Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/W1ZE67z-ux4YsYoi5lvaLfwlDbM.roa
File:                     W1ZE67z-ux4YsYoi5lvaLfwlDbM.roa (raw, json)
Hash identifier:          pNAiZbYM7EmJGzTzrpqCwRw/SloD6d2Wb3m0JMHTkGM=
Subject key identifier:   5B:56:44:EB:BC:FE:BB:1E:18:B1:8A:22:E6:5B:DA:2D:FC:25:0D:B3
Certificate issuer:       /CN=2e368b0aec6c7fd48d0d96b4077a23f906a86a48
Certificate serial:       018BECBE13AC57E85C00BFA36D10EF87E7C3
Authority key identifier: 2E:36:8B:0A:EC:6C:7F:D4:8D:0D:96:B4:07:7A:23:F9:06:A8:6A:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LjaLCuxsf9SNDZa0B3oj-Qaoakg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/W1ZE67z-ux4YsYoi5lvaLfwlDbM.roa
Signing time:             Mon 20 Nov 2023 12:39:21 +0000
ROA not before:           Mon 20 Nov 2023 12:39:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     199242
IP address blocks:        62.106.90.0/24 maxlen: 24
                          212.52.14.0/24 maxlen: 24
                          91.246.50.0/24 maxlen: 24
                          185.234.12.0/24 maxlen: 24
                          194.26.231.0/24 maxlen: 24
                          80.71.144.0/24 maxlen: 24
                          193.162.133.0/24 maxlen: 24
                          146.19.4.0/24 maxlen: 24
                          195.96.130.0/24 maxlen: 24
                          37.72.142.0/24 maxlen: 24
                          176.97.217.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 21 Nov 2023 07:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:ec:be:13:ac:57:e8:5c:00:bf:a3:6d:10:ef:87:e7:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e368b0aec6c7fd48d0d96b4077a23f906a86a48
        Validity
            Not Before: Nov 20 12:39:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5b5644ebbcfebb1e18b18a22e65bda2dfc250db3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:2c:7d:12:2b:5f:ba:c9:bf:91:f6:ec:3b:0c:
                    bf:b3:86:a9:a1:b7:06:81:64:9d:7e:1c:9e:2b:06:
                    6f:42:84:2f:4b:85:62:85:31:56:e5:f4:cc:2b:df:
                    63:1c:85:11:e7:b0:94:b9:a1:cf:7f:8e:2b:57:1c:
                    f5:4c:70:44:b4:48:9e:72:f1:1d:83:7a:00:37:e2:
                    ca:75:42:a6:4b:96:6f:17:2f:f4:a7:fb:e1:3e:c4:
                    8f:d6:74:f3:fa:2b:06:43:e3:dc:39:26:54:34:13:
                    b4:9b:40:c4:db:ba:88:e2:4e:de:61:4b:1c:09:8d:
                    c8:62:4e:fa:20:00:50:3e:29:6f:59:60:88:85:90:
                    cd:78:65:02:7c:40:71:e9:aa:40:7a:e0:63:3e:6e:
                    9c:67:09:4e:4f:9d:00:21:e5:6b:4a:ed:cf:46:54:
                    0e:c6:28:68:a5:c4:fc:24:3a:fd:c2:cf:c1:fc:ff:
                    6d:13:d2:74:ca:b2:67:cd:c2:ae:19:b3:3c:fa:9d:
                    d1:c0:16:12:8d:fa:23:e8:64:f1:66:a5:5d:a5:a3:
                    22:d9:cc:49:19:45:bd:d9:9e:9a:a0:9e:55:aa:cc:
                    56:9b:68:64:7c:03:38:30:5e:d9:ed:3a:dd:7a:75:
                    9c:c6:dd:63:e5:93:28:e0:11:f8:94:2e:38:e5:da:
                    a0:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:56:44:EB:BC:FE:BB:1E:18:B1:8A:22:E6:5B:DA:2D:FC:25:0D:B3
            X509v3 Authority Key Identifier:
                keyid:2E:36:8B:0A:EC:6C:7F:D4:8D:0D:96:B4:07:7A:23:F9:06:A8:6A:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LjaLCuxsf9SNDZa0B3oj-Qaoakg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/W1ZE67z-ux4YsYoi5lvaLfwlDbM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/LjaLCuxsf9SNDZa0B3oj-Qaoakg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.72.142.0/24
                  62.106.90.0/24
                  80.71.144.0/24
                  91.246.50.0/24
                  146.19.4.0/24
                  176.97.217.0/24
                  185.234.12.0/24
                  193.162.133.0/24
                  194.26.231.0/24
                  195.96.130.0/24
                  212.52.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:1f:14:29:5d:f0:99:5f:f7:c6:a5:34:1e:ed:4e:38:97:48:
         f6:20:13:6a:16:46:44:3c:b3:91:fe:97:0c:89:9e:06:a4:b1:
         6d:1e:74:fb:1d:25:48:c7:a0:6d:dd:47:42:28:60:1a:40:9e:
         85:c0:78:8c:69:0c:60:49:50:c7:43:09:da:87:ed:c7:d8:17:
         10:07:99:a5:23:9d:9d:db:4b:e5:3e:d7:70:a1:f3:e6:dd:d3:
         90:3d:63:8d:6f:ec:71:5d:9b:79:89:ff:ec:4d:01:b3:70:dc:
         f5:b5:b8:d3:c0:78:3e:10:21:87:a6:53:f7:c7:63:ca:36:64:
         49:82:0d:72:57:27:e8:70:02:5c:61:30:74:3d:0a:d8:35:d2:
         74:0a:88:6b:5c:3f:2d:ea:4d:eb:1c:a4:21:88:31:c1:eb:bd:
         42:70:6e:5f:f5:60:5f:67:3a:cb:86:02:8a:4d:6e:88:6f:3f:
         b0:e4:56:73:8f:f9:fb:1d:da:ab:2e:24:66:18:bf:95:18:69:
         2b:b1:61:e8:9b:2c:e7:06:9c:a4:0b:4f:d6:7a:e9:93:eb:e4:
         45:1d:04:ee:b2:05:ef:18:3c:f1:f6:eb:53:71:68:84:dd:af:
         30:b1:af:23:f9:a4:c1:0e:7e:86:d1:47:08:e3:9a:42:ed:c1:
         5b:5c:70:fb
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYvsvhOsV+hcAL+jbRDvh+fDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMzY4YjBhZWM2YzdmZDQ4ZDBkOTZiNDA3N2EyM2Y5MDZh
ODZhNDgwHhcNMjMxMTIwMTIzOTIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjU2NDRlYmJjZmViYjFlMThiMThhMjJlNjViZGEyZGZjMjUwZGIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkSx9Eitfusm/kfbsOwy/s4apobcG
gWSdfhyeKwZvQoQvS4VihTFW5fTMK99jHIUR57CUuaHPf44rVxz1THBEtEiecvEd
g3oAN+LKdUKmS5ZvFy/0p/vhPsSP1nTz+isGQ+PcOSZUNBO0m0DE27qI4k7eYUsc
CY3IYk76IABQPilvWWCIhZDNeGUCfEBx6apAeuBjPm6cZwlOT50AIeVrSu3PRlQO
xihopcT8JDr9ws/B/P9tE9J0yrJnzcKuGbM8+p3RwBYSjfoj6GTxZqVdpaMi2cxJ
GUW92Z6aoJ5VqsxWm2hkfAM4MF7Z7TrdenWcxt1j5ZMo4BH4lC445dqgdwIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFFtWROu8/rseGLGKIuZb2i38JQ2zMB8GA1UdIwQY
MBaAFC42iwrsbH/UjQ2WtAd6I/kGqGpIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGphTEN1eHNmOVNORFphMEIzb2otUWFvYWtnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9kYzcwMzAtNzhjYy00ODAwLTg4OGQt
MTQyN2RkMTZlZmE0LzEvVzFaRTY3ei11eDRZc1lvaTVsdmFMZndsRGJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9kYzcwMzAtNzhjYy00ODAwLTg4OGQtMTQyN2RkMTZlZmE0
LzEvTGphTEN1eHNmOVNORFphMEIzb2otUWFvYWtnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQAJUiOAwQA
PmpaAwQAUEeQAwQAW/YyAwQAkhMEAwQAsGHZAwQAueoMAwQAwaKFAwQAwhrnAwQA
w2CCAwQA1DQOMA0GCSqGSIb3DQEBCwUAA4IBAQBDHxQpXfCZX/fGpTQe7U44l0j2
IBNqFkZEPLOR/pcMiZ4GpLFtHnT7HSVIx6Bt3UdCKGAaQJ6FwHiMaQxgSVDHQwna
h+3H2BcQB5mlI52d20vlPtdwofPm3dOQPWONb+xxXZt5if/sTQGzcNz1tbjTwHg+
ECGHplP3x2PKNmRJgg1yVyfocAJcYTB0PQrYNdJ0CohrXD8t6k3rHKQhiDHB671C
cG5f9WBfZzrLhgKKTW6Ibz+w5FZzj/n7HdqrLiRmGL+VGGkrsWHomyznBpykC0/W
eumT6+RFHQTusgXvGDzx9utTcWiE3a8wsa8j+aTBDn6G0UcI45pC7cFbXHD7
-----END CERTIFICATE-----