Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/d34a74-d7cd-4f99-84cd-56628a46df40/1/hYvgfFA1roo3pReK6R0WuHbBda4.roa
File:                     hYvgfFA1roo3pReK6R0WuHbBda4.roa (raw, json)
Hash identifier:          /ZksRaSUAdYBhSC2UaIFIE9L7Gqdkr+dLdAlbeoYqWE=
Subject key identifier:   85:8B:E0:7C:50:35:AE:8A:37:A5:17:8A:E9:1D:16:B8:76:C1:75:AE
Certificate issuer:       /CN=588b1024ea056e5ed498f6e9ddc20632bdf6c9c5
Certificate serial:       01898D69776F7403B644CBDCD2F12DE3AD3F
Authority key identifier: 58:8B:10:24:EA:05:6E:5E:D4:98:F6:E9:DD:C2:06:32:BD:F6:C9:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIsQJOoFbl7UmPbp3cIGMr32ycU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/d34a74-d7cd-4f99-84cd-56628a46df40/1/hYvgfFA1roo3pReK6R0WuHbBda4.roa
Signing time:             Tue 25 Jul 2023 14:17:26 +0000
ROA not before:           Tue 25 Jul 2023 14:17:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     208208
IP address blocks:        185.240.243.0/24 maxlen: 24
                          185.240.242.0/24 maxlen: 24
                          185.240.241.0/24 maxlen: 24
                          84.252.123.0/24 maxlen: 24
                          84.252.122.0/24 maxlen: 24
                          84.252.121.0/24 maxlen: 24
                          84.252.120.0/24 maxlen: 24
                          185.230.163.0/24 maxlen: 24
                          185.230.162.0/24 maxlen: 24
                          185.230.161.0/24 maxlen: 24
                          185.230.160.0/24 maxlen: 24
                          2a0c:2500::/32 maxlen: 32
                          2a09:6302::/32 maxlen: 32
                          2a09:6301::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 14:30:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:8d:69:77:6f:74:03:b6:44:cb:dc:d2:f1:2d:e3:ad:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=588b1024ea056e5ed498f6e9ddc20632bdf6c9c5
        Validity
            Not Before: Jul 25 14:17:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=858be07c5035ae8a37a5178ae91d16b876c175ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:f1:af:0b:53:89:23:66:bd:99:b5:c5:7c:15:
                    9c:06:7f:f5:29:25:d5:06:39:83:84:84:e8:9f:b8:
                    8e:ca:2e:22:8a:4e:fe:46:27:a9:59:28:31:1a:78:
                    af:cd:31:a5:95:74:47:f2:e8:ca:c5:b3:0f:9b:7d:
                    86:54:75:e6:95:7b:10:e7:bc:6a:57:ef:14:46:b7:
                    e5:11:f1:f9:e9:f0:e7:90:c5:67:88:4b:36:76:42:
                    09:4c:74:75:70:cc:51:8f:27:61:cb:ca:02:eb:be:
                    c4:2b:01:53:d8:01:b2:e6:90:03:ba:2a:a0:18:3c:
                    97:33:15:51:b7:0d:5d:fb:f1:b0:49:ce:05:35:1b:
                    c4:c7:19:12:c1:57:8b:f7:f2:5f:50:1d:33:4a:c1:
                    19:13:2e:7e:92:00:43:75:c3:67:d7:4a:69:45:20:
                    35:bc:5a:80:b3:09:74:5a:da:82:59:7a:80:e1:9d:
                    fe:31:06:74:62:8f:8d:e8:9a:86:60:44:9d:1f:41:
                    fc:10:71:51:45:6c:67:fa:94:9b:8b:0d:80:a5:27:
                    11:3d:d7:23:24:e7:69:fb:31:93:ad:f6:17:87:d3:
                    29:a3:c4:33:54:1b:e8:11:21:06:1e:d3:3c:9f:38:
                    7c:17:ec:84:c5:ac:fe:e8:58:69:42:20:d3:7f:8a:
                    2e:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:8B:E0:7C:50:35:AE:8A:37:A5:17:8A:E9:1D:16:B8:76:C1:75:AE
            X509v3 Authority Key Identifier:
