Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/a72891-de2f-4156-a011-43f64bcea99d/1/n3wdyufvCe-iEIh2ZrzC62ErmR4.roa
File:                     n3wdyufvCe-iEIh2ZrzC62ErmR4.roa (raw, json)
Hash identifier:          SuHxGryV7pR1zsxcl+y4ORal7MvMJKymvOq8PH7bHIA=
Subject key identifier:   9F:7C:1D:CA:E7:EF:09:EF:A2:10:88:76:66:BC:C2:EB:61:2B:99:1E
Certificate issuer:       /CN=0bac82804700ad36538bf86f34c073e971430da5
Certificate serial:       0185DF0271E51A8D61B1E7A6E0FBD909ABBF
Authority key identifier: 0B:AC:82:80:47:00:AD:36:53:8B:F8:6F:34:C0:73:E9:71:43:0D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C6yCgEcArTZTi_hvNMBz6XFDDaU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/a72891-de2f-4156-a011-43f64bcea99d/1/n3wdyufvCe-iEIh2ZrzC62ErmR4.roa
Signing time:             Mon 23 Jan 2023 14:22:37 +0000
ROA not before:           Mon 23 Jan 2023 14:22:37 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     57021
IP address blocks:        194.58.200.0/24 maxlen: 24
                          194.58.204.0/24 maxlen: 24
                          194.58.203.0/24 maxlen: 24
                          194.58.202.0/24 maxlen: 24
                          194.58.206.0/24 maxlen: 24
                          194.58.205.0/24 maxlen: 24
                          194.58.207.0/24 maxlen: 24
                          2a01:3f7:6::/48 maxlen: 48
                          2a01:3f7::/48 maxlen: 48
                          2a01:3f7:5::/48 maxlen: 48
                          2a01:3f7::/32 maxlen: 48
                          2a01:3f7:4::/48 maxlen: 48
                          2a01:3f7:3::/48 maxlen: 48
                          2a01:3f7:2::/48 maxlen: 48
                          2a01:3f7:7::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 14:29:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:df:02:71:e5:1a:8d:61:b1:e7:a6:e0:fb:d9:09:ab:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0bac82804700ad36538bf86f34c073e971430da5
        Validity
            Not Before: Jan 23 14:22:37 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9f7c1dcae7ef09efa210887666bcc2eb612b991e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:c5:dd:c3:61:4b:b6:82:7d:38:a5:86:53:f2:
                    d0:5c:ca:89:6a:97:0d:6d:19:a6:e9:bd:1e:da:c5:
                    d4:58:16:76:8d:98:b8:1d:3c:48:48:46:77:db:41:
                    88:11:d5:b8:10:c6:86:c7:2b:a8:56:16:fd:af:fc:
                    cc:47:20:d6:c0:f8:1a:69:92:a4:ca:6a:8e:d1:5f:
                    47:d3:5e:11:23:6e:4e:d5:7d:44:af:94:1a:11:02:
                    49:53:e4:9b:ba:d3:72:a9:fa:4e:60:29:00:76:ca:
                    0c:fa:2a:77:cd:cb:5f:62:99:df:bb:e3:a6:b4:4c:
                    a5:fb:05:2b:00:5f:e7:81:f9:76:b1:fa:98:ee:d8:
                    ff:31:04:7d:d3:65:04:84:d7:33:8c:31:10:22:e4:
                    3e:86:7e:da:05:30:cd:92:03:38:be:24:23:7d:24:
                    5e:66:08:53:33:38:9e:e4:bc:6c:ae:22:78:06:26:
                    36:32:fb:0f:90:ee:25:81:6b:e8:a9:81:4f:ae:b3:
                    c9:00:bd:0d:ed:66:d6:2c:0b:f5:25:6c:96:c0:64:
                    00:99:16:ec:a0:9e:ac:6b:dd:e8:2c:95:23:8a:d9:
                    a7:3e:75:96:82:05:86:db:39:03:dc:2a:ec:99:2f:
                    16:5d:22:ec:07:e6:a1:9c:71:68:90:70:60:32:62:
                    4f:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:7C:1D:CA:E7:EF:09:EF:A2:10:88:76:66:BC:C2:EB:61:2B:99:1E
