Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/e718e4-53b7-47bb-a336-5a17719d449e/1/eKNHIRdxDoEl0FZZTy9fHmnkl-w.roa
File:                     eKNHIRdxDoEl0FZZTy9fHmnkl-w.roa (raw, json)
Hash identifier:          uP3Z5kr8ad8xkgycrvQ10rsX6VzvMrK+o0zdwPVpufA=
Subject key identifier:   78:A3:47:21:17:71:0E:81:25:D0:56:59:4F:2F:5F:1E:69:E4:97:EC
Certificate issuer:       /CN=330e640f9d63ba943a97b3dc10d4c6844a5d3dc1
Certificate serial:       018C58967B91B9FC5386FC71E9C66293E325
Authority key identifier: 33:0E:64:0F:9D:63:BA:94:3A:97:B3:DC:10:D4:C6:84:4A:5D:3D:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mw5kD51jupQ6l7PcENTGhEpdPcE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/e718e4-53b7-47bb-a336-5a17719d449e/1/eKNHIRdxDoEl0FZZTy9fHmnkl-w.roa
Signing time:             Mon 11 Dec 2023 11:15:06 +0000
ROA not before:           Mon 11 Dec 2023 11:15:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     210278
IP address blocks:        101.56.192.0/18 maxlen: 18
                          101.56.128.0/18 maxlen: 18
                          101.59.0.0/16 maxlen: 16
                          195.162.92.0/22 maxlen: 22
                          101.56.64.0/18 maxlen: 18
                          101.63.0.0/16 maxlen: 16
                          101.58.0.0/16 maxlen: 16
                          101.58.0.0/15 maxlen: 15
                          101.56.0.0/18 maxlen: 18
                          101.62.194.0/23 maxlen: 23
                          101.62.196.0/23 maxlen: 23
                          101.56.0.0/15 maxlen: 15
                          101.62.0.0/16 maxlen: 16
                          101.62.0.0/15 maxlen: 15
                          101.57.0.0/16 maxlen: 16
                          2a0e:400::/25 maxlen: 25

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 12:33:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:58:96:7b:91:b9:fc:53:86:fc:71:e9:c6:62:93:e3:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=330e640f9d63ba943a97b3dc10d4c6844a5d3dc1
        Validity
            Not Before: Dec 11 11:15:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=78a3472117710e8125d056594f2f5f1e69e497ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:e5:e8:65:92:e2:f7:a5:74:a6:18:90:23:73:
                    ac:ec:f1:ff:25:b2:ba:7b:40:7f:4c:77:7c:d2:88:
                    00:af:cf:4c:9d:52:fa:78:af:30:43:01:3f:93:fe:
                    76:2a:7f:79:a7:85:ee:70:59:ff:f1:ee:68:e4:35:
                    0a:01:ec:0b:9f:09:f0:15:f9:06:8b:d6:ed:1e:9d:
                    18:8c:01:ac:1c:06:24:b0:d9:71:d9:c6:a0:83:48:
                    d8:49:ed:fd:25:da:f4:f9:0c:e7:fe:86:54:e8:ec:
                    d7:6d:e1:7d:83:a0:4a:ec:de:01:a5:83:c5:9a:1c:
                    3b:b5:3f:c5:35:d3:03:27:05:6b:18:78:7c:b4:bd:
                    0a:6e:fb:45:81:a5:c3:28:85:70:08:b1:ce:6e:f4:
                    f1:7d:b0:98:d5:00:c6:68:3e:8d:78:63:54:4d:ea:
                    78:76:73:55:ec:97:e6:a5:30:55:4b:d5:6b:1d:bd:
                    c2:0b:47:d0:40:8e:76:6b:10:94:ab:52:45:e3:e2:
                    8e:83:9a:34:f7:bf:34:87:7d:df:67:a0:63:80:de:
                    32:dd:38:28:d4:77:ba:7e:43:01:95:8c:bc:d3:b0:
                    75:cb:08:ca:cd:63:de:40:46:01:8b:42:62:15:34:
                    5f:a6:c7:5a:c5:2a:e3:82:43:e2:c0:f9:3b:c3:9f:
                    eb:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:A3:47:21:17:71:0E:81:25:D0:56:59:4F:2F:5F:1E:69:E4:97:EC
