Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/1a27ec-eb0a-4406-a1d1-07ed46b149c3/1/SXccMRSwda-AajwmXGvjarrDr_I.roa
File:                     SXccMRSwda-AajwmXGvjarrDr_I.roa (raw, json)
Hash identifier:          MGPaq2EpcDZILlU27orHDFHKgFwQYt+d6yCJPhlJydE=
Subject key identifier:   49:77:1C:31:14:B0:75:AF:80:6A:3C:26:5C:6B:E3:6A:BA:C3:AF:F2
Certificate issuer:       /CN=31242850cad41cdf75a3c9d60b21fca543f74384
Certificate serial:       018A2C52D10A218296CFF24BB5189941F2B2
Authority key identifier: 31:24:28:50:CA:D4:1C:DF:75:A3:C9:D6:0B:21:FC:A5:43:F7:43:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MSQoUMrUHN91o8nWCyH8pUP3Q4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/1a27ec-eb0a-4406-a1d1-07ed46b149c3/1/SXccMRSwda-AajwmXGvjarrDr_I.roa
Signing time:             Fri 25 Aug 2023 10:52:19 +0000
ROA not before:           Fri 25 Aug 2023 10:52:19 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     9136
IP address blocks:        62.176.224.0/19 maxlen: 19
                          91.186.32.0/19 maxlen: 19
                          5.159.24.0/21 maxlen: 21
                          213.162.128.0/19 maxlen: 19
                          185.72.232.0/22 maxlen: 22
                          2a01:581:9::/48 maxlen: 48
                          2a01:581:a::/48 maxlen: 48
                          2a01:581:6::/48 maxlen: 48
                          2a01:581:b::/48 maxlen: 48
                          2a01:581:c::/48 maxlen: 48
                          2a01:581:7::/48 maxlen: 48
                          2a01:581:8::/48 maxlen: 48
                          2a01:580::/29 maxlen: 29
                          2a01:581:d::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 28 Nov 2023 16:02:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:2c:52:d1:0a:21:82:96:cf:f2:4b:b5:18:99:41:f2:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31242850cad41cdf75a3c9d60b21fca543f74384
        Validity
            Not Before: Aug 25 10:52:19 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=49771c3114b075af806a3c265c6be36abac3aff2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:e0:dd:09:f6:bc:88:8b:a0:14:6d:be:54:d9:
                    42:8b:39:26:35:95:c6:96:33:38:04:2c:9b:8d:60:
                    a5:c2:8e:cc:60:98:d8:72:50:b9:62:39:2e:65:1d:
                    c7:28:9d:ce:dd:9f:37:bc:6b:58:30:16:22:3e:71:
                    dc:bf:19:bc:b6:d6:cd:1d:6e:60:e7:5d:b2:e1:dd:
                    cd:dc:39:fa:45:8d:d5:62:72:f6:ca:e1:42:79:39:
                    4e:64:20:3d:4c:4d:6c:2f:05:55:5b:9e:36:17:2e:
                    24:d1:63:2e:f6:c5:cd:6a:79:fc:2b:7f:48:d5:26:
                    34:34:64:f1:78:d8:13:18:b5:de:41:c3:ec:d4:8a:
                    25:6a:f3:06:85:88:4f:19:65:d6:f5:cd:69:c0:f5:
                    80:b1:d9:a4:4d:87:84:a2:5a:32:58:c6:00:a9:30:
                    32:d1:0c:c7:99:86:4f:30:8f:6b:d9:01:44:5e:ea:
                    15:19:7e:94:d9:a8:ec:77:8a:2b:d7:25:33:48:d3:
                    f8:f9:e1:f1:70:74:43:7f:7a:b4:ec:f3:f5:74:c4:
                    d5:81:f2:32:78:d9:7e:df:b2:a6:97:0b:a2:ab:c7:
                    97:f1:0d:c9:68:78:db:45:1d:7b:46:bb:e6:fc:a1:
                    05:49:6a:93:4f:59:1e:af:10:94:71:70:ce:ce:c5:
                    32:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:77:1C:31:14:B0:75:AF:80:6A:3C:26:5C:6B:E3:6A:BA:C3:AF:F2
