Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/gRtzF6C9X-mxaNc2b1vSbns-9sA.roa
File:                     gRtzF6C9X-mxaNc2b1vSbns-9sA.roa (raw, json)
Hash identifier:          XGM7EzSbw0E0hdD3FGb95AqTXINYr3YXC2CbyzlLw9w=
Subject key identifier:   81:1B:73:17:A0:BD:5F:E9:B1:68:D7:36:6F:5B:D2:6E:7B:3E:F6:C0
Certificate issuer:       /CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
Certificate serial:       018F97DD7768F9558E603EFDB3BA8AEBE7BF
Authority key identifier: 09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/gRtzF6C9X-mxaNc2b1vSbns-9sA.roa
Signing time:             Mon 20 May 2024 21:17:04 +0000
ROA not before:           Mon 20 May 2024 21:17:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        89.187.6.0/24 maxlen: 24
                          89.187.7.0/24 maxlen: 24
                          89.187.8.0/24 maxlen: 24
                          89.187.10.0/24 maxlen: 24
                          89.187.12.0/24 maxlen: 24
                          89.187.13.0/24 maxlen: 24
                          89.187.14.0/24 maxlen: 24
                          89.187.15.0/24 maxlen: 24
                          89.187.16.0/24 maxlen: 24
                          89.187.17.0/24 maxlen: 24
                          89.187.18.0/24 maxlen: 24
                          89.187.19.0/24 maxlen: 24
                          89.187.20.0/24 maxlen: 24
                          89.187.22.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sun 04 Aug 2024 12:08:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:97:dd:77:68:f9:55:8e:60:3e:fd:b3:ba:8a:eb:e7:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
        Validity
            Not Before: May 20 21:17:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=811b7317a0bd5fe9b168d7366f5bd26e7b3ef6c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:ab:bb:b9:de:10:c2:1f:50:f3:58:34:a6:45:
                    c9:9e:75:04:1e:f0:83:e6:05:31:de:c6:d5:60:50:
                    3e:9b:45:a1:be:82:72:77:68:7c:d1:4d:2a:9f:c3:
                    bb:5b:4a:db:18:1d:9c:ba:44:59:f9:4b:93:8b:5f:
                    45:c5:11:61:a5:f0:98:e6:ee:a6:73:98:1c:88:7a:
                    34:bc:c2:b9:31:d2:0c:36:43:96:46:85:23:84:22:
                    f1:5a:eb:10:5a:9d:dd:a3:e1:54:67:d7:d1:80:a0:
                    18:43:c5:68:24:df:2c:43:83:99:ae:eb:f0:7e:c5:
                    7d:2c:92:b9:a3:71:5b:11:97:3d:18:d0:84:11:ab:
                    33:ab:52:e0:74:b1:39:b9:a9:ec:a6:0a:4d:ea:31:
                    95:9d:3f:a7:2e:f5:8b:ac:75:0c:d9:ba:86:f9:30:
                    05:82:ce:2d:b4:7f:03:6d:e4:24:a9:84:d9:9f:91:
                    64:57:01:e1:5f:9e:41:94:35:0a:2f:42:e3:2b:bc:
                    32:10:b6:5b:96:9c:e0:41:f1:16:d8:e5:4c:87:6e:
                    c9:5f:fa:a4:87:3a:ad:5c:44:6d:6a:53:1c:de:12:
                    ea:2c:32:3a:41:01:60:dc:92:c2:3c:25:ab:d2:90:
                    cf:e2:fe:2a:9f:2c:6c:22:2e:bd:97:bd:5d:70:82:
                    65:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:1B:73:17:A0:BD:5F:E9:B1:68:D7:36:6F:5B:D2:6E:7B:3E:F6:C0
            X509v3 Authority Key Identifier:
                keyid:09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/gRtzF6C9X-mxaNc2b1vSbns-9sA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.187.6.0-89.187.8.255
                  89.187.10.0/24
                  89.187.12.0-89.187.20.255
                  89.187.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:3c:92:dc:4e:a2:8f:1c:53:c4:09:a4:60:3b:9a:63:45:fb:
         a4:9c:53:e9:96:09:fd:65:5a:60:f5:af:8f:3c:66:49:8c:20:
         0c:07:1c:d4:d1:ef:43:cb:61:45:a4:73:34:71:d6:96:23:3a:
         06:4b:4d:05:40:f4:ca:ce:4c:8a:64:7d:25:02:9d:8f:55:52:
         c4:f8:f0:8a:d2:d8:90:75:cf:ef:67:6a:62:89:47:9b:ac:dc:
         79:2f:c5:81:92:ce:4f:57:81:42:89:79:a5:e3:56:74:b4:b4:
         79:65:b1:c2:8c:f4:ca:36:b0:a8:3a:af:fc:88:7b:e4:4d:44:
         cf:45:49:fd:88:08:09:c0:51:60:40:80:e5:a7:a6:e6:81:7f:
         92:24:2b:38:9b:d7:a3:ce:4b:16:18:cd:c3:a1:70:e7:bf:6b:
         33:d4:91:ec:26:2e:ae:f2:84:b8:a5:4c:4a:aa:a6:fb:65:10:
         e4:48:76:f0:72:63:51:05:da:27:30:e2:9d:08:83:50:df:6a:
         2f:5c:de:7b:3f:e6:e8:87:64:7b:b9:71:03:19:ea:8f:2c:02:
         0f:0c:7e:9f:64:dc:7b:7b:86:a0:28:42:5f:ee:32:f3:a7:a5:
         30:c4:89:23:02:bc:de:ca:82:35:8f:b2:a8:e9:7e:fb:13:30:
         1d:95:ce:5b
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAY+X3Xdo+VWOYD79s7qK6+e/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MWVjN2NjZjBmYTc2MWVkOTliYzVhN2E5ZWMwZDBlZWIw
YmYwNTUwHhcNMjQwNTIwMjExNzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTFiNzMxN2EwYmQ1ZmU5YjE2OGQ3MzY2ZjViZDI2ZTdiM2VmNmMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsqu7ud4Qwh9Q81g0pkXJnnUEHvCD
5gUx3sbVYFA+m0WhvoJyd2h80U0qn8O7W0rbGB2cukRZ+UuTi19FxRFhpfCY5u6m
c5gciHo0vMK5MdIMNkOWRoUjhCLxWusQWp3do+FUZ9fRgKAYQ8VoJN8sQ4OZruvw
fsV9LJK5o3FbEZc9GNCEEaszq1LgdLE5uanspgpN6jGVnT+nLvWLrHUM2bqG+TAF
gs4ttH8DbeQkqYTZn5FkVwHhX55BlDUKL0LjK7wyELZblpzgQfEW2OVMh27JX/qk
hzqtXERtalMc3hLqLDI6QQFg3JLCPCWr0pDP4v4qnyxsIi69l71dcIJlYwIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFIEbcxegvV/psWjXNm9b0m57PvbAMB8GA1UdIwQY
MBaAFAkex8zw+nYe2ZvFp6nsDQ7rC/BVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQt
NDVjZmM4NTdkZGRkLzEvZ1J0ekY2QzlYLW14YU5jMmIxdlNibnMtOXNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQtNDVjZmM4NTdkZGRk
LzEvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAuBAIAATAoMAwDBAFZuwYD
BABZuwgDBABZuwowDAMEAlm7DAMEAFm7FAMEAFm7FjANBgkqhkiG9w0BAQsFAAOC
AQEASTyS3E6ijxxTxAmkYDuaY0X7pJxT6ZYJ/WVaYPWvjzxmSYwgDAcc1NHvQ8th
RaRzNHHWliM6BktNBUD0ys5MimR9JQKdj1VSxPjwitLYkHXP72dqYolHm6zceS/F
gZLOT1eBQol5peNWdLS0eWWxwoz0yjawqDqv/Ih75E1Ez0VJ/YgICcBRYECA5aem
5oF/kiQrOJvXo85LFhjNw6Fw579rM9SR7CYurvKEuKVMSqqm+2UQ5Eh28HJjUQXa
JzDinQiDUN9qL1zeez/m6Idke7lxAxnqjywCDwx+n2Tce3uGoChCX+4y86elMMSJ
IwK83sqCNY+yqOl++xMwHZXOWw==
-----END CERTIFICATE-----