Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/080361-1bbe-4763-800b-619c26194168/1/MIgTklDyaJjsJxmHmXGAduWjvV4.roa
File:                     MIgTklDyaJjsJxmHmXGAduWjvV4.roa (raw, json)
Hash identifier:          xdb+pGIqtMGRYTwgop96ygdzJYIRkRdd3SL/MLSKxA0=
Subject key identifier:   30:88:13:92:50:F2:68:98:EC:27:19:87:99:71:80:76:E5:A3:BD:5E
Certificate issuer:       /CN=54a31ab033cfd2dee6852fa9d8bf5a4a0e352414
Certificate serial:       018C883007CEF7CBAFFF1A2BC0226106EAED
Authority key identifier: 54:A3:1A:B0:33:CF:D2:DE:E6:85:2F:A9:D8:BF:5A:4A:0E:35:24:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VKMasDPP0t7mhS-p2L9aSg41JBQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/080361-1bbe-4763-800b-619c26194168/1/MIgTklDyaJjsJxmHmXGAduWjvV4.roa
Signing time:             Wed 20 Dec 2023 17:04:58 +0000
ROA not before:           Wed 20 Dec 2023 17:04:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     201684
IP address blocks:        193.203.254.0/24 maxlen: 24
                          87.121.168.0/24 maxlen: 24
                          87.121.169.0/24 maxlen: 24
                          87.121.170.0/24 maxlen: 24
                          87.121.171.0/24 maxlen: 24
                          87.121.172.0/24 maxlen: 24
                          185.64.24.0/24 maxlen: 24
                          185.64.25.0/24 maxlen: 24
                          185.64.26.0/24 maxlen: 24
                          185.64.27.0/24 maxlen: 24
                          87.121.174.0/24 maxlen: 24
                          87.121.175.0/24 maxlen: 24
                          87.121.173.0/24 maxlen: 24
                          2a03:11a0:1::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 14:29:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:88:30:07:ce:f7:cb:af:ff:1a:2b:c0:22:61:06:ea:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54a31ab033cfd2dee6852fa9d8bf5a4a0e352414
        Validity
            Not Before: Dec 20 17:04:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3088139250f26898ec27198799718076e5a3bd5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:c5:71:f1:57:fd:a2:e6:25:80:87:c8:a6:69:
                    75:24:2a:c8:94:15:c3:02:ff:ed:ca:f0:f0:b9:2c:
                    55:93:80:6c:27:b3:ec:76:95:d9:00:bd:be:e3:58:
                    bc:9a:36:fa:81:f3:99:3b:1e:f2:41:a0:36:a2:fc:
                    82:9d:26:a0:8e:46:c2:94:c6:69:f2:9a:8e:e6:17:
                    00:00:fd:29:ab:f3:fa:c5:cf:a3:9c:a7:02:35:43:
                    2f:af:74:59:0b:f1:23:cb:08:f3:69:98:e0:6f:44:
                    e0:54:d0:36:fa:cd:4e:77:10:57:16:06:c6:d5:60:
                    bd:c6:c2:cf:44:42:ac:7f:a1:83:5b:bb:11:c3:5f:
                    7c:f1:aa:d9:23:2f:e5:89:0b:de:cf:de:a1:15:ba:
                    0c:63:6f:a1:cc:02:0b:ef:4c:ba:ef:63:fe:ac:2e:
                    6d:b5:dc:ef:9a:8d:d6:a9:46:dd:0e:1c:81:f5:e4:
                    b9:bf:9d:eb:88:6c:e7:b7:df:81:f6:25:c8:99:8c:
                    10:90:86:cb:ac:7e:a9:f4:6f:c1:8e:9c:cb:67:4a:
                    9a:5e:87:fb:b9:92:2d:bf:e0:66:cf:0f:df:ec:d0:
                    bf:c9:d3:43:ff:23:ec:e2:c3:6e:8c:78:d6:7d:c4:
                    b7:37:3f:5b:3a:6d:2e:80:e9:8b:b7:8c:a9:b2:df:
                    ae:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:88:13:92:50:F2:68:98:EC:27:19:87:99:71:80:76:E5:A3:BD:5E
