Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/2925a3-871b-4676-ae10-688d333ed9d5/1/rnGLHKQxsp1r1omCidCoO5gxOX4.roa
File:                     rnGLHKQxsp1r1omCidCoO5gxOX4.roa (raw, json)
Hash identifier:          E2KrkhToiBSCMaAt6mZ6Ps08IknjdUFYEEWP6WbT7CM=
Subject key identifier:   AE:71:8B:1C:A4:31:B2:9D:6B:D6:89:82:89:D0:A8:3B:98:31:39:7E
Certificate issuer:       /CN=ef1c665b038692b93bdf5d1d8f3cea3e98697a03
Certificate serial:       018BF2189E9D0679A6EB45C5D62993547B24
Authority key identifier: EF:1C:66:5B:03:86:92:B9:3B:DF:5D:1D:8F:3C:EA:3E:98:69:7A:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7xxmWwOGkrk7310djzzqPphpegM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/2925a3-871b-4676-ae10-688d333ed9d5/1/rnGLHKQxsp1r1omCidCoO5gxOX4.roa
Signing time:             Tue 21 Nov 2023 13:36:21 +0000
ROA not before:           Tue 21 Nov 2023 13:36:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     62261
IP address blocks:        212.192.230.0/24 maxlen: 24
                          194.85.28.0/24 maxlen: 24
                          194.85.28.0/23 maxlen: 23
                          212.192.230.0/23 maxlen: 23
                          194.85.29.0/24 maxlen: 24
                          212.192.231.0/24 maxlen: 24
                          212.192.233.0/24 maxlen: 24
                          212.192.232.0/23 maxlen: 23
                          212.192.232.0/24 maxlen: 24
                          212.192.235.0/24 maxlen: 24
                          212.192.234.0/23 maxlen: 23
                          212.192.234.0/24 maxlen: 24
                          212.192.236.0/23 maxlen: 23
                          212.192.237.0/24 maxlen: 24
                          212.192.236.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 00:29:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:f2:18:9e:9d:06:79:a6:eb:45:c5:d6:29:93:54:7b:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef1c665b038692b93bdf5d1d8f3cea3e98697a03
        Validity
            Not Before: Nov 21 13:36:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ae718b1ca431b29d6bd6898289d0a83b9831397e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:00:e4:c2:7c:52:d9:2d:0a:4a:54:47:39:ed:
                    02:71:75:e6:bb:cb:ba:b2:1d:ab:97:5a:fc:a1:52:
                    44:7e:29:7c:57:35:53:8a:6d:b5:fe:f3:ce:47:c9:
                    3a:78:47:3b:2e:bf:80:f9:a1:81:d3:15:8c:b1:7a:
                    50:75:24:a7:df:19:c0:c4:58:36:54:c5:f4:7c:98:
                    57:11:3c:06:18:3a:90:30:5e:49:40:26:02:82:71:
                    67:83:73:0e:d7:b9:aa:13:4a:b5:56:da:aa:cb:d5:
                    df:9c:20:da:08:82:a3:54:0f:69:b4:fe:2d:44:95:
                    01:1a:48:31:aa:51:b3:ae:2c:28:ec:9b:22:34:3e:
                    bf:b2:0b:3c:e3:66:1f:31:a3:a7:80:ea:b4:b6:02:
                    9f:a1:ec:a0:11:1b:01:79:ad:70:50:c4:f6:4d:87:
                    76:da:14:d9:40:98:05:f4:11:cb:fb:0b:9a:a3:af:
                    38:32:12:4a:96:a4:6e:8e:17:93:6d:5d:9d:37:8f:
                    9d:19:aa:01:34:df:5c:1f:47:9d:e6:f2:1c:9a:5d:
                    1c:9f:03:e8:0f:46:c0:c7:99:0e:e0:98:7f:78:53:
                    f0:7c:a1:7f:71:df:00:5f:6f:b9:5f:92:7f:96:a9:
                    74:bd:0c:5f:3c:16:45:29:4a:c4:cd:86:34:d2:a8:
                    17:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:71:8B:1C:A4:31:B2:9D:6B:D6:89:82:89:D0:A8:3B:98:31:39:7E
            X509v3 Authority Key Identifier:
                keyid:EF:1C:66:5B:03:86:92:B9:3B:DF:5D:1D:8F:3C:EA:3E:98:69:7A:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7xxmWwOGkrk7310djzzqPphpegM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/2925a3-871b-4676-ae10-688d333ed9d5/1/rnGLHKQxsp1r1omCidCoO5gxOX4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/2925a3-871b-4676-ae10-688d333ed9d5/1/7xxmWwOGkrk7310djzzqPphpegM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.85.28.0/23
                  212.192.230.0-212.192.237.255

    Signature Algorithm: sha256WithRSAEncryption
         78:a7:7f:87:c0:6c:96:9c:74:68:18:80:95:42:a2:8e:ca:ce:
         9d:70:f3:bd:24:69:c8:73:f6:2b:d3:bf:1a:e6:10:12:b6:02:
         3b:4b:f8:8b:14:a7:c7:30:5f:dc:b3:1d:30:e8:45:7e:e2:f1:
         d6:cc:59:8f:4d:de:6b:a0:ed:d8:56:3e:f1:ad:7b:81:a1:89:
         4b:34:14:8d:cd:30:eb:6d:67:06:4f:74:81:dc:bd:e7:08:c2:
         25:1e:e7:cd:62:f5:37:a2:69:d0:49:21:a4:c7:48:09:08:09:
         17:6f:49:c8:c1:e5:69:25:8a:b0:9a:a4:47:d8:11:9f:8b:8c:
         e5:91:76:7d:27:d0:9d:46:37:6a:d8:37:78:82:bf:4f:6a:b7:
         06:4a:c7:aa:82:d8:41:c5:ed:ad:23:8b:43:3e:53:b8:71:60:
         80:54:11:b1:12:d4:43:a8:1a:7f:d3:4b:b5:97:d9:0e:73:d8:
         9d:75:29:8e:2d:17:ff:79:e8:41:79:69:6a:26:41:d0:6f:85:
         31:6b:3b:e0:28:68:c1:b0:38:16:b4:e4:de:28:85:af:00:b1:
         00:6b:f2:cc:91:9f:d4:33:d2:7f:0c:dd:91:c5:ff:40:52:12:
         48:02:0f:9b:3f:34:f0:63:e8:97:76:ad:a3:b5:60:56:3d:0a:
         bd:c9:5d:28
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYvyGJ6dBnmm60XF1imTVHskMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmMWM2NjViMDM4NjkyYjkzYmRmNWQxZDhmM2NlYTNlOTg2
OTdhMDMwHhcNMjMxMTIxMTMzNjIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTcxOGIxY2E0MzFiMjlkNmJkNjg5ODI4OWQwYTgzYjk4MzEzOTdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqgDkwnxS2S0KSlRHOe0CcXXmu8u6
sh2rl1r8oVJEfil8VzVTim21/vPOR8k6eEc7Lr+A+aGB0xWMsXpQdSSn3xnAxFg2
VMX0fJhXETwGGDqQMF5JQCYCgnFng3MO17mqE0q1Vtqqy9XfnCDaCIKjVA9ptP4t
RJUBGkgxqlGzriwo7JsiND6/sgs842YfMaOngOq0tgKfoeygERsBea1wUMT2TYd2
2hTZQJgF9BHL+wuao684MhJKlqRujheTbV2dN4+dGaoBNN9cH0ed5vIcml0cnwPo
D0bAx5kO4Jh/eFPwfKF/cd8AX2+5X5J/lql0vQxfPBZFKUrEzYY00qgXqQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFK5xixykMbKda9aJgonQqDuYMTl+MB8GA1UdIwQY
MBaAFO8cZlsDhpK5O99dHY886j6YaXoDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3h4bVd3T0drcms3MzEwZGp6enFQcGhwZWdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC8yOTI1YTMtODcxYi00Njc2LWFlMTAt
Njg4ZDMzM2VkOWQ1LzEvcm5HTEhLUXhzcDFyMW9tQ2lkQ29PNWd4T1g0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC8yOTI1YTMtODcxYi00Njc2LWFlMTAtNjg4ZDMzM2VkOWQ1
LzEvN3h4bVd3T0drcms3MzEwZGp6enFQcGhwZWdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQBwlUcMAwD
BAHUwOYDBAHUwOwwDQYJKoZIhvcNAQELBQADggEBAHinf4fAbJacdGgYgJVCoo7K
zp1w870kachz9ivTvxrmEBK2AjtL+IsUp8cwX9yzHTDoRX7i8dbMWY9N3mug7dhW
PvGte4GhiUs0FI3NMOttZwZPdIHcvecIwiUe581i9TeiadBJIaTHSAkICRdvScjB
5WklirCapEfYEZ+LjOWRdn0n0J1GN2rYN3iCv09qtwZKx6qC2EHF7a0ji0M+U7hx
YIBUEbES1EOoGn/TS7WX2Q5z2J11KY4tF/956EF5aWomQdBvhTFrO+AoaMGwOBa0
5N4oha8AsQBr8syRn9Qz0n8M3ZHF/0BSEkgCD5s/NPBj6Jd2raO1YFY9Cr3JXSg=
-----END CERTIFICATE-----