Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/1a27ec-eb0a-4406-a1d1-07ed46b149c3/1/pFC7gryttRFsSPCC7GdLUto-7DY.roa
File:                     pFC7gryttRFsSPCC7GdLUto-7DY.roa (raw, json)
Hash identifier:          Pzq8/CEqAZsojIj9Yaeh6foTH4KJuugAuVSRyId65yM=
Subject key identifier:   A4:50:BB:82:BC:AD:B5:11:6C:48:F0:82:EC:67:4B:52:DA:3E:EC:36
Certificate issuer:       /CN=31242850cad41cdf75a3c9d60b21fca543f74384
Certificate serial:       018CC86F7FDA7E4F90D3D2F6A74A1E61F224
Authority key identifier: 31:24:28:50:CA:D4:1C:DF:75:A3:C9:D6:0B:21:FC:A5:43:F7:43:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MSQoUMrUHN91o8nWCyH8pUP3Q4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/1a27ec-eb0a-4406-a1d1-07ed46b149c3/1/pFC7gryttRFsSPCC7GdLUto-7DY.roa
Signing time:             Tue 02 Jan 2024 04:29:59 +0000
ROA not before:           Tue 02 Jan 2024 04:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9136
IP address blocks:        92.118.192.0/22 maxlen: 22
                          62.176.224.0/19 maxlen: 19
                          91.186.32.0/19 maxlen: 19
                          5.159.24.0/21 maxlen: 21
                          213.162.128.0/19 maxlen: 19
                          185.72.232.0/22 maxlen: 22
                          2a01:581:9::/48 maxlen: 48
                          2a01:581:a::/48 maxlen: 48
                          2a01:581:6::/48 maxlen: 48
                          2a01:581:b::/48 maxlen: 48
                          2a01:581:c::/48 maxlen: 48
                          2a01:581:7::/48 maxlen: 48
                          2a01:581:8::/48 maxlen: 48
                          2a01:580::/29 maxlen: 29
                          2a01:581:d::/48 maxlen: 48

Validation:               Failed, certificate revoked on Fri 09 Feb 2024 12:35:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:7f:da:7e:4f:90:d3:d2:f6:a7:4a:1e:61:f2:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31242850cad41cdf75a3c9d60b21fca543f74384
        Validity
            Not Before: Jan  2 04:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a450bb82bcadb5116c48f082ec674b52da3eec36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:9e:ff:57:5e:13:82:39:b6:8c:36:97:d0:f4:
                    06:f9:e2:10:4a:5f:2b:4f:9d:5c:e6:45:a0:fc:f2:
                    a6:de:02:12:6a:47:e3:2a:e9:31:d3:8f:7b:71:5d:
                    e9:2b:16:0d:d2:d7:d2:f7:43:e6:78:50:72:28:68:
                    db:68:9a:13:61:73:5f:c0:d2:de:fd:a2:51:7e:22:
                    6c:59:b6:4e:66:bd:b7:7a:60:b9:d4:5a:a8:fe:6c:
                    c9:21:27:18:a5:ad:58:23:77:9f:9a:cf:65:df:09:
                    5b:42:be:8b:b4:80:f8:ea:25:1a:8a:33:d4:fd:71:
                    97:e8:d1:27:37:f0:6b:34:b7:a3:c0:ae:72:2a:7e:
                    d7:4a:1e:65:97:aa:0e:e4:97:07:62:4b:72:47:0a:
                    5f:cd:55:28:89:db:05:3c:af:53:96:16:71:34:53:
                    cd:f7:27:08:70:79:43:f5:c0:04:68:f3:f4:66:3b:
                    ba:a2:5d:3a:05:8e:88:3d:21:5b:4c:f7:ff:cb:f0:
                    19:00:d7:76:ea:1b:a6:35:ec:18:31:f3:1e:a7:3c:
                    d1:2f:09:b9:76:b8:b9:5b:9d:e8:fd:b2:f3:c8:41:
                    96:4b:4a:22:ca:a3:fc:96:c9:28:88:52:9d:15:ef:
                    7e:5a:56:02:7e:3e:42:2a:86:e5:ad:dd:4a:ed:d5:
                    b0:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:50:BB:82:BC:AD:B5:11:6C:48:F0:82:EC:67:4B:52:DA:3E:EC:36