            X509v3 Authority Key Identifier:
                keyid:33:0E:64:0F:9D:63:BA:94:3A:97:B3:DC:10:D4:C6:84:4A:5D:3D:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mw5kD51jupQ6l7PcENTGhEpdPcE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/e718e4-53b7-47bb-a336-5a17719d449e/1/eKNHIRdxDoEl0FZZTy9fHmnkl-w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/e718e4-53b7-47bb-a336-5a17719d449e/1/Mw5kD51jupQ6l7PcENTGhEpdPcE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  101.56.0.0/14
                  101.62.0.0/15
                  195.162.92.0/22
                IPv6:
                  2a0e:400::/25

    Signature Algorithm: sha256WithRSAEncryption
         65:fc:06:0c:f9:7f:34:37:dd:46:5f:0b:94:d7:fb:0b:66:a0:
         bb:21:af:3c:c7:2c:81:41:57:2f:5a:f2:7e:90:aa:78:7c:81:
         9e:ad:17:0c:b1:16:e6:e9:60:f2:04:4b:d6:db:d0:b4:05:ea:
         49:12:41:33:c8:9e:a7:db:03:d6:99:06:28:33:b7:95:1d:e8:
         50:f8:88:4d:32:b2:f6:dc:56:30:f2:f8:16:46:3d:0c:62:00:
         5b:64:73:2d:8b:cb:3b:f7:63:b6:8b:07:3f:78:6f:94:87:43:
         7e:44:82:f5:c5:37:b3:57:f5:54:da:07:7b:cf:4b:4b:1c:94:
         5d:8a:20:23:44:86:67:e5:a1:44:b2:bf:dd:f6:55:77:4f:e8:
         2d:2e:41:18:73:be:2c:04:57:a0:81:62:2e:0f:ff:c1:69:04:
         2f:9d:3b:3e:2c:4f:ce:e8:4c:f0:c8:9c:ae:e5:69:90:9e:1a:
         32:cf:d2:48:1a:ae:b0:a8:7c:97:34:0d:37:71:49:98:eb:ce:
         d3:03:ca:15:06:bd:14:2a:f8:ae:cd:88:f9:fc:b0:a0:44:1a:
         81:15:76:05:6b:4a:ed:b0:e7:83:b8:c6:70:01:21:24:f6:ff:
         af:a2:95:d9:ce:94:52:df:c8:99:a0:6e:02:55:82:96:85:5b:
         e0:39:c7:ad
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAYxYlnuRufxThvxx6cZik+MlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzMGU2NDBmOWQ2M2JhOTQzYTk3YjNkYzEwZDRjNjg0NGE1
ZDNkYzEwHhcNMjMxMjExMTExNTA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OGEzNDcyMTE3NzEwZTgxMjVkMDU2NTk0ZjJmNWYxZTY5ZTQ5N2VjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr+XoZZLi96V0phiQI3Os7PH/JbK6
e0B/THd80ogAr89MnVL6eK8wQwE/k/52Kn95p4XucFn/8e5o5DUKAewLnwnwFfkG
i9btHp0YjAGsHAYksNlx2cagg0jYSe39Jdr0+Qzn/oZU6OzXbeF9g6BK7N4BpYPF
mhw7tT/FNdMDJwVrGHh8tL0KbvtFgaXDKIVwCLHObvTxfbCY1QDGaD6NeGNUTep4
dnNV7JfmpTBVS9VrHb3CC0fQQI52axCUq1JF4+KOg5o09780h33fZ6BjgN4y3Tgo
1He6fkMBlYy807B1ywjKzWPeQEYBi0JiFTRfpsdaxSrjgkPiwPk7w5/rKQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFHijRyEXcQ6BJdBWWU8vXx5p5JfsMB8GA1UdIwQY
MBaAFDMOZA+dY7qUOpez3BDUxoRKXT3BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXc1a0Q1MWp1cFE2bDdQY0VOVEdoRXBkUGNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9lNzE4ZTQtNTNiNy00N2JiLWEzMzYt
NWExNzcxOWQ0NDllLzEvZUtOSElSZHhEb0VsMEZaWlR5OWZIbW5rbC13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9lNzE4ZTQtNTNiNy00N2JiLWEzMzYtNWExNzcxOWQ0NDll
LzEvTXc1a0Q1MWp1cFE2bDdQY0VOVEdoRXBkUGNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDgGCCsGAQUFBwEHAQH/BCkwJzAWBAIAATAQAwMCZTgDAwFl
PgMEAsOiXDANBAIAAjAHAwUHKg4EADANBgkqhkiG9w0BAQsFAAOCAQEAZfwGDPl/
NDfdRl8LlNf7C2aguyGvPMcsgUFXL1ryfpCqeHyBnq0XDLEW5ulg8gRL1tvQtAXq
SRJBM8iep9sD1pkGKDO3lR3oUPiITTKy9txWMPL4FkY9DGIAW2RzLYvLO/djtosH
P3hvlIdDfkSC9cU3s1f1VNoHe89LSxyUXYogI0SGZ+WhRLK/3fZVd0/oLS5BGHO+
LARXoIFiLg//wWkEL507PixPzuhM8MicruVpkJ4aMs/SSBqusKh8lzQNN3FJmOvO
0wPKFQa9FCr4rs2I+fywoEQagRV2BWtK7bDng7jGcAEhJPb/r6KV2c6UUt/ImaBu
AlWCloVb4DnHrQ==
-----END CERTIFICATE-----