Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/8ee451-f626-4324-98fe-41d2cc7b7034/1/_PTla3IDDC-Zwzdf1NA7FYc1HIk.roa
File:                     _PTla3IDDC-Zwzdf1NA7FYc1HIk.roa (raw, json)
Hash identifier:          HTTQtLevMPUU1PVP6DjimaEFpGFmY6vGTyfilAkz50I=
Subject key identifier:   FC:F4:E5:6B:72:03:0C:2F:99:C3:37:5F:D4:D0:3B:15:87:35:1C:89
Certificate issuer:       /CN=eeac122a92917cf953ff5c5de6a1ffe1199f122c
Certificate serial:       018571151CB47521F80E31BEC01EB1A746D3
Authority key identifier: EE:AC:12:2A:92:91:7C:F9:53:FF:5C:5D:E6:A1:FF:E1:19:9F:12:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7qwSKpKRfPlT_1xd5qH_4RmfEiw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/8ee451-f626-4324-98fe-41d2cc7b7034/1/_PTla3IDDC-Zwzdf1NA7FYc1HIk.roa
Signing time:             Mon 02 Jan 2023 06:04:47 +0000
ROA not before:           Mon 02 Jan 2023 06:04:47 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     198651
IP address blocks:        185.153.200.0/24 maxlen: 24
                          185.153.202.0/24 maxlen: 24
                          185.153.203.0/24 maxlen: 24
                          2a07:8980::/29 maxlen: 29
                          2a07:8980:102::/48 maxlen: 48
                          2a07:8982::/32 maxlen: 32
                          2a07:8980:18::/48 maxlen: 48
                          2a07:8983::/36 maxlen: 36
                          2a07:8983:1000::/36 maxlen: 36
                          2a07:8980:101::/48 maxlen: 48
                          2a07:8981::/32 maxlen: 32
                          2a07:8980:1a::/48 maxlen: 48
                          2a07:8980::/32 maxlen: 32
                          2a07:8980:1000::/48 maxlen: 48
                          2a07:8980:6000::/48 maxlen: 48
                          2a07:8980:43::/48 maxlen: 48
                          2a07:8980:44::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 08:32:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:15:1c:b4:75:21:f8:0e:31:be:c0:1e:b1:a7:46:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eeac122a92917cf953ff5c5de6a1ffe1199f122c
        Validity
            Not Before: Jan  2 06:04:47 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=fcf4e56b72030c2f99c3375fd4d03b1587351c89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:27:9b:a3:90:89:e4:18:e6:0d:1c:54:48:b5:
                    fc:04:53:f8:c9:df:c8:da:ab:d9:e0:08:19:81:1b:
                    4a:9d:d9:0b:51:da:07:21:55:f0:44:85:be:98:31:
                    2b:dc:eb:92:d0:19:b3:99:70:85:2e:7b:09:a8:59:
                    54:73:48:b4:c8:c8:33:5d:41:35:d2:88:f1:78:50:
                    07:e5:30:8c:13:80:26:bb:58:d8:6f:ce:89:70:7b:
                    71:5a:20:d8:e5:b1:18:b9:80:57:56:23:bb:ac:24:
                    07:50:36:d4:8a:31:7a:e9:5d:db:e9:53:29:bf:59:
                    7a:60:76:f4:9b:f0:ed:66:a5:cd:82:53:75:87:a9:
                    69:2e:3b:e2:22:32:22:6e:8b:9d:fc:10:45:ad:e5:
                    db:90:6b:db:ac:ff:c7:cf:4a:d7:1c:4b:71:b0:39:
                    38:cb:2e:8b:13:98:28:bf:05:dd:69:d0:dd:60:a8:
                    55:ac:df:be:a5:27:74:10:a1:5e:ff:b0:be:c7:5b:
                    16:d9:03:04:1c:d4:dc:3e:03:8f:f3:cc:c1:68:81:
                    c9:4c:ad:4f:08:99:2a:5d:9b:4f:ef:09:be:3c:4f:
                    f1:5a:d5:c0:1f:bd:6d:dd:cc:33:37:96:fc:3c:60:
                    59:e6:82:ee:97:85:95:73:80:b3:9b:a7:b6:de:72:
                    b6:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:F4:E5:6B:72:03:0C:2F:99:C3:37:5F:D4:D0:3B:15:87:35:1C:89
            X509v3 Authority Key Identifier:
                keyid:EE:AC:12:2A:92:91:7C:F9:53:FF:5C:5D:E6:A1:FF:E1:19:9F:12:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7qwSKpKRfPlT_1xd5qH_4RmfEiw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/8ee451-f626-4324-98fe-41d2cc7b7034/1/_PTla3IDDC-Zwzdf1NA7FYc1HIk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/8ee451-f626-4324-98fe-41d2cc7b7034/1/7qwSKpKRfPlT_1xd5qH_4RmfEiw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.153.200.0/24
                  185.153.202.0/23
                IPv6:
                  2a07:8980::/29

    Signature Algorithm: sha256WithRSAEncryption
         4e:af:34:f0:b5:bf:10:5e:0a:0b:48:c6:87:4f:cc:71:21:b1:
         f4:4f:6d:d3:40:d9:05:1d:75:6d:62:bd:5e:b6:0a:3d:07:d3:
         30:d9:d7:a6:25:a7:14:66:13:16:81:a0:90:8d:0a:e3:1b:35:
         5b:44:8b:7a:3f:54:24:20:33:ef:8e:8a:9c:e8:c2:22:0d:f4:
         3f:4b:51:3b:4f:9b:ff:04:03:b8:bd:5f:6a:be:d8:71:8d:d1:
         8d:4e:58:09:8f:fb:2f:c0:61:43:f1:8e:c2:9b:a1:93:74:67:
         ac:de:26:d4:2a:6d:6d:3b:b4:c7:39:0e:42:5c:26:fe:e9:e7:
         a0:a2:5e:f2:02:9c:83:a1:7f:c7:b6:ad:0c:c0:0b:6b:64:f0:
         ea:82:58:b4:61:65:e1:08:d5:64:8f:23:ad:15:ae:d9:96:48:
         1c:86:3b:2f:78:ad:86:aa:65:50:f6:00:a3:4a:f6:30:0d:1c:
         87:0f:2b:4b:40:13:59:08:22:8f:22:70:54:2c:c3:2f:93:03:
         7f:6e:f1:15:d9:2b:cb:c3:80:61:ec:db:e3:4d:44:b8:54:f4:
         00:cc:80:07:60:3c:59:de:e6:1c:e7:80:5e:7c:46:72:d0:e3:
         4b:74:d3:e9:47:20:51:fb:0f:4a:fd:0b:1c:7e:d0:f9:dd:f6:
         22:aa:2f:96
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVxFRy0dSH4DjG+wB6xp0bTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYWMxMjJhOTI5MTdjZjk1M2ZmNWM1ZGU2YTFmZmUxMTk5
ZjEyMmMwHhcNMjMwMTAyMDYwNDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2Y0ZTU2YjcyMDMwYzJmOTljMzM3NWZkNGQwM2IxNTg3MzUxYzg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApyebo5CJ5BjmDRxUSLX8BFP4yd/I
2qvZ4AgZgRtKndkLUdoHIVXwRIW+mDEr3OuS0BmzmXCFLnsJqFlUc0i0yMgzXUE1
0ojxeFAH5TCME4Amu1jYb86JcHtxWiDY5bEYuYBXViO7rCQHUDbUijF66V3b6VMp
v1l6YHb0m/DtZqXNglN1h6lpLjviIjIiboud/BBFreXbkGvbrP/Hz0rXHEtxsDk4
yy6LE5govwXdadDdYKhVrN++pSd0EKFe/7C+x1sW2QMEHNTcPgOP88zBaIHJTK1P
CJkqXZtP7wm+PE/xWtXAH71t3cwzN5b8PGBZ5oLul4WVc4Czm6e23nK2XQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFPz05WtyAwwvmcM3X9TQOxWHNRyJMB8GA1UdIwQY
MBaAFO6sEiqSkXz5U/9cXeah/+EZnxIsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3F3U0twS1JmUGxUXzF4ZDVxSF80Um1mRWl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC84ZWU0NTEtZjYyNi00MzI0LTk4ZmUt
NDFkMmNjN2I3MDM0LzEvX1BUbGEzSUREQy1ad3pkZjFOQTdGWWMxSElrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC84ZWU0NTEtZjYyNi00MzI0LTk4ZmUtNDFkMmNjN2I3MDM0
LzEvN3F3U0twS1JmUGxUXzF4ZDVxSF80Um1mRWl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAuZnIAwQB
uZnKMA0EAgACMAcDBQMqB4mAMA0GCSqGSIb3DQEBCwUAA4IBAQBOrzTwtb8QXgoL
SMaHT8xxIbH0T23TQNkFHXVtYr1etgo9B9Mw2demJacUZhMWgaCQjQrjGzVbRIt6
P1QkIDPvjoqc6MIiDfQ/S1E7T5v/BAO4vV9qvthxjdGNTlgJj/svwGFD8Y7Cm6GT
dGes3ibUKm1tO7THOQ5CXCb+6eegol7yApyDoX/Htq0MwAtrZPDqgli0YWXhCNVk
jyOtFa7ZlkgchjsveK2GqmVQ9gCjSvYwDRyHDytLQBNZCCKPInBULMMvkwN/bvEV
2SvLw4Bh7NvjTUS4VPQAzIAHYDxZ3uYc54BefEZy0ONLdNPpRyBR+w9K/QscftD5
3fYiqi+W
-----END CERTIFICATE-----