Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/6ccab3-479b-4da8-ae98-2cb6e3fdf9cd/1/B6nEQBRj8pQ4jFB_XCwGXWk3g8M.roa
File:                     B6nEQBRj8pQ4jFB_XCwGXWk3g8M.roa (raw, json)
Hash identifier:          GUY4nPj43Px2Q5EJ0RIkvpMD1HgKX4QGu2BGQQRSKjc=
Subject key identifier:   07:A9:C4:40:14:63:F2:94:38:8C:50:7F:5C:2C:06:5D:69:37:83:C3
Certificate issuer:       /CN=3ec9fb0d13552aad04f3aaaeb58d4dd4e7cf40f0
Certificate serial:       018CC349355AF78D1E07010618DA201FE6F1
Authority key identifier: 3E:C9:FB:0D:13:55:2A:AD:04:F3:AA:AE:B5:8D:4D:D4:E7:CF:40:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Psn7DRNVKq0E86qutY1N1OfPQPA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/6ccab3-479b-4da8-ae98-2cb6e3fdf9cd/1/B6nEQBRj8pQ4jFB_XCwGXWk3g8M.roa
Signing time:             Mon 01 Jan 2024 04:30:03 +0000
ROA not before:           Mon 01 Jan 2024 04:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62166
IP address blocks:        185.240.68.0/23 maxlen: 23
                          185.240.68.0/22 maxlen: 22
                          185.240.70.0/23 maxlen: 23
                          185.83.172.0/22 maxlen: 22
                          185.83.172.0/23 maxlen: 23
                          185.83.174.0/23 maxlen: 23
                          193.58.36.0/23 maxlen: 23
                          193.58.36.0/22 maxlen: 22
                          193.58.38.0/23 maxlen: 23
                          185.208.44.0/23 maxlen: 23
                          185.208.44.0/22 maxlen: 22
                          185.208.46.0/23 maxlen: 23
                          2a05:9d40::/29 maxlen: 29

Validation:               Failed, certificate revoked on Sat 07 Sep 2024 11:03:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:35:5a:f7:8d:1e:07:01:06:18:da:20:1f:e6:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ec9fb0d13552aad04f3aaaeb58d4dd4e7cf40f0
        Validity
            Not Before: Jan  1 04:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=07a9c4401463f294388c507f5c2c065d693783c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:08:17:cb:0a:b6:03:4c:30:32:db:72:bf:64:
                    ad:42:24:b7:a7:21:e8:4b:78:52:b6:56:45:fb:f9:
                    5f:2d:4b:e0:80:a5:b0:de:dc:39:36:ee:91:ae:d8:
                    05:6b:1f:76:48:ca:ca:ec:69:55:5b:e2:20:ca:c2:
                    84:d3:05:bd:5d:cc:8d:8d:1b:5a:4d:29:58:43:cc:
                    6a:38:fa:83:b5:46:9f:35:32:fe:08:c3:f7:e8:b5:
                    3d:c2:8f:46:4d:67:df:3f:5c:16:32:e6:06:f8:4f:
                    a4:e2:e2:21:74:f0:21:a4:eb:8b:03:5a:f0:30:e9:
                    33:11:5b:6c:53:1c:ec:87:8f:80:1e:5e:82:0c:3c:
                    9c:9f:f3:cf:03:c0:e0:3e:d2:76:a0:09:8c:7d:a2:
                    50:f6:07:71:aa:75:d9:b2:15:38:70:23:08:b4:3d:
                    1f:99:2b:0c:c8:36:2d:39:bc:17:8d:5b:be:4c:db:
                    77:41:72:64:a2:10:0c:46:42:e3:68:7f:73:c8:40:
                    68:70:41:b8:5e:e1:4d:aa:c9:5f:b9:f6:dc:ff:bc:
                    f7:80:d1:e1:ac:2c:95:e1:93:bb:fe:6f:a7:ee:2d:
                    8e:9c:bf:ef:ca:28:ec:63:a9:f2:12:92:b3:00:58:
                    7e:4c:17:2c:89:17:8a:6f:7f:1a:fd:d5:ed:ca:bb:
                    57:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:A9:C4:40:14:63:F2:94:38:8C:50:7F:5C:2C:06:5D:69:37:83:C3
