Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/6OXadzhRN48CFieNHoJ-a9lpx78.roa
File:                     6OXadzhRN48CFieNHoJ-a9lpx78.roa (raw, json)
Hash identifier:          NOmFEd2/VvHukj+dHRjmaBG7gKK2sI3Vq5uG9s0xR+4=
Subject key identifier:   E8:E5:DA:77:38:51:37:8F:02:16:27:8D:1E:82:7E:6B:D9:69:C7:BF
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0189405AF9A15815D730D4429BF8401EF7B8
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/6OXadzhRN48CFieNHoJ-a9lpx78.roa
Signing time:             Mon 10 Jul 2023 15:10:51 +0000
ROA not before:           Mon 10 Jul 2023 15:10:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     35409
IP address blocks:        89.213.179.0/24 maxlen: 24
                          89.213.175.0/24 maxlen: 24
                          89.213.140.0/24 maxlen: 24
                          109.176.240.0/24 maxlen: 24
                          109.176.241.0/24 maxlen: 24
                          109.176.242.0/24 maxlen: 24
                          89.213.159.0/24 maxlen: 24
                          109.176.248.0/24 maxlen: 24
                          109.176.250.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 01 Aug 2023 08:18:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:40:5a:f9:a1:58:15:d7:30:d4:42:9b:f8:40:1e:f7:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jul 10 15:10:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e8e5da773851378f0216278d1e827e6bd969c7bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:b3:f2:5b:c9:c8:ff:6f:84:ff:58:2c:98:4b:
                    ad:60:6c:14:1a:2a:92:8a:af:fc:02:58:8b:c8:60:
                    ab:e4:7a:71:57:ed:d6:7c:33:91:22:37:78:86:59:
                    9a:b7:51:d5:19:22:58:f5:d2:c8:54:59:ad:13:ba:
                    1c:b6:a5:ca:75:b7:2a:e7:02:0a:ad:b6:32:70:70:
                    ed:00:71:27:bd:73:f4:6c:5a:40:b1:a9:26:9e:a2:
                    12:9d:34:d1:42:a5:4d:e3:0a:84:f8:88:58:ec:70:
                    83:e5:59:c0:83:37:da:92:f2:05:bb:a3:a2:15:e4:
                    67:10:02:db:48:b5:14:cf:36:5d:e9:3a:2a:06:04:
                    67:75:31:5b:4c:f2:98:04:73:a6:12:28:52:52:57:
                    60:f1:bf:b2:27:8e:89:21:30:ba:52:9e:12:8a:03:
                    6b:b1:fc:a5:2d:6c:58:e3:11:a6:7e:ca:64:fd:b8:
                    2a:12:e3:39:da:9f:76:03:47:0a:fd:6a:e0:d9:b9:
                    6f:61:28:d9:47:fd:02:15:3e:ef:0a:ee:13:a4:c5:
                    05:4d:d0:bd:c4:4c:e5:98:12:fa:a1:5a:f7:e7:b8:
                    2c:af:c7:52:15:91:db:86:4f:f4:e5:29:b0:d1:fb:
                    a4:fa:7f:9a:ee:50:55:34:76:0f:4f:1c:22:02:98:
                    63:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:E5:DA:77:38:51:37:8F:02:16:27:8D:1E:82:7E:6B:D9:69:C7:BF
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/6OXadzhRN48CFieNHoJ-a9lpx78.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.140.0/24
                  89.213.159.0/24
                  89.213.175.0/24
                  89.213.179.0/24
                  109.176.240.0-109.176.242.255
                  109.176.248.0/24
                  109.176.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:ca:b4:4f:9f:c0:58:3d:ac:2d:c2:73:67:b8:36:7c:3d:f8:
         10:76:65:34:df:0f:f9:92:d2:fd:e7:e5:f6:08:fb:2d:d9:1c:
         6a:16:f2:7e:54:a4:f5:45:f5:9b:de:c4:92:da:39:ef:c9:03:
         2d:11:69:f0:22:04:05:55:b0:10:7e:cb:9b:c6:1b:75:04:4b:
         0b:28:7a:26:10:61:4d:e4:87:9b:ce:d8:83:86:37:cb:98:5c:
         13:66:fe:3b:e2:f9:75:5a:b6:00:50:a2:30:ae:c5:6c:2c:72:
         9e:4f:14:17:c5:12:60:e6:0d:df:f8:62:13:5c:52:11:e3:09:
         a9:ea:48:16:db:c2:34:fb:23:37:f9:c8:43:b5:39:07:72:7d:
         76:ef:ae:28:06:0b:0f:5e:2c:05:0b:7b:c1:d7:40:06:3b:79:
         3e:25:e3:b9:8f:30:b9:7e:e4:26:13:d6:14:a9:f6:0e:91:ac:
         5f:b5:82:c1:d4:f9:90:db:c8:93:c2:da:d8:b9:97:ba:54:29:
         9f:38:92:e1:38:c8:97:39:25:cc:3e:ff:bb:6e:66:88:ad:ef:
         10:70:79:fb:d9:2b:d9:ae:b5:27:0f:60:db:04:e4:26:86:4f:
         51:4c:45:22:74:e4:49:b9:0f:ab:d5:12:33:a8:bc:13:ae:90:
         6d:a5:db:fb
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYlAWvmhWBXXMNRCm/hAHve4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNzEwMTUxMDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOGU1ZGE3NzM4NTEzNzhmMDIxNjI3OGQxZTgyN2U2YmQ5NjljN2JmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8bPyW8nI/2+E/1gsmEutYGwUGiqS
iq/8AliLyGCr5HpxV+3WfDORIjd4hlmat1HVGSJY9dLIVFmtE7octqXKdbcq5wIK
rbYycHDtAHEnvXP0bFpAsakmnqISnTTRQqVN4wqE+IhY7HCD5VnAgzfakvIFu6Oi
FeRnEALbSLUUzzZd6ToqBgRndTFbTPKYBHOmEihSUldg8b+yJ46JITC6Up4SigNr
sfylLWxY4xGmfspk/bgqEuM52p92A0cK/Wrg2blvYSjZR/0CFT7vCu4TpMUFTdC9
xEzlmBL6oVr357gsr8dSFZHbhk/05Smw0fuk+n+a7lBVNHYPTxwiAphj4wIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFOjl2nc4UTePAhYnjR6CfmvZace/MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvNk9YYWR6aFJONDhDRmllTkhvSi1hOWxweDc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQAWdWMAwQA
WdWfAwQAWdWvAwQAWdWzMAwDBARtsPADBABtsPIDBABtsPgDBABtsPowDQYJKoZI
hvcNAQELBQADggEBAGrKtE+fwFg9rC3Cc2e4Nnw9+BB2ZTTfD/mS0v3n5fYI+y3Z
HGoW8n5UpPVF9ZvexJLaOe/JAy0RafAiBAVVsBB+y5vGG3UESwsoeiYQYU3kh5vO
2IOGN8uYXBNm/jvi+XVatgBQojCuxWwscp5PFBfFEmDmDd/4YhNcUhHjCanqSBbb
wjT7Izf5yEO1OQdyfXbvrigGCw9eLAULe8HXQAY7eT4l47mPMLl+5CYT1hSp9g6R
rF+1gsHU+ZDbyJPC2ti5l7pUKZ84kuE4yJc5Jcw+/7tuZoit7xBwefvZK9mutScP
YNsE5CaGT1FMRSJ05Em5D6vVEjOovBOukG2l2/s=
-----END CERTIFICATE-----