Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/vKBeE-VcIGAKG2dmu7TVl5Idp24.roa
File:                     vKBeE-VcIGAKG2dmu7TVl5Idp24.roa (raw, json)
Hash identifier:          dyRPoYdOP5mtmENK4Fgv9bO9g7EZ4Y6aWphb9Fg7w5o=
Subject key identifier:   BC:A0:5E:13:E5:5C:20:60:0A:1B:67:66:BB:B4:D5:97:92:1D:A7:6E
Certificate issuer:       /CN=5124fba1e401c03e5ba1cd77ae9ee39cfd631bfb
Certificate serial:       018B164F933D93C18EF087308BD41C3E9578
Authority key identifier: 51:24:FB:A1:E4:01:C0:3E:5B:A1:CD:77:AE:9E:E3:9C:FD:63:1B:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/vKBeE-VcIGAKG2dmu7TVl5Idp24.roa
Signing time:             Mon 09 Oct 2023 21:19:55 +0000
ROA not before:           Mon 09 Oct 2023 21:19:55 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     20657
IP address blocks:        193.108.24.0/24 maxlen: 24
                          195.68.214.0/23 maxlen: 23
                          195.68.214.0/24 maxlen: 24
                          195.68.215.0/24 maxlen: 24
                          194.79.14.0/24 maxlen: 24
                          194.79.15.0/24 maxlen: 24
                          194.79.12.0/22 maxlen: 22
                          194.79.12.0/24 maxlen: 24
                          194.79.13.0/24 maxlen: 24
                          88.80.131.0/24 maxlen: 24
                          88.80.128.0/21 maxlen: 21
                          88.80.132.0/24 maxlen: 24
                          88.80.136.0/21 maxlen: 21
                          88.80.134.0/23 maxlen: 23
                          88.80.133.0/24 maxlen: 24
                          88.80.152.0/21 maxlen: 21

Validation:               Failed, certificate revoked on Tue 10 Oct 2023 14:43:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:16:4f:93:3d:93:c1:8e:f0:87:30:8b:d4:1c:3e:95:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5124fba1e401c03e5ba1cd77ae9ee39cfd631bfb
        Validity
            Not Before: Oct  9 21:19:55 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=bca05e13e55c20600a1b6766bbb4d597921da76e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:5c:db:5b:a7:f3:3a:12:d9:13:b0:69:cb:68:
                    01:9d:13:34:ee:2f:5f:f2:00:2b:3e:c1:7f:eb:e0:
                    32:06:6e:0d:46:07:26:bf:86:d7:9b:45:4e:38:dc:
                    36:42:ff:70:fb:32:8c:64:cd:90:d8:ef:af:ed:11:
                    98:8f:76:44:60:6e:c0:83:df:99:87:65:cf:f5:48:
                    c6:05:ce:ab:81:5c:ff:18:43:14:0e:f8:3a:e5:ee:
                    61:47:18:d6:38:7c:72:e6:e5:80:47:92:8b:08:87:
                    e8:40:68:99:af:86:f4:36:5e:95:e0:ba:17:97:48:
                    46:71:3c:da:0e:28:82:f2:7d:1e:72:c9:37:14:58:
                    9e:72:24:67:43:6b:61:5b:0e:7e:5f:11:b1:5f:67:
                    b1:e9:30:4f:29:59:68:4c:7f:69:af:65:04:c4:64:
                    8f:31:99:ad:2c:28:1a:99:11:c9:53:49:34:14:de:
                    40:dc:22:57:3f:03:b7:ee:2c:4f:73:01:19:f6:1e:
                    78:ba:b6:05:02:44:b1:57:35:36:08:07:f4:52:6e:
                    9e:b4:34:f5:f6:43:81:d2:38:d2:b8:80:d5:73:32:
                    c9:eb:93:e4:4f:fe:f5:f6:39:bb:62:b1:a5:81:fb:
                    01:2c:37:b4:ec:56:dc:c9:33:79:37:31:5e:ab:5b:
                    23:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:A0:5E:13:E5:5C:20:60:0A:1B:67:66:BB:B4:D5:97:92:1D:A7:6E
            X509v3 Authority Key Identifier:
                keyid:51:24:FB:A1:E4:01:C0:3E:5B:A1:CD:77:AE:9E:E3:9C:FD:63:1B:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/vKBeE-VcIGAKG2dmu7TVl5Idp24.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.80.128.0/20
                  88.80.152.0/21
                  193.108.24.0/24
                  194.79.12.0/22
                  195.68.214.0/23

    Signature Algorithm: sha256WithRSAEncryption
         35:06:80:6b:15:59:1e:67:4f:44:25:82:65:3a:10:e0:f5:da:
         a7:67:06:33:cb:3d:17:72:3b:e3:70:17:43:58:ac:25:b2:fa:
         9e:1c:df:08:8c:6a:37:a4:dd:ea:84:0b:60:bb:49:4b:b7:ee:
         75:3d:34:a7:5e:4a:05:56:93:0a:3f:70:e1:35:1a:46:8c:04:
         eb:c0:fd:e8:35:2c:f1:f0:f9:5e:c0:08:07:f0:6b:05:34:3a:
         67:94:2a:78:8a:2e:f3:a9:7f:67:e1:6d:bc:8d:d3:1d:0f:b8:
         8f:fa:c2:a2:2b:a4:47:67:89:bc:c7:d8:68:67:87:8c:a1:f0:
         fc:5c:d4:9b:99:6b:0a:ac:dc:b2:7e:18:f1:7b:c8:f7:3b:27:
         41:07:4d:3e:ab:13:3c:84:ac:b4:b8:f4:d8:9a:43:c5:f2:81:
         89:c4:f0:2d:9a:19:59:e6:bd:a9:6f:09:68:86:f5:f1:00:84:
         5c:0c:c8:40:2a:3e:12:63:b1:36:5c:c7:a7:2a:55:f7:b6:2f:
         10:f2:df:ee:d4:cf:1e:ee:2b:aa:e3:08:1d:98:0a:c5:b1:e0:
         c8:49:28:c4:10:67:f4:c6:b8:bf:43:75:bf:92:c7:a7:0f:03:
         00:4e:93:fd:01:64:46:89:b8:e1:50:be:40:1b:e6:cd:b0:d9:
         7b:1f:4e:01
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYsWT5M9k8GO8Icwi9QcPpV4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxMjRmYmExZTQwMWMwM2U1YmExY2Q3N2FlOWVlMzljZmQ2
MzFiZmIwHhcNMjMxMDA5MjExOTU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2EwNWUxM2U1NWMyMDYwMGExYjY3NjZiYmI0ZDU5NzkyMWRhNzZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr1zbW6fzOhLZE7Bpy2gBnRM07i9f
8gArPsF/6+AyBm4NRgcmv4bXm0VOONw2Qv9w+zKMZM2Q2O+v7RGYj3ZEYG7Ag9+Z
h2XP9UjGBc6rgVz/GEMUDvg65e5hRxjWOHxy5uWAR5KLCIfoQGiZr4b0Nl6V4LoX
l0hGcTzaDiiC8n0ecsk3FFieciRnQ2thWw5+XxGxX2ex6TBPKVloTH9pr2UExGSP
MZmtLCgamRHJU0k0FN5A3CJXPwO37ixPcwEZ9h54urYFAkSxVzU2CAf0Um6etDT1
9kOB0jjSuIDVczLJ65PkT/719jm7YrGlgfsBLDe07FbcyTN5NzFeq1sjNQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFLygXhPlXCBgChtnZru01ZeSHaduMB8GA1UdIwQY
MBaAFFEk+6HkAcA+W6HNd66e45z9Yxv7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVNUN29lUUJ3RDVib2MxM3JwN2puUDFqR19zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9iNzE0YWQtMWY3OC00YTEwLThlNjEt
YWI4ZjFmMzM4N2VlLzEvdktCZUUtVmNJR0FLRzJkbXU3VFZsNUlkcDI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9iNzE0YWQtMWY3OC00YTEwLThlNjEtYWI4ZjFmMzM4N2Vl
LzEvVVNUN29lUUJ3RDVib2MxM3JwN2puUDFqR19zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQEWFCAAwQD
WFCYAwQAwWwYAwQCwk8MAwQBw0TWMA0GCSqGSIb3DQEBCwUAA4IBAQA1BoBrFVke
Z09EJYJlOhDg9dqnZwYzyz0XcjvjcBdDWKwlsvqeHN8IjGo3pN3qhAtgu0lLt+51
PTSnXkoFVpMKP3DhNRpGjATrwP3oNSzx8PlewAgH8GsFNDpnlCp4ii7zqX9n4W28
jdMdD7iP+sKiK6RHZ4m8x9hoZ4eMofD8XNSbmWsKrNyyfhjxe8j3OydBB00+qxM8
hKy0uPTYmkPF8oGJxPAtmhlZ5r2pbwlohvXxAIRcDMhAKj4SY7E2XMenKlX3ti8Q
8t/u1M8e7iuq4wgdmArFseDISSjEEGf0xri/Q3W/ksenDwMATpP9AWRGibjhUL5A
G+bNsNl7H04B
-----END CERTIFICATE-----