Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/3240e9-0eab-48fb-960b-3b651bb08efb/1/Tu32998xctwnTxTh-chMBm44z1E.roa
File:                     Tu32998xctwnTxTh-chMBm44z1E.roa (raw, json)
Hash identifier:          mtyzM+eOoMofa5kIj2q88MybMD5Pnlq62DkfQ5+QE5k=
Subject key identifier:   4E:ED:F6:F7:DF:31:72:DC:27:4F:14:E1:F9:C8:4C:06:6E:38:CF:51
Certificate issuer:       /CN=61b95518ed4f5582a2f6c11955740284bc088134
Certificate serial:       018BCD26DAD27B84C9FE6DA0900D01AA4691
Authority key identifier: 61:B9:55:18:ED:4F:55:82:A2:F6:C1:19:55:74:02:84:BC:08:81:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YblVGO1PVYKi9sEZVXQChLwIgTQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/3240e9-0eab-48fb-960b-3b651bb08efb/1/Tu32998xctwnTxTh-chMBm44z1E.roa
Signing time:             Tue 14 Nov 2023 09:25:57 +0000
ROA not before:           Tue 14 Nov 2023 09:25:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     42411
IP address blocks:        195.122.64.0/24 maxlen: 24
                          195.122.69.0/24 maxlen: 24
                          195.122.70.0/24 maxlen: 24
                          195.122.68.0/24 maxlen: 24
                          195.122.65.0/24 maxlen: 24
                          195.122.66.0/24 maxlen: 24
                          195.122.71.0/24 maxlen: 24
                          195.122.74.0/24 maxlen: 24
                          185.202.142.0/24 maxlen: 24
                          185.202.142.0/23 maxlen: 23
                          185.202.143.0/24 maxlen: 24
                          185.202.140.0/24 maxlen: 24
                          185.202.141.0/24 maxlen: 24
                          2a0b:1940::/48 maxlen: 48
                          2a0b:1940:1::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 16:30:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:cd:26:da:d2:7b:84:c9:fe:6d:a0:90:0d:01:aa:46:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b95518ed4f5582a2f6c11955740284bc088134
        Validity
            Not Before: Nov 14 09:25:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4eedf6f7df3172dc274f14e1f9c84c066e38cf51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:11:6c:aa:b6:1c:a0:06:48:4b:ff:ce:18:ec:
                    f6:eb:58:e5:dc:15:89:f7:14:52:e8:29:c2:89:54:
                    2d:01:a8:d5:a4:b4:93:7f:f1:de:48:4f:05:f0:f8:
                    08:cb:a6:99:80:e0:74:b9:c9:1a:fe:fd:6a:8e:bc:
                    7c:02:c6:2c:81:34:fd:41:93:4a:1e:95:02:6a:ab:
                    ad:b9:c8:6b:3f:22:f8:b5:f2:31:67:e8:a4:63:cc:
                    08:a9:3e:4a:cf:d4:de:76:a5:01:7a:25:3c:fe:6f:
                    be:8f:b7:cc:f3:5c:5d:a8:4a:ab:9a:ad:9b:e2:f5:
                    9d:d9:71:27:2a:70:e2:68:79:40:3c:64:a4:61:9f:
                    0d:49:00:14:63:04:2e:0c:c6:bf:05:13:6d:52:41:
                    2f:32:c6:c4:d6:02:96:7e:35:36:30:7b:05:e5:65:
                    32:eb:2e:cf:2c:69:0a:5b:23:f7:55:56:af:8a:eb:
                    ac:d5:e7:9f:64:fc:35:88:1e:de:64:f5:61:f8:d9:
                    e8:68:99:50:29:f2:3d:b2:58:08:64:5a:e8:91:8b:
                    a0:d7:ec:63:b7:01:d4:6e:ee:47:85:4b:c9:36:14:
                    2b:84:50:d2:b4:31:e1:77:89:c2:01:9f:24:05:94:
                    0e:ea:3b:82:e0:56:93:38:ad:00:c7:9f:d5:b2:de:
                    9d:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:ED:F6:F7:DF:31:72:DC:27:4F:14:E1:F9:C8:4C:06:6E:38:CF:51
