Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/e718e4-53b7-47bb-a336-5a17719d449e/1/JID6FUA9WvKCahdqnNLDgKIkNtY.roa
File:                     JID6FUA9WvKCahdqnNLDgKIkNtY.roa (raw, json)
Hash identifier:          TxlmZMAwuMffqfYxlVwPUe42FWMZN2wGi+hDbE7O+SI=
Subject key identifier:   24:80:FA:15:40:3D:5A:F2:82:6A:17:6A:9C:D2:C3:80:A2:24:36:D6
Certificate issuer:       /CN=330e640f9d63ba943a97b3dc10d4c6844a5d3dc1
Certificate serial:       018871BBC8AA31D3A97F4F2154909405F1F4
Authority key identifier: 33:0E:64:0F:9D:63:BA:94:3A:97:B3:DC:10:D4:C6:84:4A:5D:3D:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mw5kD51jupQ6l7PcENTGhEpdPcE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/e718e4-53b7-47bb-a336-5a17719d449e/1/JID6FUA9WvKCahdqnNLDgKIkNtY.roa
Signing time:             Wed 31 May 2023 12:15:12 +0000
ROA not before:           Wed 31 May 2023 12:15:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     210278
IP address blocks:        101.60.0.0/15 maxlen: 15
                          101.60.0.0/14 maxlen: 14
                          101.56.192.0/18 maxlen: 18
                          101.56.128.0/18 maxlen: 18
                          101.59.0.0/16 maxlen: 16
                          101.56.0.0/13 maxlen: 13
                          195.162.92.0/22 maxlen: 22
                          101.56.64.0/18 maxlen: 18
                          101.58.0.0/16 maxlen: 16
                          101.58.0.0/15 maxlen: 15
                          101.56.0.0/18 maxlen: 18
                          101.62.194.0/23 maxlen: 23
                          101.62.196.0/23 maxlen: 23
                          101.56.0.0/15 maxlen: 15
                          101.62.0.0/15 maxlen: 15
                          101.57.0.0/16 maxlen: 16
                          2a0e:400::/25 maxlen: 25

Validation:               Failed, certificate revoked on Thu 20 Jul 2023 10:44:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:71:bb:c8:aa:31:d3:a9:7f:4f:21:54:90:94:05:f1:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=330e640f9d63ba943a97b3dc10d4c6844a5d3dc1
        Validity
            Not Before: May 31 12:15:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2480fa15403d5af2826a176a9cd2c380a22436d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:75:4b:23:c2:c6:0d:d3:4a:29:63:fe:d3:a0:
                    22:85:48:16:38:39:65:5e:a8:85:57:37:f7:2c:86:
                    41:3a:24:a2:75:ab:c6:ca:d0:b7:ee:d1:14:d1:3d:
                    ff:ee:53:b5:2c:e5:6a:3d:31:05:ac:a7:c1:21:f2:
                    67:dc:fb:4a:cb:92:07:94:1d:0a:b0:27:88:99:4a:
                    6b:6e:bb:5c:17:ed:e2:aa:0e:11:cb:9f:6f:53:8a:
                    69:05:47:f2:29:44:c0:21:ba:d0:d8:66:08:6e:39:
                    5f:c0:6b:f7:11:45:68:ef:10:fe:e9:98:70:19:21:
                    16:e4:7b:8c:ae:fb:f7:a3:ce:4d:14:e9:d3:21:ae:
                    18:fb:30:48:46:6f:b5:a5:39:50:13:de:b2:59:27:
                    25:a6:30:5b:e6:79:b7:99:13:65:c0:42:6d:db:05:
                    12:54:64:c2:59:fb:ca:dd:9a:4b:71:ff:eb:58:59:
                    23:c0:5c:21:cd:7e:e8:f5:8c:15:61:f4:26:71:72:
                    af:b6:6a:84:59:c3:d9:7b:55:92:6a:d3:d1:17:2e:
                    fa:50:cb:2d:9c:53:29:d2:b8:de:d6:5d:39:e4:80:
                    25:9c:2d:68:19:ca:ce:7a:05:d7:19:15:fe:f1:99:
                    21:b9:4c:74:18:4d:07:60:31:28:bb:94:88:48:d8:
                    69:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:80:FA:15:40:3D:5A:F2:82:6A:17:6A:9C:D2:C3:80:A2:24:36:D6
            X509v3 Authority Key Identifier:
                keyid:33:0E:64:0F:9D:63:BA:94:3A:97:B3:DC:10:D4:C6:84:4A:5D:3D:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mw5kD51jupQ6l7PcENTGhEpdPcE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/e718e4-53b7-47bb-a336-5a17719d449e/1/JID6FUA9WvKCahdqnNLDgKIkNtY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/e718e4-53b7-47bb-a336-5a17719d449e/1/Mw5kD51jupQ6l7PcENTGhEpdPcE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  101.56.0.0/13
                  195.162.92.0/22
                IPv6:
                  2a0e:400::/25

    Signature Algorithm: sha256WithRSAEncryption
         90:62:60:d5:a0:48:3b:bd:1e:c5:f0:55:1b:4a:76:4c:49:80:
         77:7e:f1:54:50:05:d6:02:bc:aa:19:b6:ff:db:7a:21:4c:cc:
         c3:d2:51:29:b4:6e:3a:1e:c0:74:ce:c9:c9:ee:fd:eb:a7:da:
         26:fd:eb:cb:39:c6:6c:3c:4d:fe:ec:6a:2e:c8:53:9c:06:ee:
         80:6a:f7:e7:ff:03:83:f0:f1:67:df:49:1c:ea:25:0b:7e:03:
         63:91:ac:ad:3a:7f:d1:9c:75:c9:7d:7b:35:fb:a1:4c:a8:ee:
         8c:88:d2:a9:d7:97:53:f7:df:74:f7:61:3b:38:7c:54:c6:47:
         f1:a9:fc:b3:30:01:3c:d6:0c:ac:14:9c:c1:e3:8f:1c:75:a7:
         17:12:90:7c:6a:34:cc:f3:90:31:1f:58:95:8d:55:ed:7d:a8:
         7d:e7:34:76:76:95:f7:20:33:13:01:7e:58:2f:5c:d6:f2:2b:
         b7:ef:4e:0f:6d:49:ab:1b:26:99:bb:33:7d:e2:dd:7c:59:e3:
         4f:a3:6b:50:26:3c:cb:8a:43:e4:99:63:a0:2d:6a:de:9b:77:
         3f:62:e5:94:db:39:eb:60:42:1e:ff:60:d0:47:6a:f5:ca:7b:
         da:3d:4a:4b:d0:22:1e:00:1b:5c:ab:b9:55:8f:c2:b5:a1:83:
         79:d3:7e:3d
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYhxu8iqMdOpf08hVJCUBfH0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzMGU2NDBmOWQ2M2JhOTQzYTk3YjNkYzEwZDRjNjg0NGE1
ZDNkYzEwHhcNMjMwNTMxMTIxNTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDgwZmExNTQwM2Q1YWYyODI2YTE3NmE5Y2QyYzM4MGEyMjQzNmQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoHVLI8LGDdNKKWP+06AihUgWODll
XqiFVzf3LIZBOiSidavGytC37tEU0T3/7lO1LOVqPTEFrKfBIfJn3PtKy5IHlB0K
sCeImUprbrtcF+3iqg4Ry59vU4ppBUfyKUTAIbrQ2GYIbjlfwGv3EUVo7xD+6Zhw
GSEW5HuMrvv3o85NFOnTIa4Y+zBIRm+1pTlQE96yWSclpjBb5nm3mRNlwEJt2wUS
VGTCWfvK3ZpLcf/rWFkjwFwhzX7o9YwVYfQmcXKvtmqEWcPZe1WSatPRFy76UMst
nFMp0rje1l055IAlnC1oGcrOegXXGRX+8ZkhuUx0GE0HYDEou5SISNhpqQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFCSA+hVAPVrygmoXapzSw4CiJDbWMB8GA1UdIwQY
MBaAFDMOZA+dY7qUOpez3BDUxoRKXT3BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXc1a0Q1MWp1cFE2bDdQY0VOVEdoRXBkUGNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9lNzE4ZTQtNTNiNy00N2JiLWEzMzYt
NWExNzcxOWQ0NDllLzEvSklENkZVQTlXdktDYWhkcW5OTERnS0lrTnRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9lNzE4ZTQtNTNiNy00N2JiLWEzMzYtNWExNzcxOWQ0NDll
LzEvTXc1a0Q1MWp1cFE2bDdQY0VOVEdoRXBkUGNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjARBAIAATALAwMDZTgDBALD
olwwDQQCAAIwBwMFByoOBAAwDQYJKoZIhvcNAQELBQADggEBAJBiYNWgSDu9HsXw
VRtKdkxJgHd+8VRQBdYCvKoZtv/beiFMzMPSUSm0bjoewHTOycnu/eun2ib968s5
xmw8Tf7sai7IU5wG7oBq9+f/A4Pw8WffSRzqJQt+A2ORrK06f9Gcdcl9ezX7oUyo
7oyI0qnXl1P333T3YTs4fFTGR/Gp/LMwATzWDKwUnMHjjxx1pxcSkHxqNMzzkDEf
WJWNVe19qH3nNHZ2lfcgMxMBflgvXNbyK7fvTg9tSasbJpm7M33i3XxZ40+ja1Am
PMuKQ+SZY6Atat6bdz9i5ZTbOetgQh7/YNBHavXKe9o9SkvQIh4AG1yruVWPwrWh
g3nTfj0=
-----END CERTIFICATE-----