Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/9d8f21-b27f-435d-a7b5-784624a7b47e/1/0IeobaDfihtz9fUmKucDTswrLqE.roa
File:                     0IeobaDfihtz9fUmKucDTswrLqE.roa (raw, json)
Hash identifier:          5+17lh0w/jbnHSUhqBo6GZfTlLnNtthdNAO7D1edRYs=
Subject key identifier:   D0:87:A8:6D:A0:DF:8A:1B:73:F5:F5:26:2A:E7:03:4E:CC:2B:2E:A1
Certificate issuer:       /CN=896d5866c35093352e7b9e0762c591e08e50f967
Certificate serial:       018C531E3FB20A2D85440145C5C9A8501172
Authority key identifier: 89:6D:58:66:C3:50:93:35:2E:7B:9E:07:62:C5:91:E0:8E:50:F9:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iW1YZsNQkzUue54HYsWR4I5Q-Wc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/9d8f21-b27f-435d-a7b5-784624a7b47e/1/0IeobaDfihtz9fUmKucDTswrLqE.roa
Signing time:             Sun 10 Dec 2023 09:45:40 +0000
ROA not before:           Sun 10 Dec 2023 09:45:40 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     60092
IP address blocks:        193.151.20.0/24 maxlen: 24
                          193.151.23.0/24 maxlen: 24
                          193.151.21.0/24 maxlen: 24
                          193.151.22.0/24 maxlen: 24
                          91.195.24.0/24 maxlen: 24
                          91.195.25.0/24 maxlen: 24
                          2001:67c:2c91::/48 maxlen: 48
                          2001:67c:2c89::/48 maxlen: 48
                          2001:67c:2c92::/48 maxlen: 48
                          2001:67c:2c88::/48 maxlen: 48
                          2001:67c:2c90::/48 maxlen: 48
                          2001:67c:2c93::/48 maxlen: 48

Validation:               Failed, certificate revoked on Thu 14 Dec 2023 12:43:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:53:1e:3f:b2:0a:2d:85:44:01:45:c5:c9:a8:50:11:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=896d5866c35093352e7b9e0762c591e08e50f967
        Validity
            Not Before: Dec 10 09:45:40 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d087a86da0df8a1b73f5f5262ae7034ecc2b2ea1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:f6:c6:67:82:bc:98:e5:9b:17:f5:54:0a:ea:
                    8b:2d:17:8a:ed:68:89:71:e5:cd:79:0d:c7:92:47:
                    7f:26:04:17:8a:10:b8:0b:04:93:fc:bc:3a:2a:e2:
                    df:46:d5:19:08:30:6f:b7:07:97:06:c5:d4:28:e8:
                    e1:0e:9b:0a:c9:d8:ba:20:95:11:18:78:d4:b2:58:
                    73:6a:41:0e:07:31:d4:9d:e2:ff:c3:cf:fd:2e:ad:
                    f7:a9:f8:4a:33:74:15:96:59:6f:0e:06:5d:4c:25:
                    c3:a6:91:c5:ba:a5:78:26:ec:ff:09:97:5b:3c:76:
                    2f:cf:f7:ec:c4:05:db:0b:75:80:62:5c:c3:33:c0:
                    ad:74:bb:62:72:f0:95:3b:a9:9f:56:78:de:d3:78:
                    da:0f:42:11:4f:92:0f:c7:16:ad:a7:c6:c9:e5:46:
                    00:03:7d:0e:71:de:54:5b:c1:f3:e0:14:6e:7b:3a:
                    97:76:e9:64:16:18:11:6a:74:11:a8:01:fc:ce:d9:
                    09:a9:98:c6:3e:3a:7a:f3:f0:54:0e:1c:4f:60:3c:
                    1c:16:24:14:78:f1:85:ba:5e:92:16:94:da:b5:10:
                    69:77:53:66:f0:40:8e:32:dc:37:2e:10:dd:5b:35:
                    06:ea:f9:1e:e8:03:8f:6d:bc:4c:ba:f1:ab:a9:32:
                    80:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:87:A8:6D:A0:DF:8A:1B:73:F5:F5:26:2A:E7:03:4E:CC:2B:2E:A1
