Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/d53d7c-a832-47b3-9f94-59c23054442d/1/abw8n67YtThP9EG2mru5xdcs6ac.roa
File:                     abw8n67YtThP9EG2mru5xdcs6ac.roa (raw, json)
Hash identifier:          AjC+YOfq1Q2fN+JCzilFXjJiCgg+aTiCxfr5J4hB/vA=
Subject key identifier:   69:BC:3C:9F:AE:D8:B5:38:4F:F4:41:B6:9A:BB:B9:C5:D7:2C:E9:A7
Certificate issuer:       /CN=9efd8a0e6e6dd56a6ef8289e4b184f0ca00c33dd
Certificate serial:       01856C25E03345EE55C724D85EDEE117E35C
Authority key identifier: 9E:FD:8A:0E:6E:6D:D5:6A:6E:F8:28:9E:4B:18:4F:0C:A0:0C:33:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nv2KDm5t1Wpu-CieSxhPDKAMM90.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/d53d7c-a832-47b3-9f94-59c23054442d/1/abw8n67YtThP9EG2mru5xdcs6ac.roa
Signing time:             Sun 01 Jan 2023 07:04:59 +0000
ROA not before:           Sun 01 Jan 2023 07:04:59 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     15525
IP address blocks:        185.17.228.0/22 maxlen: 24
                          62.28.0.0/16 maxlen: 24
                          192.91.177.0/24 maxlen: 24
                          192.133.15.0/24 maxlen: 24
                          192.88.123.0/24 maxlen: 24
                          212.55.160.0/20 maxlen: 24
                          83.240.128.0/17 maxlen: 24
                          62.48.128.0/17 maxlen: 24
                          212.55.176.0/21 maxlen: 24
                          2a02:818::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 08:32:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:25:e0:33:45:ee:55:c7:24:d8:5e:de:e1:17:e3:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9efd8a0e6e6dd56a6ef8289e4b184f0ca00c33dd
        Validity
            Not Before: Jan  1 07:04:59 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=69bc3c9faed8b5384ff441b69abbb9c5d72ce9a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:f2:d2:42:35:b4:c0:bd:ec:22:a2:15:20:0d:
                    58:69:c4:73:31:71:d4:85:ab:80:68:94:cb:e6:6b:
                    14:bc:bb:17:9b:3f:9e:33:98:24:2c:9b:05:c9:54:
                    2d:cb:a1:db:1b:a5:83:7f:9d:68:0a:f1:dc:3f:f3:
                    6b:06:89:db:5f:cf:5f:83:71:d1:ed:4e:94:bc:38:
                    64:db:8e:56:44:54:bf:1c:b2:f6:98:a0:d1:e6:5e:
                    7b:aa:29:29:e3:44:10:c7:b1:b1:c5:a5:c7:3a:59:
                    0b:00:7e:8c:ee:e8:5a:20:8b:7a:88:0b:e2:e3:ff:
                    a2:5b:a7:37:f6:3a:db:2d:f6:73:0b:fb:2d:45:ed:
                    a7:ba:c3:cc:ad:c6:c5:83:54:5b:12:4a:34:59:5a:
                    c5:7b:7d:e8:20:41:2a:eb:74:83:0e:53:fa:2d:c7:
                    65:03:cd:0a:da:60:96:db:53:1d:3a:c8:91:25:af:
                    11:4f:e2:e9:c2:3f:e2:b5:ae:71:a9:e1:a7:e8:ed:
                    ff:dc:d8:23:ea:51:d9:71:e4:5e:ec:14:4f:ed:b5:
                    86:f3:aa:84:a7:f4:33:42:c1:ca:80:ac:ec:df:e6:
                    f3:9e:43:e2:00:61:6b:7e:ce:d2:c1:65:df:53:62:
                    6a:f9:c9:60:4c:fa:12:5f:36:f8:b0:08:df:2f:a7:
                    5b:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:BC:3C:9F:AE:D8:B5:38:4F:F4:41:B6:9A:BB:B9:C5:D7:2C:E9:A7
            X509v3 Authority Key Identifier:
                keyid:9E:FD:8A:0E:6E:6D:D5:6A:6E:F8:28:9E:4B:18:4F:0C:A0:0C:33:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nv2KDm5t1Wpu-CieSxhPDKAMM90.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/d53d7c-a832-47b3-9f94-59c23054442d/1/abw8n67YtThP9EG2mru5xdcs6ac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/d53d7c-a832-47b3-9f94-59c23054442d/1/nv2KDm5t1Wpu-CieSxhPDKAMM90.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.28.0.0/16
                  62.48.128.0/17
                  83.240.128.0/17
                  185.17.228.0/22
                  192.88.123.0/24
                  192.91.177.0/24
                  192.133.15.0/24
                  212.55.160.0-212.55.183.255
                IPv6:
                  2a02:818::/32

    Signature Algorithm: sha256WithRSAEncryption
         b2:40:64:a2:8e:ec:77:6d:67:44:5b:c5:bc:e6:00:fb:38:32:
         b8:08:b9:f9:9e:64:b3:ce:af:94:f4:d3:09:66:de:a9:02:67:
         83:19:40:9b:59:c8:b8:c7:ba:89:d0:7f:2c:4f:da:99:dd:e0:
         68:89:30:b7:26:16:9e:74:ef:e3:37:be:eb:61:61:40:da:f6:
         7c:7e:a0:2e:e5:42:90:61:75:7c:a0:b0:7d:0a:7a:e6:53:8d:
         3e:08:2b:f7:0f:dd:83:50:44:d2:48:d0:cb:49:d3:d7:a8:8d:
         6f:52:25:57:34:b7:7c:20:71:0a:b4:46:58:5a:1f:08:4a:58:
         e3:c6:d8:bf:0c:2d:3f:de:19:76:de:7f:14:c7:47:5e:a0:c2:
         a9:9e:fa:83:35:aa:4b:34:96:b2:66:fb:e8:80:32:cf:be:ce:
         4c:fa:f5:ad:95:35:ee:f8:58:32:fd:54:45:57:4f:cd:74:ea:
         dc:0e:09:59:ea:91:39:fa:a4:3a:82:94:b1:58:0c:b2:5c:cf:
         cb:6c:e2:71:7c:16:fb:2d:e2:ce:b4:5f:d8:2c:1b:7c:9b:b6:
         52:a0:7a:c8:13:f8:36:47:cc:0e:00:bc:dd:20:b9:0c:9a:4d:
         30:ce:a6:b7:c0:86:b4:bc:4c:72:01:8e:48:5b:44:94:cd:b8:
         a2:a5:60:68
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYVsJeAzRe5VxyTYXt7hF+NcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllZmQ4YTBlNmU2ZGQ1NmE2ZWY4Mjg5ZTRiMTg0ZjBjYTAw
YzMzZGQwHhcNMjMwMTAxMDcwNDU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWJjM2M5ZmFlZDhiNTM4NGZmNDQxYjY5YWJiYjljNWQ3MmNlOWE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyPLSQjW0wL3sIqIVIA1YacRzMXHU
hauAaJTL5msUvLsXmz+eM5gkLJsFyVQty6HbG6WDf51oCvHcP/NrBonbX89fg3HR
7U6UvDhk245WRFS/HLL2mKDR5l57qikp40QQx7GxxaXHOlkLAH6M7uhaIIt6iAvi
4/+iW6c39jrbLfZzC/stRe2nusPMrcbFg1RbEko0WVrFe33oIEEq63SDDlP6Lcdl
A80K2mCW21MdOsiRJa8RT+Lpwj/ita5xqeGn6O3/3Ngj6lHZceRe7BRP7bWG86qE
p/QzQsHKgKzs3+bznkPiAGFrfs7SwWXfU2Jq+clgTPoSXzb4sAjfL6db4wIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFGm8PJ+u2LU4T/RBtpq7ucXXLOmnMB8GA1UdIwQY
MBaAFJ79ig5ubdVqbvgonksYTwygDDPdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnYyS0RtNXQxV3B1LUNpZVN4aFBES0FNTTkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9kNTNkN2MtYTgzMi00N2IzLTlmOTQt
NTljMjMwNTQ0NDJkLzEvYWJ3OG42N1l0VGhQOUVHMm1ydTV4ZGNzNmFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9kNTNkN2MtYTgzMi00N2IzLTlmOTQtNTljMjMwNTQ0NDJk
LzEvbnYyS0RtNXQxV3B1LUNpZVN4aFBES0FNTTkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjA9BAIAATA3AwMAPhwDBAc+
MIADBAdT8IADBAK5EeQDBADAWHsDBADAW7EDBADAhQ8wDAMEBdQ3oAMEA9Q3sDAN
BAIAAjAHAwUAKgIIGDANBgkqhkiG9w0BAQsFAAOCAQEAskBkoo7sd21nRFvFvOYA
+zgyuAi5+Z5ks86vlPTTCWbeqQJngxlAm1nIuMe6idB/LE/amd3gaIkwtyYWnnTv
4ze+62FhQNr2fH6gLuVCkGF1fKCwfQp65lONPggr9w/dg1BE0kjQy0nT16iNb1Il
VzS3fCBxCrRGWFofCEpY48bYvwwtP94Zdt5/FMdHXqDCqZ76gzWqSzSWsmb76IAy
z77OTPr1rZU17vhYMv1URVdPzXTq3A4JWeqROfqkOoKUsVgMslzPy2zicXwW+y3i
zrRf2CwbfJu2UqB6yBP4NkfMDgC83SC5DJpNMM6mt8CGtLxMcgGOSFtElM24oqVg
aA==
-----END CERTIFICATE-----