Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/18d6d5-6c86-42c1-84f1-99a0189888b5/1/3nLP92fRlrccvzgcMex0z6DYVN8.roa
File:                     3nLP92fRlrccvzgcMex0z6DYVN8.roa (raw, json)
Hash identifier:          7VaNRxhGuS4IUwcgjwVvRObTuRn5oYloE2zrbiAL8JE=
Subject key identifier:   DE:72:CF:F7:67:D1:96:B7:1C:BF:38:1C:31:EC:74:CF:A0:D8:54:DF
Certificate issuer:       /CN=2588b1b560f998eccd3a6eff40543b59204d67b8
Certificate serial:       018CC64B764D68E62568FA4FC8927D33BD75
Authority key identifier: 25:88:B1:B5:60:F9:98:EC:CD:3A:6E:FF:40:54:3B:59:20:4D:67:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JYixtWD5mOzNOm7_QFQ7WSBNZ7g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/18d6d5-6c86-42c1-84f1-99a0189888b5/1/3nLP92fRlrccvzgcMex0z6DYVN8.roa
Signing time:             Mon 01 Jan 2024 18:31:23 +0000
ROA not before:           Mon 01 Jan 2024 18:31:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198013
IP address blocks:        94.185.123.0/24 maxlen: 24
                          94.185.97.0/24 maxlen: 24
                          94.185.96.0/19 maxlen: 19
                          94.185.98.0/24 maxlen: 24
                          94.185.104.0/22 maxlen: 22
                          94.185.103.0/24 maxlen: 24
                          94.185.102.0/24 maxlen: 24
                          94.185.101.0/24 maxlen: 24
                          94.185.100.0/24 maxlen: 24
                          94.185.99.0/24 maxlen: 24
                          94.185.105.0/24 maxlen: 24
                          94.185.110.0/24 maxlen: 24
                          94.185.109.0/24 maxlen: 24
                          94.185.108.0/24 maxlen: 24
                          94.185.112.0/24 maxlen: 24
                          94.185.113.0/24 maxlen: 24
                          2a03:4580::/32 maxlen: 32

Validation:               Failed, certificate revoked on Wed 03 Apr 2024 07:31:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:76:4d:68:e6:25:68:fa:4f:c8:92:7d:33:bd:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2588b1b560f998eccd3a6eff40543b59204d67b8
        Validity
            Not Before: Jan  1 18:31:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=de72cff767d196b71cbf381c31ec74cfa0d854df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:fd:58:ce:ed:cb:db:05:b1:58:58:35:71:86:
                    56:8b:27:c7:75:2c:38:99:30:b3:7a:45:84:bc:6d:
                    a5:14:a0:65:d9:c7:8e:ab:f5:78:4f:8b:ff:f7:93:
                    e7:b9:50:0d:26:f3:ab:29:6b:54:52:7f:7d:71:19:
                    1d:9c:49:3f:fe:a4:51:32:ce:0a:0b:c3:b4:42:d7:
                    8a:14:50:8f:91:b9:be:df:03:26:b2:07:21:61:80:
                    83:42:49:d9:b1:f7:98:1c:5a:54:7d:de:49:96:0f:
                    54:52:4e:99:8c:9d:e2:d9:4b:1e:ee:a1:26:77:dd:
                    13:e2:81:96:c7:0e:94:73:ae:44:e1:82:ac:f9:d2:
                    80:ef:31:d1:4a:1d:bd:67:4d:3f:de:d5:a0:e7:dc:
                    98:0d:5d:ad:5b:f0:65:e3:ac:10:91:94:d8:33:ce:
                    1c:6b:f6:7e:0e:e9:d6:e8:59:18:62:a7:89:77:48:
                    45:c6:5e:b1:f9:87:b9:ff:3f:ce:a1:e5:06:ec:a8:
                    0e:a5:82:cb:b8:46:d2:8d:db:68:ef:8a:f2:6f:75:
                    72:4c:8c:51:ee:5f:dd:03:4f:18:47:78:26:9b:42:
                    df:90:62:27:49:ed:25:89:fc:ec:71:ed:15:e1:94:
                    ef:78:50:d6:17:19:95:65:aa:cf:71:40:80:79:fa:
                    b7:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:72:CF:F7:67:D1:96:B7:1C:BF:38:1C:31:EC:74:CF:A0:D8:54:DF
            X509v3 Authority Key Identifier:
                keyid:25:88:B1:B5:60:F9:98:EC:CD:3A:6E:FF:40:54:3B:59:20:4D:67:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JYixtWD5mOzNOm7_QFQ7WSBNZ7g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/18d6d5-6c86-42c1-84f1-99a0189888b5/1/3nLP92fRlrccvzgcMex0z6DYVN8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/18d6d5-6c86-42c1-84f1-99a0189888b5/1/JYixtWD5mOzNOm7_QFQ7WSBNZ7g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.185.96.0/19
                IPv6:
                  2a03:4580::/32

    Signature Algorithm: sha256WithRSAEncryption
         11:d2:fd:20:1e:84:38:08:5f:7b:23:63:90:81:e4:eb:00:e5:
         b0:08:65:5c:63:d8:44:12:f5:18:16:3b:66:92:79:55:22:51:
         97:84:2e:15:16:7a:85:99:19:ed:17:98:dc:64:e2:af:1c:4d:
         eb:5c:9d:28:84:0c:b2:09:d6:70:e3:d2:17:23:e0:bf:3e:af:
         f9:61:70:e7:14:90:d8:d2:ab:dc:58:22:42:56:59:52:08:0b:
         ba:df:ee:c2:f0:7b:d1:2b:4b:41:6b:f1:0b:b0:fa:87:1b:0d:
         8c:bb:67:cc:b7:33:5d:8b:e3:82:70:1e:06:56:85:8f:27:04:
         40:2b:52:ff:fe:4c:31:96:43:14:50:91:b7:de:a4:59:65:a0:
         4d:37:4e:25:a8:21:75:17:fb:4d:ea:4c:2b:a0:c4:f8:37:fc:
         ac:06:52:27:4e:c9:e6:2f:03:4f:06:e3:56:10:93:a3:ff:68:
         42:45:d6:0d:e7:8b:8e:df:af:04:12:22:cc:74:34:47:1d:f4:
         6a:17:55:ee:1f:16:1f:d4:e7:21:d8:e8:ea:e7:a3:bf:5c:62:
         f8:9c:e9:d8:6e:1c:ad:59:9c:33:db:09:9c:0e:f6:b1:ab:27:
         8a:c6:7f:05:b0:a6:a7:ad:50:92:26:4c:03:05:59:08:ff:98:
         84:61:7d:4f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGS3ZNaOYlaPpPyJJ9M711MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1ODhiMWI1NjBmOTk4ZWNjZDNhNmVmZjQwNTQzYjU5MjA0
ZDY3YjgwHhcNMjQwMTAxMTgzMTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTcyY2ZmNzY3ZDE5NmI3MWNiZjM4MWMzMWVjNzRjZmEwZDg1NGRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm/1Yzu3L2wWxWFg1cYZWiyfHdSw4
mTCzekWEvG2lFKBl2ceOq/V4T4v/95PnuVANJvOrKWtUUn99cRkdnEk//qRRMs4K
C8O0QteKFFCPkbm+3wMmsgchYYCDQknZsfeYHFpUfd5Jlg9UUk6ZjJ3i2Use7qEm
d90T4oGWxw6Uc65E4YKs+dKA7zHRSh29Z00/3tWg59yYDV2tW/Bl46wQkZTYM84c
a/Z+DunW6FkYYqeJd0hFxl6x+Ye5/z/OoeUG7KgOpYLLuEbSjdto74ryb3VyTIxR
7l/dA08YR3gmm0LfkGInSe0lifzsce0V4ZTveFDWFxmVZarPcUCAefq3FQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFN5yz/dn0Za3HL84HDHsdM+g2FTfMB8GA1UdIwQY
MBaAFCWIsbVg+ZjszTpu/0BUO1kgTWe4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSllpeHRXRDVtT3pOT203X1FGUTdXU0JOWjdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS8xOGQ2ZDUtNmM4Ni00MmMxLTg0ZjEt
OTlhMDE4OTg4OGI1LzEvM25MUDkyZlJscmNjdnpnY01leDB6NkRZVk44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS8xOGQ2ZDUtNmM4Ni00MmMxLTg0ZjEtOTlhMDE4OTg4OGI1
LzEvSllpeHRXRDVtT3pOT203X1FGUTdXU0JOWjdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQFXrlgMA0E
AgACMAcDBQAqA0WAMA0GCSqGSIb3DQEBCwUAA4IBAQAR0v0gHoQ4CF97I2OQgeTr
AOWwCGVcY9hEEvUYFjtmknlVIlGXhC4VFnqFmRntF5jcZOKvHE3rXJ0ohAyyCdZw
49IXI+C/Pq/5YXDnFJDY0qvcWCJCVllSCAu63+7C8HvRK0tBa/ELsPqHGw2Mu2fM
tzNdi+OCcB4GVoWPJwRAK1L//kwxlkMUUJG33qRZZaBNN04lqCF1F/tN6kwroMT4
N/ysBlInTsnmLwNPBuNWEJOj/2hCRdYN54uO368EEiLMdDRHHfRqF1XuHxYf1Och
2Ojq56O/XGL4nOnYbhytWZwz2wmcDvaxqyeKxn8FsKanrVCSJkwDBVkI/5iEYX1P
-----END CERTIFICATE-----