Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/s4Ia5ri5oLQ4Q5JbwLej6uPUc7I.roa
File:                     s4Ia5ri5oLQ4Q5JbwLej6uPUc7I.roa (raw, json)
Hash identifier:          39QHoX5Vf6wUFWkg44uoMV0Qs9aAlQNeyTjnFtidWhw=
Subject key identifier:   B3:82:1A:E6:B8:B9:A0:B4:38:43:92:5B:C0:B7:A3:EA:E3:D4:73:B2
Certificate issuer:       /CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Certificate serial:       018CC801D4555769991F74D1ED7685455943
Authority key identifier: A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/s4Ia5ri5oLQ4Q5JbwLej6uPUc7I.roa
Signing time:             Tue 02 Jan 2024 02:30:12 +0000
ROA not before:           Tue 02 Jan 2024 02:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        193.3.174.0/24 maxlen: 24
                          91.213.17.0/24 maxlen: 24
                          146.19.112.0/24 maxlen: 24
                          185.255.54.0/24 maxlen: 24
                          213.232.238.0/24 maxlen: 24
                          77.75.225.0/24 maxlen: 24
                          178.212.76.0/24 maxlen: 24
                          62.133.34.0/24 maxlen: 24
                          79.110.231.0/24 maxlen: 24
                          212.23.197.0/24 maxlen: 24
                          2a0b:4080::/32 maxlen: 48

Validation:               Failed, certificate revoked on Sat 20 Jan 2024 08:16:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:d4:55:57:69:99:1f:74:d1:ed:76:85:45:59:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
        Validity
            Not Before: Jan  2 02:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b3821ae6b8b9a0b43843925bc0b7a3eae3d473b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:16:82:11:ec:a7:13:7b:84:9d:d9:7d:fb:76:
                    1d:e7:65:94:3f:56:23:46:d1:c2:90:d4:b9:a5:e3:
                    e9:7a:30:bf:15:e9:45:4c:69:6d:f7:34:e0:c4:c8:
                    9b:38:bf:28:2b:2b:51:1f:8c:16:e8:60:f4:ab:f4:
                    26:a4:c0:b9:0c:12:43:b7:25:03:3e:8d:4a:2e:fd:
                    9b:12:a2:21:82:58:a5:57:08:4d:df:c9:69:39:87:
                    13:10:6a:0b:8d:03:3c:e3:a2:b0:45:2f:5f:ef:d0:
                    3b:a3:e0:22:a9:23:db:38:b4:f0:f6:a0:66:c7:58:
                    a3:70:ff:27:8d:0b:ec:96:52:aa:4e:08:58:c9:db:
                    78:e9:7f:38:06:97:51:f1:99:14:88:bd:8e:d7:e6:
                    02:53:e2:2e:d6:b3:fe:cb:ce:7b:7a:fb:0f:55:c6:
                    74:08:0b:fd:e1:20:25:90:5b:79:91:10:c1:62:fe:
                    dc:6c:0f:72:d8:2c:91:65:ad:80:96:8f:4d:be:08:
                    70:37:cf:2e:1f:2b:bc:9f:27:ad:48:4b:b1:29:7d:
                    58:00:18:3d:f8:6c:79:ea:d8:91:93:b1:ae:6a:7b:
                    11:15:38:69:44:63:db:f9:da:24:cd:7a:e1:13:8b:
                    69:4a:42:9e:30:66:dd:47:21:41:4a:bf:ba:58:7e:
                    ce:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:82:1A:E6:B8:B9:A0:B4:38:43:92:5B:C0:B7:A3:EA:E3:D4:73:B2
            X509v3 Authority Key Identifier:
