Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/1c60ac-ba3f-440b-868b-ea12ef9422ec/1/LsODionFFmWtNjQmChdK0HgNBFI.roa
File:                     LsODionFFmWtNjQmChdK0HgNBFI.roa (raw, json)
Hash identifier:          8+6g5JOq9kX3JD4DwaEyUGzFhPdqBSWfTsb4XQXGoGg=
Subject key identifier:   2E:C3:83:8A:89:C5:16:65:AD:36:34:26:0A:17:4A:D0:78:0D:04:52
Certificate issuer:       /CN=7222c5ab7db3dd3966192faafe07f3115b0c8ee5
Certificate serial:       018CC8DF5F1452D0D6F08CEEAE14C39E0771
Authority key identifier: 72:22:C5:AB:7D:B3:DD:39:66:19:2F:AA:FE:07:F3:11:5B:0C:8E:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ciLFq32z3TlmGS-q_gfzEVsMjuU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/1c60ac-ba3f-440b-868b-ea12ef9422ec/1/LsODionFFmWtNjQmChdK0HgNBFI.roa
Signing time:             Tue 02 Jan 2024 06:32:11 +0000
ROA not before:           Tue 02 Jan 2024 06:32:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49872
IP address blocks:        109.122.192.0/24 maxlen: 24
                          109.122.193.0/24 maxlen: 24
                          109.122.205.0/24 maxlen: 24
                          109.122.201.0/24 maxlen: 24
                          109.122.213.0/24 maxlen: 24
                          109.122.207.0/24 maxlen: 24
                          109.122.210.0/24 maxlen: 24
                          109.122.215.0/24 maxlen: 24
                          109.122.217.0/24 maxlen: 24
                          109.122.220.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 15 Jan 2024 16:45:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:5f:14:52:d0:d6:f0:8c:ee:ae:14:c3:9e:07:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7222c5ab7db3dd3966192faafe07f3115b0c8ee5
        Validity
            Not Before: Jan  2 06:32:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2ec3838a89c51665ad3634260a174ad0780d0452
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:1b:e9:21:3e:1b:14:12:0d:2f:ee:67:e3:fb:
                    c0:66:86:b9:08:73:09:f5:1e:44:42:c1:07:4e:9f:
                    dd:3f:d5:5a:02:48:62:66:bc:78:0c:d4:6b:cf:9b:
                    e9:88:15:ed:ce:40:04:56:47:01:fa:a4:aa:81:31:
                    44:38:7c:2a:97:4b:20:f6:eb:c7:56:b6:2b:ec:27:
                    5f:1f:3f:23:7c:76:52:f5:4f:2f:3f:ea:5c:e4:64:
                    d0:bc:9b:ad:bb:af:59:c2:0a:c2:4f:7d:cc:8e:e1:
                    03:2a:79:29:47:b7:e3:bd:fc:c2:4e:45:68:b7:be:
                    36:97:c6:07:9c:d3:fb:92:38:f3:d8:dc:c6:65:52:
                    4d:34:18:29:2e:2c:e9:ad:8c:93:00:12:93:8c:17:
                    65:2c:d2:ab:d2:63:6f:93:9e:65:99:9e:b3:08:75:
                    4c:2a:ee:96:60:be:6e:db:c3:62:13:db:7a:bb:92:
                    d6:21:e9:cb:38:70:fa:82:27:7a:fb:07:b7:8f:17:
                    ca:22:a5:c1:e2:a0:42:ad:b0:aa:0c:b9:37:d6:50:
                    ae:66:4a:55:3e:cf:9c:c5:82:51:9a:eb:88:94:7e:
                    ad:b5:8e:60:26:c0:bb:7f:1e:b7:9a:45:d4:45:a2:
                    07:2a:cb:82:79:a2:9c:44:f6:7b:87:f9:92:3b:33:
                    f8:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:C3:83:8A:89:C5:16:65:AD:36:34:26:0A:17:4A:D0:78:0D:04:52
            X509v3 Authority Key Identifier:
                keyid:72:22:C5:AB:7D:B3:DD:39:66:19:2F:AA:FE:07:F3:11:5B:0C:8E:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ciLFq32z3TlmGS-q_gfzEVsMjuU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/1c60ac-ba3f-440b-868b-ea12ef9422ec/1/LsODionFFmWtNjQmChdK0HgNBFI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/1c60ac-ba3f-440b-868b-ea12ef9422ec/1/ciLFq32z3TlmGS-q_gfzEVsMjuU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.192.0/23
                  109.122.201.0/24
                  109.122.205.0/24
                  109.122.207.0/24
                  109.122.210.0/24
                  109.122.213.0/24
                  109.122.215.0/24
                  109.122.217.0/24
                  109.122.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:71:98:c1:4a:1c:32:89:26:43:a5:45:b4:3b:ce:41:64:97:
         5a:b9:de:4a:f0:73:ff:48:67:c0:40:51:db:21:87:03:00:b2:
         7f:bd:e5:2a:57:c9:57:b9:72:3c:18:ce:85:47:bc:45:6c:88:
         c6:98:32:94:aa:a6:03:92:b7:5f:52:8c:b0:ab:3c:c3:65:54:
         57:23:34:13:e3:69:4a:04:ab:fc:0d:9d:8a:c3:8c:82:08:a1:
         dc:6e:a4:17:c9:4e:5e:d5:de:cc:07:2d:88:04:f7:03:18:ab:
         bf:78:d3:3f:b3:53:38:bd:92:7c:dd:80:fb:06:ba:02:1f:a2:
         98:70:9e:b3:1a:0b:01:21:14:ac:c0:ae:93:ff:fe:86:9c:1f:
         07:17:73:68:8d:41:88:00:d5:68:d8:3b:db:3f:83:d9:ac:ad:
         f6:df:b0:02:5e:55:4c:aa:5b:32:52:92:dd:17:b0:f6:75:23:
         71:b4:38:f6:b3:f8:78:48:47:aa:a9:94:79:76:aa:91:38:8c:
         c1:b8:67:e5:85:d7:df:a4:4d:98:9a:a3:4f:d2:c5:af:99:51:
         f1:49:3f:dd:5c:e2:ec:26:9e:c3:12:d5:65:93:ba:2d:9c:df:
         94:db:f3:46:91:a9:1d:fd:e5:cc:51:a4:b5:ec:49:59:f1:68:
         7e:f4:18:8a
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYzI318UUtDW8IzurhTDngdxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMjJjNWFiN2RiM2RkMzk2NjE5MmZhYWZlMDdmMzExNWIw
YzhlZTUwHhcNMjQwMTAyMDYzMjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWMzODM4YTg5YzUxNjY1YWQzNjM0MjYwYTE3NGFkMDc4MGQwNDUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkRvpIT4bFBINL+5n4/vAZoa5CHMJ
9R5EQsEHTp/dP9VaAkhiZrx4DNRrz5vpiBXtzkAEVkcB+qSqgTFEOHwql0sg9uvH
VrYr7CdfHz8jfHZS9U8vP+pc5GTQvJutu69ZwgrCT33MjuEDKnkpR7fjvfzCTkVo
t742l8YHnNP7kjjz2NzGZVJNNBgpLizprYyTABKTjBdlLNKr0mNvk55lmZ6zCHVM
Ku6WYL5u28NiE9t6u5LWIenLOHD6gid6+we3jxfKIqXB4qBCrbCqDLk31lCuZkpV
Ps+cxYJRmuuIlH6ttY5gJsC7fx63mkXURaIHKsuCeaKcRPZ7h/mSOzP47QIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFC7Dg4qJxRZlrTY0JgoXStB4DQRSMB8GA1UdIwQY
MBaAFHIixat9s905Zhkvqv4H8xFbDI7lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2lMRnEzMnozVGxtR1MtcV9nZnpFVnNNanVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy8xYzYwYWMtYmEzZi00NDBiLTg2OGIt
ZWExMmVmOTQyMmVjLzEvTHNPRGlvbkZGbVd0TmpRbUNoZEswSGdOQkZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy8xYzYwYWMtYmEzZi00NDBiLTg2OGItZWExMmVmOTQyMmVj
LzEvY2lMRnEzMnozVGxtR1MtcV9nZnpFVnNNanVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQBbXrAAwQA
bXrJAwQAbXrNAwQAbXrPAwQAbXrSAwQAbXrVAwQAbXrXAwQAbXrZAwQAbXrcMA0G
CSqGSIb3DQEBCwUAA4IBAQBncZjBShwyiSZDpUW0O85BZJdaud5K8HP/SGfAQFHb
IYcDALJ/veUqV8lXuXI8GM6FR7xFbIjGmDKUqqYDkrdfUoywqzzDZVRXIzQT42lK
BKv8DZ2Kw4yCCKHcbqQXyU5e1d7MBy2IBPcDGKu/eNM/s1M4vZJ83YD7BroCH6KY
cJ6zGgsBIRSswK6T//6GnB8HF3NojUGIANVo2DvbP4PZrK3237ACXlVMqlsyUpLd
F7D2dSNxtDj2s/h4SEeqqZR5dqqROIzBuGflhdffpE2YmqNP0sWvmVHxST/dXOLs
Jp7DEtVlk7otnN+U2/NGkakd/eXMUaS17ElZ8Wh+9BiK
-----END CERTIFICATE-----