            X509v3 Authority Key Identifier:
                keyid:61:B9:55:18:ED:4F:55:82:A2:F6:C1:19:55:74:02:84:BC:08:81:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YblVGO1PVYKi9sEZVXQChLwIgTQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/3240e9-0eab-48fb-960b-3b651bb08efb/1/Tu32998xctwnTxTh-chMBm44z1E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/3240e9-0eab-48fb-960b-3b651bb08efb/1/YblVGO1PVYKi9sEZVXQChLwIgTQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.202.140.0/22
                  195.122.64.0-195.122.66.255
                  195.122.68.0/22
                  195.122.74.0/24
                IPv6:
                  2a0b:1940::/47

    Signature Algorithm: sha256WithRSAEncryption
         76:f9:32:5c:10:e2:46:27:e9:6c:94:ed:81:75:85:d7:6f:96:
         a2:1a:bb:93:86:e6:a8:ba:4c:14:dc:57:f6:c1:44:1d:1e:d2:
         4f:19:d7:14:c3:02:35:d3:fe:de:48:a4:bf:fe:5a:b0:49:de:
         11:5a:6b:38:ad:32:45:3d:76:3f:87:e8:74:6d:2a:d0:34:22:
         b6:94:24:48:6e:15:40:45:30:75:af:34:8b:51:5a:65:e6:ac:
         f9:e3:3b:59:bb:23:e2:cd:78:41:6e:5d:83:74:e3:ae:72:21:
         fc:b7:e6:c5:89:bd:0a:e6:52:77:a3:cc:51:7a:21:3c:c7:ff:
         5f:34:f5:2f:10:f9:61:85:2e:3a:d4:1c:98:ff:b3:37:28:b6:
         2f:f2:69:d2:11:d5:ad:ee:cc:10:e5:5e:9b:83:bd:58:48:00:
         71:3e:be:f5:f5:96:bc:69:79:3e:2b:fe:57:fb:d8:a4:5e:9d:
         56:c2:1c:7a:75:d4:97:b1:cd:61:f7:92:75:4d:e2:ef:6e:98:
         e8:17:23:56:2c:36:cd:a4:ac:a1:90:96:5c:16:8e:76:69:51:
         fa:ee:f0:eb:d5:6d:0d:e4:7f:3e:2a:d8:55:12:c7:98:9e:33:
         85:ca:66:3c:cc:f5:88:20:a6:78:a2:0c:7a:3b:6a:34:b8:a4:
         33:b1:be:68
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgISAYvNJtrSe4TJ/m2gkA0BqkaRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxYjk1NTE4ZWQ0ZjU1ODJhMmY2YzExOTU1NzQwMjg0YmMw
ODgxMzQwHhcNMjMxMTE0MDkyNTU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWVkZjZmN2RmMzE3MmRjMjc0ZjE0ZTFmOWM4NGMwNjZlMzhjZjUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5hFsqrYcoAZIS//OGOz261jl3BWJ
9xRS6CnCiVQtAajVpLSTf/HeSE8F8PgIy6aZgOB0ucka/v1qjrx8AsYsgTT9QZNK
HpUCaqutuchrPyL4tfIxZ+ikY8wIqT5Kz9TedqUBeiU8/m++j7fM81xdqEqrmq2b
4vWd2XEnKnDiaHlAPGSkYZ8NSQAUYwQuDMa/BRNtUkEvMsbE1gKWfjU2MHsF5WUy
6y7PLGkKWyP3VVaviuus1eefZPw1iB7eZPVh+NnoaJlQKfI9slgIZFrokYug1+xj
twHUbu5HhUvJNhQrhFDStDHhd4nCAZ8kBZQO6juC4FaTOK0Ax5/Vst6dPwIDAQAB
o4ICNDCCAjAwHQYDVR0OBBYEFE7t9vffMXLcJ08U4fnITAZuOM9RMB8GA1UdIwQY
MBaAFGG5VRjtT1WCovbBGVV0AoS8CIE0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWJsVkdPMVBWWUtpOXNFWlZYUUNoTHdJZ1RRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny8zMjQwZTktMGVhYi00OGZiLTk2MGIt
M2I2NTFiYjA4ZWZiLzEvVHUzMjk5OHhjdHduVHhUaC1jaE1CbTQ0ejFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny8zMjQwZTktMGVhYi00OGZiLTk2MGItM2I2NTFiYjA4ZWZi
LzEvWWJsVkdPMVBWWUtpOXNFWlZYUUNoTHdJZ1RRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEoGCCsGAQUFBwEHAQH/BDswOTAmBAIAATAgAwQCucqMMAwD
BAbDekADBADDekIDBALDekQDBADDekowDwQCAAIwCQMHASoLGUAAADANBgkqhkiG
9w0BAQsFAAOCAQEAdvkyXBDiRifpbJTtgXWF12+Wohq7k4bmqLpMFNxX9sFEHR7S
TxnXFMMCNdP+3kikv/5asEneEVprOK0yRT12P4fodG0q0DQitpQkSG4VQEUwda80
i1FaZeas+eM7Wbsj4s14QW5dg3TjrnIh/LfmxYm9CuZSd6PMUXohPMf/XzT1LxD5
YYUuOtQcmP+zNyi2L/Jp0hHVre7MEOVem4O9WEgAcT6+9fWWvGl5Piv+V/vYpF6d
VsIcenXUl7HNYfeSdU3i726Y6BcjViw2zaSsoZCWXBaOdmlR+u7w69VtDeR/PirY
VRLHmJ4zhcpmPMz1iCCmeKIMejtqNLikM7G+aA==
-----END CERTIFICATE-----