Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/p_7nogAg9CwKE3NgSTMRLMwT3Oc.roa
File:                     p_7nogAg9CwKE3NgSTMRLMwT3Oc.roa (raw, json)
Hash identifier:          jr3nIoZQR9WOy1gZ2kBI9SBUyg7uD01e3S0HXDxXO1Y=
Subject key identifier:   A7:FE:E7:A2:00:20:F4:2C:0A:13:73:60:49:33:11:2C:CC:13:DC:E7
Certificate issuer:       /CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
Certificate serial:       0191BDBCA632CB4869F172F8740558C11478
Authority key identifier: 65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/p_7nogAg9CwKE3NgSTMRLMwT3Oc.roa
Signing time:             Wed 04 Sep 2024 15:52:22 +0000
ROA not before:           Wed 04 Sep 2024 15:52:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44620
IP address blocks:        195.216.160.0/24 maxlen: 24
                          195.216.161.0/24 maxlen: 24
                          213.182.201.0/24 maxlen: 24
                          213.182.205.0/24 maxlen: 24
                          213.182.212.0/24 maxlen: 24
                          213.182.213.0/24 maxlen: 24
                          213.182.214.0/24 maxlen: 24
                          213.182.215.0/24 maxlen: 24
                          213.182.217.0/24 maxlen: 24
                          213.182.219.0/24 maxlen: 24
                          213.182.220.0/24 maxlen: 24
                          213.182.221.0/24 maxlen: 24
                          213.182.222.0/24 maxlen: 24
                          213.182.223.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 10 Sep 2024 16:57:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:bd:bc:a6:32:cb:48:69:f1:72:f8:74:05:58:c1:14:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
        Validity
            Not Before: Sep  4 15:52:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a7fee7a20020f42c0a1373604933112ccc13dce7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:59:84:79:da:4b:f6:8e:ed:27:e0:6f:ff:3f:
                    03:db:6a:b7:99:38:96:41:e7:8c:64:55:47:7d:33:
                    26:06:f8:05:a4:3b:b3:15:80:c7:7d:90:a1:ae:1e:
                    55:a3:cc:87:06:78:d7:2e:6f:08:80:db:2f:61:36:
                    5a:8f:ca:35:70:e7:cd:0e:7a:42:b6:0c:91:b4:be:
                    90:3a:ef:fd:67:fd:fa:8e:8b:0c:87:39:38:84:f5:
                    ed:83:1b:47:3b:ea:e8:d8:7e:7c:fb:ca:c1:f2:d4:
                    90:df:2c:50:c0:9e:ae:a7:3e:74:d7:f0:00:fb:eb:
                    de:b1:16:0b:65:1f:a3:03:dc:6b:38:74:06:09:dd:
                    8a:4e:61:2f:c6:e5:16:9b:39:f5:46:55:67:b4:eb:
                    7d:0b:d0:6c:49:90:43:7d:b5:f8:69:bd:ea:3c:79:
                    bb:07:97:50:46:30:1b:cb:d4:3f:4f:c7:c1:0e:dd:
                    26:72:fc:59:d0:0c:af:46:68:4e:39:a7:c3:3a:5b:
                    8d:02:d3:4c:08:de:47:ea:de:38:cc:a0:9e:f1:0c:
                    01:c7:0f:64:33:b9:f2:e3:14:91:29:73:ed:79:67:
                    5a:83:85:a4:dc:1d:48:7d:62:48:5d:6f:34:47:63:
                    85:03:97:b4:a7:2a:f4:6a:ea:9c:f8:59:40:a6:95:
                    9a:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:FE:E7:A2:00:20:F4:2C:0A:13:73:60:49:33:11:2C:CC:13:DC:E7
            X509v3 Authority Key Identifier:
                keyid:65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/p_7nogAg9CwKE3NgSTMRLMwT3Oc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.216.160.0/23
                  213.182.201.0/24
                  213.182.205.0/24
                  213.182.212.0/22
                  213.182.217.0/24
                  213.182.219.0-213.182.223.255

    Signature Algorithm: sha256WithRSAEncryption
         8c:c3:f0:a0:cb:ad:f2:bc:7f:40:bf:c7:8d:fa:1b:66:f1:ba:
         9f:84:46:3c:cc:c8:46:35:45:4c:dd:95:89:92:2c:52:46:67:
         87:d6:d7:9e:24:85:fb:a4:d5:f7:d0:45:3f:b8:ad:e1:4e:67:
         e7:48:f8:8f:9d:28:ef:1a:ac:36:f7:d5:6d:b4:f1:a3:3f:3c:
         45:58:6c:9a:3d:bc:96:46:f5:0b:12:bb:7a:a9:4e:45:19:7a:
         13:b5:22:97:fe:54:48:d7:9d:e2:14:28:34:3a:08:0a:ed:35:
         3a:e7:98:50:2d:f2:1f:3b:96:03:a4:9c:9d:a3:c8:ea:df:6c:
         ba:18:f1:cd:8f:04:04:78:23:8a:22:59:52:b3:2b:dc:35:ad:
         50:40:4c:cc:52:66:51:d6:1f:58:3d:47:58:98:26:b8:28:ee:
         08:69:da:16:c6:e4:76:44:d0:62:52:89:b4:09:06:98:de:25:
         31:52:d4:65:2f:9d:9a:60:cf:10:c6:6f:3c:ff:ab:2a:08:ad:
         65:fa:a2:7f:33:13:b8:46:41:c0:88:84:2d:c5:ac:c0:20:fb:
         eb:b2:03:60:74:90:a0:3f:39:31:13:28:5a:06:40:5e:ea:42:
         bc:a4:0a:fd:3d:a9:60:bc:ae:2a:66:7f:99:c4:7d:f7:40:c4:
         c9:f4:30:50
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAZG9vKYyy0hp8XL4dAVYwRR4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YjdkNjY5OTgzNWJmZTlhODA4MWRmYzExNGRmMWJmNmQy
MTVkYTcwHhcNMjQwOTA0MTU1MjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhN2ZlZTdhMjAwMjBmNDJjMGExMzczNjA0OTMzMTEyY2NjMTNkY2U3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1VmEedpL9o7tJ+Bv/z8D22q3mTiW
QeeMZFVHfTMmBvgFpDuzFYDHfZChrh5Vo8yHBnjXLm8IgNsvYTZaj8o1cOfNDnpC
tgyRtL6QOu/9Z/36josMhzk4hPXtgxtHO+ro2H58+8rB8tSQ3yxQwJ6upz501/AA
++vesRYLZR+jA9xrOHQGCd2KTmEvxuUWmzn1RlVntOt9C9BsSZBDfbX4ab3qPHm7
B5dQRjAby9Q/T8fBDt0mcvxZ0AyvRmhOOafDOluNAtNMCN5H6t44zKCe8QwBxw9k
M7ny4xSRKXPteWdag4Wk3B1IfWJIXW80R2OFA5e0pyr0auqc+FlAppWaBwIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFKf+56IAIPQsChNzYEkzESzME9znMB8GA1UdIwQY
MBaAFGW31mmYNb/pqAgd/BFN8b9tIV2nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDct
OWU0MTNlYmY0MmYzLzEvcF83bm9nQWc5Q3dLRTNOZ1NUTVJMTXdUM09jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDctOWU0MTNlYmY0MmYz
LzEvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQBw9igAwQA
1bbJAwQA1bbNAwQC1bbUAwQA1bbZMAwDBADVttsDBAXVtsAwDQYJKoZIhvcNAQEL
BQADggEBAIzD8KDLrfK8f0C/x436G2bxup+ERjzMyEY1RUzdlYmSLFJGZ4fW154k
hfuk1ffQRT+4reFOZ+dI+I+dKO8arDb31W208aM/PEVYbJo9vJZG9QsSu3qpTkUZ
ehO1Ipf+VEjXneIUKDQ6CArtNTrnmFAt8h87lgOknJ2jyOrfbLoY8c2PBAR4I4oi
WVKzK9w1rVBATMxSZlHWH1g9R1iYJrgo7ghp2hbG5HZE0GJSibQJBpjeJTFS1GUv
nZpgzxDGbzz/qyoIrWX6on8zE7hGQcCIhC3FrMAg++uyA2B0kKA/OTETKFoGQF7q
QrykCv09qWC8ripmf5nEffdAxMn0MFA=
-----END CERTIFICATE-----