Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/aP0IV_ORMm_PX6ZAp1lch5jo-Pw.roa
File:                     aP0IV_ORMm_PX6ZAp1lch5jo-Pw.roa (raw, json)
Hash identifier:          qzXzQUcnUvEA0WJvsqjTpd2pTHh0MSOn0V0pfvbh30M=
Subject key identifier:   68:FD:08:57:F3:91:32:6F:CF:5F:A6:40:A7:59:5C:87:98:E8:F8:FC
Certificate issuer:       /CN=31a185d0eb0ca7811c586425de0e960e1cfeb61b
Certificate serial:       018F054AA31F4F8D9CAB0BBA45993C555B03
Authority key identifier: 31:A1:85:D0:EB:0C:A7:81:1C:58:64:25:DE:0E:96:0E:1C:FE:B6:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MaGF0OsMp4EcWGQl3g6WDhz-ths.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/aP0IV_ORMm_PX6ZAp1lch5jo-Pw.roa
Signing time:             Mon 22 Apr 2024 10:12:08 +0000
ROA not before:           Mon 22 Apr 2024 10:12:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199218
IP address blocks:        85.115.205.0/24 maxlen: 24
                          85.153.28.0/24 maxlen: 24
                          85.153.30.0/24 maxlen: 24
                          85.153.31.0/24 maxlen: 24
                          85.153.44.0/24 maxlen: 24
                          85.153.45.0/24 maxlen: 24
                          85.153.46.0/24 maxlen: 24
                          85.153.57.0/24 maxlen: 24
                          85.153.83.0/24 maxlen: 24
                          85.153.93.0/24 maxlen: 24
                          85.153.126.0/24 maxlen: 24
                          85.153.127.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 25 Oct 2024 14:20:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:05:4a:a3:1f:4f:8d:9c:ab:0b:ba:45:99:3c:55:5b:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31a185d0eb0ca7811c586425de0e960e1cfeb61b
        Validity
            Not Before: Apr 22 10:12:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=68fd0857f391326fcf5fa640a7595c8798e8f8fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:0f:1e:4c:87:01:be:85:19:04:df:e5:a1:bd:
                    32:66:8b:d4:61:f7:64:5c:43:b5:4d:40:3e:fb:82:
                    e1:6f:39:d4:5e:54:f7:5f:30:b7:95:d3:8d:c5:ae:
                    c0:cb:f5:83:60:8a:e1:57:ef:c3:36:8b:ad:0d:a7:
                    0c:c4:08:6a:28:46:ec:d2:3e:27:5c:b5:ef:6c:2d:
                    cd:a4:ef:4f:06:6f:ac:9b:09:27:a1:45:0f:8d:68:
                    cd:e7:10:7f:f6:4d:fa:2b:3e:1b:12:eb:db:7f:cb:
                    c3:bb:7a:27:58:8d:42:24:02:20:da:35:b7:b8:d5:
                    68:41:b5:fb:20:51:f3:72:7e:06:d2:f1:82:c0:06:
                    5e:01:e8:27:8f:c3:89:ce:77:b6:ec:98:0d:22:a8:
                    80:c3:a9:d4:99:d9:a2:95:1f:e5:0d:1a:a4:6c:e8:
                    1f:25:7c:93:69:84:c5:29:72:23:ab:ff:8a:7c:91:
                    b3:08:86:71:4e:69:a5:fc:29:d9:be:fb:41:dc:b2:
                    eb:f7:f3:16:f1:e8:49:e0:5f:c7:cc:10:eb:2b:e3:
                    bc:62:a1:d9:0a:7d:c9:54:10:6b:f7:94:fa:83:4e:
                    ff:5f:6a:b0:c6:6e:22:2f:3e:06:cf:ea:81:55:cb:
                    00:84:1b:fc:fd:a2:07:5a:3e:40:66:ca:5e:f2:b6:
                    1b:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:FD:08:57:F3:91:32:6F:CF:5F:A6:40:A7:59:5C:87:98:E8:F8:FC
            X509v3 Authority Key Identifier:
                keyid:31:A1:85:D0:EB:0C:A7:81:1C:58:64:25:DE:0E:96:0E:1C:FE:B6:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MaGF0OsMp4EcWGQl3g6WDhz-ths.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/aP0IV_ORMm_PX6ZAp1lch5jo-Pw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/MaGF0OsMp4EcWGQl3g6WDhz-ths.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.115.205.0/24
                  85.153.28.0/24
                  85.153.30.0/23
                  85.153.44.0-85.153.46.255
                  85.153.57.0/24
                  85.153.83.0/24
                  85.153.93.0/24
                  85.153.126.0/23

    Signature Algorithm: sha256WithRSAEncryption
         02:be:20:fa:1d:33:c7:14:d3:ef:d5:93:81:55:60:ef:be:6e:
         5f:0b:e7:67:9b:b5:84:f4:e9:66:05:51:9d:6b:4a:10:c0:d4:
         06:95:0d:63:d0:ac:b2:85:1e:43:c2:74:1a:ff:fa:89:29:df:
         0a:15:6b:94:12:b8:c9:eb:0c:d9:bd:6e:fc:e4:60:68:ec:59:
         ed:88:77:ac:6d:c4:83:4f:13:e5:c6:33:28:4d:ee:04:2f:0b:
         eb:1f:d9:ba:7b:1d:a9:32:fa:ea:53:22:23:2d:9a:5e:e9:df:
         48:f2:ec:e0:67:4c:34:a0:b6:37:b9:8e:3b:e6:8a:3e:53:ab:
         66:bd:b4:e0:d5:f6:d9:ee:3a:2b:82:80:97:12:ef:8e:31:69:
         f5:03:63:4c:a3:43:4a:50:c6:90:18:c7:e9:7e:9c:62:07:55:
         6a:1d:5c:8e:80:16:84:0e:bf:11:57:1d:90:ab:2c:01:b0:66:
         dc:b6:04:8c:17:1a:be:1d:58:eb:99:32:df:04:d0:9f:1d:7c:
         b3:fd:f1:7a:fd:dc:54:c8:85:b1:08:3c:8f:36:0d:b3:15:fe:
         7e:28:95:b0:73:96:2a:09:77:94:83:bc:5e:22:82:6b:e1:f9:
         39:41:dd:d8:0f:32:45:8c:21:c7:32:bb:d0:90:a2:4e:4c:98:
         79:71:be:ff
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAY8FSqMfT42cqwu6RZk8VVsDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxYTE4NWQwZWIwY2E3ODExYzU4NjQyNWRlMGU5NjBlMWNm
ZWI2MWIwHhcNMjQwNDIyMTAxMjA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGZkMDg1N2YzOTEzMjZmY2Y1ZmE2NDBhNzU5NWM4Nzk4ZThmOGZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlw8eTIcBvoUZBN/lob0yZovUYfdk
XEO1TUA++4LhbznUXlT3XzC3ldONxa7Ay/WDYIrhV+/DNoutDacMxAhqKEbs0j4n
XLXvbC3NpO9PBm+smwknoUUPjWjN5xB/9k36Kz4bEuvbf8vDu3onWI1CJAIg2jW3
uNVoQbX7IFHzcn4G0vGCwAZeAegnj8OJzne27JgNIqiAw6nUmdmilR/lDRqkbOgf
JXyTaYTFKXIjq/+KfJGzCIZxTmml/CnZvvtB3LLr9/MW8ehJ4F/HzBDrK+O8YqHZ
Cn3JVBBr95T6g07/X2qwxm4iLz4Gz+qBVcsAhBv8/aIHWj5AZspe8rYbZQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFGj9CFfzkTJvz1+mQKdZXIeY6Pj8MB8GA1UdIwQY
MBaAFDGhhdDrDKeBHFhkJd4Olg4c/rYbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWFHRjBPc01wNEVjV0dRbDNnNldEaHotdGhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny8wODFjNmUtMWQ2NS00Y2NkLTk2ZjUt
MWRjYzg2YzExZTc0LzEvYVAwSVZfT1JNbV9QWDZaQXAxbGNoNWpvLVB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny8wODFjNmUtMWQ2NS00Y2NkLTk2ZjUtMWRjYzg2YzExZTc0
LzEvTWFHRjBPc01wNEVjV0dRbDNnNldEaHotdGhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQAVXPNAwQA
VZkcAwQBVZkeMAwDBAJVmSwDBABVmS4DBABVmTkDBABVmVMDBABVmV0DBAFVmX4w
DQYJKoZIhvcNAQELBQADggEBAAK+IPodM8cU0+/Vk4FVYO++bl8L52ebtYT06WYF
UZ1rShDA1AaVDWPQrLKFHkPCdBr/+okp3woVa5QSuMnrDNm9bvzkYGjsWe2Id6xt
xINPE+XGMyhN7gQvC+sf2bp7Haky+upTIiMtml7p30jy7OBnTDSgtje5jjvmij5T
q2a9tODV9tnuOiuCgJcS744xafUDY0yjQ0pQxpAYx+l+nGIHVWodXI6AFoQOvxFX
HZCrLAGwZty2BIwXGr4dWOuZMt8E0J8dfLP98Xr93FTIhbEIPI82DbMV/n4olbBz
lioJd5SDvF4igmvh+TlB3dgPMkWMIccyu9CQok5MmHlxvv8=
-----END CERTIFICATE-----