            X509v3 Authority Key Identifier:
                keyid:31:24:28:50:CA:D4:1C:DF:75:A3:C9:D6:0B:21:FC:A5:43:F7:43:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MSQoUMrUHN91o8nWCyH8pUP3Q4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/1a27ec-eb0a-4406-a1d1-07ed46b149c3/1/SXccMRSwda-AajwmXGvjarrDr_I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/1a27ec-eb0a-4406-a1d1-07ed46b149c3/1/MSQoUMrUHN91o8nWCyH8pUP3Q4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.159.24.0/21
                  62.176.224.0/19
                  91.186.32.0/19
                  185.72.232.0/22
                  213.162.128.0/19
                IPv6:
                  2a01:580::/29

    Signature Algorithm: sha256WithRSAEncryption
         44:b3:d6:6f:3d:7e:52:f0:f4:ba:cc:1e:d5:0a:43:a0:d2:b7:
         9f:c9:99:fa:65:ff:e7:9d:06:65:76:b4:49:86:23:eb:2f:e0:
         90:91:f1:ee:62:8c:5e:e5:d1:5a:19:f4:ec:76:34:f2:b4:b7:
         c9:44:0f:a9:0a:0a:9a:7b:91:48:8a:7d:de:22:60:3d:07:4d:
         1d:32:c1:b0:53:ce:07:eb:cc:02:28:fd:02:70:c3:18:69:02:
         e3:82:53:3f:86:75:2c:2d:2d:0b:79:b5:29:40:d9:f7:30:ab:
         83:c2:6e:ac:6f:e5:6a:18:70:73:f4:0d:11:1b:1f:76:fe:fb:
         5e:16:78:9d:ce:b1:d2:7d:99:72:59:0b:be:32:ae:61:0a:ad:
         07:25:00:bc:02:e5:58:c7:01:8f:d8:ee:47:de:04:ce:df:eb:
         09:2e:75:9b:a2:15:2a:59:62:e0:30:46:b6:ab:7d:73:05:c6:
         2a:bf:0d:2c:b6:2c:5e:f5:34:02:93:b3:24:2a:17:f7:6a:6d:
         e4:55:b8:ff:a1:2d:14:c1:88:82:f3:60:8c:75:43:5a:9e:de:
         53:db:9d:34:db:92:7a:3d:61:9e:fc:d6:15:d7:44:65:01:b2:
         8c:15:fc:b4:8b:e1:e8:fc:93:61:4e:d8:db:ea:29:5e:7d:2a:
         05:14:c1:a8
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYosUtEKIYKWz/JLtRiZQfKyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxMjQyODUwY2FkNDFjZGY3NWEzYzlkNjBiMjFmY2E1NDNm
NzQzODQwHhcNMjMwODI1MTA1MjE5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTc3MWMzMTE0YjA3NWFmODA2YTNjMjY1YzZiZTM2YWJhYzNhZmYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnuDdCfa8iIugFG2+VNlCizkmNZXG
ljM4BCybjWClwo7MYJjYclC5YjkuZR3HKJ3O3Z83vGtYMBYiPnHcvxm8ttbNHW5g
512y4d3N3Dn6RY3VYnL2yuFCeTlOZCA9TE1sLwVVW542Fy4k0WMu9sXNann8K39I
1SY0NGTxeNgTGLXeQcPs1IolavMGhYhPGWXW9c1pwPWAsdmkTYeEoloyWMYAqTAy
0QzHmYZPMI9r2QFEXuoVGX6U2ajsd4or1yUzSNP4+eHxcHRDf3q07PP1dMTVgfIy
eNl+37Kmlwuiq8eX8Q3JaHjbRR17Rrvm/KEFSWqTT1kerxCUcXDOzsUydQIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFEl3HDEUsHWvgGo8Jlxr42q6w6/yMB8GA1UdIwQY
MBaAFDEkKFDK1BzfdaPJ1gsh/KVD90OEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVNRb1VNclVITjkxbzhuV0N5SDhwVVAzUTRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC8xYTI3ZWMtZWIwYS00NDA2LWExZDEt
MDdlZDQ2YjE0OWMzLzEvU1hjY01SU3dkYS1BYWp3bVhHdmphcnJEcl9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC8xYTI3ZWMtZWIwYS00NDA2LWExZDEtMDdlZDQ2YjE0OWMz
LzEvTVNRb1VNclVITjkxbzhuV0N5SDhwVVAzUTRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQDBZ8YAwQF
PrDgAwQFW7ogAwQCuUjoAwQF1aKAMA0EAgACMAcDBQMqAQWAMA0GCSqGSIb3DQEB
CwUAA4IBAQBEs9ZvPX5S8PS6zB7VCkOg0refyZn6Zf/nnQZldrRJhiPrL+CQkfHu
Yoxe5dFaGfTsdjTytLfJRA+pCgqae5FIin3eImA9B00dMsGwU84H68wCKP0CcMMY
aQLjglM/hnUsLS0LebUpQNn3MKuDwm6sb+VqGHBz9A0RGx92/vteFnidzrHSfZly
WQu+Mq5hCq0HJQC8AuVYxwGP2O5H3gTO3+sJLnWbohUqWWLgMEa2q31zBcYqvw0s
tixe9TQCk7MkKhf3am3kVbj/oS0UwYiC82CMdUNant5T250025J6PWGe/NYV10Rl
AbKMFfy0i+Ho/JNhTtjb6ilefSoFFMGo
-----END CERTIFICATE-----