Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/587460-eab7-40d9-a512-3e660d0252db/1/OxAKGPqDQOXj-J0bVR7Dpe1ze0U.roa
File:                     OxAKGPqDQOXj-J0bVR7Dpe1ze0U.roa (raw, json)
Hash identifier:          W1QxcAHdeM47eg632HkE7EOVdzBK9gW5WOKPYTKxCbI=
Subject key identifier:   3B:10:0A:18:FA:83:40:E5:E3:F8:9D:1B:55:1E:C3:A5:ED:73:7B:45
Certificate issuer:       /CN=e30f8894f308172ace92fbe6052eec23853eadad
Certificate serial:       01917F87F6B72C513625ECFFD7B09657111B
Authority key identifier: E3:0F:88:94:F3:08:17:2A:CE:92:FB:E6:05:2E:EC:23:85:3E:AD:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4w-IlPMIFyrOkvvmBS7sI4U-ra0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/587460-eab7-40d9-a512-3e660d0252db/1/OxAKGPqDQOXj-J0bVR7Dpe1ze0U.roa
Signing time:             Fri 23 Aug 2024 13:58:22 +0000
ROA not before:           Fri 23 Aug 2024 13:58:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3920
IP address blocks:        77.247.111.0/24 maxlen: 24
                          117.18.118.0/24 maxlen: 24
                          117.55.202.0/24 maxlen: 24
                          117.55.203.0/24 maxlen: 24
                          185.53.91.0/24 maxlen: 24
                          212.237.231.0/24 maxlen: 24
                          2a13:adc0::/48 maxlen: 48
                          2a13:adc0:1::/48 maxlen: 48
                          2a13:adc0:2::/48 maxlen: 48

Validation:               Failed, certificate revoked on Sun 25 Aug 2024 08:06:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:7f:87:f6:b7:2c:51:36:25:ec:ff:d7:b0:96:57:11:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e30f8894f308172ace92fbe6052eec23853eadad
        Validity
            Not Before: Aug 23 13:58:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3b100a18fa8340e5e3f89d1b551ec3a5ed737b45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:e9:23:eb:f9:95:a4:65:48:4b:67:e6:7f:bf:
                    29:c9:b6:bf:36:28:fb:b8:27:8a:f5:68:77:bb:b6:
                    c3:c0:1b:b9:e4:b3:8f:b1:36:15:ea:61:2b:4b:46:
                    ee:47:33:2b:d2:42:b6:8f:61:ef:37:63:2a:5a:b2:
                    ee:fd:7a:85:3a:3b:f0:44:4f:f0:be:c5:fd:e2:46:
                    bb:54:46:5a:ca:60:59:c7:33:19:07:46:df:de:fa:
                    dd:f9:9f:60:77:07:5d:5b:ab:20:0d:34:4c:b6:3b:
                    15:bc:17:a8:c3:06:ec:55:a2:44:1e:d4:64:11:45:
                    90:2e:30:aa:60:5b:f1:9a:6c:6d:fb:8a:cb:34:c7:
                    64:cd:a8:08:9d:f1:b2:c5:0f:3e:f2:6d:4e:cd:e1:
                    fe:73:4c:e8:3a:6b:89:54:72:b2:86:ab:99:7e:99:
                    a6:97:9a:c2:55:7a:14:2b:45:a7:e7:0d:c3:72:6c:
                    a8:40:1c:4a:5d:b8:04:2e:e0:2b:20:6b:3c:7e:92:
                    6e:94:df:6d:c7:aa:a6:5f:b8:a1:2c:ad:5b:cd:66:
                    2a:e0:c4:4e:4d:9f:cc:82:c0:f5:82:d7:17:64:3e:
                    96:9b:6e:46:85:fb:2d:00:cf:fa:de:0f:1c:2b:32:
                    ef:11:41:fc:37:14:3f:73:41:67:5d:2e:7e:c7:06:
                    c1:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:10:0A:18:FA:83:40:E5:E3:F8:9D:1B:55:1E:C3:A5:ED:73:7B:45
            X509v3 Authority Key Identifier:
                keyid:E3:0F:88:94:F3:08:17:2A:CE:92:FB:E6:05:2E:EC:23:85:3E:AD:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4w-IlPMIFyrOkvvmBS7sI4U-ra0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/587460-eab7-40d9-a512-3e660d0252db/1/OxAKGPqDQOXj-J0bVR7Dpe1ze0U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/587460-eab7-40d9-a512-3e660d0252db/1/4w-IlPMIFyrOkvvmBS7sI4U-ra0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.247.111.0/24
                  117.18.118.0/24
                  117.55.202.0/23
                  185.53.91.0/24
                  212.237.231.0/24
                IPv6:
                  2a13:adc0::-2a13:adc0:2:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         4d:ad:d0:ba:b3:81:07:12:82:98:9e:a0:2c:6d:80:91:d5:aa:
         8a:2b:4f:63:c9:60:82:28:4a:59:5c:b8:ec:82:87:18:69:6f:
         77:73:a9:90:65:7a:13:27:7d:ce:11:f8:9a:2f:bc:3a:b4:ff:
         b6:d2:68:b6:62:79:85:4f:a3:a2:95:1c:f4:16:f6:5e:74:7b:
         c7:44:b1:5e:b1:c7:50:c7:86:05:53:30:a8:f5:20:6a:d1:37:
         19:f6:47:78:dd:34:1c:f7:b1:f2:27:fa:ac:90:59:83:12:8b:
         e3:58:13:ee:cb:31:2a:fe:d7:c2:1a:61:4c:4c:2f:f3:81:8d:
         13:4d:58:2d:ae:32:bb:45:34:9a:3b:21:07:66:1a:d1:db:af:
         1e:c6:9e:06:c7:32:7c:ab:37:76:19:ae:79:d5:5d:8a:90:9c:
         4f:38:2f:10:3f:00:74:c7:30:03:38:2c:ca:5c:a9:21:eb:83:
         ce:59:e5:ba:ef:7a:e2:81:42:bb:ae:ac:15:b1:af:7f:cb:15:
         ed:77:8d:a7:03:40:a3:c3:b4:fa:5d:80:2b:bd:19:2b:a7:98:
         f0:2b:05:ef:5f:a8:47:7f:39:5d:0c:73:ce:8e:6e:6d:9e:b4:
         c3:3f:59:d9:ee:5a:84:80:03:9e:5e:f5:97:a8:63:ba:46:7a:
         64:8e:17:92
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAZF/h/a3LFE2Jez/17CWVxEbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzMGY4ODk0ZjMwODE3MmFjZTkyZmJlNjA1MmVlYzIzODUz
ZWFkYWQwHhcNMjQwODIzMTM1ODIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjEwMGExOGZhODM0MGU1ZTNmODlkMWI1NTFlYzNhNWVkNzM3YjQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Okj6/mVpGVIS2fmf78pyba/Nij7
uCeK9Wh3u7bDwBu55LOPsTYV6mErS0buRzMr0kK2j2HvN2MqWrLu/XqFOjvwRE/w
vsX94ka7VEZaymBZxzMZB0bf3vrd+Z9gdwddW6sgDTRMtjsVvBeowwbsVaJEHtRk
EUWQLjCqYFvxmmxt+4rLNMdkzagInfGyxQ8+8m1OzeH+c0zoOmuJVHKyhquZfpmm
l5rCVXoUK0Wn5w3DcmyoQBxKXbgELuArIGs8fpJulN9tx6qmX7ihLK1bzWYq4MRO
TZ/MgsD1gtcXZD6Wm25GhfstAM/63g8cKzLvEUH8NxQ/c0FnXS5+xwbBFQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFDsQChj6g0Dl4/idG1Uew6Xtc3tFMB8GA1UdIwQY
MBaAFOMPiJTzCBcqzpL75gUu7COFPq2tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHctSWxQTUlGeXJPa3Z2bUJTN3NJNFUtcmEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS81ODc0NjAtZWFiNy00MGQ5LWE1MTIt
M2U2NjBkMDI1MmRiLzEvT3hBS0dQcURRT1hqLUowYlZSN0RwZTF6ZTBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS81ODc0NjAtZWFiNy00MGQ5LWE1MTItM2U2NjBkMDI1MmRi
LzEvNHctSWxQTUlGeXJPa3Z2bUJTN3NJNFUtcmEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDAkBAIAATAeAwQATfdvAwQA
dRJ2AwQBdTfKAwQAuTVbAwQA1O3nMBgEAgACMBIwEAMFBioTrcADBwAqE63AAAIw
DQYJKoZIhvcNAQELBQADggEBAE2t0LqzgQcSgpieoCxtgJHVqoorT2PJYIIoSllc
uOyChxhpb3dzqZBlehMnfc4R+JovvDq0/7bSaLZieYVPo6KVHPQW9l50e8dEsV6x
x1DHhgVTMKj1IGrRNxn2R3jdNBz3sfIn+qyQWYMSi+NYE+7LMSr+18IaYUxML/OB
jRNNWC2uMrtFNJo7IQdmGtHbrx7GngbHMnyrN3YZrnnVXYqQnE84LxA/AHTHMAM4
LMpcqSHrg85Z5brveuKBQruurBWxr3/LFe13jacDQKPDtPpdgCu9GSunmPArBe9f
qEd/OV0Mc86Obm2etMM/WdnuWoSAA55e9ZeoY7pGemSOF5I=
-----END CERTIFICATE-----