                keyid:58:8B:10:24:EA:05:6E:5E:D4:98:F6:E9:DD:C2:06:32:BD:F6:C9:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIsQJOoFbl7UmPbp3cIGMr32ycU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/d34a74-d7cd-4f99-84cd-56628a46df40/1/hYvgfFA1roo3pReK6R0WuHbBda4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/d34a74-d7cd-4f99-84cd-56628a46df40/1/WIsQJOoFbl7UmPbp3cIGMr32ycU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.252.120.0/22
                  185.230.160.0/22
                  185.240.241.0-185.240.243.255
                IPv6:
                  2a09:6301::-2a09:6302:ffff:ffff:ffff:ffff:ffff:ffff
                  2a0c:2500::/32

    Signature Algorithm: sha256WithRSAEncryption
         9d:31:31:2c:76:b7:b9:18:48:e8:03:5e:6e:39:79:32:41:38:
         cc:c3:0a:0b:5f:7d:ec:cb:53:56:17:b4:b0:a7:cb:0a:3e:18:
         cf:68:46:db:0d:59:cb:35:f9:c0:ff:be:75:39:2d:93:dd:38:
         40:7a:67:4b:27:d5:9c:2d:a6:40:ff:4d:7c:77:7c:6e:d3:27:
         2b:3d:95:cb:de:ec:3e:f3:ea:84:12:32:a6:cc:01:19:34:9e:
         5c:61:f8:e2:ec:98:b0:80:33:fe:28:10:97:77:2d:5a:07:40:
         1a:c9:81:b3:17:0b:9b:9d:50:41:fa:ab:64:cb:bb:90:9c:ac:
         ed:df:ff:1f:a7:f5:d0:33:66:e3:67:86:2f:4d:be:21:7c:1e:
         94:6f:9d:98:1d:00:b5:6c:e5:5a:05:94:18:66:3a:b6:fa:2c:
         e6:cb:a8:e8:7c:e8:4c:9d:94:dc:20:00:c4:b1:96:28:70:4d:
         15:55:57:3f:18:cd:c8:8a:cc:1c:b1:f3:05:78:35:f0:e6:4a:
         d3:04:a7:1c:ac:31:b9:31:02:ca:64:eb:da:4e:0d:0e:04:aa:
         c3:ef:5f:24:af:19:ac:56:01:30:5c:b2:8e:65:26:99:86:96:
         7f:e2:81:74:46:1b:79:19:49:57:e0:80:5f:49:44:bf:38:da:
         9b:f8:71:66
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAYmNaXdvdAO2RMvc0vEt460/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4OGIxMDI0ZWEwNTZlNWVkNDk4ZjZlOWRkYzIwNjMyYmRm
NmM5YzUwHhcNMjMwNzI1MTQxNzI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NThiZTA3YzUwMzVhZThhMzdhNTE3OGFlOTFkMTZiODc2YzE3NWFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg/GvC1OJI2a9mbXFfBWcBn/1KSXV
BjmDhITon7iOyi4iik7+RiepWSgxGnivzTGllXRH8ujKxbMPm32GVHXmlXsQ57xq
V+8URrflEfH56fDnkMVniEs2dkIJTHR1cMxRjydhy8oC677EKwFT2AGy5pADuiqg
GDyXMxVRtw1d+/GwSc4FNRvExxkSwVeL9/JfUB0zSsEZEy5+kgBDdcNn10ppRSA1
vFqAswl0WtqCWXqA4Z3+MQZ0Yo+N6JqGYESdH0H8EHFRRWxn+pSbiw2ApScRPdcj
JOdp+zGTrfYXh9Mpo8QzVBvoESEGHtM8nzh8F+yExaz+6FhpQiDTf4ouawIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFIWL4HxQNa6KN6UXiukdFrh2wXWuMB8GA1UdIwQY
MBaAFFiLECTqBW5e1Jj26d3CBjK99snFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0lzUUpPb0ZibDdVbVBicDNjSUdNcjMyeWNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC9kMzRhNzQtZDdjZC00Zjk5LTg0Y2Qt
NTY2MjhhNDZkZjQwLzEvaFl2Z2ZGQTFyb28zcFJlSzZSMFd1SGJCZGE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC9kMzRhNzQtZDdjZC00Zjk5LTg0Y2QtNTY2MjhhNDZkZjQw
LzEvV0lzUUpPb0ZibDdVbVBicDNjSUdNcjMyeWNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAgBAIAATAaAwQCVPx4AwQC
ueagMAwDBAC58PEDBAK58PAwHQQCAAIwFzAOAwUAKgljAQMFACoJYwIDBQAqDCUA
MA0GCSqGSIb3DQEBCwUAA4IBAQCdMTEsdre5GEjoA15uOXkyQTjMwwoLX33sy1NW
F7Swp8sKPhjPaEbbDVnLNfnA/751OS2T3ThAemdLJ9WcLaZA/018d3xu0ycrPZXL
3uw+8+qEEjKmzAEZNJ5cYfji7JiwgDP+KBCXdy1aB0AayYGzFwubnVBB+qtky7uQ
nKzt3/8fp/XQM2bjZ4YvTb4hfB6Ub52YHQC1bOVaBZQYZjq2+izmy6jofOhMnZTc
IADEsZYocE0VVVc/GM3IiswcsfMFeDXw5krTBKccrDG5MQLKZOvaTg0OBKrD718k
rxmsVgEwXLKOZSaZhpZ/4oF0Rht5GUlX4IBfSUS/ONqb+HFm
-----END CERTIFICATE-----