Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/Pa5f-NJp5CKwNFQZbqNAD_ioqiE.roa
File:                     Pa5f-NJp5CKwNFQZbqNAD_ioqiE.roa (raw, json)
Hash identifier:          7QbxMI+VMfFHYCo8rnbJz0dPcz1A9MXAwDMlB6J5F5E=
Subject key identifier:   3D:AE:5F:F8:D2:69:E4:22:B0:34:54:19:6E:A3:40:0F:F8:A8:AA:21
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       018E3DCFFFE5FDA2EC276A291DF15CE66108
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/Pa5f-NJp5CKwNFQZbqNAD_ioqiE.roa
Signing time:             Thu 14 Mar 2024 16:33:45 +0000
ROA not before:           Thu 14 Mar 2024 16:33:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12325
IP address blocks:        86.107.101.0/24 maxlen: 24
                          89.44.76.0/24 maxlen: 24
                          89.46.128.0/22 maxlen: 24
                          89.46.232.0/21 maxlen: 24
                          93.119.195.0/24 maxlen: 24
                          128.0.1.0/24 maxlen: 24
                          185.18.224.0/23 maxlen: 24
                          188.208.110.0/24 maxlen: 24
                          188.215.40.0/22 maxlen: 24

Validation:               Failed, certificate revoked on Fri 15 Mar 2024 19:59:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:3d:cf:ff:e5:fd:a2:ec:27:6a:29:1d:f1:5c:e6:61:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Mar 14 16:33:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3dae5ff8d269e422b03454196ea3400ff8a8aa21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:89:53:05:23:11:06:f8:20:c7:ed:52:21:84:
                    34:e3:c6:cc:eb:94:cc:15:f2:18:04:46:c3:ee:08:
                    59:ae:a9:86:5e:19:3c:f1:91:10:87:4b:a6:b8:f5:
                    2f:ad:f5:6e:ff:63:ec:5e:df:6d:ac:e7:0b:a3:04:
                    78:bb:1d:92:59:40:23:92:8b:2c:06:31:dd:df:7f:
                    6c:3a:5f:ad:7e:f8:41:30:dd:c6:62:b3:35:00:10:
                    25:7b:c4:f1:d0:1a:b2:53:b9:5d:7f:b0:b6:1f:24:
                    43:66:9d:0e:60:cf:a3:bb:42:f3:88:71:a7:26:a9:
                    23:3e:5e:3a:46:a6:29:3f:93:51:f4:4b:a1:1d:48:
                    df:28:f0:50:e3:c2:fb:50:c0:97:43:e2:e7:24:32:
                    82:65:9e:62:da:31:1c:d1:73:dd:70:26:50:d9:85:
                    46:5f:b1:02:14:6d:58:9b:5f:eb:2e:82:01:1b:56:
                    54:40:31:6f:62:3f:97:27:b9:21:aa:e3:00:3d:a4:
                    2e:bf:95:8d:80:c1:6a:33:29:3d:58:03:99:fa:c8:
                    8c:db:3e:7f:c5:58:d2:cd:62:8b:1e:9f:5c:46:81:
                    bb:33:6c:63:9f:76:28:7c:26:05:f5:29:b8:e7:23:
                    da:6e:54:c3:54:9f:7b:f1:29:80:63:31:3a:c1:8b:
                    76:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:AE:5F:F8:D2:69:E4:22:B0:34:54:19:6E:A3:40:0F:F8:A8:AA:21