            X509v3 Authority Key Identifier:
                keyid:31:24:28:50:CA:D4:1C:DF:75:A3:C9:D6:0B:21:FC:A5:43:F7:43:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MSQoUMrUHN91o8nWCyH8pUP3Q4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/1a27ec-eb0a-4406-a1d1-07ed46b149c3/1/pFC7gryttRFsSPCC7GdLUto-7DY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/1a27ec-eb0a-4406-a1d1-07ed46b149c3/1/MSQoUMrUHN91o8nWCyH8pUP3Q4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.159.24.0/21
                  62.176.224.0/19
                  91.186.32.0/19
                  92.118.192.0/22
                  185.72.232.0/22
                  213.162.128.0/19
                IPv6:
                  2a01:580::/29

    Signature Algorithm: sha256WithRSAEncryption
         b0:f7:68:f6:6e:bb:ab:f0:b0:79:76:8b:a1:db:e5:22:4c:02:
         b3:20:4a:e7:f7:75:07:19:23:c4:2c:17:71:0c:6d:03:f2:39:
         74:c6:03:1a:b0:e5:95:80:eb:5d:ba:72:3e:02:51:86:f2:62:
         96:08:02:76:0d:48:c6:1e:54:60:4a:d7:d6:55:13:d6:53:05:
         20:a6:bc:9a:3c:f4:63:a6:ce:1d:25:34:32:f9:55:c6:04:2c:
         c2:44:69:bb:c0:db:68:20:49:81:37:69:a6:3e:82:21:7c:6c:
         d0:00:06:87:19:f2:8b:f3:5a:c3:52:89:eb:57:02:cf:e9:0f:
         24:09:9c:e7:06:89:0f:5e:5e:43:ba:0a:47:37:91:ba:94:94:
         e7:f1:01:e9:c0:c0:95:91:6f:c8:0a:c8:75:97:3f:09:ec:6a:
         ce:ec:8e:a9:31:92:36:fc:b4:33:6a:ef:d1:e4:7c:65:be:44:
         e6:94:0c:df:7e:e7:32:16:cd:4c:c3:ec:28:2f:51:3b:87:f8:
         27:93:d4:4d:b2:bc:40:db:2d:8d:46:92:d8:1a:68:81:6e:f5:
         37:cf:ea:2d:68:19:4b:b5:11:38:8a:63:ca:c6:e4:b2:ee:bf:
         48:bc:6f:a5:f5:aa:51:4c:c8:1d:83:9a:1c:15:b1:8f:60:c7:
         89:e9:a4:3d
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAYzIb3/afk+Q09L2p0oeYfIkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxMjQyODUwY2FkNDFjZGY3NWEzYzlkNjBiMjFmY2E1NDNm
NzQzODQwHhcNMjQwMTAyMDQyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDUwYmI4MmJjYWRiNTExNmM0OGYwODJlYzY3NGI1MmRhM2VlYzM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi57/V14Tgjm2jDaX0PQG+eIQSl8r
T51c5kWg/PKm3gISakfjKukx0497cV3pKxYN0tfS90PmeFByKGjbaJoTYXNfwNLe
/aJRfiJsWbZOZr23emC51Fqo/mzJIScYpa1YI3efms9l3wlbQr6LtID46iUaijPU
/XGX6NEnN/BrNLejwK5yKn7XSh5ll6oO5JcHYktyRwpfzVUoidsFPK9TlhZxNFPN
9ycIcHlD9cAEaPP0Zju6ol06BY6IPSFbTPf/y/AZANd26humNewYMfMepzzRLwm5
dri5W53o/bLzyEGWS0oiyqP8lskoiFKdFe9+WlYCfj5CKoblrd1K7dWwIwIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFKRQu4K8rbURbEjwguxnS1LaPuw2MB8GA1UdIwQY
MBaAFDEkKFDK1BzfdaPJ1gsh/KVD90OEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVNRb1VNclVITjkxbzhuV0N5SDhwVVAzUTRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC8xYTI3ZWMtZWIwYS00NDA2LWExZDEt
MDdlZDQ2YjE0OWMzLzEvcEZDN2dyeXR0UkZzU1BDQzdHZExVdG8tN0RZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC8xYTI3ZWMtZWIwYS00NDA2LWExZDEtMDdlZDQ2YjE0OWMz
LzEvTVNRb1VNclVITjkxbzhuV0N5SDhwVVAzUTRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQDBZ8YAwQF
PrDgAwQFW7ogAwQCXHbAAwQCuUjoAwQF1aKAMA0EAgACMAcDBQMqAQWAMA0GCSqG
SIb3DQEBCwUAA4IBAQCw92j2brur8LB5douh2+UiTAKzIErn93UHGSPELBdxDG0D
8jl0xgMasOWVgOtdunI+AlGG8mKWCAJ2DUjGHlRgStfWVRPWUwUgpryaPPRjps4d
JTQy+VXGBCzCRGm7wNtoIEmBN2mmPoIhfGzQAAaHGfKL81rDUonrVwLP6Q8kCZzn
BokPXl5DugpHN5G6lJTn8QHpwMCVkW/ICsh1lz8J7GrO7I6pMZI2/LQzau/R5Hxl
vkTmlAzffucyFs1Mw+woL1E7h/gnk9RNsrxA2y2NRpLYGmiBbvU3z+otaBlLtRE4
imPKxuSy7r9IvG+l9apRTMgdg5ocFbGPYMeJ6aQ9
-----END CERTIFICATE-----