Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/3549fb-e3a3-4124-b3b0-59957787b015/1/z35v8kWqtkSNAd8YpW-ToDRiAKo.roa
File:                     z35v8kWqtkSNAd8YpW-ToDRiAKo.roa (raw, json)
Hash identifier:          GwcuWmgvDoaCRGWEdWWwj60IpwuXCV14rNGp20QrEJg=
Subject key identifier:   CF:7E:6F:F2:45:AA:B6:44:8D:01:DF:18:A5:6F:93:A0:34:62:00:AA
Certificate issuer:       /CN=ed6da82dbc7d7e2818f96680b66efcedb1087947
Certificate serial:       01863015F12C5AB071929D3AFEE73243F1F0
Authority key identifier: ED:6D:A8:2D:BC:7D:7E:28:18:F9:66:80:B6:6E:FC:ED:B1:08:79:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7W2oLbx9figY-WaAtm787bEIeUc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/3549fb-e3a3-4124-b3b0-59957787b015/1/z35v8kWqtkSNAd8YpW-ToDRiAKo.roa
Signing time:             Wed 08 Feb 2023 08:13:09 +0000
ROA not before:           Wed 08 Feb 2023 08:13:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     208498
IP address blocks:        178.19.68.0/24 maxlen: 24
                          178.19.76.0/24 maxlen: 24
                          109.71.30.0/24 maxlen: 24
                          82.149.231.0/24 maxlen: 24
                          46.253.119.0/24 maxlen: 24
                          46.253.125.0/24 maxlen: 24
                          82.149.236.0/24 maxlen: 24
                          83.141.30.0/24 maxlen: 24
                          83.141.41.0/24 maxlen: 24
                          83.141.58.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 18:30:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:30:15:f1:2c:5a:b0:71:92:9d:3a:fe:e7:32:43:f1:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed6da82dbc7d7e2818f96680b66efcedb1087947
        Validity
            Not Before: Feb  8 08:13:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=cf7e6ff245aab6448d01df18a56f93a0346200aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:8c:b2:b6:b5:2a:61:bf:37:25:24:49:d0:42:
                    11:4c:5a:76:aa:ca:29:37:1d:ee:a3:68:c1:b0:1c:
                    4d:9d:e0:c2:e0:fc:fd:a4:a8:08:d4:9c:18:cc:1b:
                    87:29:cd:63:dd:79:8d:93:6e:b1:fd:6d:46:d1:fe:
                    56:24:9d:31:7e:5f:60:bb:86:fc:1a:95:1a:64:3a:
                    97:7e:10:a5:48:e5:9c:00:92:fc:1c:ea:18:3c:08:
                    c2:ce:31:c1:34:64:ca:48:ee:42:73:e5:3c:58:62:
                    9b:86:77:87:2e:9d:47:37:8b:8c:f6:b8:9f:4b:6a:
                    38:f7:3f:d3:2c:7f:71:9c:fa:f3:63:9e:46:4a:0f:
                    d5:65:63:8d:b2:37:63:46:0c:40:05:e9:4a:df:41:
                    08:18:45:0b:4d:d9:e7:6f:55:21:2e:4d:a6:02:72:
                    9e:07:ad:3e:8a:dd:47:5b:b3:af:2e:68:43:d6:1b:
                    2d:0e:41:37:73:bd:7e:e0:37:63:78:b4:3c:7a:49:
                    cf:f7:a5:c2:8c:40:d1:d3:53:19:39:d5:ec:51:90:
                    8e:97:44:d2:c2:68:3c:9c:66:c8:fe:f4:08:d0:41:
                    98:57:48:77:c5:cb:ee:3c:e8:ad:35:4f:00:6f:10:
                    5d:bf:62:67:1c:e2:c4:63:36:05:cb:e3:b8:d7:d4:
                    67:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:7E:6F:F2:45:AA:B6:44:8D:01:DF:18:A5:6F:93:A0:34:62:00:AA
            X509v3 Authority Key Identifier:
                keyid:ED:6D:A8:2D:BC:7D:7E:28:18:F9:66:80:B6:6E:FC:ED:B1:08:79:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7W2oLbx9figY-WaAtm787bEIeUc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/3549fb-e3a3-4124-b3b0-59957787b015/1/z35v8kWqtkSNAd8YpW-ToDRiAKo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/3549fb-e3a3-4124-b3b0-59957787b015/1/7W2oLbx9figY-WaAtm787bEIeUc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.253.119.0/24
                  46.253.125.0/24
                  82.149.231.0/24
                  82.149.236.0/24
                  83.141.30.0/24
                  83.141.41.0/24
                  83.141.58.0/24
                  109.71.30.0/24
                  178.19.68.0/24
                  178.19.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:1c:59:b0:c7:4c:77:41:0c:96:28:1c:4b:31:4c:4e:a1:66:
         b4:72:71:7f:ff:af:93:1f:04:3c:bb:3f:00:3e:b7:f9:d0:6c:
         e4:6c:60:22:b2:71:87:59:04:e9:c9:f0:70:27:53:82:ad:54:
         4b:83:66:8b:a7:0a:95:ad:b5:a3:6c:6c:8c:8f:0f:7c:0d:ec:
         12:d6:74:fa:c1:eb:32:97:03:23:04:18:61:0b:06:88:06:19:
         2c:a2:1f:14:68:7f:c1:84:72:83:68:2b:b8:fc:f3:1d:8f:1a:
         d9:09:e9:16:3d:65:db:92:4f:67:58:5a:a4:e6:62:7e:74:9f:
         e4:4e:d2:a2:05:b6:d3:87:17:62:5f:6e:7b:fb:e4:18:27:f0:
         da:c7:41:63:91:ad:a3:1e:26:91:cf:5c:10:57:80:88:99:5f:
         02:75:fa:05:92:b1:37:5f:7d:18:f1:5d:d3:b7:97:a7:5b:6c:
         9e:0f:55:48:38:ea:e3:ca:38:86:d3:fa:25:9c:2e:30:8c:38:
         5f:8e:57:45:41:74:e7:8c:b2:9e:97:ab:4d:d5:3c:63:df:42:
         05:cc:41:3a:5f:10:84:c3:08:8f:40:93:67:ca:62:b2:0b:37:
         26:9e:78:e8:12:c5:85:ae:95:79:b5:5f:3c:dc:77:3d:36:8d:
         84:f3:26:55
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYYwFfEsWrBxkp06/ucyQ/HwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkNmRhODJkYmM3ZDdlMjgxOGY5NjY4MGI2NmVmY2VkYjEw
ODc5NDcwHhcNMjMwMjA4MDgxMzA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjdlNmZmMjQ1YWFiNjQ0OGQwMWRmMThhNTZmOTNhMDM0NjIwMGFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsYyytrUqYb83JSRJ0EIRTFp2qsop
Nx3uo2jBsBxNneDC4Pz9pKgI1JwYzBuHKc1j3XmNk26x/W1G0f5WJJ0xfl9gu4b8
GpUaZDqXfhClSOWcAJL8HOoYPAjCzjHBNGTKSO5Cc+U8WGKbhneHLp1HN4uM9rif
S2o49z/TLH9xnPrzY55GSg/VZWONsjdjRgxABelK30EIGEULTdnnb1UhLk2mAnKe
B60+it1HW7OvLmhD1hstDkE3c71+4DdjeLQ8eknP96XCjEDR01MZOdXsUZCOl0TS
wmg8nGbI/vQI0EGYV0h3xcvuPOitNU8AbxBdv2JnHOLEYzYFy+O419RnGQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFM9+b/JFqrZEjQHfGKVvk6A0YgCqMB8GA1UdIwQY
MBaAFO1tqC28fX4oGPlmgLZu/O2xCHlHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1cyb0xieDlmaWdZLVdhQXRtNzg3YkVJZVVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8zNTQ5ZmItZTNhMy00MTI0LWIzYjAt
NTk5NTc3ODdiMDE1LzEvejM1djhrV3F0a1NOQWQ4WXBXLVRvRFJpQUtvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8zNTQ5ZmItZTNhMy00MTI0LWIzYjAtNTk5NTc3ODdiMDE1
LzEvN1cyb0xieDlmaWdZLVdhQXRtNzg3YkVJZVVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQALv13AwQA
Lv19AwQAUpXnAwQAUpXsAwQAU40eAwQAU40pAwQAU406AwQAbUceAwQAshNEAwQA
shNMMA0GCSqGSIb3DQEBCwUAA4IBAQChHFmwx0x3QQyWKBxLMUxOoWa0cnF//6+T
HwQ8uz8APrf50GzkbGAisnGHWQTpyfBwJ1OCrVRLg2aLpwqVrbWjbGyMjw98DewS
1nT6wesylwMjBBhhCwaIBhksoh8UaH/BhHKDaCu4/PMdjxrZCekWPWXbkk9nWFqk
5mJ+dJ/kTtKiBbbThxdiX257++QYJ/Dax0Fjka2jHiaRz1wQV4CImV8CdfoFkrE3
X30Y8V3Tt5enW2yeD1VIOOrjyjiG0/olnC4wjDhfjldFQXTnjLKel6tN1Txj30IF
zEE6XxCEwwiPQJNnymKyCzcmnnjoEsWFrpV5tV883Hc9No2E8yZV
-----END CERTIFICATE-----