            X509v3 Authority Key Identifier:
                keyid:0B:AC:82:80:47:00:AD:36:53:8B:F8:6F:34:C0:73:E9:71:43:0D:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C6yCgEcArTZTi_hvNMBz6XFDDaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/a72891-de2f-4156-a011-43f64bcea99d/1/n3wdyufvCe-iEIh2ZrzC62ErmR4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/a72891-de2f-4156-a011-43f64bcea99d/1/C6yCgEcArTZTi_hvNMBz6XFDDaU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.58.200.0/24
                  194.58.202.0-194.58.207.255
                IPv6:
                  2a01:3f7::/32

    Signature Algorithm: sha256WithRSAEncryption
         30:87:77:1c:0c:91:77:d5:20:59:70:33:52:db:6a:77:6a:9d:
         5b:f5:1d:0c:15:5d:68:dd:c6:f6:39:97:91:56:30:77:ce:0a:
         78:ae:7c:9c:88:12:3d:5f:84:84:b9:77:f6:95:03:cc:b1:a9:
         f4:06:13:54:3e:2e:54:74:f4:65:b7:da:44:4a:ee:e7:57:ea:
         05:57:53:20:20:fe:5d:9e:2f:ab:35:21:9c:a3:fa:7c:70:8d:
         38:2d:45:05:82:18:73:5a:db:1c:93:d5:2d:ac:51:c0:78:28:
         f0:70:60:98:02:90:ed:ae:b6:8d:f6:2c:fe:cd:af:26:16:74:
         3f:f3:ff:47:47:78:94:f2:ef:70:68:fb:e1:a2:01:a7:0d:74:
         da:73:0b:b4:bf:95:a2:66:80:9f:c9:aa:f9:85:48:e0:68:d4:
         04:50:ed:4d:95:2a:cc:56:02:e5:64:cb:b5:d6:43:9e:b3:b7:
         f1:28:02:00:cf:bf:c4:c7:24:19:3a:13:55:ed:02:19:de:d1:
         1b:51:00:60:3a:c7:2a:2c:f9:60:4d:1d:54:c9:29:de:a0:1c:
         9a:80:15:38:5b:6a:f0:90:bc:da:5b:2c:05:2a:91:d4:c6:30:
         07:0d:f7:bc:39:49:6b:e3:fa:6e:66:ef:20:e1:b2:3e:9b:7f:
         1c:0f:c4:ea
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAYXfAnHlGo1hseem4PvZCau/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiYWM4MjgwNDcwMGFkMzY1MzhiZjg2ZjM0YzA3M2U5NzE0
MzBkYTUwHhcNMjMwMTIzMTQyMjM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjdjMWRjYWU3ZWYwOWVmYTIxMDg4NzY2NmJjYzJlYjYxMmI5OTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnsXdw2FLtoJ9OKWGU/LQXMqJapcN
bRmm6b0e2sXUWBZ2jZi4HTxISEZ320GIEdW4EMaGxyuoVhb9r/zMRyDWwPgaaZKk
ymqO0V9H014RI25O1X1Er5QaEQJJU+SbutNyqfpOYCkAdsoM+ip3zctfYpnfu+Om
tEyl+wUrAF/ngfl2sfqY7tj/MQR902UEhNczjDEQIuQ+hn7aBTDNkgM4viQjfSRe
ZghTMzie5LxsriJ4BiY2MvsPkO4lgWvoqYFPrrPJAL0N7WbWLAv1JWyWwGQAmRbs
oJ6sa93oLJUjitmnPnWWggWG2zkD3CrsmS8WXSLsB+ahnHFokHBgMmJP5QIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFJ98Hcrn7wnvohCIdma8wuthK5keMB8GA1UdIwQY
MBaAFAusgoBHAK02U4v4bzTAc+lxQw2lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzZ5Q2dFY0FyVFpUaV9odk5NQno2WEZERGFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS9hNzI4OTEtZGUyZi00MTU2LWEwMTEt
NDNmNjRiY2VhOTlkLzEvbjN3ZHl1ZnZDZS1pRUloMlpyekM2MkVybVI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS9hNzI4OTEtZGUyZi00MTU2LWEwMTEtNDNmNjRiY2VhOTlk
LzEvQzZ5Q2dFY0FyVFpUaV9odk5NQno2WEZERGFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAaBAIAATAUAwQAwjrIMAwD
BAHCOsoDBATCOsAwDQQCAAIwBwMFACoBA/cwDQYJKoZIhvcNAQELBQADggEBADCH
dxwMkXfVIFlwM1LbandqnVv1HQwVXWjdxvY5l5FWMHfOCniufJyIEj1fhIS5d/aV
A8yxqfQGE1Q+LlR09GW32kRK7udX6gVXUyAg/l2eL6s1IZyj+nxwjTgtRQWCGHNa
2xyT1S2sUcB4KPBwYJgCkO2uto32LP7NryYWdD/z/0dHeJTy73Bo++GiAacNdNpz
C7S/laJmgJ/JqvmFSOBo1ARQ7U2VKsxWAuVky7XWQ56zt/EoAgDPv8THJBk6E1Xt
Ahne0RtRAGA6xyos+WBNHVTJKd6gHJqAFThbavCQvNpbLAUqkdTGMAcN97w5SWvj
+m5m7yDhsj6bfxwPxOo=
-----END CERTIFICATE-----