Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/f55b57-ecba-4d3d-9a81-bd802fc4aa94/1/bQ9zIHHBmXWxHxtra2_2hslp7u4.roa
File:                     bQ9zIHHBmXWxHxtra2_2hslp7u4.roa (raw, json)
Hash identifier:          C0DgQ4c0ii6a06SRLILNGsiorV1yHFXEbI8zVE24/tg=
Subject key identifier:   6D:0F:73:20:71:C1:99:75:B1:1F:1B:6B:6B:6F:F6:86:C9:69:EE:EE
Certificate issuer:       /CN=5c5d86974a7b624192ec8d834cf2906e1302e431
Certificate serial:       018CC56E876AA03D8C023FF6E87BA3601F25
Authority key identifier: 5C:5D:86:97:4A:7B:62:41:92:EC:8D:83:4C:F2:90:6E:13:02:E4:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XF2Gl0p7YkGS7I2DTPKQbhMC5DE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/f55b57-ecba-4d3d-9a81-bd802fc4aa94/1/bQ9zIHHBmXWxHxtra2_2hslp7u4.roa
Signing time:             Mon 01 Jan 2024 14:30:04 +0000
ROA not before:           Mon 01 Jan 2024 14:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60460
IP address blocks:        176.227.170.0/23 maxlen: 23
                          176.227.172.0/22 maxlen: 22
                          46.231.24.0/24 maxlen: 24
                          46.231.28.0/24 maxlen: 24
                          46.231.29.0/24 maxlen: 24
                          46.231.27.0/24 maxlen: 24
                          46.231.25.0/24 maxlen: 24
                          46.231.26.0/24 maxlen: 24
                          46.231.30.0/24 maxlen: 24
                          46.231.31.0/24 maxlen: 24
                          185.88.240.0/23 maxlen: 23
                          2a04:2640::/29 maxlen: 32

Validation:               Failed, certificate revoked on Sun 21 Jan 2024 12:44:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:87:6a:a0:3d:8c:02:3f:f6:e8:7b:a3:60:1f:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c5d86974a7b624192ec8d834cf2906e1302e431
        Validity
            Not Before: Jan  1 14:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d0f732071c19975b11f1b6b6b6ff686c969eeee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:06:14:29:d5:4c:1b:24:fa:e2:d4:19:ae:11:
                    ff:cf:fb:44:53:60:b5:14:7a:0f:e9:f4:16:d9:a4:
                    53:7e:d2:5e:03:c7:d3:c2:6f:cd:67:dc:1a:42:6f:
                    fd:63:f6:e4:04:9c:4f:63:a5:ab:ef:92:f1:df:97:
                    e3:ee:ba:ee:84:41:88:19:5e:42:1f:fe:bb:32:03:
                    dc:3b:70:68:c2:94:5f:d7:df:ec:94:30:a0:5c:4d:
                    a2:2b:ef:52:db:82:ee:cc:8c:de:72:d4:08:1e:16:
                    ef:0b:5f:df:d8:f0:43:f4:97:e8:d4:0c:c3:c0:38:
                    3a:01:66:40:53:af:b8:48:11:7b:3c:fd:e1:8f:06:
                    19:25:b4:a9:d8:ab:0c:ae:15:44:1e:ab:f3:61:96:
                    5e:9b:d7:43:f0:64:15:62:10:78:7a:1b:2f:09:4d:
                    d1:30:03:c4:40:d5:69:c5:e4:25:16:54:2e:69:00:
                    89:48:70:56:3c:01:dc:b3:3e:2b:a8:dd:a4:dc:a8:
                    39:89:8f:59:04:c2:84:77:cb:02:39:04:db:e6:95:
                    f7:9f:e8:ec:61:4d:9b:68:bd:7b:3f:bf:86:f6:10:
                    28:3a:3b:04:af:18:04:be:c1:95:34:10:69:16:a6:
                    f8:03:2c:2a:40:50:03:6f:b3:91:72:14:72:86:f3:
                    03:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:0F:73:20:71:C1:99:75:B1:1F:1B:6B:6B:6F:F6:86:C9:69:EE:EE
            X509v3 Authority Key Identifier:
                keyid:5C:5D:86:97:4A:7B:62:41:92:EC:8D:83:4C:F2:90:6E:13:02:E4:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XF2Gl0p7YkGS7I2DTPKQbhMC5DE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/f55b57-ecba-4d3d-9a81-bd802fc4aa94/1/bQ9zIHHBmXWxHxtra2_2hslp7u4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/f55b57-ecba-4d3d-9a81-bd802fc4aa94/1/XF2Gl0p7YkGS7I2DTPKQbhMC5DE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.231.24.0/21
                  176.227.170.0-176.227.175.255
                  185.88.240.0/23
                IPv6:
                  2a04:2640::/29

    Signature Algorithm: sha256WithRSAEncryption
         5b:42:87:54:24:9b:8f:d3:d4:c6:7f:60:a1:6e:6d:b0:06:d0:
         b2:33:32:7c:30:55:6d:af:30:36:1b:dd:56:a0:74:b5:c6:95:
         31:fd:4f:eb:11:1d:b4:cd:e0:46:d0:40:83:06:21:5f:0c:ab:
         56:cb:16:cb:1a:5f:b9:03:eb:f2:45:91:38:b3:16:1a:dc:0c:
         ec:99:a0:23:af:da:75:b1:dc:c7:7d:ca:b7:f8:c7:d6:50:a7:
         24:9b:8e:37:9c:4d:25:4d:cf:46:4a:86:88:78:b6:40:f1:59:
         aa:34:e7:f1:f3:b2:16:28:a8:9b:ec:a5:4e:ad:a1:17:9c:79:
         80:d3:13:60:e8:88:0a:82:87:a4:ee:06:c9:b0:02:8d:d5:b2:
         a8:e6:2d:bb:78:4f:ab:44:bd:ad:81:d6:d4:6c:b5:4c:bb:32:
         ff:0b:ad:91:5f:cf:40:61:ce:e1:96:f3:65:a2:8d:a1:85:2f:
         3e:b1:96:fa:35:22:b5:ec:82:c1:d2:2d:4f:73:20:26:08:ce:
         06:b5:f5:33:84:0a:37:90:5b:04:90:21:26:23:0b:a9:03:dc:
         0c:6b:a4:1c:96:4a:56:b3:85:60:a7:fe:48:75:af:09:c1:94:
         da:00:34:57:6e:1f:40:ab:5d:79:89:52:6a:45:76:b0:31:7a:
         9d:33:d9:60
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISAYzFbodqoD2MAj/26HujYB8lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjNWQ4Njk3NGE3YjYyNDE5MmVjOGQ4MzRjZjI5MDZlMTMw
MmU0MzEwHhcNMjQwMTAxMTQzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDBmNzMyMDcxYzE5OTc1YjExZjFiNmI2YjZmZjY4NmM5NjllZWVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvgYUKdVMGyT64tQZrhH/z/tEU2C1
FHoP6fQW2aRTftJeA8fTwm/NZ9waQm/9Y/bkBJxPY6Wr75Lx35fj7rruhEGIGV5C
H/67MgPcO3BowpRf19/slDCgXE2iK+9S24LuzIzectQIHhbvC1/f2PBD9Jfo1AzD
wDg6AWZAU6+4SBF7PP3hjwYZJbSp2KsMrhVEHqvzYZZem9dD8GQVYhB4ehsvCU3R
MAPEQNVpxeQlFlQuaQCJSHBWPAHcsz4rqN2k3Kg5iY9ZBMKEd8sCOQTb5pX3n+js
YU2baL17P7+G9hAoOjsErxgEvsGVNBBpFqb4AywqQFADb7ORchRyhvMDPQIDAQAB
o4ICLDCCAigwHQYDVR0OBBYEFG0PcyBxwZl1sR8ba2tv9obJae7uMB8GA1UdIwQY
MBaAFFxdhpdKe2JBkuyNg0zykG4TAuQxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWEYyR2wwcDdZa0dTN0kyRFRQS1FiaE1DNURFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9mNTViNTctZWNiYS00ZDNkLTlhODEt
YmQ4MDJmYzRhYTk0LzEvYlE5eklISEJtWFd4SHh0cmEyXzJoc2xwN3U0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9mNTViNTctZWNiYS00ZDNkLTlhODEtYmQ4MDJmYzRhYTk0
LzEvWEYyR2wwcDdZa0dTN0kyRFRQS1FiaE1DNURFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEIGCCsGAQUFBwEHAQH/BDMwMTAgBAIAATAaAwQDLucYMAwD
BAGw46oDBASw46ADBAG5WPAwDQQCAAIwBwMFAyoEJkAwDQYJKoZIhvcNAQELBQAD
ggEBAFtCh1Qkm4/T1MZ/YKFubbAG0LIzMnwwVW2vMDYb3VagdLXGlTH9T+sRHbTN
4EbQQIMGIV8Mq1bLFssaX7kD6/JFkTizFhrcDOyZoCOv2nWx3Md9yrf4x9ZQpySb
jjecTSVNz0ZKhoh4tkDxWao05/HzshYoqJvspU6toReceYDTE2DoiAqCh6TuBsmw
Ao3VsqjmLbt4T6tEva2B1tRstUy7Mv8LrZFfz0BhzuGW82WijaGFLz6xlvo1IrXs
gsHSLU9zICYIzga19TOECjeQWwSQISYjC6kD3AxrpByWSlazhWCn/kh1rwnBlNoA
NFduH0CrXXmJUmpFdrAxep0z2WA=
-----END CERTIFICATE-----