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/Pa5f-NJp5CKwNFQZbqNAD_ioqiE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.107.101.0/24
                  89.44.76.0/24
                  89.46.128.0/22
                  89.46.232.0/21
                  93.119.195.0/24
                  128.0.1.0/24
                  185.18.224.0/23
                  188.208.110.0/24
                  188.215.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         e2:49:3b:19:e1:bb:2b:61:66:08:3d:dd:fe:d8:db:88:8e:84:
         7e:53:7c:b1:00:68:95:5e:ca:c9:c9:93:4a:f5:e1:13:db:9c:
         f9:eb:8c:48:09:ba:34:06:da:e4:f2:fa:b0:f7:13:2d:95:ba:
         f0:78:f2:d2:cf:b5:3c:d5:e3:0c:9f:90:07:21:e9:f6:6b:71:
         3f:5e:3b:7f:c6:cb:a1:b5:53:19:96:bb:7b:2d:e1:c3:cb:ee:
         15:8e:83:f6:99:51:84:c7:64:39:ae:5b:e1:eb:0c:9f:1b:d7:
         4c:d9:68:86:46:60:20:42:e2:6b:b4:14:ae:16:69:b9:39:74:
         b6:3f:48:c0:45:1f:79:1a:13:43:7b:a6:e5:be:18:e4:2e:53:
         ea:60:0c:16:69:8a:9e:7b:3f:76:0c:ca:ae:f0:30:3b:c8:3d:
         7d:4b:57:fb:88:a1:71:a5:dd:42:c6:a2:f5:9e:78:74:37:ee:
         c3:0e:3a:d3:89:f4:3e:23:9d:97:07:79:43:7b:3b:34:b4:47:
         aa:6b:30:0b:5b:f3:e3:26:81:a7:c3:a5:63:98:2f:57:d8:b9:
         47:3a:dc:0d:bd:60:12:5b:d9:f4:63:ff:08:d9:68:d0:3f:68:
         64:45:b7:63:8d:bd:36:9a:2c:20:2e:da:d1:ad:64:a1:52:31:
         57:9d:5e:5f
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAY49z//l/aLsJ2opHfFc5mEIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwMzE0MTYzMzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGFlNWZmOGQyNjllNDIyYjAzNDU0MTk2ZWEzNDAwZmY4YThhYTIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsolTBSMRBvggx+1SIYQ048bM65TM
FfIYBEbD7ghZrqmGXhk88ZEQh0umuPUvrfVu/2PsXt9trOcLowR4ux2SWUAjkoss
BjHd339sOl+tfvhBMN3GYrM1ABAle8Tx0BqyU7ldf7C2HyRDZp0OYM+ju0LziHGn
JqkjPl46RqYpP5NR9EuhHUjfKPBQ48L7UMCXQ+LnJDKCZZ5i2jEc0XPdcCZQ2YVG
X7ECFG1Ym1/rLoIBG1ZUQDFvYj+XJ7khquMAPaQuv5WNgMFqMyk9WAOZ+siM2z5/
xVjSzWKLHp9cRoG7M2xjn3YofCYF9Sm45yPablTDVJ978SmAYzE6wYt2IwIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFD2uX/jSaeQisDRUGW6jQA/4qKohMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL1BhNWYtTkpwNUNLd05GUVpicU5BRF9pb3FpRS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwTwYIKwYBBQUHAQcBAf8EQDA+MDwEAgABMDYDBABWa2UD
BABZLEwDBAJZLoADBANZLugDBABdd8MDBACAAAEDBAG5EuADBAC80G4DBAK81ygw
DQYJKoZIhvcNAQELBQADggEBAOJJOxnhuythZgg93f7Y24iOhH5TfLEAaJVeysnJ
k0r14RPbnPnrjEgJujQG2uTy+rD3Ey2VuvB48tLPtTzV4wyfkAch6fZrcT9eO3/G
y6G1UxmWu3st4cPL7hWOg/aZUYTHZDmuW+HrDJ8b10zZaIZGYCBC4mu0FK4Wabk5
dLY/SMBFH3kaE0N7puW+GOQuU+pgDBZpip57P3YMyq7wMDvIPX1LV/uIoXGl3ULG
ovWeeHQ37sMOOtOJ9D4jnZcHeUN7OzS0R6prMAtb8+MmgafDpWOYL1fYuUc63A29
YBJb2fRj/wjZaNA/aGRFt2ONvTaaLCAu2tGtZKFSMVedXl8=
-----END CERTIFICATE-----