Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/8zIVhJF6lV953ryVgySldwnyIEk.roa
File:                     8zIVhJF6lV953ryVgySldwnyIEk.roa (raw, json)
Hash identifier:          Z49nRDlNxsRB5WlnhmzaAeXZYkfdVWWvLB6+N4zB5F0=
Subject key identifier:   F3:32:15:84:91:7A:95:5F:79:DE:BC:95:83:24:A5:77:09:F2:20:49
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       018CC424F770E4FD6095FAA54FC7D5ADE0B8
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/8zIVhJF6lV953ryVgySldwnyIEk.roa
Signing time:             Mon 01 Jan 2024 08:30:06 +0000
ROA not before:           Mon 01 Jan 2024 08:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209737
IP address blocks:        160.20.109.0/24 maxlen: 24
                          185.254.31.0/24 maxlen: 24
                          185.243.181.0/24 maxlen: 24
                          109.236.51.0/24 maxlen: 24
                          109.236.49.0/24 maxlen: 24
                          109.236.50.0/24 maxlen: 24
                          91.194.55.0/24 maxlen: 24
                          193.160.141.0/24 maxlen: 24
                          193.160.143.0/24 maxlen: 24
                          185.86.6.0/24 maxlen: 24
                          93.190.12.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Apr 2024 14:27:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:f7:70:e4:fd:60:95:fa:a5:4f:c7:d5:ad:e0:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: Jan  1 08:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f3321584917a955f79debc958324a57709f22049
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:da:97:54:e1:3a:a5:61:0f:ea:8f:53:77:39:
                    19:64:cf:f2:b3:c9:b2:24:b8:8a:83:2f:86:cc:b3:
                    67:8f:2c:71:38:ec:e0:a0:a1:0e:33:d1:ca:b5:2b:
                    20:a0:ee:f3:a7:e2:ec:8b:8c:ef:bb:43:38:c7:f0:
                    a2:e2:f8:53:9b:2a:04:fe:aa:55:83:50:15:e8:a0:
                    27:6f:95:c3:d1:4d:37:4d:fa:2c:e8:6d:40:76:19:
                    40:5c:d1:33:2d:84:b4:eb:f2:b3:2e:61:a4:71:f7:
                    c1:5a:22:7c:c0:e7:51:2f:d8:cd:1d:12:df:0d:ab:
                    41:34:63:ea:8c:ab:38:72:f9:fe:69:a9:05:20:79:
                    91:be:7d:7c:39:fa:09:e8:0e:0d:63:98:86:1f:6c:
                    b8:f6:45:20:f1:cb:e8:60:34:26:a0:24:a5:98:1e:
                    72:50:cb:24:a6:da:ff:d9:5e:77:1e:52:e9:5b:23:
                    b5:6d:66:16:5a:27:c7:cb:fb:81:dd:0b:2e:d0:a4:
                    57:89:7e:16:31:4d:78:5e:22:59:6e:25:d6:bf:f5:
                    e6:12:3d:03:c1:93:e1:7d:7b:86:e2:a9:b0:90:52:
                    68:8d:3e:34:66:80:a7:50:36:02:ef:5b:cd:c1:6f:
                    b9:07:bf:43:de:a9:87:e4:a5:1a:3b:2a:67:8f:47:
                    e0:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:32:15:84:91:7A:95:5F:79:DE:BC:95:83:24:A5:77:09:F2:20:49
