Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/Z9EbvzJxwXqGmVt_HKgpj7c71E8.roa
File:                     Z9EbvzJxwXqGmVt_HKgpj7c71E8.roa (raw, json)
Hash identifier:          PyJ0IVWGlaIm+p34uO82cdl0mmITZP87SuxdDDx4Frs=
Subject key identifier:   67:D1:1B:BF:32:71:C1:7A:86:99:5B:7F:1C:A8:29:8F:B7:3B:D4:4F
Certificate issuer:       /CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Certificate serial:       018AEFBE9783B0F854174D88E31A461B981B
Authority key identifier: 6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/Z9EbvzJxwXqGmVt_HKgpj7c71E8.roa
Signing time:             Mon 02 Oct 2023 09:35:59 +0000
ROA not before:           Mon 02 Oct 2023 09:35:59 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     198357
IP address blocks:        5.159.48.0/24 maxlen: 24
                          5.159.50.0/24 maxlen: 24
                          5.159.51.0/24 maxlen: 24
                          5.159.52.0/24 maxlen: 24
                          5.159.53.0/24 maxlen: 24
                          5.159.55.0/24 maxlen: 24
                          188.240.212.0/24 maxlen: 24
                          185.3.202.0/24 maxlen: 24
                          185.3.201.0/24 maxlen: 24
                          185.3.203.0/24 maxlen: 24
                          89.46.216.0/24 maxlen: 24
                          89.46.218.0/24 maxlen: 24
                          89.46.219.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 16:29:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:ef:be:97:83:b0:f8:54:17:4d:88:e3:1a:46:1b:98:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ddb38b343da2d119309edaa19c7a78870327ebe
        Validity
            Not Before: Oct  2 09:35:59 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=67d11bbf3271c17a86995b7f1ca8298fb73bd44f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:26:96:ba:73:08:79:7c:61:a2:e9:c7:13:56:
                    74:20:bf:6b:ed:15:20:b8:5d:98:31:e7:9f:d8:e3:
                    90:af:97:0f:ee:68:c0:75:7c:26:af:e1:b3:ae:73:
                    72:b5:7c:96:a2:f2:34:2d:c0:2f:f9:36:39:05:a0:
                    b2:cc:47:21:f4:31:f1:b9:23:1a:c7:a9:3e:fa:3c:
                    0d:c9:e0:07:ab:66:78:65:05:99:43:8c:e4:71:3c:
                    8f:f1:76:f8:66:31:45:bd:82:6e:6d:26:fb:9f:4b:
                    ef:26:93:08:3f:19:be:fd:d8:a4:77:14:b5:95:f8:
                    4c:08:69:aa:8f:ab:2d:0c:38:12:09:3a:e5:a8:75:
                    bc:99:60:cc:84:58:76:32:d4:c4:69:6b:35:3b:57:
                    92:07:25:69:35:58:ce:42:63:7c:fe:2c:9c:8c:c2:
                    db:a8:8b:c3:69:e8:96:be:cc:5f:5f:5e:3c:4a:16:
                    33:f3:67:a0:35:2f:51:98:1d:16:a0:58:fa:86:d5:
                    2f:bb:e0:79:b7:c5:81:f0:da:17:a9:9e:32:fd:dd:
                    22:95:73:71:74:1a:85:c2:f3:e3:43:88:b4:ab:26:
                    96:34:f9:3e:62:1c:b5:a2:5c:cd:a1:b7:33:4c:e3:
                    78:bd:4a:f7:0d:8f:c7:24:55:55:a9:3d:67:fb:39:
                    03:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:D1:1B:BF:32:71:C1:7A:86:99:5B:7F:1C:A8:29:8F:B7:3B:D4:4F
            X509v3 Authority Key Identifier:
                keyid:6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/Z9EbvzJxwXqGmVt_HKgpj7c71E8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.159.48.0/24
                  5.159.50.0-5.159.53.255
                  5.159.55.0/24
                  89.46.216.0/24
                  89.46.218.0/23
                  185.3.201.0-185.3.203.255
                  188.240.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:9b:29:a2:96:40:2c:9c:a6:a2:73:db:76:ea:51:a8:92:ce:
         b5:6c:ac:12:ba:9e:71:0d:b5:df:ac:54:8c:7f:51:cc:c5:b7:
         e9:92:cf:64:d2:e2:09:ad:7d:34:93:3f:91:2d:de:32:7a:bd:
         ed:18:47:47:cf:aa:a4:97:b1:09:ff:2e:c7:09:e1:cc:d7:12:
         23:29:23:f6:7d:80:79:41:fe:fb:9c:c6:69:e0:f2:09:d6:02:
         20:88:09:28:c2:53:6d:cd:2e:40:a6:1f:82:c9:d2:a9:59:91:
         e9:13:17:51:73:20:e7:1d:91:07:fd:cb:c3:1c:6c:22:2b:c6:
         f4:61:a1:95:67:a9:87:61:fb:24:27:e4:4b:bd:61:de:68:8e:
         05:65:62:e5:84:f2:90:05:a7:a5:68:22:09:5e:85:ae:c5:13:
         8e:ca:40:70:40:51:44:9b:7f:33:d6:72:5c:31:8f:4c:dc:9b:
         54:8f:1b:d6:af:e0:e0:41:08:d6:5d:dc:0b:7d:fd:d7:20:8e:
         aa:2a:32:34:5d:71:fa:87:0b:81:fb:dc:0e:89:ae:bd:15:89:
         ce:42:ef:81:58:22:63:88:1a:20:5a:71:f7:80:19:3b:02:02:
         52:ae:40:4c:3f:97:09:e8:06:07:d5:06:b5:fb:c3:77:55:f5:
         90:25:86:22
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAYrvvpeDsPhUF02I4xpGG5gbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZGIzOGIzNDNkYTJkMTE5MzA5ZWRhYTE5YzdhNzg4NzAz
MjdlYmUwHhcNMjMxMDAyMDkzNTU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2QxMWJiZjMyNzFjMTdhODY5OTViN2YxY2E4Mjk4ZmI3M2JkNDRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgCaWunMIeXxhounHE1Z0IL9r7RUg
uF2YMeef2OOQr5cP7mjAdXwmr+GzrnNytXyWovI0LcAv+TY5BaCyzEch9DHxuSMa
x6k++jwNyeAHq2Z4ZQWZQ4zkcTyP8Xb4ZjFFvYJubSb7n0vvJpMIPxm+/dikdxS1
lfhMCGmqj6stDDgSCTrlqHW8mWDMhFh2MtTEaWs1O1eSByVpNVjOQmN8/iycjMLb
qIvDaeiWvsxfX148ShYz82egNS9RmB0WoFj6htUvu+B5t8WB8NoXqZ4y/d0ilXNx
dBqFwvPjQ4i0qyaWNPk+Yhy1olzNobczTON4vUr3DY/HJFVVqT1n+zkDEQIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFGfRG78yccF6hplbfxyoKY+3O9RPMB8GA1UdIwQY
MBaAFG3bOLND2i0RkwntqhnHp4hwMn6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQt
M2RmYTUxMGQ2YjE2LzEvWjlFYnZ6Snh3WHFHbVZ0X0hLZ3BqN2M3MUU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQtM2RmYTUxMGQ2YjE2
LzEvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjBABAIAATA6AwQABZ8wMAwD
BAEFnzIDBAEFnzQDBAAFnzcDBABZLtgDBAFZLtowDAMEALkDyQMEArkDyAMEALzw
1DANBgkqhkiG9w0BAQsFAAOCAQEAT5spopZALJymonPbdupRqJLOtWysErqecQ21
36xUjH9RzMW36ZLPZNLiCa19NJM/kS3eMnq97RhHR8+qpJexCf8uxwnhzNcSIykj
9n2AeUH++5zGaeDyCdYCIIgJKMJTbc0uQKYfgsnSqVmR6RMXUXMg5x2RB/3Lwxxs
IivG9GGhlWeph2H7JCfkS71h3miOBWVi5YTykAWnpWgiCV6FrsUTjspAcEBRRJt/
M9ZyXDGPTNybVI8b1q/g4EEI1l3cC3391yCOqioyNF1x+ocLgfvcDomuvRWJzkLv
gVgiY4gaIFpx94AZOwICUq5ATD+XCegGB9UGtfvDd1X1kCWGIg==
-----END CERTIFICATE-----