Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/2925a3-871b-4676-ae10-688d333ed9d5/1/VO0fPzCFU7FSTfB_VQpRt7nT7mg.roa
File:                     VO0fPzCFU7FSTfB_VQpRt7nT7mg.roa (raw, json)
Hash identifier:          el1FEyuW1ID/mnVw+AvUpl8GU3mNUmTYJ+G9xnKz4uU=
Subject key identifier:   54:ED:1F:3F:30:85:53:B1:52:4D:F0:7F:55:0A:51:B7:B9:D3:EE:68
Certificate issuer:       /CN=ef1c665b038692b93bdf5d1d8f3cea3e98697a03
Certificate serial:       0189F8CC07D6AACD2268C1F8A1A046A2978B
Authority key identifier: EF:1C:66:5B:03:86:92:B9:3B:DF:5D:1D:8F:3C:EA:3E:98:69:7A:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7xxmWwOGkrk7310djzzqPphpegM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/2925a3-871b-4676-ae10-688d333ed9d5/1/VO0fPzCFU7FSTfB_VQpRt7nT7mg.roa
Signing time:             Tue 15 Aug 2023 10:44:28 +0000
ROA not before:           Tue 15 Aug 2023 10:44:28 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     8985
IP address blocks:        193.232.64.0/24 maxlen: 24
                          194.190.146.0/24 maxlen: 24
                          193.232.76.0/24 maxlen: 24
                          195.209.147.0/24 maxlen: 24
                          195.209.148.0/24 maxlen: 24
                          194.85.16.0/24 maxlen: 24
                          195.208.222.0/24 maxlen: 24
                          193.232.226.0/23 maxlen: 23
                          194.226.41.0/24 maxlen: 24
                          195.19.8.0/24 maxlen: 24
                          195.208.24.0/21 maxlen: 21
                          195.208.29.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 15 Aug 2023 12:17:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:f8:cc:07:d6:aa:cd:22:68:c1:f8:a1:a0:46:a2:97:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef1c665b038692b93bdf5d1d8f3cea3e98697a03
        Validity
            Not Before: Aug 15 10:44:28 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=54ed1f3f308553b1524df07f550a51b7b9d3ee68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:cf:61:ff:6d:bd:2c:51:b3:5b:62:25:b9:cc:
                    42:7f:88:63:96:e2:ff:08:d1:e3:0a:68:44:ee:3d:
                    2c:69:5e:76:52:4a:ec:b3:66:a4:89:83:26:26:2b:
                    d9:31:05:62:8b:21:92:08:0e:fb:ac:7a:bb:c1:8c:
                    82:b7:b0:5f:df:4a:91:e1:f4:6f:75:9a:8f:17:a4:
                    b7:90:c6:b1:50:68:dd:32:45:58:49:45:c0:af:fd:
                    e9:da:e9:e9:73:69:69:fc:2f:b8:2e:81:84:ac:1b:
                    18:e0:fb:26:8d:ff:65:d4:d0:ee:92:37:de:4a:4d:
                    28:98:e0:31:cd:25:36:38:1c:ae:d3:01:5c:19:73:
                    d3:ac:41:3f:fe:db:ee:5b:ce:1d:85:2e:75:e9:6f:
                    3a:20:89:05:48:df:dc:1d:05:1b:61:26:51:0d:eb:
                    91:e0:7c:97:f4:3e:a8:3d:43:cd:82:00:69:2f:56:
                    cf:8b:9d:6f:03:a2:68:88:34:fc:74:b5:25:5f:74:
                    f6:cb:eb:c6:e7:c3:52:72:3b:bd:dd:a7:20:5f:b1:
                    64:6e:f4:e4:72:9f:18:cd:a0:86:f7:70:c4:0e:cf:
                    25:5a:67:12:b5:c8:cc:18:bc:e4:1c:fd:52:cf:dc:
                    f4:b4:6d:70:f0:e0:35:4b:f7:55:a3:e0:29:6c:2b:
                    a9:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:ED:1F:3F:30:85:53:B1:52:4D:F0:7F:55:0A:51:B7:B9:D3:EE:68
            X509v3 Authority Key Identifier:
                keyid:EF:1C:66:5B:03:86:92:B9:3B:DF:5D:1D:8F:3C:EA:3E:98:69:7A:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7xxmWwOGkrk7310djzzqPphpegM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/2925a3-871b-4676-ae10-688d333ed9d5/1/VO0fPzCFU7FSTfB_VQpRt7nT7mg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/2925a3-871b-4676-ae10-688d333ed9d5/1/7xxmWwOGkrk7310djzzqPphpegM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.232.64.0/24
                  193.232.76.0/24
                  193.232.226.0/23
                  194.85.16.0/24
                  194.190.146.0/24
                  194.226.41.0/24
                  195.19.8.0/24
                  195.208.24.0/21
                  195.208.222.0/24
                  195.209.147.0-195.209.148.255

    Signature Algorithm: sha256WithRSAEncryption
         6c:de:20:aa:f3:91:5e:95:5a:b2:01:ae:99:16:26:5e:e7:57:
         38:84:eb:e5:ec:db:6a:66:d0:a1:56:52:ec:92:79:cc:25:bc:
         68:11:17:50:d0:d2:f9:95:5f:eb:3b:f1:58:42:1e:1e:d9:93:
         2b:81:ba:2e:5b:01:98:ad:5a:d1:a2:61:b7:1e:a6:b5:b7:12:
         93:86:a1:45:91:88:9e:49:20:82:f0:3b:ec:8d:c1:af:03:4b:
         6d:6d:15:7b:48:65:1d:03:29:d0:81:32:04:d6:4d:51:75:10:
         f3:01:00:2c:62:72:7d:d5:29:92:7c:98:ec:3f:1b:09:2e:2d:
         d8:77:dd:48:ed:0f:e5:f5:df:af:42:3d:53:d8:2c:81:77:a5:
         14:e0:45:eb:42:52:c1:ba:37:11:c2:05:68:b7:c7:f2:c6:6d:
         0b:75:60:3c:ac:5e:df:86:b4:09:4f:2c:bd:93:0a:7c:58:05:
         06:8b:88:39:eb:22:3c:4a:c5:b2:4b:63:0f:7a:97:4d:e2:d7:
         2a:2f:f2:14:df:6f:ba:98:63:f9:2d:5d:a3:0c:3b:c7:37:9b:
         42:83:94:d1:24:55:c0:62:4e:8c:fc:e7:db:41:43:46:6a:cb:
         17:da:96:ee:b5:12:6b:f1:27:ea:4d:7f:49:73:1a:ee:9e:31:
         2b:ae:e1:7a
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYn4zAfWqs0iaMH4oaBGopeLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmMWM2NjViMDM4NjkyYjkzYmRmNWQxZDhmM2NlYTNlOTg2
OTdhMDMwHhcNMjMwODE1MTA0NDI4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NGVkMWYzZjMwODU1M2IxNTI0ZGYwN2Y1NTBhNTFiN2I5ZDNlZTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArM9h/229LFGzW2IlucxCf4hjluL/
CNHjCmhE7j0saV52Ukrss2akiYMmJivZMQViiyGSCA77rHq7wYyCt7Bf30qR4fRv
dZqPF6S3kMaxUGjdMkVYSUXAr/3p2unpc2lp/C+4LoGErBsY4Psmjf9l1NDukjfe
Sk0omOAxzSU2OByu0wFcGXPTrEE//tvuW84dhS516W86IIkFSN/cHQUbYSZRDeuR
4HyX9D6oPUPNggBpL1bPi51vA6JoiDT8dLUlX3T2y+vG58NScju93acgX7FkbvTk
cp8YzaCG93DEDs8lWmcStcjMGLzkHP1Sz9z0tG1w8OA1S/dVo+ApbCupGQIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFFTtHz8whVOxUk3wf1UKUbe50+5oMB8GA1UdIwQY
MBaAFO8cZlsDhpK5O99dHY886j6YaXoDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3h4bVd3T0drcms3MzEwZGp6enFQcGhwZWdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC8yOTI1YTMtODcxYi00Njc2LWFlMTAt
Njg4ZDMzM2VkOWQ1LzEvVk8wZlB6Q0ZVN0ZTVGZCX1ZRcFJ0N25UN21nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC8yOTI1YTMtODcxYi00Njc2LWFlMTAtNjg4ZDMzM2VkOWQ1
LzEvN3h4bVd3T0drcms3MzEwZGp6enFQcGhwZWdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQAwehAAwQA
wehMAwQBwejiAwQAwlUQAwQAwr6SAwQAwuIpAwQAwxMIAwQDw9AYAwQAw9DeMAwD
BADD0ZMDBADD0ZQwDQYJKoZIhvcNAQELBQADggEBAGzeIKrzkV6VWrIBrpkWJl7n
VziE6+Xs22pm0KFWUuySecwlvGgRF1DQ0vmVX+s78VhCHh7ZkyuBui5bAZitWtGi
YbceprW3EpOGoUWRiJ5JIILwO+yNwa8DS21tFXtIZR0DKdCBMgTWTVF1EPMBACxi
cn3VKZJ8mOw/GwkuLdh33UjtD+X1369CPVPYLIF3pRTgRetCUsG6NxHCBWi3x/LG
bQt1YDysXt+GtAlPLL2TCnxYBQaLiDnrIjxKxbJLYw96l03i1yov8hTfb7qYY/kt
XaMMO8c3m0KDlNEkVcBiToz859tBQ0Zqyxfalu61EmvxJ+pNf0lzGu6eMSuu4Xo=
-----END CERTIFICATE-----