKj35UujN08BQMqHpRqtws3WA5gfbUM
6135yoHiNvv2Q8R2i6SMYVNwaAzwaHg9xIckesAV3tFr6j/6VRYtt/tzDgvjV7eC
Nj/ee6E9ZoIm8adPWgdD3KCHRr200rIG+CtXeJwo7vF7xzpC1LycatE2dpARzF1X
x93JD4QGwU+xhFVuwtRfi+Hp04AoYWc6RxY+uhQNIle4DfIAdTKDxfzgljLBMFhk
yJ4nvnu2wCsfO9KtEk+axe1Bi3vj9tCxW8jV3X2SDyyYMHMdBTGx0XoUjVSo
-----END CERTIFICATE-----