Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/4f05ce-a382-49a0-9999-e52f70c06c29/1/aTr1oTmqVTf1bDLoJbGe8ss81pA.roa
File:                     aTr1oTmqVTf1bDLoJbGe8ss81pA.roa (raw, json)
Hash identifier:          hNZMmR0XBnGN2/yzoJPUVgwV3aDehmelWq2S7e+WQqE=
Subject key identifier:   69:3A:F5:A1:39:AA:55:37:F5:6C:32:E8:25:B1:9E:F2:CB:3C:D6:90
Certificate issuer:       /CN=9de783e9acd56992f5835fb4882183500ca03c83
Certificate serial:       018D65676090FBC0A86659441D138B9C4195
Authority key identifier: 9D:E7:83:E9:AC:D5:69:92:F5:83:5F:B4:88:21:83:50:0C:A0:3C:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/neeD6azVaZL1g1-0iCGDUAygPIM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/4f05ce-a382-49a0-9999-e52f70c06c29/1/aTr1oTmqVTf1bDLoJbGe8ss81pA.roa
Signing time:             Thu 01 Feb 2024 16:01:30 +0000
ROA not before:           Thu 01 Feb 2024 16:01:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        62.182.168.0/24 maxlen: 24
                          62.182.169.0/24 maxlen: 24
                          62.182.170.0/24 maxlen: 24
                          62.182.171.0/24 maxlen: 24
                          62.182.172.0/24 maxlen: 24
                          62.182.173.0/24 maxlen: 24
                          62.182.174.0/24 maxlen: 24
                          62.182.175.0/24 maxlen: 24
                          83.97.96.0/21 maxlen: 21
                          83.97.96.0/24 maxlen: 24
                          83.97.97.0/24 maxlen: 24
                          83.97.98.0/24 maxlen: 24
                          83.97.99.0/24 maxlen: 24
                          83.97.100.0/24 maxlen: 24
                          83.97.101.0/24 maxlen: 24
                          83.97.102.0/24 maxlen: 24
                          83.97.103.0/24 maxlen: 24
                          89.47.52.0/24 maxlen: 24
                          89.47.252.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 02 Feb 2024 09:15:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:65:67:60:90:fb:c0:a8:66:59:44:1d:13:8b:9c:41:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9de783e9acd56992f5835fb4882183500ca03c83
        Validity
            Not Before: Feb  1 16:01:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=693af5a139aa5537f56c32e825b19ef2cb3cd690
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:56:a3:b6:20:96:bf:5a:22:46:af:94:d7:d2:
                    43:43:17:55:cb:38:71:d2:ff:d3:17:4e:19:26:a8:
                    e5:bc:c1:c5:15:1d:87:37:da:07:53:25:6d:ab:f4:
                    0c:79:2b:a7:1e:7b:5b:d0:23:99:c0:d3:d1:3a:a8:
                    85:eb:d5:b0:73:fb:52:72:bb:39:6f:43:d5:3e:80:
                    f8:4d:36:9e:6f:5c:51:9f:10:cc:bc:e5:f8:81:23:
                    d0:3f:d1:6d:b6:4c:87:dd:3a:45:03:b3:59:a8:64:
                    0e:9d:39:33:85:29:1a:3a:42:a3:e1:01:bd:50:ae:
                    37:81:d8:de:fb:48:52:d5:c2:c4:fb:6f:13:2a:e0:
                    9c:3b:84:fd:29:fb:ee:db:17:d1:b0:30:4a:c5:6f:
                    a9:79:89:bc:be:ff:7b:f5:b1:15:9f:e2:f7:7e:af:
                    44:1c:70:a4:c7:62:07:40:e1:84:b2:cd:d3:4f:a0:
                    5e:c4:c2:bd:65:01:24:74:91:16:cb:ae:f7:ce:59:
                    92:87:dc:06:f6:42:71:6a:55:b1:6d:71:2e:a1:34:
                    38:51:b3:ac:e1:43:ff:b4:fe:92:e2:46:de:37:a6:
                    fc:d6:74:c1:23:81:e4:b8:d8:65:17:2b:b4:3a:01:
                    e6:f2:0f:cb:a2:f9:47:41:71:43:cd:25:f7:f7:30:
                    9c:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:3A:F5:A1:39:AA:55:37:F5:6C:32:E8:25:B1:9E:F2:CB:3C:D6:90
            X509v3 Authority Key Identifier:
                keyid:9D:E7:83:E9:AC:D5:69:92:F5:83:5F:B4:88:21:83:50:0C:A0:3C:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/neeD6azVaZL1g1-0iCGDUAygPIM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/4f05ce-a382-49a0-9999-e52f70c06c29/1/aTr1oTmqVTf1bDLoJbGe8ss81pA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/4f05ce-a382-49a0-9999-e52f70c06c29/1/neeD6azVaZL1g1-0iCGDUAygPIM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.182.168.0/21
                  83.97.96.0/21
                  89.47.52.0/24
                  89.47.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:68:ec:cc:d3:77:aa:eb:bd:bb:ad:f2:52:b1:c4:a9:22:25:
         3e:11:38:00:08:4d:61:02:59:ab:c2:6f:46:f5:8c:d9:dc:55:
         01:6b:64:69:c0:f2:8d:f0:6b:10:a4:38:33:95:ca:2e:f3:19:
         29:e4:05:3e:6c:1b:23:61:8c:91:30:5e:a6:a7:dc:7d:e1:65:
         0c:1a:0f:3f:0d:68:d7:b5:fd:9f:55:d1:62:55:78:07:c3:aa:
         3f:d6:3c:4f:b0:2a:bc:b7:d8:2d:20:bc:9a:c8:e2:19:d8:72:
         d2:dd:8e:12:7a:31:7b:5e:61:47:6c:5a:df:cd:1c:8f:4e:e4:
         cb:ff:d5:12:48:a3:d6:af:60:93:b6:ba:51:d6:09:b8:d3:6c:
         b1:ca:6a:89:de:d4:4b:4d:eb:9f:a8:67:63:82:e7:be:6f:a7:
         b3:08:f7:35:ec:3f:c3:d1:c8:ca:73:03:d0:dc:b0:5f:9f:dc:
         7c:52:8d:71:4f:fb:25:ea:05:56:be:0e:d9:b5:e1:28:c8:55:
         25:31:02:88:a4:c2:32:6e:bb:a3:d7:20:77:62:69:9f:40:08:
         31:a2:63:16:fe:eb:1f:3f:f1:db:38:0b:5d:1d:95:99:c0:31:
         90:be:39:78:4a:de:7a:24:e9:90:a9:50:8e:b2:19:df:3b:e9:
         49:7f:70:e4
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAY1lZ2CQ+8CoZllEHROLnEGVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkZTc4M2U5YWNkNTY5OTJmNTgzNWZiNDg4MjE4MzUwMGNh
MDNjODMwHhcNMjQwMjAxMTYwMTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTNhZjVhMTM5YWE1NTM3ZjU2YzMyZTgyNWIxOWVmMmNiM2NkNjkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5VajtiCWv1oiRq+U19JDQxdVyzhx
0v/TF04ZJqjlvMHFFR2HN9oHUyVtq/QMeSunHntb0COZwNPROqiF69Wwc/tScrs5
b0PVPoD4TTaeb1xRnxDMvOX4gSPQP9FttkyH3TpFA7NZqGQOnTkzhSkaOkKj4QG9
UK43gdje+0hS1cLE+28TKuCcO4T9Kfvu2xfRsDBKxW+peYm8vv979bEVn+L3fq9E
HHCkx2IHQOGEss3TT6BexMK9ZQEkdJEWy673zlmSh9wG9kJxalWxbXEuoTQ4UbOs
4UP/tP6S4kbeN6b81nTBI4HkuNhlFyu0OgHm8g/LovlHQXFDzSX39zCcWQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFGk69aE5qlU39Wwy6CWxnvLLPNaQMB8GA1UdIwQY
MBaAFJ3ng+ms1WmS9YNftIghg1AMoDyDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmVlRDZhelZhWkwxZzEtMGlDR0RVQXlnUElNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi80ZjA1Y2UtYTM4Mi00OWEwLTk5OTkt
ZTUyZjcwYzA2YzI5LzEvYVRyMW9UbXFWVGYxYkRMb0piR2U4c3M4MXBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi80ZjA1Y2UtYTM4Mi00OWEwLTk5OTktZTUyZjcwYzA2YzI5
LzEvbmVlRDZhelZhWkwxZzEtMGlDR0RVQXlnUElNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQDPraoAwQD
U2FgAwQAWS80AwQAWS/8MA0GCSqGSIb3DQEBCwUAA4IBAQAraOzM03eq6727rfJS
scSpIiU+ETgACE1hAlmrwm9G9YzZ3FUBa2RpwPKN8GsQpDgzlcou8xkp5AU+bBsj
YYyRMF6mp9x94WUMGg8/DWjXtf2fVdFiVXgHw6o/1jxPsCq8t9gtILyayOIZ2HLS
3Y4SejF7XmFHbFrfzRyPTuTL/9USSKPWr2CTtrpR1gm402yxymqJ3tRLTeufqGdj
gue+b6ezCPc17D/D0cjKcwPQ3LBfn9x8Uo1xT/sl6gVWvg7ZteEoyFUlMQKIpMIy
bruj1yB3YmmfQAgxomMW/usfP/HbOAtdHZWZwDGQvjl4St56JOmQqVCOshnfO+lJ
f3Dk
-----END CERTIFICATE-----