            X509v3 Authority Key Identifier:
                keyid:89:6D:58:66:C3:50:93:35:2E:7B:9E:07:62:C5:91:E0:8E:50:F9:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iW1YZsNQkzUue54HYsWR4I5Q-Wc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/9d8f21-b27f-435d-a7b5-784624a7b47e/1/0IeobaDfihtz9fUmKucDTswrLqE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/9d8f21-b27f-435d-a7b5-784624a7b47e/1/iW1YZsNQkzUue54HYsWR4I5Q-Wc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.195.24.0/23
                  193.151.20.0/22
                IPv6:
                  2001:67c:2c88::/47
                  2001:67c:2c90::/46

    Signature Algorithm: sha256WithRSAEncryption
         8c:0e:41:db:22:ca:f9:43:da:b7:f3:ef:46:b0:ba:a6:b3:28:
         2f:af:f9:ec:c1:b5:6e:5a:6d:07:2e:57:86:c9:22:3d:aa:b7:
         a7:55:4d:e2:40:f2:02:1b:62:8c:53:53:ef:e2:38:59:3f:50:
         a3:1f:fd:cc:24:da:29:a5:51:00:3f:c8:d6:32:23:30:43:4d:
         f8:cd:be:72:83:5a:9f:6a:f9:7d:3f:d8:6f:76:20:d2:3a:fc:
         2b:45:85:85:89:6a:d8:cc:11:fd:3f:f0:8a:d7:37:54:38:94:
         3a:75:cf:fa:81:0a:8d:86:4e:25:25:66:0c:37:68:32:40:7d:
         4d:ff:1a:e3:73:95:77:ce:4e:cd:f5:2b:2b:22:d1:99:d7:3e:
         6e:b4:a9:bd:ec:43:ba:c7:e8:23:0a:7b:fe:c7:3d:ee:21:be:
         07:67:31:31:4e:1f:25:fe:a0:9a:a3:b9:e0:25:25:ce:73:fd:
         43:d4:ab:33:ca:79:71:bf:fd:a3:27:67:e6:85:98:9e:c5:c9:
         63:d6:1a:02:d3:c4:2b:fb:33:d8:5f:58:ad:94:13:e7:03:01:
         8a:03:51:e4:6e:4b:73:39:6a:4d:f7:2d:d2:c2:4e:45:b8:c2:
         8e:c4:8c:4f:16:46:e9:d7:1d:d3:62:82:a6:28:e9:38:b8:6a:
         0f:66:5f:4a
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAYxTHj+yCi2FRAFFxcmoUBFyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5NmQ1ODY2YzM1MDkzMzUyZTdiOWUwNzYyYzU5MWUwOGU1
MGY5NjcwHhcNMjMxMjEwMDk0NTQwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDg3YTg2ZGEwZGY4YTFiNzNmNWY1MjYyYWU3MDM0ZWNjMmIyZWExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjPbGZ4K8mOWbF/VUCuqLLReK7WiJ
ceXNeQ3Hkkd/JgQXihC4CwST/Lw6KuLfRtUZCDBvtweXBsXUKOjhDpsKydi6IJUR
GHjUslhzakEOBzHUneL/w8/9Lq33qfhKM3QVlllvDgZdTCXDppHFuqV4Juz/CZdb
PHYvz/fsxAXbC3WAYlzDM8CtdLticvCVO6mfVnje03jaD0IRT5IPxxatp8bJ5UYA
A30Ocd5UW8Hz4BRuezqXdulkFhgRanQRqAH8ztkJqZjGPjp68/BUDhxPYDwcFiQU
ePGFul6SFpTatRBpd1Nm8ECOMtw3LhDdWzUG6vke6AOPbbxMuvGrqTKADQIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFNCHqG2g34obc/X1JirnA07MKy6hMB8GA1UdIwQY
MBaAFIltWGbDUJM1LnueB2LFkeCOUPlnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVcxWVpzTlFrelV1ZTU0SFlzV1I0STVRLVdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi85ZDhmMjEtYjI3Zi00MzVkLWE3YjUt
Nzg0NjI0YTdiNDdlLzEvMEllb2JhRGZpaHR6OWZVbUt1Y0RUc3dyTHFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi85ZDhmMjEtYjI3Zi00MzVkLWE3YjUtNzg0NjI0YTdiNDdl
LzEvaVcxWVpzTlFrelV1ZTU0SFlzV1I0STVRLVdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjASBAIAATAMAwQBW8MYAwQC
wZcUMBgEAgACMBIDBwEgAQZ8LIgDBwIgAQZ8LJAwDQYJKoZIhvcNAQELBQADggEB
AIwOQdsiyvlD2rfz70awuqazKC+v+ezBtW5abQcuV4bJIj2qt6dVTeJA8gIbYoxT
U+/iOFk/UKMf/cwk2imlUQA/yNYyIzBDTfjNvnKDWp9q+X0/2G92INI6/CtFhYWJ
atjMEf0/8IrXN1Q4lDp1z/qBCo2GTiUlZgw3aDJAfU3/GuNzlXfOTs31Kysi0ZnX
Pm60qb3sQ7rH6CMKe/7HPe4hvgdnMTFOHyX+oJqjueAlJc5z/UPUqzPKeXG//aMn
Z+aFmJ7FyWPWGgLTxCv7M9hfWK2UE+cDAYoDUeRuS3M5ak33LdLCTkW4wo7EjE8W
RunXHdNigqYo6Ti4ag9mX0o=
-----END CERTIFICATE-----