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/8zIVhJF6lV953ryVgySldwnyIEk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.194.55.0/24
                  93.190.12.0/24
                  109.236.49.0-109.236.51.255
                  160.20.109.0/24
                  185.86.6.0/24
                  185.243.181.0/24
                  185.254.31.0/24
                  193.160.141.0/24
                  193.160.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:94:b8:86:e6:54:a6:39:66:97:5b:c0:7d:b7:9f:16:99:da:
         e9:43:c1:9c:6a:d9:a0:a8:00:27:f1:17:d6:47:27:b9:3f:e7:
         19:47:fe:f3:66:fd:48:d0:58:a7:0a:a0:45:cd:4d:b4:79:49:
         9d:29:37:91:59:61:8a:6f:7e:4f:a9:49:c1:3c:04:1b:bc:39:
         95:cd:53:df:92:6d:8a:59:af:80:2d:1f:00:b7:73:c7:b1:a0:
         19:2a:16:89:ad:5a:44:95:55:27:4c:97:05:e3:51:68:5e:83:
         70:6f:ee:72:dd:c9:fa:29:5b:3c:a1:83:c0:2b:d1:91:6e:6f:
         f1:35:85:76:4e:11:96:5f:05:3c:98:89:07:63:3b:b5:19:5c:
         20:81:f6:84:d2:4d:18:63:92:ac:e7:2e:8a:94:d6:10:56:b6:
         6f:41:17:bd:b4:8b:97:c1:21:0a:09:ef:e4:19:fe:1e:62:f7:
         1a:b5:c5:15:90:bd:2c:ca:68:fb:39:70:86:cd:8c:30:31:37:
         a1:09:d5:be:1a:aa:b3:60:07:1a:33:09:fb:ac:8c:b0:f2:12:
         d0:a5:fe:3e:1e:e5:ac:c0:5d:79:92:ed:03:59:e0:8a:f9:9c:
         66:ee:d6:2e:5e:48:8c:f1:97:fa:09:cc:07:78:b0:4d:b2:f1:
         92:35:d3:12
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYzEJPdw5P1glfqlT8fVreC4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjQwMTAxMDgzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzMyMTU4NDkxN2E5NTVmNzlkZWJjOTU4MzI0YTU3NzA5ZjIyMDQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3NqXVOE6pWEP6o9TdzkZZM/ys8my
JLiKgy+GzLNnjyxxOOzgoKEOM9HKtSsgoO7zp+Lsi4zvu0M4x/Ci4vhTmyoE/qpV
g1AV6KAnb5XD0U03Tfos6G1AdhlAXNEzLYS06/KzLmGkcffBWiJ8wOdRL9jNHRLf
DatBNGPqjKs4cvn+aakFIHmRvn18OfoJ6A4NY5iGH2y49kUg8cvoYDQmoCSlmB5y
UMskptr/2V53HlLpWyO1bWYWWifHy/uB3Qsu0KRXiX4WMU14XiJZbiXWv/XmEj0D
wZPhfXuG4qmwkFJojT40ZoCnUDYC71vNwW+5B79D3qmH5KUaOypnj0fgeQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFPMyFYSRepVfed68lYMkpXcJ8iBJMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvOHpJVmhKRjZsVjk1M3J5Vmd5U2xkd255SUVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQAW8I3AwQA
Xb4MMAwDBABt7DEDBAJt7DADBACgFG0DBAC5VgYDBAC587UDBAC5/h8DBADBoI0D
BADBoI8wDQYJKoZIhvcNAQELBQADggEBABeUuIbmVKY5ZpdbwH23nxaZ2ulDwZxq
2aCoACfxF9ZHJ7k/5xlH/vNm/UjQWKcKoEXNTbR5SZ0pN5FZYYpvfk+pScE8BBu8
OZXNU9+SbYpZr4AtHwC3c8exoBkqFomtWkSVVSdMlwXjUWheg3Bv7nLdyfopWzyh
g8Ar0ZFub/E1hXZOEZZfBTyYiQdjO7UZXCCB9oTSTRhjkqznLoqU1hBWtm9BF720
i5fBIQoJ7+QZ/h5i9xq1xRWQvSzKaPs5cIbNjDAxN6EJ1b4aqrNgBxozCfusjLDy
EtCl/j4e5azAXXmS7QNZ4Ir5nGbu1i5eSIzxl/oJzAd4sE2y8ZI10xI=
-----END CERTIFICATE-----