            X509v3 Authority Key Identifier:
                keyid:3E:C9:FB:0D:13:55:2A:AD:04:F3:AA:AE:B5:8D:4D:D4:E7:CF:40:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Psn7DRNVKq0E86qutY1N1OfPQPA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/6ccab3-479b-4da8-ae98-2cb6e3fdf9cd/1/B6nEQBRj8pQ4jFB_XCwGXWk3g8M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/6ccab3-479b-4da8-ae98-2cb6e3fdf9cd/1/Psn7DRNVKq0E86qutY1N1OfPQPA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.83.172.0/22
                  185.208.44.0/22
                  185.240.68.0/22
                  193.58.36.0/22
                IPv6:
                  2a05:9d40::/29

    Signature Algorithm: sha256WithRSAEncryption
         93:ff:ec:ee:71:36:5d:86:5d:df:23:e9:cc:ad:06:cb:33:85:
         e8:e3:d5:a4:96:d2:6e:41:e4:e3:ff:66:c5:55:7e:3c:b8:a3:
         51:12:17:84:c0:a0:24:30:fe:a2:99:db:27:a7:00:a5:68:66:
         16:da:58:cb:1d:3a:0c:d9:19:33:bc:d1:57:ce:47:ef:b6:17:
         c6:b4:7a:9a:e1:9c:e2:57:ef:c1:a7:7a:20:cd:90:eb:ec:9f:
         75:99:ed:79:db:b7:73:9f:1e:8c:c7:af:40:bb:89:ec:2d:d4:
         75:6e:45:ee:67:55:fd:43:ee:e5:e6:e0:a4:ce:98:85:e5:af:
         50:88:4a:90:e1:ae:9a:50:94:2d:90:a3:f8:81:85:8a:2e:33:
         eb:7d:90:24:a1:05:4c:33:95:ea:dd:98:93:20:57:ca:f4:03:
         c1:cd:88:25:0f:cc:28:5b:a6:8c:f8:18:1a:a2:00:6d:4f:5f:
         e5:b1:7b:2c:a9:90:c3:c4:f6:ac:e0:63:4d:5c:c8:9d:82:e9:
         a8:92:a1:1a:08:94:fe:13:db:93:07:79:9f:1f:7a:3a:22:e4:
         eb:f2:03:c9:27:84:63:8a:71:6f:0a:6f:35:79:39:74:7b:41:
         80:be:dc:5e:1f:b7:78:55:c2:09:bf:6b:98:0a:15:ff:54:88:
         9a:0e:cd:3a
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYzDSTVa940eBwEGGNogH+bxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlYzlmYjBkMTM1NTJhYWQwNGYzYWFhZWI1OGQ0ZGQ0ZTdj
ZjQwZjAwHhcNMjQwMTAxMDQzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2E5YzQ0MDE0NjNmMjk0Mzg4YzUwN2Y1YzJjMDY1ZDY5Mzc4M2MzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgggXywq2A0wwMttyv2StQiS3pyHo
S3hStlZF+/lfLUvggKWw3tw5Nu6RrtgFax92SMrK7GlVW+IgysKE0wW9XcyNjRta
TSlYQ8xqOPqDtUafNTL+CMP36LU9wo9GTWffP1wWMuYG+E+k4uIhdPAhpOuLA1rw
MOkzEVtsUxzsh4+AHl6CDDycn/PPA8DgPtJ2oAmMfaJQ9gdxqnXZshU4cCMItD0f
mSsMyDYtObwXjVu+TNt3QXJkohAMRkLjaH9zyEBocEG4XuFNqslfufbc/7z3gNHh
rCyV4ZO7/m+n7i2OnL/vyijsY6nyEpKzAFh+TBcsiReKb38a/dXtyrtXVwIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFAepxEAUY/KUOIxQf1wsBl1pN4PDMB8GA1UdIwQY
MBaAFD7J+w0TVSqtBPOqrrWNTdTnz0DwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHNuN0RSTlZLcTBFODZxdXRZMU4xT2ZQUVBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny82Y2NhYjMtNDc5Yi00ZGE4LWFlOTgt
MmNiNmUzZmRmOWNkLzEvQjZuRVFCUmo4cFE0akZCX1hDd0dYV2szZzhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny82Y2NhYjMtNDc5Yi00ZGE4LWFlOTgtMmNiNmUzZmRmOWNk
LzEvUHNuN0RSTlZLcTBFODZxdXRZMU4xT2ZQUVBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQCuVOsAwQC
udAsAwQCufBEAwQCwTokMA0EAgACMAcDBQMqBZ1AMA0GCSqGSIb3DQEBCwUAA4IB
AQCT/+zucTZdhl3fI+nMrQbLM4Xo49WkltJuQeTj/2bFVX48uKNREheEwKAkMP6i
mdsnpwClaGYW2ljLHToM2RkzvNFXzkfvthfGtHqa4ZziV+/Bp3ogzZDr7J91me15
27dznx6Mx69Au4nsLdR1bkXuZ1X9Q+7l5uCkzpiF5a9QiEqQ4a6aUJQtkKP4gYWK
LjPrfZAkoQVMM5Xq3ZiTIFfK9APBzYglD8woW6aM+BgaogBtT1/lsXssqZDDxPas
4GNNXMidgumokqEaCJT+E9uTB3mfH3o6IuTr8gPJJ4RjinFvCm81eTl0e0GAvtxe
H7d4VcIJv2uYChX/VIiaDs06
-----END CERTIFICATE-----