Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/e25a3c-def6-4228-a10b-c45e949e9cd6/1/n88Sci6oaCPC-UuqWvyYAOsAR44.roa
File:                     n88Sci6oaCPC-UuqWvyYAOsAR44.roa (raw, json)
Hash identifier:          Tre5NAUSyoe5L7Z61YCOhPbfG9h+Rxw24AnyB0OAq4U=
Subject key identifier:   9F:CF:12:72:2E:A8:68:23:C2:F9:4B:AA:5A:FC:98:00:EB:00:47:8E
Certificate issuer:       /CN=29c170d98b5e35d7d51537671c6040a5151884bc
Certificate serial:       018607C84C109BF0C682CC06333E83E1EE39
Authority key identifier: 29:C1:70:D9:8B:5E:35:D7:D5:15:37:67:1C:60:40:A5:15:18:84:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KcFw2YteNdfVFTdnHGBApRUYhLw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/e25a3c-def6-4228-a10b-c45e949e9cd6/1/n88Sci6oaCPC-UuqWvyYAOsAR44.roa
Signing time:             Tue 31 Jan 2023 12:23:32 +0000
ROA not before:           Tue 31 Jan 2023 12:23:32 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     12859
IP address blocks:        193.168.157.0/24 maxlen: 24
                          193.168.158.0/24 maxlen: 24
                          193.168.156.0/22 maxlen: 22
                          193.168.156.0/24 maxlen: 24
                          193.168.159.0/24 maxlen: 24
                          212.72.226.0/24 maxlen: 24
                          212.72.225.0/24 maxlen: 24
                          212.72.224.0/24 maxlen: 24
                          212.72.224.0/21 maxlen: 21
                          212.72.227.0/24 maxlen: 24
                          212.72.230.0/24 maxlen: 24
                          212.72.231.0/24 maxlen: 24
                          212.72.228.0/24 maxlen: 24
                          212.72.229.0/24 maxlen: 24
                          2a02:968::/32 maxlen: 48

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 02:29:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:07:c8:4c:10:9b:f0:c6:82:cc:06:33:3e:83:e1:ee:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29c170d98b5e35d7d51537671c6040a5151884bc
        Validity
            Not Before: Jan 31 12:23:32 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9fcf12722ea86823c2f94baa5afc9800eb00478e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:59:cf:79:82:7e:15:3f:f8:d0:79:17:c0:02:
                    42:55:ae:09:ff:5b:79:4b:28:91:44:80:19:d7:48:
                    89:43:a4:4a:52:34:0f:e2:5b:a9:0f:a6:a3:33:ef:
                    a4:c9:fa:79:5a:d0:0d:8a:20:3d:47:55:1b:da:67:
                    58:e3:ee:94:23:23:01:10:07:a7:27:71:7d:29:b3:
                    7c:9d:6a:4b:c7:1c:6d:ff:57:0b:a1:d7:7a:2e:a3:
                    5c:cf:2e:8a:11:11:b9:f6:4d:7c:38:a4:07:ce:13:
                    29:b1:10:18:cd:1b:5c:a4:30:09:c1:bd:f3:35:19:
                    a2:5c:61:5b:73:6d:01:79:c9:69:88:b5:cd:97:27:
                    d3:cd:34:54:95:ab:0f:88:41:9b:5b:47:30:6f:18:
                    e0:15:00:d7:07:1e:09:33:48:67:e5:fb:25:03:16:
                    db:d9:d9:80:67:8b:64:32:cd:a1:98:a3:1c:a0:13:
                    74:1b:36:26:30:c1:f9:75:09:fa:05:38:0b:27:1a:
                    86:a5:5e:4e:c4:f9:a2:05:60:bf:41:cb:5d:4b:8e:
                    d9:3a:c4:fc:14:e1:ca:1a:10:9e:b6:51:f0:00:ea:
                    ad:38:47:1d:c0:de:79:4d:44:66:38:3e:22:15:a2:
                    74:dc:6f:51:19:cf:1d:ca:c6:bb:c9:18:06:cf:7e:
                    ef:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:CF:12:72:2E:A8:68:23:C2:F9:4B:AA:5A:FC:98:00:EB:00:47:8E
            X509v3 Authority Key Identifier:
                keyid:29:C1:70:D9:8B:5E:35:D7:D5:15:37:67:1C:60:40:A5:15:18:84:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KcFw2YteNdfVFTdnHGBApRUYhLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/e25a3c-def6-4228-a10b-c45e949e9cd6/1/n88Sci6oaCPC-UuqWvyYAOsAR44.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/e25a3c-def6-4228-a10b-c45e949e9cd6/1/KcFw2YteNdfVFTdnHGBApRUYhLw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.168.156.0/22
                  212.72.224.0/21
                IPv6:
                  2a02:968::/32

    Signature Algorithm: sha256WithRSAEncryption
         40:85:fd:4a:bd:33:ca:26:fc:1e:3d:22:57:b2:9a:2b:15:a8:
         2a:1f:59:42:a6:12:b8:39:e2:33:a0:14:c0:67:18:e5:ce:9a:
         af:13:f4:38:f9:f4:55:aa:00:3d:ae:4b:bb:a8:3c:97:9f:d6:
         8e:7d:82:ef:4c:c6:9b:2e:2f:a9:35:0d:3a:88:61:40:e0:01:
         b1:5d:f1:65:0a:a1:bb:3d:3e:fc:ba:35:b6:b9:cc:bd:b5:b0:
         12:67:a7:08:ff:b2:cb:50:19:7e:1c:ee:db:70:05:d6:e0:6c:
         a2:98:d8:9b:f8:ca:e4:19:14:57:05:51:03:56:53:2c:e2:5e:
         4a:3f:97:50:61:48:f6:f9:46:5a:4e:dd:0d:8e:b6:c4:25:bc:
         af:80:dd:e5:20:d7:83:2e:d2:e7:3d:c6:9b:e5:84:04:84:d5:
         41:a1:a9:1f:b2:26:b9:c1:1c:7e:2d:4c:c3:de:3a:de:74:f6:
         c7:dd:46:1d:fa:35:e9:7e:6c:63:82:50:ea:3e:56:09:98:9a:
         f9:19:0a:8c:f1:22:47:77:c9:e1:2e:93:c3:97:40:1c:c8:fe:
         cd:84:cb:66:07:9f:78:e4:27:8c:89:b7:d6:83:60:10:57:a2:
         54:f7:8a:a1:18:10:0e:51:25:49:f7:a3:b1:8e:f5:33:85:e9:
         dd:2d:bf:dc
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYYHyEwQm/DGgswGMz6D4e45MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5YzE3MGQ5OGI1ZTM1ZDdkNTE1Mzc2NzFjNjA0MGE1MTUx
ODg0YmMwHhcNMjMwMTMxMTIyMzMyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmNmMTI3MjJlYTg2ODIzYzJmOTRiYWE1YWZjOTgwMGViMDA0NzhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqVnPeYJ+FT/40HkXwAJCVa4J/1t5
SyiRRIAZ10iJQ6RKUjQP4lupD6ajM++kyfp5WtANiiA9R1Ub2mdY4+6UIyMBEAen
J3F9KbN8nWpLxxxt/1cLodd6LqNczy6KERG59k18OKQHzhMpsRAYzRtcpDAJwb3z
NRmiXGFbc20BeclpiLXNlyfTzTRUlasPiEGbW0cwbxjgFQDXBx4JM0hn5fslAxbb
2dmAZ4tkMs2hmKMcoBN0GzYmMMH5dQn6BTgLJxqGpV5OxPmiBWC/QctdS47ZOsT8
FOHKGhCetlHwAOqtOEcdwN55TURmOD4iFaJ03G9RGc8dysa7yRgGz37v8wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFJ/PEnIuqGgjwvlLqlr8mADrAEeOMB8GA1UdIwQY
MBaAFCnBcNmLXjXX1RU3ZxxgQKUVGIS8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2NGdzJZdGVOZGZWRlRkbkhHQkFwUlVZaEx3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi9lMjVhM2MtZGVmNi00MjI4LWExMGIt
YzQ1ZTk0OWU5Y2Q2LzEvbjg4U2NpNm9hQ1BDLVV1cVd2eVlBT3NBUjQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi9lMjVhM2MtZGVmNi00MjI4LWExMGItYzQ1ZTk0OWU5Y2Q2
LzEvS2NGdzJZdGVOZGZWRlRkbkhHQkFwUlVZaEx3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCwaicAwQD
1EjgMA0EAgACMAcDBQAqAgloMA0GCSqGSIb3DQEBCwUAA4IBAQBAhf1KvTPKJvwe
PSJXsporFagqH1lCphK4OeIzoBTAZxjlzpqvE/Q4+fRVqgA9rku7qDyXn9aOfYLv
TMabLi+pNQ06iGFA4AGxXfFlCqG7PT78ujW2ucy9tbASZ6cI/7LLUBl+HO7bcAXW
4GyimNib+MrkGRRXBVEDVlMs4l5KP5dQYUj2+UZaTt0NjrbEJbyvgN3lINeDLtLn
Pcab5YQEhNVBoakfsia5wRx+LUzD3jredPbH3UYd+jXpfmxjglDqPlYJmJr5GQqM
8SJHd8nhLpPDl0AcyP7NhMtmB5945CeMibfWg2AQV6JU94qhGBAOUSVJ96OxjvUz
hendLb/c
-----END CERTIFICATE-----