Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/04d364-560f-4b36-8f2a-2b536cf7b825/1/RkahX46XaQ9LXNEsiI365hsKWf8.roa
File:                     RkahX46XaQ9LXNEsiI365hsKWf8.roa (raw, json)
Hash identifier:          596HB6fSE3+w2b5cARTKF4Vh9XHx/+v7mG1OW1eSb3A=
Subject key identifier:   46:46:A1:5F:8E:97:69:0F:4B:5C:D1:2C:88:8D:FA:E6:1B:0A:59:FF
Certificate issuer:       /CN=1d4e959200aea8fb929158b73e8c0e69a88dc5e9
Certificate serial:       018C9073D07139FEE687A64FE4A603E58838
Authority key identifier: 1D:4E:95:92:00:AE:A8:FB:92:91:58:B7:3E:8C:0E:69:A8:8D:C5:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HU6VkgCuqPuSkVi3PowOaaiNxek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/04d364-560f-4b36-8f2a-2b536cf7b825/1/RkahX46XaQ9LXNEsiI365hsKWf8.roa
Signing time:             Fri 22 Dec 2023 07:35:58 +0000
ROA not before:           Fri 22 Dec 2023 07:35:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     62275
IP address blocks:        185.221.72.0/22 maxlen: 24
                          185.234.112.0/24 maxlen: 24
                          5.62.72.0/21 maxlen: 24
                          185.40.212.0/22 maxlen: 24
                          193.254.12.0/22 maxlen: 24
                          2a10:acc0::/29 maxlen: 29
                          2a0c:e2c0::/29 maxlen: 29
                          2a01:ab40::/29 maxlen: 48
                          2a0c:8000::/29 maxlen: 29
                          2a04:8640::/29 maxlen: 29

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 14:29:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:90:73:d0:71:39:fe:e6:87:a6:4f:e4:a6:03:e5:88:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d4e959200aea8fb929158b73e8c0e69a88dc5e9
        Validity
            Not Before: Dec 22 07:35:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4646a15f8e97690f4b5cd12c888dfae61b0a59ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:b9:05:46:3f:d2:02:57:44:15:21:4e:d0:77:
                    69:fb:d9:51:fe:b8:43:77:40:0f:ba:cd:e3:86:42:
                    93:4d:15:c3:0b:22:03:80:8e:57:9f:ca:56:6c:50:
                    fc:97:f4:b2:42:a3:ef:28:5e:d5:db:ec:d4:3c:6f:
                    51:d3:8f:8b:08:25:87:e9:d5:03:bd:ba:84:fc:57:
                    e9:76:00:bf:24:b3:3f:f0:40:3e:d5:69:11:ea:f0:
                    b5:e3:ca:7b:f6:88:03:b7:98:c4:03:8e:a9:91:17:
                    68:79:09:cc:53:98:fb:30:c1:a7:25:37:9d:5e:b4:
                    e7:82:9b:53:74:19:1c:7b:b6:4f:44:2b:98:f1:65:
                    ff:ce:97:f6:18:71:d5:93:0a:0e:6b:18:25:eb:6b:
                    e2:e0:62:b1:7d:bf:85:14:26:86:7a:d4:22:91:6e:
                    1a:ae:e9:94:0f:8b:6a:03:0d:53:56:f2:7e:c6:28:
                    3a:94:1c:13:9d:74:cc:27:46:6b:dc:1c:98:67:8c:
                    d7:01:8a:76:a5:ec:2a:4c:39:90:f0:33:26:63:7e:
                    31:0b:b0:c5:ad:80:f5:2f:64:5b:c1:b2:5b:d2:22:
                    96:13:94:8d:19:07:67:27:03:cd:72:57:18:06:c7:
                    25:db:9b:38:23:af:33:84:ff:96:02:e3:b7:5f:d2:
                    4b:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:46:A1:5F:8E:97:69:0F:4B:5C:D1:2C:88:8D:FA:E6:1B:0A:59:FF
            X509v3 Authority Key Identifier:
                keyid:1D:4E:95:92:00:AE:A8:FB:92:91:58:B7:3E:8C:0E:69:A8:8D:C5:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HU6VkgCuqPuSkVi3PowOaaiNxek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/04d364-560f-4b36-8f2a-2b536cf7b825/1/RkahX46XaQ9LXNEsiI365hsKWf8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/04d364-560f-4b36-8f2a-2b536cf7b825/1/HU6VkgCuqPuSkVi3PowOaaiNxek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.62.72.0/21
                  185.40.212.0/22
                  185.221.72.0/22
                  185.234.112.0/24
                  193.254.12.0/22
                IPv6:
                  2a01:ab40::/29
                  2a04:8640::/29
                  2a0c:8000::/29
                  2a0c:e2c0::/29
                  2a10:acc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         55:40:79:25:98:44:a5:03:95:b3:5c:85:f5:68:3c:c3:6e:7f:
         f0:f4:7b:b1:33:d3:8f:62:59:2a:7d:7e:49:e3:37:1f:53:31:
         34:69:6b:80:4a:9c:e4:33:c4:56:56:6f:26:4f:44:9c:47:b5:
         a5:96:3c:cf:18:7a:2b:41:99:51:54:7b:62:df:fa:9a:10:e6:
         9e:35:25:13:c9:5b:02:0a:da:26:a0:41:59:80:ab:1c:db:fc:
         af:53:26:0e:3a:55:df:f8:0e:fa:19:60:9d:89:3c:0c:96:43:
         e1:79:4c:a1:b5:a0:2a:a2:c5:12:eb:5f:5b:6f:1c:fd:a7:4a:
         a8:48:5b:11:b1:3d:62:e0:b1:ee:b1:81:be:3d:09:33:07:5b:
         b2:cc:94:1f:ec:ab:40:30:7b:a4:b8:90:85:81:42:f1:0f:0c:
         67:4d:ac:b2:cd:3a:ba:55:ee:3d:52:d0:43:e5:7b:f6:e1:b2:
         bb:8c:58:a6:e9:4d:fd:e3:a8:b5:a8:1a:4e:46:6c:b2:8c:9b:
         15:42:8f:f3:42:b9:29:08:88:35:1b:50:b3:e4:78:49:7c:b6:
         da:47:b7:84:b3:d5:a5:24:35:05:6f:e9:74:36:d3:6d:6f:fe:
         2a:5d:5b:45:b7:d6:3e:8a:4f:b1:36:a3:d7:71:8d:79:7f:31:
         55:16:af:bd
-----BEGIN CERTIFICATE-----
MIIFQDCCBCigAwIBAgISAYyQc9BxOf7mh6ZP5KYD5Yg4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkNGU5NTkyMDBhZWE4ZmI5MjkxNThiNzNlOGMwZTY5YTg4
ZGM1ZTkwHhcNMjMxMjIyMDczNTU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjQ2YTE1ZjhlOTc2OTBmNGI1Y2QxMmM4ODhkZmFlNjFiMGE1OWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5rkFRj/SAldEFSFO0Hdp+9lR/rhD
d0APus3jhkKTTRXDCyIDgI5Xn8pWbFD8l/SyQqPvKF7V2+zUPG9R04+LCCWH6dUD
vbqE/FfpdgC/JLM/8EA+1WkR6vC148p79ogDt5jEA46pkRdoeQnMU5j7MMGnJTed
XrTngptTdBkce7ZPRCuY8WX/zpf2GHHVkwoOaxgl62vi4GKxfb+FFCaGetQikW4a
rumUD4tqAw1TVvJ+xig6lBwTnXTMJ0Zr3ByYZ4zXAYp2pewqTDmQ8DMmY34xC7DF
rYD1L2RbwbJb0iKWE5SNGQdnJwPNclcYBscl25s4I68zhP+WAuO3X9JLOQIDAQAB
o4ICTDCCAkgwHQYDVR0OBBYEFEZGoV+Ol2kPS1zRLIiN+uYbCln/MB8GA1UdIwQY
MBaAFB1OlZIArqj7kpFYtz6MDmmojcXpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFU2VmtnQ3VxUHVTa1ZpM1Bvd09hYWlOeGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS8wNGQzNjQtNTYwZi00YjM2LThmMmEt
MmI1MzZjZjdiODI1LzEvUmthaFg0NlhhUTlMWE5Fc2lJMzY1aHNLV2Y4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS8wNGQzNjQtNTYwZi00YjM2LThmMmEtMmI1MzZjZjdiODI1
LzEvSFU2VmtnQ3VxUHVTa1ZpM1Bvd09hYWlOeGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGIGCCsGAQUFBwEHAQH/BFMwUTAkBAIAATAeAwQDBT5IAwQC
uSjUAwQCud1IAwQAuepwAwQCwf4MMCkEAgACMCMDBQMqAatAAwUDKgSGQAMFAyoM
gAADBQMqDOLAAwUDKhCswDANBgkqhkiG9w0BAQsFAAOCAQEAVUB5JZhEpQOVs1yF
9Wg8w25/8PR7sTPTj2JZKn1+SeM3H1MxNGlrgEqc5DPEVlZvJk9EnEe1pZY8zxh6
K0GZUVR7Yt/6mhDmnjUlE8lbAgraJqBBWYCrHNv8r1MmDjpV3/gO+hlgnYk8DJZD
4XlMobWgKqLFEutfW28c/adKqEhbEbE9YuCx7rGBvj0JMwdbssyUH+yrQDB7pLiQ
hYFC8Q8MZ02sss06ulXuPVLQQ+V79uGyu4xYpulN/eOotagaTkZssoybFUKP80K5
KQiINRtQs+R4SXy22ke3hLPVpSQ1BW/pdDbTbW/+Kl1bRbfWPopPsTaj13GNeX8x
VRavvQ==
-----END CERTIFICATE-----