Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/9c6dad-377a-444e-b0dc-063ce6cf460d/1/Cf15mZXzxcDjdWRnvxAnGMgMNJE.roa
File:                     Cf15mZXzxcDjdWRnvxAnGMgMNJE.roa (raw, json)
Hash identifier:          QOZztxaK5V58KbfhjlbjHbzSJ3NQXuonYp2D8bFso78=
Subject key identifier:   09:FD:79:99:95:F3:C5:C0:E3:75:64:67:BF:10:27:18:C8:0C:34:91
Certificate issuer:       /CN=50c1e426f58e42ae30e56cdb7ff4d8f9ddd85b30
Certificate serial:       0185729EE5EB5D3FFD325EA31DA22CC5DC80
Authority key identifier: 50:C1:E4:26:F5:8E:42:AE:30:E5:6C:DB:7F:F4:D8:F9:DD:D8:5B:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UMHkJvWOQq4w5Wzbf_TY-d3YWzA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/9c6dad-377a-444e-b0dc-063ce6cf460d/1/Cf15mZXzxcDjdWRnvxAnGMgMNJE.roa
Signing time:             Mon 02 Jan 2023 13:14:54 +0000
ROA not before:           Mon 02 Jan 2023 13:14:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     15763
IP address blocks:        195.253.8.0/21 maxlen: 21
                          195.253.16.0/22 maxlen: 22
                          195.253.21.0/24 maxlen: 24
                          195.253.24.0/22 maxlen: 22
                          195.138.36.0/24 maxlen: 24
                          195.138.44.0/22 maxlen: 22
                          195.253.28.0/23 maxlen: 23
                          195.253.30.0/24 maxlen: 24
                          195.138.42.0/23 maxlen: 23
                          195.138.48.0/22 maxlen: 22
                          195.138.52.0/24 maxlen: 24
                          195.138.59.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 06:31:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:9e:e5:eb:5d:3f:fd:32:5e:a3:1d:a2:2c:c5:dc:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=50c1e426f58e42ae30e56cdb7ff4d8f9ddd85b30
        Validity
            Not Before: Jan  2 13:14:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=09fd799995f3c5c0e3756467bf102718c80c3491
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:92:a7:f6:75:cc:eb:2d:86:ff:a2:3d:c9:43:
                    7d:8d:ff:e1:c4:71:f9:17:76:0b:30:a9:a9:a4:fa:
                    0e:45:d3:1e:23:5d:12:22:16:7a:71:9e:6e:6a:95:
                    ad:78:59:f4:bc:68:0a:5d:fa:cc:dd:0b:c9:41:6c:
                    eb:39:06:cb:8d:e4:9e:f2:c3:58:51:21:65:09:33:
                    0a:1d:f6:78:82:3d:2e:bd:e1:c9:f5:d8:f5:07:a7:
                    a7:8a:82:02:0b:ca:ec:85:cc:01:4a:16:91:ff:e5:
                    10:e2:6d:e4:ca:9b:b8:14:71:82:ea:55:59:06:7c:
                    b4:35:9c:cb:ed:82:35:2b:ec:6e:64:db:11:59:38:
                    ff:6d:5c:cd:be:b7:1e:0d:8f:da:5c:7e:49:05:95:
                    1a:7d:24:6e:f4:cd:07:ab:d2:24:83:01:e2:0e:b2:
                    7d:59:48:04:2e:e9:6b:8e:91:ed:91:f7:c5:21:10:
                    e1:88:f5:7c:33:c4:46:27:72:f1:2d:88:5c:84:9c:
                    46:05:0c:78:31:ea:85:c0:bf:96:e5:66:60:3a:35:
                    70:dd:72:d9:f9:83:98:15:03:f2:17:94:ab:c8:0b:
                    32:bd:55:e4:fc:a4:85:3b:5b:1a:a1:6b:83:0d:f1:
                    1c:d7:bf:d6:96:9e:d3:c9:56:5a:01:1f:8f:4f:28:
                    26:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:FD:79:99:95:F3:C5:C0:E3:75:64:67:BF:10:27:18:C8:0C:34:91
            X509v3 Authority Key Identifier:
                keyid:50:C1:E4:26:F5:8E:42:AE:30:E5:6C:DB:7F:F4:D8:F9:DD:D8:5B:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UMHkJvWOQq4w5Wzbf_TY-d3YWzA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/9c6dad-377a-444e-b0dc-063ce6cf460d/1/Cf15mZXzxcDjdWRnvxAnGMgMNJE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/9c6dad-377a-444e-b0dc-063ce6cf460d/1/UMHkJvWOQq4w5Wzbf_TY-d3YWzA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.138.36.0/24
                  195.138.42.0-195.138.52.255
                  195.138.59.0/24
                  195.253.8.0-195.253.19.255
                  195.253.21.0/24
                  195.253.24.0-195.253.30.255

    Signature Algorithm: sha256WithRSAEncryption
         66:20:f5:f9:17:8d:f6:99:15:7d:20:b5:35:6c:e1:12:20:dd:
         be:7a:fe:e7:a3:ca:4a:39:cf:ef:4d:b9:df:9a:94:6a:99:fe:
         44:3c:07:2b:94:61:0b:b7:00:52:c6:61:dd:a3:e3:59:ba:49:
         c6:be:91:ff:f8:5a:d2:ed:be:1e:71:e6:1e:46:ea:c8:81:0b:
         09:65:76:7c:07:f8:77:b5:9d:6c:58:2a:49:a6:82:7c:23:42:
         dc:d7:1a:06:a5:7f:07:60:0a:f4:55:6f:4c:5b:79:7b:d2:c9:
         af:f7:fa:d7:a5:96:b9:fa:35:1b:99:71:a9:f6:a9:c9:f9:af:
         48:a8:64:68:dc:04:c9:84:d9:94:12:9b:c9:c8:43:c5:84:2b:
         49:00:d8:fd:c1:15:71:6e:13:65:11:16:d3:a2:cd:b2:12:a4:
         2e:bf:7c:f5:c5:11:56:f3:fa:52:33:6d:0e:8e:22:99:82:a5:
         6e:77:a0:37:7a:51:e9:60:23:c5:f1:20:dd:15:08:9a:e8:3e:
         c4:f2:e4:87:94:e0:5c:e5:9b:6a:41:c0:d3:ab:ac:c4:d9:5e:
         24:3d:18:dd:9f:89:f7:0f:83:38:77:0e:d9:58:f5:f9:03:98:
         cd:af:7c:79:f0:bf:53:7b:be:bc:88:ae:3c:43:ab:50:fc:b3:
         74:ec:20:7d
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYVynuXrXT/9Ml6jHaIsxdyAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwYzFlNDI2ZjU4ZTQyYWUzMGU1NmNkYjdmZjRkOGY5ZGRk
ODViMzAwHhcNMjMwMTAyMTMxNDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWZkNzk5OTk1ZjNjNWMwZTM3NTY0NjdiZjEwMjcxOGM4MGMzNDkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl5Kn9nXM6y2G/6I9yUN9jf/hxHH5
F3YLMKmppPoORdMeI10SIhZ6cZ5uapWteFn0vGgKXfrM3QvJQWzrOQbLjeSe8sNY
USFlCTMKHfZ4gj0uveHJ9dj1B6enioICC8rshcwBShaR/+UQ4m3kypu4FHGC6lVZ
Bny0NZzL7YI1K+xuZNsRWTj/bVzNvrceDY/aXH5JBZUafSRu9M0Hq9IkgwHiDrJ9
WUgELulrjpHtkffFIRDhiPV8M8RGJ3LxLYhchJxGBQx4MeqFwL+W5WZgOjVw3XLZ
+YOYFQPyF5SryAsyvVXk/KSFO1saoWuDDfEc17/Wlp7TyVZaAR+PTygm6wIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFAn9eZmV88XA43VkZ78QJxjIDDSRMB8GA1UdIwQY
MBaAFFDB5Cb1jkKuMOVs23/02Pnd2FswMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVU1Ia0p2V09RcTR3NVd6YmZfVFktZDNZV3pBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi85YzZkYWQtMzc3YS00NDRlLWIwZGMt
MDYzY2U2Y2Y0NjBkLzEvQ2YxNW1aWHp4Y0RqZFdSbnZ4QW5HTWdNTkpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi85YzZkYWQtMzc3YS00NDRlLWIwZGMtMDYzY2U2Y2Y0NjBk
LzEvVU1Ia0p2V09RcTR3NVd6YmZfVFktZDNZV3pBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQAw4okMAwD
BAHDiioDBADDijQDBADDijswDAMEA8P9CAMEAsP9EAMEAMP9FTAMAwQDw/0YAwQA
w/0eMA0GCSqGSIb3DQEBCwUAA4IBAQBmIPX5F432mRV9ILU1bOESIN2+ev7no8pK
Oc/vTbnfmpRqmf5EPAcrlGELtwBSxmHdo+NZuknGvpH/+FrS7b4eceYeRurIgQsJ
ZXZ8B/h3tZ1sWCpJpoJ8I0Lc1xoGpX8HYAr0VW9MW3l70smv9/rXpZa5+jUbmXGp
9qnJ+a9IqGRo3ATJhNmUEpvJyEPFhCtJANj9wRVxbhNlERbTos2yEqQuv3z1xRFW
8/pSM20OjiKZgqVud6A3elHpYCPF8SDdFQia6D7E8uSHlOBc5ZtqQcDTq6zE2V4k
PRjdn4n3D4M4dw7ZWPX5A5jNr3x58L9Te768iK48Q6tQ/LN07CB9
-----END CERTIFICATE-----