                keyid:A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/s4Ia5ri5oLQ4Q5JbwLej6uPUc7I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.133.34.0/24
                  77.75.225.0/24
                  79.110.231.0/24
                  91.213.17.0/24
                  146.19.112.0/24
                  178.212.76.0/24
                  185.255.54.0/24
                  193.3.174.0/24
                  212.23.197.0/24
                  213.232.238.0/24
                IPv6:
                  2a0b:4080::/32

    Signature Algorithm: sha256WithRSAEncryption
         8e:ac:7f:4a:73:6b:1a:61:4a:28:76:9d:2e:f9:00:d1:33:85:
         91:bf:5d:3b:d8:bf:00:b7:c8:01:06:8f:88:73:12:d6:a4:89:
         f1:5d:97:63:75:b1:f7:9c:d1:68:0c:dd:ff:8b:7c:6a:cc:c5:
         8b:6c:17:ae:0e:f9:cd:e2:6e:11:92:2b:58:6b:24:63:f6:be:
         d5:a7:ea:f8:ab:27:8a:d7:80:41:a2:91:8b:48:e9:89:86:74:
         2c:c0:3d:7c:0b:0a:42:38:ed:79:38:8e:f1:f8:50:40:aa:88:
         1a:dd:e9:93:88:cf:5f:65:57:2c:f4:a9:14:e9:72:f8:e2:6f:
         54:4b:d0:c6:ee:3d:4d:ec:14:99:d9:5f:36:06:c4:26:90:ab:
         3d:36:27:8e:49:71:28:49:13:3c:99:53:bb:00:55:21:9a:6d:
         4a:81:31:50:f5:87:fb:9d:e0:30:e0:57:ed:33:d8:b4:8f:71:
         ab:ad:e7:a2:eb:12:7a:a2:d7:96:ee:e3:03:c2:54:22:04:c9:
         b9:d6:f7:c0:78:0d:00:07:3e:7c:0f:ee:18:61:1a:04:e5:f6:
         98:ea:b8:95:f1:65:b3:ee:51:1a:6c:c2:aa:6e:30:87:d7:cf:
         c0:15:48:08:a9:fa:47:e1:ac:fe:af:d8:e3:ab:04:d6:7e:d4:
         b4:aa:5c:67
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgISAYzIAdRVV2mZH3TR7XaFRVlDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NzZlYjJjYzQ2MmU2ZTRiZjBkZTY5YjlmNjM0ODc1ZGVi
YmFhZTIwHhcNMjQwMTAyMDIzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzgyMWFlNmI4YjlhMGI0Mzg0MzkyNWJjMGI3YTNlYWUzZDQ3M2IyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyRaCEeynE3uEndl9+3Yd52WUP1Yj
RtHCkNS5pePpejC/FelFTGlt9zTgxMibOL8oKytRH4wW6GD0q/QmpMC5DBJDtyUD
Po1KLv2bEqIhglilVwhN38lpOYcTEGoLjQM846KwRS9f79A7o+AiqSPbOLTw9qBm
x1ijcP8njQvsllKqTghYydt46X84BpdR8ZkUiL2O1+YCU+Iu1rP+y857evsPVcZ0
CAv94SAlkFt5kRDBYv7cbA9y2CyRZa2Alo9NvghwN88uHyu8nyetSEuxKX1YABg9
+Gx56tiRk7GuansRFThpRGPb+dokzXrhE4tpSkKeMGbdRyFBSr+6WH7O2QIDAQAB
o4ICTjCCAkowHQYDVR0OBBYEFLOCGua4uaC0OEOSW8C3o+rj1HOyMB8GA1UdIwQY
MBaAFKV26yzEYubkvw3mm59jSHXeu6riMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEt
MjU0YWNkOTJiNGUxLzEvczRJYTVyaTVvTFE0UTVKYndMZWo2dVBVYzdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEtMjU0YWNkOTJiNGUx
LzEvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGQGCCsGAQUFBwEHAQH/BFUwUzBCBAIAATA8AwQAPoUiAwQA
TUvhAwQAT27nAwQAW9URAwQAkhNwAwQAstRMAwQAuf82AwQAwQOuAwQA1BfFAwQA
1ejuMA0EAgACMAcDBQAqC0CAMA0GCSqGSIb3DQEBCwUAA4IBAQCOrH9Kc2saYUoo
dp0u+QDRM4WRv1072L8At8gBBo+IcxLWpInxXZdjdbH3nNFoDN3/i3xqzMWLbBeu
DvnN4m4RkitYayRj9r7Vp+r4qyeK14BBopGLSOmJhnQswD18CwpCOO15OI7x+FBA
qoga3emTiM9fZVcs9KkU6XL44m9US9DG7j1N7BSZ2V82BsQmkKs9NieOSXEoSRM8
mVO7AFUhmm1KgTFQ9Yf7neAw4FftM9i0j3Grreei6xJ6oteW7uMDwlQiBMm51vfA
eA0ABz58D+4YYRoE5faY6riV8WWz7lEabMKqbjCH18/AFUgIqfpH4az+r9jjqwTW
ftS0qlxn
-----END CERTIFICATE-----