Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/c72b67-76ec-4afa-b376-f9ad38051220/1/unUEnPGELai8zrYK6qIEoev0As4.roa
File:                     unUEnPGELai8zrYK6qIEoev0As4.roa (raw, json)
Hash identifier:          W+poJRcHejramMT0KrTE16WsTiyDtcJLit33huLt92Y=
Subject key identifier:   BA:75:04:9C:F1:84:2D:A8:BC:CE:B6:0A:EA:A2:04:A1:EB:F4:02:CE
Certificate issuer:       /CN=3be2f0164b66a76795860b4ea3586fad563bac47
Certificate serial:       018E3D9EC11A10F8F75BAB81FFE62DF0793E
Authority key identifier: 3B:E2:F0:16:4B:66:A7:67:95:86:0B:4E:A3:58:6F:AD:56:3B:AC:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O-LwFktmp2eVhgtOo1hvrVY7rEc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/c72b67-76ec-4afa-b376-f9ad38051220/1/unUEnPGELai8zrYK6qIEoev0As4.roa
Signing time:             Thu 14 Mar 2024 15:39:57 +0000
ROA not before:           Thu 14 Mar 2024 15:39:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206264
IP address blocks:        5.183.209.0/24 maxlen: 24
                          45.129.84.0/24 maxlen: 24
                          45.139.122.0/24 maxlen: 24
                          80.251.152.0/23 maxlen: 24
                          89.249.49.0/24 maxlen: 24
                          93.123.72.0/24 maxlen: 24
                          94.156.33.0/24 maxlen: 24
                          185.191.124.0/24 maxlen: 24
                          185.191.125.0/24 maxlen: 24
                          185.191.126.0/24 maxlen: 24
                          185.191.127.0/24 maxlen: 24
                          2a0d:1000::/29 maxlen: 29
                          2a0d:1000::/30 maxlen: 30
                          2a0d:1004::/30 maxlen: 30

Validation:               Failed, certificate revoked on Sat 25 May 2024 06:07:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:3d:9e:c1:1a:10:f8:f7:5b:ab:81:ff:e6:2d:f0:79:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3be2f0164b66a76795860b4ea3586fad563bac47
        Validity
            Not Before: Mar 14 15:39:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ba75049cf1842da8bcceb60aeaa204a1ebf402ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:43:5b:a7:53:b7:2b:93:bd:07:1e:02:aa:3f:
                    d5:5e:3b:c6:a5:e7:b5:5a:6f:73:72:06:ac:a4:21:
                    a5:ff:c7:16:e6:bb:fb:6d:e7:a1:71:94:e1:e5:24:
                    9f:55:ae:9a:ad:46:98:cf:3d:0f:8c:0e:af:b0:60:
                    fd:cb:1f:6d:ca:46:f8:6a:42:3a:05:82:16:d6:55:
                    29:86:12:df:96:95:bc:cc:80:51:91:b0:48:a0:a9:
                    7f:54:29:14:fb:aa:74:e3:27:a0:cc:9c:6e:65:89:
                    04:a3:53:15:b1:46:28:e2:d2:19:88:77:77:0f:90:
                    56:c1:cd:4f:36:94:30:04:f8:b1:eb:ed:bb:22:a0:
                    60:00:17:82:49:d9:de:f7:bb:57:84:47:c1:e2:2b:
                    26:f0:ec:f4:70:1f:e8:09:85:bf:56:76:7c:a4:79:
                    e6:ce:07:fa:7f:e8:a9:80:f6:3a:6e:ce:33:43:4a:
                    b0:a0:02:d1:3c:fb:4c:f8:0e:8b:94:c8:01:03:7f:
                    c6:71:88:6d:96:d7:c5:45:de:79:24:2f:8f:2a:de:
                    bb:8e:cb:0f:d7:53:ef:8f:16:f4:f6:af:78:8e:e8:
                    71:d1:27:e6:39:25:49:5b:4c:f5:ce:e4:97:94:47:
                    04:f0:ef:c6:68:ba:4c:1e:64:71:6d:c6:c9:93:e8:
                    5e:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:75:04:9C:F1:84:2D:A8:BC:CE:B6:0A:EA:A2:04:A1:EB:F4:02:CE
            X509v3 Authority Key Identifier:
                keyid:3B:E2:F0:16:4B:66:A7:67:95:86:0B:4E:A3:58:6F:AD:56:3B:AC:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O-LwFktmp2eVhgtOo1hvrVY7rEc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/c72b67-76ec-4afa-b376-f9ad38051220/1/unUEnPGELai8zrYK6qIEoev0As4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/c72b67-76ec-4afa-b376-f9ad38051220/1/O-LwFktmp2eVhgtOo1hvrVY7rEc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.183.209.0/24
                  45.129.84.0/24
                  45.139.122.0/24
                  80.251.152.0/23
                  89.249.49.0/24
                  93.123.72.0/24
                  94.156.33.0/24
                  185.191.124.0/22
                IPv6:
                  2a0d:1000::/29

    Signature Algorithm: sha256WithRSAEncryption
         27:26:f3:af:a0:a2:af:48:38:55:7d:68:ff:80:d8:4e:e9:94:
         40:da:77:fe:f7:0d:39:f9:92:1f:34:f6:e7:d5:76:7c:48:cf:
         a0:9d:08:7a:a7:4b:eb:0e:ad:fd:cc:30:66:db:9f:c0:1e:29:
         c6:7c:64:b3:8e:99:5f:2d:41:fe:6d:4f:9e:8b:b3:30:07:06:
         ed:3d:9b:ee:eb:cc:8a:ce:d7:ea:29:bb:75:e3:a3:c3:ac:7b:
         5b:3b:7b:0e:28:9a:bd:ad:71:2d:45:d5:a1:ed:47:f4:e6:22:
         d3:6d:ce:a5:94:31:69:1d:35:27:0e:ed:63:91:83:e2:72:f1:
         9b:07:95:b6:79:aa:28:d3:b5:42:17:93:46:9d:b6:c8:a2:4f:
         8d:d3:1a:50:65:b6:6d:d6:18:ae:99:b7:90:e3:e6:6c:06:b2:
         35:ad:c6:75:9a:5c:f5:2d:6f:f3:e1:06:4f:1c:0e:de:30:68:
         33:47:46:0d:ca:1c:17:31:01:5c:86:e7:2a:0a:e6:b3:4e:1d:
         18:ae:93:40:a7:15:bc:64:56:41:88:b5:ad:55:3b:a3:71:4b:
         c2:16:3f:60:59:b1:c6:09:1b:b5:37:08:a9:b7:4b:93:5c:cf:
         6a:d7:b0:a1:cd:a3:78:7c:8e:51:44:7f:c8:28:05:f4:5c:26:
         a2:95:16:13
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAY49nsEaEPj3W6uB/+Yt8Hk+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiZTJmMDE2NGI2NmE3Njc5NTg2MGI0ZWEzNTg2ZmFkNTYz
YmFjNDcwHhcNMjQwMzE0MTUzOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTc1MDQ5Y2YxODQyZGE4YmNjZWI2MGFlYWEyMDRhMWViZjQwMmNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArUNbp1O3K5O9Bx4Cqj/VXjvGpee1
Wm9zcgaspCGl/8cW5rv7beehcZTh5SSfVa6arUaYzz0PjA6vsGD9yx9tykb4akI6
BYIW1lUphhLflpW8zIBRkbBIoKl/VCkU+6p04yegzJxuZYkEo1MVsUYo4tIZiHd3
D5BWwc1PNpQwBPix6+27IqBgABeCSdne97tXhEfB4ism8Oz0cB/oCYW/VnZ8pHnm
zgf6f+ipgPY6bs4zQ0qwoALRPPtM+A6LlMgBA3/GcYhtltfFRd55JC+PKt67jssP
11Pvjxb09q94juhx0SfmOSVJW0z1zuSXlEcE8O/GaLpMHmRxbcbJk+he2QIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFLp1BJzxhC2ovM62CuqiBKHr9ALOMB8GA1UdIwQY
MBaAFDvi8BZLZqdnlYYLTqNYb61WO6xHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTy1Md0ZrdG1wMmVWaGd0T28xaHZyVlk3ckVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC9jNzJiNjctNzZlYy00YWZhLWIzNzYt
ZjlhZDM4MDUxMjIwLzEvdW5VRW5QR0VMYWk4enJZSzZxSUVvZXYwQXM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC9jNzJiNjctNzZlYy00YWZhLWIzNzYtZjlhZDM4MDUxMjIw
LzEvTy1Md0ZrdG1wMmVWaGd0T28xaHZyVlk3ckVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQABbfRAwQA
LYFUAwQALYt6AwQBUPuYAwQAWfkxAwQAXXtIAwQAXpwhAwQCub98MA0EAgACMAcD
BQMqDRAAMA0GCSqGSIb3DQEBCwUAA4IBAQAnJvOvoKKvSDhVfWj/gNhO6ZRA2nf+
9w05+ZIfNPbn1XZ8SM+gnQh6p0vrDq39zDBm25/AHinGfGSzjplfLUH+bU+ei7Mw
BwbtPZvu68yKztfqKbt146PDrHtbO3sOKJq9rXEtRdWh7Uf05iLTbc6llDFpHTUn
Du1jkYPicvGbB5W2eaoo07VCF5NGnbbIok+N0xpQZbZt1hiumbeQ4+ZsBrI1rcZ1
mlz1LW/z4QZPHA7eMGgzR0YNyhwXMQFchucqCuazTh0YrpNApxW8ZFZBiLWtVTuj
cUvCFj9gWbHGCRu1Nwipt0uTXM9q17ChzaN4fI5RRH/IKAX0XCailRYT