Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/vKaPWOW6t1oDQ8Qe0T1eb0JWiQs.roa
File:                     vKaPWOW6t1oDQ8Qe0T1eb0JWiQs.roa (raw, json)
Hash identifier:          3C9CS5d/SBMa2vFyN5652qjit1ee7ZEQ0L0CI/9F178=
Subject key identifier:   BC:A6:8F:58:E5:BA:B7:5A:03:43:C4:1E:D1:3D:5E:6F:42:56:89:0B
Certificate issuer:       /CN=9e459aa4602bffa2d2650ba66818458c89fc4582
Certificate serial:       018AE1657FC09B0C85834463F665C460995E
Authority key identifier: 9E:45:9A:A4:60:2B:FF:A2:D2:65:0B:A6:68:18:45:8C:89:FC:45:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nkWapGAr_6LSZQumaBhFjIn8RYI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/vKaPWOW6t1oDQ8Qe0T1eb0JWiQs.roa
Signing time:             Fri 29 Sep 2023 14:43:59 +0000
ROA not before:           Fri 29 Sep 2023 14:43:59 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     212238
IP address blocks:        89.149.16.0/24 maxlen: 24
                          89.149.15.0/24 maxlen: 24
                          89.149.14.0/24 maxlen: 24
                          89.149.17.0/24 maxlen: 24
                          89.149.22.0/24 maxlen: 24
                          89.149.18.0/24 maxlen: 24
                          84.247.112.0/24 maxlen: 24
                          84.247.111.0/24 maxlen: 24
                          84.247.116.0/24 maxlen: 24
                          84.247.115.0/24 maxlen: 24
                          84.247.114.0/24 maxlen: 24
                          84.247.113.0/24 maxlen: 24
                          84.247.118.0/24 maxlen: 24
                          84.247.117.0/24 maxlen: 24
                          84.247.119.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 02 Oct 2023 12:26:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:e1:65:7f:c0:9b:0c:85:83:44:63:f6:65:c4:60:99:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e459aa4602bffa2d2650ba66818458c89fc4582
        Validity
            Not Before: Sep 29 14:43:59 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=bca68f58e5bab75a0343c41ed13d5e6f4256890b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:cb:88:7e:88:f7:48:25:81:32:a2:2a:00:29:
                    75:b3:75:bd:a7:bd:3f:fe:ef:cb:4a:d5:71:49:ed:
                    f3:5d:b1:da:7c:77:67:54:e9:ba:5d:d4:98:1f:20:
                    a8:11:03:a9:bd:62:23:c4:43:bd:42:d5:4c:10:df:
                    61:16:1b:ec:bd:8a:45:77:d1:ff:a1:d5:06:84:7e:
                    44:b5:91:75:88:98:28:7a:d5:87:bd:74:cb:14:58:
                    4b:2b:b9:c5:96:1d:c4:5b:9d:3f:a7:01:13:6e:fb:
                    b2:d4:9c:9b:12:87:5b:f6:21:aa:cc:2c:97:a2:b4:
                    67:da:ef:6a:39:c6:bc:17:2d:cb:d5:89:48:22:b1:
                    df:74:3b:79:99:37:74:11:80:35:3e:9c:0c:1d:78:
                    25:a0:27:90:aa:8e:45:e5:e9:61:94:b4:e0:eb:c8:
                    54:50:ad:92:aa:6f:2f:e0:f2:03:4b:7a:23:0f:8e:
                    23:4b:45:d0:0c:bd:a2:c3:2b:fe:b6:27:d6:36:63:
                    9f:2a:56:7b:80:e3:27:d3:be:75:31:2d:c0:c9:fe:
                    c2:d6:bc:ae:68:f0:21:60:76:23:7e:e5:0a:ca:cb:
                    c9:94:f4:96:60:70:60:d3:01:7b:9a:24:f4:63:bb:
                    95:44:cc:50:5d:97:92:34:61:ab:05:6c:68:62:ce:
                    e4:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:A6:8F:58:E5:BA:B7:5A:03:43:C4:1E:D1:3D:5E:6F:42:56:89:0B
            X509v3 Authority Key Identifier:
                keyid:9E:45:9A:A4:60:2B:FF:A2:D2:65:0B:A6:68:18:45:8C:89:FC:45:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nkWapGAr_6LSZQumaBhFjIn8RYI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/vKaPWOW6t1oDQ8Qe0T1eb0JWiQs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/nkWapGAr_6LSZQumaBhFjIn8RYI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.247.111.0-84.247.119.255
                  89.149.14.0-89.149.18.255
                  89.149.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:a0:f1:04:71:8f:d7:36:70:a3:8e:d8:cb:e0:1d:c9:5d:60:
         83:d0:3e:20:d9:5e:9c:82:a3:08:b3:18:39:77:61:9b:8a:4c:
         73:57:5e:3a:79:7c:b3:74:d4:df:8b:06:e8:b2:f0:16:ab:9a:
         0d:91:7a:13:3c:9e:d6:90:06:d3:ff:21:24:7e:c2:06:34:f4:
         3e:22:14:67:e1:11:5b:72:11:64:e8:55:a5:ea:a0:5e:48:74:
         2a:0a:74:8a:0f:6b:9e:f7:73:50:a6:b8:12:83:b9:3c:c1:a4:
         c2:d1:16:6e:f0:63:9a:6f:ca:c2:4c:57:42:97:c3:4e:44:3d:
         21:c6:6b:c1:8c:22:61:fd:da:e2:0f:38:e6:63:57:ed:eb:c7:
         53:bd:35:d2:33:ad:01:ea:bc:6a:f0:a8:8b:23:e2:f7:4e:bd:
         9e:3d:d6:fd:db:a8:e3:ad:18:b7:44:c6:41:7f:bb:f0:b8:62:
         ed:a5:c2:56:06:d9:a4:e0:cd:3c:ab:19:9f:fb:c8:c3:28:2e:
         d1:c9:e6:4e:e2:2a:d0:43:45:ec:11:ed:48:49:de:2a:d0:fb:
         8f:e1:db:3d:e8:f8:08:44:5c:96:75:a2:2a:21:84:7c:a9:b6:
         7b:54:e9:18:8d:72:36:05:92:c4:48:01:43:48:6d:0e:b0:66:
         9a:03:eb:b3
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAYrhZX/AmwyFg0Rj9mXEYJleMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllNDU5YWE0NjAyYmZmYTJkMjY1MGJhNjY4MTg0NThjODlm
YzQ1ODIwHhcNMjMwOTI5MTQ0MzU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2E2OGY1OGU1YmFiNzVhMDM0M2M0MWVkMTNkNWU2ZjQyNTY4OTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAocuIfoj3SCWBMqIqACl1s3W9p70/
/u/LStVxSe3zXbHafHdnVOm6XdSYHyCoEQOpvWIjxEO9QtVMEN9hFhvsvYpFd9H/
odUGhH5EtZF1iJgoetWHvXTLFFhLK7nFlh3EW50/pwETbvuy1JybEodb9iGqzCyX
orRn2u9qOca8Fy3L1YlIIrHfdDt5mTd0EYA1PpwMHXgloCeQqo5F5elhlLTg68hU
UK2Sqm8v4PIDS3ojD44jS0XQDL2iwyv+tifWNmOfKlZ7gOMn0751MS3Ayf7C1ryu
aPAhYHYjfuUKysvJlPSWYHBg0wF7miT0Y7uVRMxQXZeSNGGrBWxoYs7kzQIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFLymj1jlurdaA0PEHtE9Xm9CVokLMB8GA1UdIwQY
MBaAFJ5FmqRgK/+i0mULpmgYRYyJ/EWCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmtXYXBHQXJfNkxTWlF1bWFCaEZqSW44UllJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi85Y2MzMzMtNjhkNS00NjkyLTljNWIt
MjhhODQxZGEwYmZkLzEvdkthUFdPVzZ0MW9EUThRZTBUMWViMEpXaVFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi85Y2MzMzMtNjhkNS00NjkyLTljNWItMjhhODQxZGEwYmZk
LzEvbmtXYXBHQXJfNkxTWlF1bWFCaEZqSW44UllJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAoBAIAATAiMAwDBABU928D
BANU93AwDAMEAVmVDgMEAFmVEgMEAFmVFjANBgkqhkiG9w0BAQsFAAOCAQEAYaDx
BHGP1zZwo47Yy+AdyV1gg9A+INlenIKjCLMYOXdhm4pMc1deOnl8s3TU34sG6LLw
FquaDZF6Ezye1pAG0/8hJH7CBjT0PiIUZ+ERW3IRZOhVpeqgXkh0Kgp0ig9rnvdz
UKa4EoO5PMGkwtEWbvBjmm/KwkxXQpfDTkQ9IcZrwYwiYf3a4g845mNX7evHU701
0jOtAeq8avCoiyPi9069nj3W/duo460Yt0TGQX+78Lhi7aXCVgbZpODNPKsZn/vI
wygu0cnmTuIq0ENF7BHtSEneKtD7j+HbPej4CERclnWiKiGEfKm2e1TpGI1yNgWS
xEgBQ0htDrBmmgPrsw==
-----END CERTIFICATE-----