Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/IMRpK5G-mQnoc8wN7KSr8Apbnac.roa
File:                     IMRpK5G-mQnoc8wN7KSr8Apbnac.roa (raw, json)
Hash identifier:          z/Er2ZZ0/vQZtYm4bcoImaqSougA/c8O8Gn3wL+wnMI=
Subject key identifier:   20:C4:69:2B:91:BE:99:09:E8:73:CC:0D:EC:A4:AB:F0:0A:5B:9D:A7
Certificate issuer:       /CN=e92c415d1775ae9993e900a7536b46ab144a9aa2
Certificate serial:       0185710BEE34D023FC7B1572F788B7D131BB
Authority key identifier: E9:2C:41:5D:17:75:AE:99:93:E9:00:A7:53:6B:46:AB:14:4A:9A:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6SxBXRd1rpmT6QCnU2tGqxRKmqI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/IMRpK5G-mQnoc8wN7KSr8Apbnac.roa
Signing time:             Mon 02 Jan 2023 05:54:45 +0000
ROA not before:           Mon 02 Jan 2023 05:54:45 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     35394
IP address blocks:        89.29.176.0/21 maxlen: 21
                          213.181.76.0/24 maxlen: 24
                          89.29.184.0/23 maxlen: 23
                          213.181.74.0/24 maxlen: 24
                          213.181.75.0/24 maxlen: 24
                          213.181.84.0/23 maxlen: 23
                          213.181.80.0/23 maxlen: 23
                          213.181.86.0/23 maxlen: 23
                          213.181.88.0/24 maxlen: 24
                          185.64.242.0/24 maxlen: 24
                          176.57.97.0/24 maxlen: 24
                          89.29.160.0/20 maxlen: 20
                          89.29.244.0/23 maxlen: 23
                          89.29.248.0/23 maxlen: 23

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 14:29:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:0b:ee:34:d0:23:fc:7b:15:72:f7:88:b7:d1:31:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e92c415d1775ae9993e900a7536b46ab144a9aa2
        Validity
            Not Before: Jan  2 05:54:45 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=20c4692b91be9909e873cc0deca4abf00a5b9da7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:f8:c3:ea:ad:18:9e:bc:c7:62:ab:a6:93:64:
                    f9:48:3a:45:40:a3:2e:e8:26:df:f4:02:6c:cc:56:
                    c1:8b:b9:33:49:cc:a4:e7:8d:87:42:0f:36:ba:55:
                    99:d2:27:3d:33:2c:e8:cd:76:32:ed:ee:db:38:48:
                    ba:99:3b:e8:42:d5:0f:83:3d:93:bd:ef:7b:92:44:
                    b5:93:0c:e1:6e:52:5b:5a:38:10:c8:2f:34:c5:d1:
                    08:18:c3:7e:71:42:60:9d:cd:d7:59:9b:7b:51:64:
                    64:00:62:cf:eb:ad:88:40:b2:b4:bf:2a:9f:d2:7f:
                    bc:96:d9:4d:95:44:98:05:d8:1e:71:72:7c:13:a9:
                    a2:d8:ff:67:cd:13:63:b8:67:47:f3:7f:d7:a7:d4:
                    d1:d6:84:93:e8:23:a7:9c:ce:a2:bc:ed:a0:c0:70:
                    8c:3b:e2:c7:bb:ce:e7:d2:af:69:65:88:1e:14:f0:
                    0c:bc:7d:1c:2e:3f:91:2e:b9:bf:bc:f4:35:89:42:
                    30:78:52:98:06:59:78:2e:32:50:29:88:0d:9b:0b:
                    a4:24:f3:c3:86:32:79:90:4e:a0:4b:05:ad:17:ef:
                    47:51:69:73:ba:5e:97:26:b3:55:3c:5f:b8:cc:0e:
                    41:2f:23:50:71:6e:40:3c:a6:93:89:8e:32:b0:3d:
                    2b:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:C4:69:2B:91:BE:99:09:E8:73:CC:0D:EC:A4:AB:F0:0A:5B:9D:A7
            X509v3 Authority Key Identifier:
                keyid:E9:2C:41:5D:17:75:AE:99:93:E9:00:A7:53:6B:46:AB:14:4A:9A:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6SxBXRd1rpmT6QCnU2tGqxRKmqI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/IMRpK5G-mQnoc8wN7KSr8Apbnac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/6SxBXRd1rpmT6QCnU2tGqxRKmqI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.29.160.0-89.29.185.255
                  89.29.244.0/23
                  89.29.248.0/23
                  176.57.97.0/24
                  185.64.242.0/24
                  213.181.74.0-213.181.76.255
                  213.181.80.0/23
                  213.181.84.0-213.181.88.255

    Signature Algorithm: sha256WithRSAEncryption
         77:e3:15:22:4b:e0:78:e2:70:0a:f0:70:9c:75:2e:49:11:dc:
         e3:33:a3:34:fc:b5:72:e2:15:d6:03:f4:22:50:3e:bc:72:69:
         92:95:de:bd:73:5b:03:61:e3:10:58:6f:a2:8f:88:f1:73:e5:
         22:11:12:17:d9:08:c8:d1:06:87:5a:84:83:80:80:80:61:42:
         68:c8:3e:8d:5f:9a:0c:ba:10:8e:1a:8a:3b:20:0d:57:3a:ea:
         c6:b5:11:e5:49:83:e7:7a:af:c4:89:16:00:22:d2:23:e5:6f:
         ad:84:f2:bf:5e:e0:53:8b:8a:b2:bc:63:6d:aa:55:cb:6b:f8:
         ec:78:c0:bc:10:62:dc:a1:56:4f:b8:61:2a:c3:4d:3f:4e:ee:
         32:8e:f0:c6:64:03:e1:e4:e6:01:da:c3:2c:74:83:c7:4c:a8:
         39:03:ab:27:d3:e5:8b:6b:1f:c0:8c:9b:ac:30:69:2e:eb:9e:
         09:bc:11:8a:9d:91:48:08:22:65:08:5c:d0:26:0d:6d:e0:e4:
         bd:18:a3:77:71:47:4e:15:a4:f8:7e:b4:a1:dd:bf:ab:ef:82:
         f8:ef:f9:69:33:a1:e1:62:3c:62:31:2b:a1:cd:4f:ec:14:c2:
         3b:62:1d:c5:37:01:7c:d4:95:f4:e1:aa:d2:db:2f:8a:53:11:
         cd:41:44:53
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYVxC+400CP8exVy94i30TG7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5MmM0MTVkMTc3NWFlOTk5M2U5MDBhNzUzNmI0NmFiMTQ0
YTlhYTIwHhcNMjMwMTAyMDU1NDQ1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGM0NjkyYjkxYmU5OTA5ZTg3M2NjMGRlY2E0YWJmMDBhNWI5ZGE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0fjD6q0YnrzHYqumk2T5SDpFQKMu
6Cbf9AJszFbBi7kzScyk542HQg82ulWZ0ic9MyzozXYy7e7bOEi6mTvoQtUPgz2T
ve97kkS1kwzhblJbWjgQyC80xdEIGMN+cUJgnc3XWZt7UWRkAGLP662IQLK0vyqf
0n+8ltlNlUSYBdgecXJ8E6mi2P9nzRNjuGdH83/Xp9TR1oST6COnnM6ivO2gwHCM
O+LHu87n0q9pZYgeFPAMvH0cLj+RLrm/vPQ1iUIweFKYBll4LjJQKYgNmwukJPPD
hjJ5kE6gSwWtF+9HUWlzul6XJrNVPF+4zA5BLyNQcW5APKaTiY4ysD0rXQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFCDEaSuRvpkJ6HPMDeykq/AKW52nMB8GA1UdIwQY
MBaAFOksQV0Xda6Zk+kAp1NrRqsUSpqiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlN4QlhSZDFycG1UNlFDblUydEdxeFJLbXFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8wODk4YmUtYjAzNy00MjlmLWI1MDQt
MWQ5MzRhMDQ4NDc0LzEvSU1ScEs1Ry1tUW5vYzh3TjdLU3I4QXBibmFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8wODk4YmUtYjAzNy00MjlmLWI1MDQtMWQ5MzRhMDQ4NDc0
LzEvNlN4QlhSZDFycG1UNlFDblUydEdxeFJLbXFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIMAwDBAVZHaAD
BAFZHbgDBAFZHfQDBAFZHfgDBACwOWEDBAC5QPIwDAMEAdW1SgMEANW1TAMEAdW1
UDAMAwQC1bVUAwQA1bVYMA0GCSqGSIb3DQEBCwUAA4IBAQB34xUiS+B44nAK8HCc
dS5JEdzjM6M0/LVy4hXWA/QiUD68cmmSld69c1sDYeMQWG+ij4jxc+UiERIX2QjI
0QaHWoSDgICAYUJoyD6NX5oMuhCOGoo7IA1XOurGtRHlSYPneq/EiRYAItIj5W+t
hPK/XuBTi4qyvGNtqlXLa/jseMC8EGLcoVZPuGEqw00/Tu4yjvDGZAPh5OYB2sMs
dIPHTKg5A6sn0+WLax/AjJusMGku654JvBGKnZFICCJlCFzQJg1t4OS9GKN3cUdO
FaT4frSh3b+r74L47/lpM6HhYjxiMSuhzU/sFMI7Yh3FNwF81JX04arS2y+KUxHN
QURT
-----END CERTIFICATE-----