Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/0e7ed3-48cb-4afe-8d15-dffe17f3db54/1/aGQBFPgvhRqsny4Uh5O7xDGzbvw.roa
File:                     aGQBFPgvhRqsny4Uh5O7xDGzbvw.roa (raw, json)
Hash identifier:          sVsWdgk4t4Z7v3Y/CWa7WBI1adF8ZfB7UYzCBpXCiy8=
Subject key identifier:   68:64:01:14:F8:2F:85:1A:AC:9F:2E:14:87:93:BB:C4:31:B3:6E:FC
Certificate issuer:       /CN=9812e491aaa655b6324dbcc0cff00a8d63191076
Certificate serial:       018D0CA07C7879C634B756BB7782296723C5
Authority key identifier: 98:12:E4:91:AA:A6:55:B6:32:4D:BC:C0:CF:F0:0A:8D:63:19:10:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mBLkkaqmVbYyTbzAz_AKjWMZEHY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/0e7ed3-48cb-4afe-8d15-dffe17f3db54/1/aGQBFPgvhRqsny4Uh5O7xDGzbvw.roa
Signing time:             Mon 15 Jan 2024 10:17:40 +0000
ROA not before:           Mon 15 Jan 2024 10:17:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8362
IP address blocks:        5.158.240.0/20 maxlen: 20
                          79.141.192.0/24 maxlen: 24
                          79.141.197.0/24 maxlen: 24
                          79.141.193.0/24 maxlen: 24
                          79.141.206.0/23 maxlen: 23
                          195.146.224.0/20 maxlen: 20
                          37.220.48.0/20 maxlen: 20
                          46.162.128.0/18 maxlen: 18
                          195.146.240.0/20 maxlen: 20
                          62.64.32.0/19 maxlen: 19
                          2a01:8e80::/29 maxlen: 29

Validation:               Failed, certificate revoked on Wed 24 Jan 2024 14:42:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:0c:a0:7c:78:79:c6:34:b7:56:bb:77:82:29:67:23:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9812e491aaa655b6324dbcc0cff00a8d63191076
        Validity
            Not Before: Jan 15 10:17:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=68640114f82f851aac9f2e148793bbc431b36efc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:39:18:25:0e:cd:d7:86:1c:b4:0e:fb:37:1e:
                    38:af:d9:c9:36:49:23:a7:8c:53:58:a8:4d:78:ac:
                    d7:d8:05:c6:4f:74:07:69:b5:e1:2a:cf:64:42:4a:
                    cc:10:71:46:aa:d7:88:ce:5b:76:ad:ec:9c:78:d3:
                    f4:62:a9:08:4d:75:68:b3:c6:5a:70:ac:60:d4:c7:
                    aa:d0:e7:24:d3:6a:90:3b:f8:ad:44:42:45:53:33:
                    70:a2:6f:c1:74:6a:b3:42:a7:48:45:b9:ad:c2:ff:
                    a9:2d:f3:95:c9:a0:ea:ad:4c:39:3d:8b:58:5d:9a:
                    1e:38:01:a5:cc:1b:6e:16:8a:64:ab:f2:0c:3c:65:
                    81:14:e6:ec:4d:98:d7:46:fd:bf:fc:26:95:6b:21:
                    08:e4:c6:1f:a7:28:46:63:ca:45:e2:01:33:77:c7:
                    fc:0d:a2:a4:fd:86:5f:bb:2c:a3:2b:a0:4e:9e:ea:
                    15:5e:db:c0:ee:f5:65:1e:f6:74:76:66:c9:f8:93:
                    e7:30:8b:b2:32:a0:ac:90:bd:8b:11:5a:d9:af:a5:
                    49:56:72:e7:a1:48:dc:6b:50:46:a1:9f:39:44:6b:
                    a0:df:3e:3a:0a:d1:5d:53:39:5f:ad:a4:ee:76:7e:
                    cf:38:26:78:d6:33:12:d1:bd:ba:03:45:cf:2c:bf:
                    65:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:64:01:14:F8:2F:85:1A:AC:9F:2E:14:87:93:BB:C4:31:B3:6E:FC
            X509v3 Authority Key Identifier:
                keyid:98:12:E4:91:AA:A6:55:B6:32:4D:BC:C0:CF:F0:0A:8D:63:19:10:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mBLkkaqmVbYyTbzAz_AKjWMZEHY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/0e7ed3-48cb-4afe-8d15-dffe17f3db54/1/aGQBFPgvhRqsny4Uh5O7xDGzbvw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/0e7ed3-48cb-4afe-8d15-dffe17f3db54/1/mBLkkaqmVbYyTbzAz_AKjWMZEHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.158.240.0/20
                  37.220.48.0/20
                  46.162.128.0/18
                  62.64.32.0/19
                  79.141.192.0/23
                  79.141.197.0/24
                  79.141.206.0/23
                  195.146.224.0/19
                IPv6:
                  2a01:8e80::/29

    Signature Algorithm: sha256WithRSAEncryption
         ad:9b:2a:91:f5:7d:f5:6a:7b:fc:9f:16:70:03:6c:40:ba:44:
         e6:4a:ab:22:5d:80:f8:1d:cf:6c:7e:72:fb:45:ba:a3:54:00:
         09:2f:c3:a0:39:9c:ad:c2:63:4d:25:0b:2d:4f:f8:fb:4d:3f:
         b3:8e:12:3a:56:ab:f6:fd:40:e1:b1:56:eb:ce:5d:bb:e7:4f:
         44:44:3c:c4:cb:11:f5:80:2a:74:7e:81:e1:c8:12:a6:24:87:
         00:d8:54:5b:a1:9a:40:cb:6f:15:2e:5b:dc:2d:3e:78:65:60:
         31:a0:ef:f9:9b:94:bd:f1:e8:5a:1d:40:f1:5a:a4:dd:f4:b9:
         b4:1f:b7:ac:b7:0d:3b:a4:42:5d:44:3f:27:66:b3:63:50:0d:
         9d:62:e3:21:7d:af:0c:3f:87:96:0f:13:9d:ba:02:9b:31:d1:
         14:9d:ef:4b:b6:b7:ee:30:cb:7a:29:4e:7b:8c:47:27:37:67:
         b1:5b:44:6f:63:f1:e9:05:2b:00:82:01:56:6e:a9:ad:99:72:
         cc:0e:a2:52:04:3a:05:c8:d9:49:8c:bc:6f:ec:5a:4c:98:c7:
         51:26:3d:12:79:a6:6c:4f:37:c6:ec:8e:cc:2d:4d:b2:41:84:
         8f:94:2b:7f:4d:f1:72:38:a2:70:86:18:ac:da:83:22:78:4e:
         03:03:82:a0
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAY0MoHx4ecY0t1a7d4IpZyPFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MTJlNDkxYWFhNjU1YjYzMjRkYmNjMGNmZjAwYThkNjMx
OTEwNzYwHhcNMjQwMTE1MTAxNzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODY0MDExNGY4MmY4NTFhYWM5ZjJlMTQ4NzkzYmJjNDMxYjM2ZWZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhTkYJQ7N14YctA77Nx44r9nJNkkj
p4xTWKhNeKzX2AXGT3QHabXhKs9kQkrMEHFGqteIzlt2reyceNP0YqkITXVos8Za
cKxg1Meq0Ock02qQO/itREJFUzNwom/BdGqzQqdIRbmtwv+pLfOVyaDqrUw5PYtY
XZoeOAGlzBtuFopkq/IMPGWBFObsTZjXRv2//CaVayEI5MYfpyhGY8pF4gEzd8f8
DaKk/YZfuyyjK6BOnuoVXtvA7vVlHvZ0dmbJ+JPnMIuyMqCskL2LEVrZr6VJVnLn
oUjca1BGoZ85RGug3z46CtFdUzlfraTudn7POCZ41jMS0b26A0XPLL9liwIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFGhkART4L4UarJ8uFIeTu8Qxs278MB8GA1UdIwQY
MBaAFJgS5JGqplW2Mk28wM/wCo1jGRB2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUJMa2thcW1WYll5VGJ6QXpfQUtqV01aRUhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni8wZTdlZDMtNDhjYi00YWZlLThkMTUt
ZGZmZTE3ZjNkYjU0LzEvYUdRQkZQZ3ZoUnFzbnk0VWg1Tzd4REd6YnZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni8wZTdlZDMtNDhjYi00YWZlLThkMTUtZGZmZTE3ZjNkYjU0
LzEvbUJMa2thcW1WYll5VGJ6QXpfQUtqV01aRUhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQEBZ7wAwQE
JdwwAwQGLqKAAwQFPkAgAwQBT43AAwQAT43FAwQBT43OAwQFw5LgMA0EAgACMAcD
BQMqAY6AMA0GCSqGSIb3DQEBCwUAA4IBAQCtmyqR9X31anv8nxZwA2xAukTmSqsi
XYD4Hc9sfnL7RbqjVAAJL8OgOZytwmNNJQstT/j7TT+zjhI6Vqv2/UDhsVbrzl27
509ERDzEyxH1gCp0foHhyBKmJIcA2FRboZpAy28VLlvcLT54ZWAxoO/5m5S98eha
HUDxWqTd9Lm0H7estw07pEJdRD8nZrNjUA2dYuMhfa8MP4eWDxOdugKbMdEUne9L
trfuMMt6KU57jEcnN2exW0RvY/HpBSsAggFWbqmtmXLMDqJSBDoFyNlJjLxv7FpM
mMdRJj0SeaZsTzfG7I7MLU2yQYSPlCt/TfFyOKJwhhis2oMieE4DA4Kg
-----END CERTIFICATE-----