            X509v3 Authority Key Identifier:
                keyid:54:A3:1A:B0:33:CF:D2:DE:E6:85:2F:A9:D8:BF:5A:4A:0E:35:24:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VKMasDPP0t7mhS-p2L9aSg41JBQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/080361-1bbe-4763-800b-619c26194168/1/MIgTklDyaJjsJxmHmXGAduWjvV4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/080361-1bbe-4763-800b-619c26194168/1/VKMasDPP0t7mhS-p2L9aSg41JBQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.121.168.0/21
                  185.64.24.0/22
                  193.203.254.0/24
                IPv6:
                  2a03:11a0:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         61:11:e7:ce:62:23:1a:01:74:fb:37:21:53:58:ef:90:72:df:
         73:6e:bb:d4:7d:2d:69:e4:58:65:ef:a8:0b:89:17:6f:40:7a:
         cb:f4:c1:30:44:47:b4:14:f5:96:54:87:9e:71:74:b6:32:ad:
         74:6e:63:2f:11:7c:0e:be:f4:cc:ce:7a:fe:dc:8a:69:8f:bd:
         b1:19:28:44:3c:0f:a3:aa:38:93:3a:a6:75:6f:00:7c:d2:4a:
         ed:98:7b:35:10:d1:2a:b0:f9:5a:3d:93:d0:6a:7b:c4:2e:bc:
         d9:29:1e:9c:fa:27:da:ee:fc:c6:1f:36:ec:1a:27:09:de:80:
         64:43:35:48:24:20:6d:4d:8f:5a:7d:7e:83:3e:88:b1:69:35:
         4a:ce:23:4c:ca:ad:6c:a7:d5:ef:7f:53:26:79:f8:d1:7f:14:
         8f:ba:64:c3:ff:9e:bd:c2:c5:c1:92:8b:2b:2a:0e:0e:64:4e:
         ba:ea:ad:01:cd:2b:3f:bd:05:64:b0:00:0b:cd:29:75:b3:dd:
         52:0f:d8:a0:49:25:52:02:6c:10:68:8b:62:7e:b3:e9:70:d7:
         ee:3e:6e:ed:fb:3f:e9:67:c2:53:34:36:fb:73:e9:d3:3f:f7:
         44:bd:33:07:4b:8b:94:e1:87:6b:d3:b0:14:06:5d:2b:0e:fb:
         62:e7:71:df
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAYyIMAfO98uv/xorwCJhBurtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0YTMxYWIwMzNjZmQyZGVlNjg1MmZhOWQ4YmY1YTRhMGUz
NTI0MTQwHhcNMjMxMjIwMTcwNDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDg4MTM5MjUwZjI2ODk4ZWMyNzE5ODc5OTcxODA3NmU1YTNiZDVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlsVx8Vf9ouYlgIfIpml1JCrIlBXD
Av/tyvDwuSxVk4BsJ7PsdpXZAL2+41i8mjb6gfOZOx7yQaA2ovyCnSagjkbClMZp
8pqO5hcAAP0pq/P6xc+jnKcCNUMvr3RZC/EjywjzaZjgb0TgVNA2+s1OdxBXFgbG
1WC9xsLPREKsf6GDW7sRw1988arZIy/liQvez96hFboMY2+hzAIL70y672P+rC5t
tdzvmo3WqUbdDhyB9eS5v53riGznt9+B9iXImYwQkIbLrH6p9G/BjpzLZ0qaXof7
uZItv+Bmzw/f7NC/ydND/yPs4sNujHjWfcS3Nz9bOm0ugOmLt4ypst+ukQIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFDCIE5JQ8miY7CcZh5lxgHblo71eMB8GA1UdIwQY
MBaAFFSjGrAzz9Le5oUvqdi/WkoONSQUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVktNYXNEUFAwdDdtaFMtcDJMOWFTZzQxSkJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi8wODAzNjEtMWJiZS00NzYzLTgwMGIt
NjE5YzI2MTk0MTY4LzEvTUlnVGtsRHlhSmpzSnhtSG1YR0FkdVdqdlY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi8wODAzNjEtMWJiZS00NzYzLTgwMGItNjE5YzI2MTk0MTY4
LzEvVktNYXNEUFAwdDdtaFMtcDJMOWFTZzQxSkJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAYBAIAATASAwQDV3moAwQC
uUAYAwQAwcv+MA8EAgACMAkDBwAqAxGgAAEwDQYJKoZIhvcNAQELBQADggEBAGER
585iIxoBdPs3IVNY75By33Nuu9R9LWnkWGXvqAuJF29Aesv0wTBER7QU9ZZUh55x
dLYyrXRuYy8RfA6+9MzOev7cimmPvbEZKEQ8D6OqOJM6pnVvAHzSSu2YezUQ0Sqw
+Vo9k9Bqe8QuvNkpHpz6J9ru/MYfNuwaJwnegGRDNUgkIG1Nj1p9foM+iLFpNUrO
I0zKrWyn1e9/UyZ5+NF/FI+6ZMP/nr3CxcGSiysqDg5kTrrqrQHNKz+9BWSwAAvN
KXWz3VIP2KBJJVICbBBoi2J+s+lw1+4+bu37P+lnwlM0Nvtz6dM/90S9MwdLi5Th
h2vTsBQGXSsO+2Lncd8=
-----END CERTIFICATE-----