Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/9a4833-6da4-4dda-b7ab-28c343ce9d5d/1/d07wcxVyt0hCP511rLa0SleY_O0.roa
File:                     d07wcxVyt0hCP511rLa0SleY_O0.roa (raw, json)
Hash identifier:          zflX/2l/4xLXBw0zlooaONmoWBbtbPQzh8TvOoR+6vo=
Subject key identifier:   77:4E:F0:73:15:72:B7:48:42:3F:9D:75:AC:B6:B4:4A:57:98:FC:ED
Certificate issuer:       /CN=a4327c56e941171ea3beba26ebb9e23f4df5bcf3
Certificate serial:       018C67E9A91CC986BA6F60EE66FCC86E7537
Authority key identifier: A4:32:7C:56:E9:41:17:1E:A3:BE:BA:26:EB:B9:E2:3F:4D:F5:BC:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pDJ8VulBFx6jvrom67niP031vPM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/9a4833-6da4-4dda-b7ab-28c343ce9d5d/1/d07wcxVyt0hCP511rLa0SleY_O0.roa
Signing time:             Thu 14 Dec 2023 10:40:15 +0000
ROA not before:           Thu 14 Dec 2023 10:40:15 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     216134
IP address blocks:        149.238.159.0/24 maxlen: 24
                          149.238.160.0/19 maxlen: 24
                          193.33.52.0/23 maxlen: 24
                          149.238.96.0/19 maxlen: 24
                          149.238.128.0/19 maxlen: 24
                          149.238.32.0/19 maxlen: 24
                          149.238.64.0/19 maxlen: 24
                          192.77.114.0/23 maxlen: 24
                          192.112.208.0/24 maxlen: 24
                          149.238.192.0/19 maxlen: 24
                          149.238.0.0/19 maxlen: 24
                          149.238.224.0/19 maxlen: 24
                          2a13:cb40::/29 maxlen: 29

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 04:30:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:67:e9:a9:1c:c9:86:ba:6f:60:ee:66:fc:c8:6e:75:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4327c56e941171ea3beba26ebb9e23f4df5bcf3
        Validity
            Not Before: Dec 14 10:40:15 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=774ef0731572b748423f9d75acb6b44a5798fced
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:78:48:42:ce:9a:77:61:6f:cf:b6:35:62:eb:
                    d7:f4:16:b2:e5:8e:d5:28:78:93:f1:7b:08:66:5c:
                    b7:fd:8d:f0:19:de:45:c3:12:ff:8b:6d:c1:6b:92:
                    8f:7e:31:7c:7c:b6:2d:d6:62:8a:3a:4a:6e:4f:ca:
                    78:22:8b:fc:1c:a3:a7:a0:05:7e:72:39:9e:b2:f1:
                    08:5b:ed:f5:06:51:72:82:c6:cb:1b:03:44:35:2a:
                    8f:3f:aa:d6:df:74:a2:7d:17:35:59:8c:a5:a4:c3:
                    8f:5c:2b:13:4c:c0:ca:69:e1:f1:0e:27:56:2c:72:
                    95:16:3f:55:14:29:1e:0e:54:43:c3:8d:b8:b1:67:
                    8d:08:ef:ce:c7:95:a3:9a:29:8b:ca:11:b8:30:fa:
                    b6:7e:b3:9f:88:e3:5e:e5:5d:36:a8:e7:66:8c:b6:
                    6f:01:5c:69:99:d3:a6:f1:61:25:90:17:49:0d:b6:
                    02:bb:5e:dc:9f:64:4e:0a:5b:28:d1:34:a5:4f:4b:
                    82:80:c2:13:52:af:c1:d0:39:5a:12:3f:20:16:5b:
                    5d:55:1b:48:0b:c1:5b:ce:f3:00:67:6b:0f:5a:44:
                    62:c4:b8:62:6e:51:83:94:8e:1a:fd:94:e5:3d:4d:
                    bb:ef:3b:9f:77:dd:78:ca:4e:53:80:be:e8:83:26:
                    9f:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:4E:F0:73:15:72:B7:48:42:3F:9D:75:AC:B6:B4:4A:57:98:FC:ED
