Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/cb83b2-33b5-4560-8935-0a98048cdf72/1/G3aZ0DrWZB0-Ov0kLwElIckhUUw.roa
File:                     G3aZ0DrWZB0-Ov0kLwElIckhUUw.roa (raw, json)
Hash identifier:          Dvz5FZSrpRcshDlGoCSQ4KKCErPRtQ9tQttM9xj0LKk=
Subject key identifier:   1B:76:99:D0:3A:D6:64:1D:3E:3A:FD:24:2F:01:25:21:C9:21:51:4C
Certificate issuer:       /CN=02bbd4f865a12d79a09a034486ce61ba023882c7
Certificate serial:       018C58266601B286C9C0780FB3B4DCE3C668
Authority key identifier: 02:BB:D4:F8:65:A1:2D:79:A0:9A:03:44:86:CE:61:BA:02:38:82:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ArvU-GWhLXmgmgNEhs5hugI4gsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/cb83b2-33b5-4560-8935-0a98048cdf72/1/G3aZ0DrWZB0-Ov0kLwElIckhUUw.roa
Signing time:             Mon 11 Dec 2023 09:12:40 +0000
ROA not before:           Mon 11 Dec 2023 09:12:40 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     51020
IP address blocks:        5.62.136.0/24 maxlen: 24
                          5.62.142.0/24 maxlen: 24
                          5.62.128.0/24 maxlen: 24
                          5.62.129.0/24 maxlen: 24
                          185.69.4.0/23 maxlen: 23
                          185.69.4.0/24 maxlen: 24
                          185.69.5.0/24 maxlen: 24
                          185.69.6.0/24 maxlen: 24
                          37.77.51.0/24 maxlen: 24
                          37.77.50.0/24 maxlen: 24
                          37.77.48.0/24 maxlen: 24
                          31.7.84.0/24 maxlen: 24
                          31.7.86.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 22 Dec 2023 09:24:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:58:26:66:01:b2:86:c9:c0:78:0f:b3:b4:dc:e3:c6:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=02bbd4f865a12d79a09a034486ce61ba023882c7
        Validity
            Not Before: Dec 11 09:12:40 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1b7699d03ad6641d3e3afd242f012521c921514c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:aa:83:14:17:8a:a3:29:7e:e5:aa:b9:f3:67:
                    88:73:15:ae:96:b3:17:07:8c:43:6f:4b:b5:1a:21:
                    af:5d:96:18:37:7a:1d:05:e0:2c:c4:13:0f:6c:f2:
                    28:98:60:1d:82:51:e5:ce:b0:37:73:81:94:2e:6e:
                    6a:29:ad:6c:05:02:f7:c3:c8:d8:52:04:33:67:c7:
                    d9:f4:d0:82:9f:6a:97:1c:89:98:c4:90:90:76:40:
                    7d:2c:73:16:50:a4:1d:8a:ad:83:48:87:c3:77:b3:
                    7b:e5:39:17:43:aa:bc:00:f6:1d:aa:44:69:1d:61:
                    83:50:d5:47:df:17:f3:f8:ac:d2:c0:8c:dc:52:15:
                    bb:a1:5f:d6:33:7f:81:1a:0a:ed:a5:fa:2d:ef:37:
                    e1:c9:1e:15:1c:f2:40:50:76:9a:ee:9e:4a:ad:e0:
                    77:45:8b:c1:23:6e:4e:c1:e3:f5:76:3f:31:5d:87:
                    32:91:58:cf:c9:7a:43:22:7d:dc:75:da:55:47:44:
                    83:6e:ad:5c:be:97:ac:50:b6:d0:ab:d5:e1:21:c7:
                    0b:47:d7:eb:3c:99:24:3c:b7:cb:7e:2d:ea:db:48:
                    86:36:a1:2c:0f:63:61:8e:5f:61:55:9c:42:3c:5d:
                    d6:83:e1:25:87:73:c7:66:c6:73:aa:d5:a6:a9:ed:
                    8d:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:76:99:D0:3A:D6:64:1D:3E:3A:FD:24:2F:01:25:21:C9:21:51:4C
            X509v3 Authority Key Identifier:
                keyid:02:BB:D4:F8:65:A1:2D:79:A0:9A:03:44:86:CE:61:BA:02:38:82:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ArvU-GWhLXmgmgNEhs5hugI4gsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/cb83b2-33b5-4560-8935-0a98048cdf72/1/G3aZ0DrWZB0-Ov0kLwElIckhUUw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/cb83b2-33b5-4560-8935-0a98048cdf72/1/ArvU-GWhLXmgmgNEhs5hugI4gsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.62.128.0/23
                  5.62.136.0/24
                  5.62.142.0/24
                  31.7.84.0/24
                  31.7.86.0/24
                  37.77.48.0/24
                  37.77.50.0/23
                  185.69.4.0-185.69.6.255

    Signature Algorithm: sha256WithRSAEncryption
         bb:32:0d:73:50:f3:cc:5e:c2:04:b8:d7:a7:53:d8:3f:51:ae:
         ca:4c:fc:ac:a5:19:5f:54:25:28:3a:e0:9a:7c:58:49:34:62:
         db:03:f6:3e:f5:24:b7:9a:a3:6e:97:4c:d7:5d:79:bb:6a:1c:
         64:d8:00:11:5d:f8:dc:75:00:f8:ad:30:61:fe:6d:0b:a7:7c:
         70:46:8d:1b:b6:cb:92:75:a3:f4:75:23:10:36:57:5b:5f:40:
         24:1f:ce:3e:aa:07:e8:73:31:a0:ae:15:d1:ab:0d:51:fc:5a:
         cc:3c:e9:98:f8:2b:53:63:f8:69:a2:57:86:e9:02:5a:db:61:
         1d:01:7a:fb:31:a4:58:e6:12:d0:97:c6:44:ab:c4:0c:65:f5:
         28:0d:b8:90:81:62:d2:bd:d1:ab:5a:b8:45:c4:a4:b3:57:a3:
         fb:12:78:ed:65:05:ca:7a:e0:ba:79:47:0d:a6:cb:2d:ae:14:
         89:c5:67:83:e1:a8:0e:a0:4f:a0:dd:1b:e4:17:7f:0f:db:8e:
         ae:31:07:11:18:82:06:9e:fc:e5:19:f8:30:b1:ce:6d:4f:35:
         69:54:c5:0b:48:bc:74:85:66:da:5a:2a:77:1a:38:86:a9:79:
         7f:74:c1:38:1d:d1:7c:3e:64:8d:07:e4:f8:b8:50:17:60:8d:
         d4:0b:16:73
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYxYJmYBsobJwHgPs7Tc48ZoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyYmJkNGY4NjVhMTJkNzlhMDlhMDM0NDg2Y2U2MWJhMDIz
ODgyYzcwHhcNMjMxMjExMDkxMjQwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjc2OTlkMDNhZDY2NDFkM2UzYWZkMjQyZjAxMjUyMWM5MjE1MTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsqqDFBeKoyl+5aq582eIcxWulrMX
B4xDb0u1GiGvXZYYN3odBeAsxBMPbPIomGAdglHlzrA3c4GULm5qKa1sBQL3w8jY
UgQzZ8fZ9NCCn2qXHImYxJCQdkB9LHMWUKQdiq2DSIfDd7N75TkXQ6q8APYdqkRp
HWGDUNVH3xfz+KzSwIzcUhW7oV/WM3+BGgrtpfot7zfhyR4VHPJAUHaa7p5KreB3
RYvBI25OweP1dj8xXYcykVjPyXpDIn3cddpVR0SDbq1cvpesULbQq9XhIccLR9fr
PJkkPLfLfi3q20iGNqEsD2Nhjl9hVZxCPF3Wg+Elh3PHZsZzqtWmqe2N+wIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFBt2mdA61mQdPjr9JC8BJSHJIVFMMB8GA1UdIwQY
MBaAFAK71PhloS15oJoDRIbOYboCOILHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXJ2VS1HV2hMWG1nbWdORWhzNWh1Z0k0Z3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9jYjgzYjItMzNiNS00NTYwLTg5MzUt
MGE5ODA0OGNkZjcyLzEvRzNhWjBEcldaQjAtT3Ywa0x3RWxJY2toVVV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9jYjgzYjItMzNiNS00NTYwLTg5MzUtMGE5ODA0OGNkZjcy
LzEvQXJ2VS1HV2hMWG1nbWdORWhzNWh1Z0k0Z3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQBBT6AAwQA
BT6IAwQABT6OAwQAHwdUAwQAHwdWAwQAJU0wAwQBJU0yMAwDBAK5RQQDBAC5RQYw
DQYJKoZIhvcNAQELBQADggEBALsyDXNQ88xewgS416dT2D9RrspM/KylGV9UJSg6
4Jp8WEk0YtsD9j71JLeao26XTNddebtqHGTYABFd+Nx1APitMGH+bQunfHBGjRu2
y5J1o/R1IxA2V1tfQCQfzj6qB+hzMaCuFdGrDVH8Wsw86Zj4K1Nj+GmiV4bpAlrb
YR0BevsxpFjmEtCXxkSrxAxl9SgNuJCBYtK90atauEXEpLNXo/sSeO1lBcp64Lp5
Rw2myy2uFInFZ4PhqA6gT6DdG+QXfw/bjq4xBxEYggae/OUZ+DCxzm1PNWlUxQtI
vHSFZtpaKncaOIapeX90wTgd0Xw+ZI0H5Pi4UBdgjdQLFnM=
-----END CERTIFICATE-----