Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZluUBlFPtVFy-w_N8_EO_QrSVvY.roa
File:                     ZluUBlFPtVFy-w_N8_EO_QrSVvY.roa (raw, json)
Hash identifier:          aadMEoTl6SoIi5i+QTqqQmSaGpJgyGAyZT87zj3BdyY=
Subject key identifier:   66:5B:94:06:51:4F:B5:51:72:FB:0F:CD:F3:F1:0E:FD:0A:D2:56:F6
Certificate issuer:       /CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
Certificate serial:       0191BBEAA54FD3E5444B0899F300179C1F8A
Authority key identifier: 65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZluUBlFPtVFy-w_N8_EO_QrSVvY.roa
Signing time:             Wed 04 Sep 2024 07:23:22 +0000
ROA not before:           Wed 04 Sep 2024 07:23:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44620
IP address blocks:        195.216.160.0/24 maxlen: 24
                          195.216.161.0/24 maxlen: 24
                          213.182.197.0/24 maxlen: 24
                          213.182.201.0/24 maxlen: 24
                          213.182.205.0/24 maxlen: 24
                          213.182.212.0/24 maxlen: 24
                          213.182.213.0/24 maxlen: 24
                          213.182.214.0/24 maxlen: 24
                          213.182.215.0/24 maxlen: 24
                          213.182.217.0/24 maxlen: 24
                          213.182.219.0/24 maxlen: 24
                          213.182.220.0/24 maxlen: 24
                          213.182.221.0/24 maxlen: 24
                          213.182.222.0/24 maxlen: 24
                          213.182.223.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 04 Sep 2024 15:52:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:bb:ea:a5:4f:d3:e5:44:4b:08:99:f3:00:17:9c:1f:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
        Validity
            Not Before: Sep  4 07:23:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=665b9406514fb55172fb0fcdf3f10efd0ad256f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:8e:02:09:c8:4f:bb:bd:40:0c:bc:c1:b5:e7:
                    79:d7:0f:89:9d:be:e2:36:d1:72:58:91:31:68:b9:
                    f3:5b:2d:91:73:27:6e:b0:4d:56:84:2f:3f:bb:c4:
                    03:2d:3a:98:eb:27:ec:98:a8:b2:62:e4:c1:4d:69:
                    63:a4:b9:95:16:f7:57:bb:6a:7c:78:fc:87:43:98:
                    0b:46:1e:80:2a:92:ef:96:f0:8e:81:d3:32:6c:b9:
                    fa:8e:2c:82:d4:f8:e8:63:56:c8:67:41:00:53:32:
                    76:4a:17:81:7d:05:f6:24:0b:f2:3e:3f:d3:a5:a5:
                    e6:7b:de:c5:42:59:6d:22:7c:1f:d9:b6:12:57:7b:
                    79:4f:98:ff:b6:76:c2:66:8f:72:bd:d9:7a:fe:e4:
                    b1:91:04:50:08:f4:87:cd:7a:5f:4d:6f:a9:25:66:
                    01:6e:18:73:e2:a9:7d:80:b1:d5:dc:49:ba:13:f3:
                    90:22:98:97:fd:c5:6d:f6:72:20:af:e8:cc:a5:4a:
                    3d:67:fc:fd:52:3a:d8:c5:28:d2:7d:8e:9f:6e:ca:
                    91:84:36:21:4e:b3:00:d3:42:37:1e:63:2d:c8:fa:
                    d2:26:28:65:88:5d:19:8d:c3:00:65:22:3c:84:84:
                    ab:9c:5d:93:ad:ee:0c:bb:20:8c:32:30:fd:76:6d:
                    1f:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:5B:94:06:51:4F:B5:51:72:FB:0F:CD:F3:F1:0E:FD:0A:D2:56:F6
            X509v3 Authority Key Identifier:
                keyid:65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZluUBlFPtVFy-w_N8_EO_QrSVvY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.216.160.0/23
                  213.182.197.0/24
                  213.182.201.0/24
                  213.182.205.0/24
                  213.182.212.0/22
                  213.182.217.0/24
                  213.182.219.0-213.182.223.255

    Signature Algorithm: sha256WithRSAEncryption
         93:cc:75:4b:a9:df:96:27:4f:0f:3b:13:33:4c:2b:fc:31:a5:
         a3:90:b5:bb:1c:7a:bf:7e:51:e2:7e:51:10:59:b0:d5:0d:b0:
         50:0a:8e:a8:fa:c4:0d:a9:02:da:7b:81:e9:e5:ab:42:7c:17:
         f2:a5:e8:6b:74:b1:07:b8:6a:e6:0d:98:35:e0:22:12:69:5c:
         89:0b:a4:57:13:f3:42:2f:1d:e0:fd:03:fb:90:a7:af:cc:11:
         14:01:66:77:10:47:e4:9f:9b:86:8b:f4:82:4f:b2:50:f0:07:
         c7:90:31:93:1a:60:97:71:ce:7c:8e:ba:59:16:d4:03:cd:be:
         39:6d:ab:4c:17:20:11:49:6f:8d:4c:16:55:02:5b:a7:47:d6:
         ba:b6:c3:1d:4c:4a:16:cd:25:03:37:d6:c9:4d:ea:bb:db:52:
         8b:6f:51:aa:11:9b:04:ea:cf:94:6a:36:da:ca:66:63:78:57:
         c0:52:dd:2c:2f:05:97:42:45:fd:86:e7:87:16:e3:b2:0f:54:
         7f:da:08:52:9e:e3:fd:05:1e:81:2a:f2:ee:82:f1:b3:28:42:
         26:59:aa:ae:63:54:94:82:29:3f:3a:c4:13:38:06:4c:c9:46:
         e4:cc:1c:ac:b4:25:5e:4a:d7:47:dc:fb:e6:66:4d:72:2f:53:
         ac:1e:bd:56
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAZG76qVP0+VESwiZ8wAXnB+KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YjdkNjY5OTgzNWJmZTlhODA4MWRmYzExNGRmMWJmNmQy
MTVkYTcwHhcNMjQwOTA0MDcyMzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjViOTQwNjUxNGZiNTUxNzJmYjBmY2RmM2YxMGVmZDBhZDI1NmY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA344CCchPu71ADLzBted51w+Jnb7i
NtFyWJExaLnzWy2RcydusE1WhC8/u8QDLTqY6yfsmKiyYuTBTWljpLmVFvdXu2p8
ePyHQ5gLRh6AKpLvlvCOgdMybLn6jiyC1PjoY1bIZ0EAUzJ2SheBfQX2JAvyPj/T
paXme97FQlltInwf2bYSV3t5T5j/tnbCZo9yvdl6/uSxkQRQCPSHzXpfTW+pJWYB
bhhz4ql9gLHV3Em6E/OQIpiX/cVt9nIgr+jMpUo9Z/z9UjrYxSjSfY6fbsqRhDYh
TrMA00I3HmMtyPrSJihliF0ZjcMAZSI8hISrnF2Tre4MuyCMMjD9dm0fZQIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFGZblAZRT7VRcvsPzfPxDv0K0lb2MB8GA1UdIwQY
MBaAFGW31mmYNb/pqAgd/BFN8b9tIV2nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDct
OWU0MTNlYmY0MmYzLzEvWmx1VUJsRlB0VkZ5LXdfTjhfRU9fUXJTVnZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDctOWU0MTNlYmY0MmYz
LzEvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQBw9igAwQA
1bbFAwQA1bbJAwQA1bbNAwQC1bbUAwQA1bbZMAwDBADVttsDBAXVtsAwDQYJKoZI
hvcNAQELBQADggEBAJPMdUup35YnTw87EzNMK/wxpaOQtbscer9+UeJ+URBZsNUN
sFAKjqj6xA2pAtp7genlq0J8F/Kl6Gt0sQe4auYNmDXgIhJpXIkLpFcT80IvHeD9
A/uQp6/MERQBZncQR+Sfm4aL9IJPslDwB8eQMZMaYJdxznyOulkW1APNvjltq0wX
IBFJb41MFlUCW6dH1rq2wx1MShbNJQM31slN6rvbUotvUaoRmwTqz5RqNtrKZmN4
V8BS3SwvBZdCRf2G54cW47IPVH/aCFKe4/0FHoEq8u6C8bMoQiZZqq5jVJSCKT86
xBM4BkzJRuTMHKy0JV5K10fc++ZmTXIvU6wevVY=
-----END CERTIFICATE-----