            X509v3 Authority Key Identifier:
                keyid:A4:32:7C:56:E9:41:17:1E:A3:BE:BA:26:EB:B9:E2:3F:4D:F5:BC:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pDJ8VulBFx6jvrom67niP031vPM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/9a4833-6da4-4dda-b7ab-28c343ce9d5d/1/d07wcxVyt0hCP511rLa0SleY_O0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/9a4833-6da4-4dda-b7ab-28c343ce9d5d/1/pDJ8VulBFx6jvrom67niP031vPM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.238.0.0/16
                  192.77.114.0/23
                  192.112.208.0/24
                  193.33.52.0/23
                IPv6:
                  2a13:cb40::/29

    Signature Algorithm: sha256WithRSAEncryption
         9b:5e:5a:40:36:bb:70:ca:97:fc:ba:b0:44:5f:f6:d7:1e:8d:
         23:72:30:f3:0a:c6:7b:d3:88:17:e4:cf:78:4f:c9:a6:03:e6:
         15:58:53:7b:96:2a:2f:88:ba:1c:c4:c2:4e:fa:99:52:cd:3a:
         f1:91:91:7a:6b:7a:81:de:c7:2d:ed:81:c2:22:8b:ff:b5:2e:
         0c:f2:d0:57:00:b9:2f:49:c9:f5:3b:3f:ec:a4:98:04:79:8e:
         65:da:b8:91:28:45:ec:f9:10:b4:a9:e2:5d:44:8f:35:75:99:
         bc:dc:2c:8f:ae:b7:4b:df:05:e2:83:34:e8:55:d4:dd:61:24:
         97:b4:32:42:ed:b3:4c:d5:2a:b2:56:97:47:85:92:f9:b5:3b:
         f6:6c:8e:54:aa:45:e3:eb:5c:ae:85:fc:b8:b9:aa:90:ec:6c:
         ed:0c:77:9d:23:62:bb:87:95:13:d8:2c:65:63:99:c7:4c:08:
         be:00:18:bd:d9:03:60:5e:29:3c:50:99:15:8d:bf:c4:a7:9b:
         0a:c3:83:31:65:0a:19:e0:60:a0:df:ac:c3:1f:70:ef:6a:0d:
         22:23:a2:8a:55:d0:4b:e5:f5:01:de:58:88:36:fe:4b:da:36:
         fd:dc:c3:fa:75:04:e6:01:3e:ce:4e:93:a5:10:12:76:18:d4:
         5a:61:f5:bf
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAYxn6akcyYa6b2DuZvzIbnU3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0MzI3YzU2ZTk0MTE3MWVhM2JlYmEyNmViYjllMjNmNGRm
NWJjZjMwHhcNMjMxMjE0MTA0MDE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzRlZjA3MzE1NzJiNzQ4NDIzZjlkNzVhY2I2YjQ0YTU3OThmY2VkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6nhIQs6ad2Fvz7Y1YuvX9Bay5Y7V
KHiT8XsIZly3/Y3wGd5FwxL/i23Ba5KPfjF8fLYt1mKKOkpuT8p4Iov8HKOnoAV+
cjmesvEIW+31BlFygsbLGwNENSqPP6rW33SifRc1WYylpMOPXCsTTMDKaeHxDidW
LHKVFj9VFCkeDlRDw424sWeNCO/Ox5WjmimLyhG4MPq2frOfiONe5V02qOdmjLZv
AVxpmdOm8WElkBdJDbYCu17cn2ROClso0TSlT0uCgMITUq/B0DlaEj8gFltdVRtI
C8FbzvMAZ2sPWkRixLhiblGDlI4a/ZTlPU277zufd914yk5TgL7ogyaf4QIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFHdO8HMVcrdIQj+dday2tEpXmPztMB8GA1UdIwQY
MBaAFKQyfFbpQRceo766Juu54j9N9bzzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcERKOFZ1bEJGeDZqdnJvbTY3bmlQMDMxdlBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS85YTQ4MzMtNmRhNC00ZGRhLWI3YWIt
MjhjMzQzY2U5ZDVkLzEvZDA3d2N4Vnl0MGhDUDUxMXJMYTBTbGVZX08wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS85YTQ4MzMtNmRhNC00ZGRhLWI3YWItMjhjMzQzY2U5ZDVk
LzEvcERKOFZ1bEJGeDZqdnJvbTY3bmlQMDMxdlBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAdBAIAATAXAwMAle4DBAHA
TXIDBADAcNADBAHBITQwDQQCAAIwBwMFAyoTy0AwDQYJKoZIhvcNAQELBQADggEB
AJteWkA2u3DKl/y6sERf9tcejSNyMPMKxnvTiBfkz3hPyaYD5hVYU3uWKi+IuhzE
wk76mVLNOvGRkXpreoHexy3tgcIii/+1Lgzy0FcAuS9JyfU7P+ykmAR5jmXauJEo
Rez5ELSp4l1EjzV1mbzcLI+ut0vfBeKDNOhV1N1hJJe0MkLts0zVKrJWl0eFkvm1
O/ZsjlSqRePrXK6F/Li5qpDsbO0Md50jYruHlRPYLGVjmcdMCL4AGL3ZA2BeKTxQ
mRWNv8SnmwrDgzFlChngYKDfrMMfcO9qDSIjoopV0Evl9QHeWIg2/kvaNv3cw/p1
BOYBPs5Ok6UQEnYY1Fph9b8=
-----END CERTIFICATE-----