Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/c72b67-76ec-4afa-b376-f9ad38051220/1/l3b7TaKo_vB9DZmTZ4WQ6XltfYY.roa
File:                     l3b7TaKo_vB9DZmTZ4WQ6XltfYY.roa (raw, json)
Hash identifier:          i0KEpq4NBQglOICIBvt0SBvlsVdaB1BkLkzQ51szUtE=
Subject key identifier:   97:76:FB:4D:A2:A8:FE:F0:7D:0D:99:93:67:85:90:E9:79:6D:7D:86
Certificate issuer:       /CN=3be2f0164b66a76795860b4ea3586fad563bac47
Certificate serial:       018CC3B68FD9AB76953A82198E7BE92F15F8
Authority key identifier: 3B:E2:F0:16:4B:66:A7:67:95:86:0B:4E:A3:58:6F:AD:56:3B:AC:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O-LwFktmp2eVhgtOo1hvrVY7rEc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/c72b67-76ec-4afa-b376-f9ad38051220/1/l3b7TaKo_vB9DZmTZ4WQ6XltfYY.roa
Signing time:             Mon 01 Jan 2024 06:29:30 +0000
ROA not before:           Mon 01 Jan 2024 06:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206264
IP address blocks:        5.183.209.0/24 maxlen: 24
                          185.191.125.0/24 maxlen: 24
                          185.191.124.0/24 maxlen: 24
                          93.123.72.0/24 maxlen: 24
                          185.191.126.0/24 maxlen: 24
                          94.156.33.0/24 maxlen: 24
                          185.191.127.0/24 maxlen: 24
                          80.251.152.0/23 maxlen: 24
                          89.249.49.0/24 maxlen: 24
                          45.139.122.0/24 maxlen: 24
                          2a0d:1000::/30 maxlen: 30
                          2a0d:1000::/29 maxlen: 29
                          2a0d:1004::/30 maxlen: 30

Validation:               Failed, certificate revoked on Thu 14 Mar 2024 15:39:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:8f:d9:ab:76:95:3a:82:19:8e:7b:e9:2f:15:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3be2f0164b66a76795860b4ea3586fad563bac47
        Validity
            Not Before: Jan  1 06:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9776fb4da2a8fef07d0d9993678590e9796d7d86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:55:c4:4d:5f:5d:3b:1c:95:5c:d4:56:f9:d7:
                    ef:4d:b0:a0:1e:5e:6d:20:54:29:dd:96:05:35:f5:
                    a3:10:1e:b3:da:d3:c8:11:dc:f8:80:d0:3f:77:95:
                    a0:59:ce:36:5c:61:0f:49:6b:9f:e6:c4:7b:b4:49:
                    1a:4d:ab:fb:d5:b6:1d:76:fd:c3:e7:93:e2:23:77:
                    00:e8:db:4a:cf:86:8c:78:27:05:c3:bc:33:32:fe:
                    1b:48:1a:19:ac:61:c9:22:da:40:66:dd:27:e2:f3:
                    e1:51:3f:c6:cc:3e:a0:eb:54:1d:52:5a:f0:2b:ae:
                    cc:66:3b:99:65:5a:ea:35:6b:d5:65:9a:56:8c:df:
                    d8:3b:f3:e8:d2:42:70:48:4b:3f:0b:99:0c:cd:31:
                    92:40:9a:f4:fb:2f:cb:84:2f:60:26:ce:7c:32:24:
                    7e:b2:db:3a:ee:5c:e0:ab:20:3c:98:44:6f:95:11:
                    56:ae:b2:f6:57:d8:f2:d1:7d:0b:5a:6f:d5:e0:6b:
                    b3:2e:2c:20:95:79:4d:b7:20:2b:76:c2:7f:b2:eb:
                    b4:cd:d0:0a:b7:e3:fe:4b:34:a2:98:07:3a:68:1a:
                    c6:9a:e1:5c:3e:f5:7a:9b:ea:83:f8:d3:9a:2e:ca:
                    01:dc:33:4f:fb:e7:93:4c:4c:d0:c9:45:00:ce:10:
                    7e:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:76:FB:4D:A2:A8:FE:F0:7D:0D:99:93:67:85:90:E9:79:6D:7D:86
            X509v3 Authority Key Identifier:
                keyid:3B:E2:F0:16:4B:66:A7:67:95:86:0B:4E:A3:58:6F:AD:56:3B:AC:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O-LwFktmp2eVhgtOo1hvrVY7rEc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/c72b67-76ec-4afa-b376-f9ad38051220/1/l3b7TaKo_vB9DZmTZ4WQ6XltfYY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/c72b67-76ec-4afa-b376-f9ad38051220/1/O-LwFktmp2eVhgtOo1hvrVY7rEc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.183.209.0/24
                  45.139.122.0/24
                  80.251.152.0/23
                  89.249.49.0/24
                  93.123.72.0/24
                  94.156.33.0/24
                  185.191.124.0/22
                IPv6:
                  2a0d:1000::/29

    Signature Algorithm: sha256WithRSAEncryption
         2e:99:13:56:b8:94:a5:2e:e4:76:d0:46:29:a0:62:47:4b:cb:
         7c:08:df:e0:f8:75:14:b4:99:09:07:55:eb:33:ec:1f:dc:b6:
         94:80:7c:13:8b:ae:3c:d0:75:4a:ca:38:1d:f9:3b:b5:7c:08:
         94:d6:03:5d:8b:32:18:e5:5a:bf:12:13:91:25:49:00:d7:13:
         5c:01:c0:df:28:28:e2:ff:b3:ce:aa:d4:16:f7:fc:d2:09:4f:
         db:f8:26:07:ba:49:bb:d1:ab:be:1a:4f:37:56:1c:ad:17:39:
         de:57:1f:b3:80:0e:04:ad:f8:bc:b8:32:ef:fa:10:21:26:5b:
         9f:d7:c1:81:ea:b0:78:c4:12:6a:16:37:93:d5:b4:37:3e:bd:
         b6:7c:bd:20:97:24:5b:1e:a9:28:58:a9:b8:4a:cb:6b:29:dc:
         a8:70:04:91:8f:ee:5c:58:d8:72:f8:bf:e0:08:0b:cf:cd:1f:
         2f:4a:49:37:66:9f:11:25:e4:7d:6c:8e:c3:e6:a2:38:8f:60:
         da:37:5f:57:f5:58:23:f9:69:67:d7:91:e1:eb:de:d1:c6:de:
         05:1c:b0:3b:be:27:84:c3:88:09:75:ec:5d:8b:04:eb:83:46:
         97:26:93:43:c4:28:e6:bf:24:c2:0b:61:0a:3e:a2:39:d5:db:
         38:a9:f4:d2
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAYzDto/Zq3aVOoIZjnvpLxX4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiZTJmMDE2NGI2NmE3Njc5NTg2MGI0ZWEzNTg2ZmFkNTYz
YmFjNDcwHhcNMjQwMTAxMDYyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Nzc2ZmI0ZGEyYThmZWYwN2QwZDk5OTM2Nzg1OTBlOTc5NmQ3ZDg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu1XETV9dOxyVXNRW+dfvTbCgHl5t
IFQp3ZYFNfWjEB6z2tPIEdz4gNA/d5WgWc42XGEPSWuf5sR7tEkaTav71bYddv3D
55PiI3cA6NtKz4aMeCcFw7wzMv4bSBoZrGHJItpAZt0n4vPhUT/GzD6g61QdUlrw
K67MZjuZZVrqNWvVZZpWjN/YO/Po0kJwSEs/C5kMzTGSQJr0+y/LhC9gJs58MiR+
sts67lzgqyA8mERvlRFWrrL2V9jy0X0LWm/V4GuzLiwglXlNtyArdsJ/suu0zdAK
t+P+SzSimAc6aBrGmuFcPvV6m+qD+NOaLsoB3DNP++eTTEzQyUUAzhB+lQIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFJd2+02iqP7wfQ2Zk2eFkOl5bX2GMB8GA1UdIwQY
MBaAFDvi8BZLZqdnlYYLTqNYb61WO6xHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTy1Md0ZrdG1wMmVWaGd0T28xaHZyVlk3ckVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC9jNzJiNjctNzZlYy00YWZhLWIzNzYt
ZjlhZDM4MDUxMjIwLzEvbDNiN1RhS29fdkI5RFptVFo0V1E2WGx0ZllZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC9jNzJiNjctNzZlYy00YWZhLWIzNzYtZjlhZDM4MDUxMjIw
LzEvTy1Md0ZrdG1wMmVWaGd0T28xaHZyVlk3ckVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQABbfRAwQA
LYt6AwQBUPuYAwQAWfkxAwQAXXtIAwQAXpwhAwQCub98MA0EAgACMAcDBQMqDRAA
MA0GCSqGSIb3DQEBCwUAA4IBAQAumRNWuJSlLuR20EYpoGJHS8t8CN/g+HUUtJkJ
B1XrM+wf3LaUgHwTi6480HVKyjgd+Tu1fAiU1gNdizIY5Vq/EhORJUkA1xNcAcDf
KCji/7POqtQW9/zSCU/b+CYHukm70au+Gk83VhytFzneVx+zgA4Erfi8uDLv+hAh
Jluf18GB6rB4xBJqFjeT1bQ3Pr22fL0glyRbHqkoWKm4SstrKdyocASRj+5cWNhy
+L/gCAvPzR8vSkk3Zp8RJeR9bI7D5qI4j2DaN19X9Vgj+Wln15Hh697Rxt4FHLA7
vieEw4gJdexdiwTrg0aXJpNDxCjmvyTCC2EKPqI51ds4qfTS
-----END CERTIFICATE-----