Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/64c2fa-df54-47ff-a8c9-bfe0ccb79fcc/1/y4tZ1dAo_xHvpoyJYK-G-d5UT_o.roa
File:                     y4tZ1dAo_xHvpoyJYK-G-d5UT_o.roa (raw, json)
Hash identifier:          kjiKec1i7kCO4jAkhF/fz2DIFVbwTXATiH4AA2u9N0o=
Subject key identifier:   CB:8B:59:D5:D0:28:FF:11:EF:A6:8C:89:60:AF:86:F9:DE:54:4F:FA
Certificate issuer:       /CN=ba0e1264e07b3708bcb9db5a14e7cc9270863958
Certificate serial:       018CAA16512BF058E462B997BC2C41538ECF
Authority key identifier: BA:0E:12:64:E0:7B:37:08:BC:B9:DB:5A:14:E7:CC:92:70:86:39:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ug4SZOB7Nwi8udtaFOfMknCGOVg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/64c2fa-df54-47ff-a8c9-bfe0ccb79fcc/1/y4tZ1dAo_xHvpoyJYK-G-d5UT_o.roa
Signing time:             Wed 27 Dec 2023 07:03:58 +0000
ROA not before:           Wed 27 Dec 2023 07:03:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     50596
IP address blocks:        188.68.8.0/21 maxlen: 22
                          46.254.160.0/21 maxlen: 22
                          37.75.200.0/21 maxlen: 22
                          185.8.220.0/22 maxlen: 23
                          188.68.168.0/21 maxlen: 22
                          93.179.104.0/21 maxlen: 22
                          109.201.96.0/19 maxlen: 22
                          188.68.192.0/21 maxlen: 22
                          178.57.208.0/21 maxlen: 22
                          2a03:3cc0::/29 maxlen: 29

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 10:34:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:aa:16:51:2b:f0:58:e4:62:b9:97:bc:2c:41:53:8e:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba0e1264e07b3708bcb9db5a14e7cc9270863958
        Validity
            Not Before: Dec 27 07:03:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=cb8b59d5d028ff11efa68c8960af86f9de544ffa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:39:75:3e:67:97:fa:7a:08:78:a0:8f:b7:52:
                    f0:f7:e3:c4:d6:73:34:62:5a:95:66:7b:88:1a:40:
                    cf:9f:bc:79:03:5f:95:18:1a:f8:8f:9a:8f:e9:39:
                    41:3b:07:03:26:28:85:60:0e:88:c7:15:71:90:0f:
                    ce:48:75:68:94:bb:bd:4b:85:7d:07:ec:41:7d:22:
                    1a:97:63:2c:cf:89:1e:df:87:3f:d4:12:b3:06:b8:
                    f0:07:44:86:fd:dd:bc:16:d7:1c:4d:ec:50:36:84:
                    32:94:b8:b5:8c:de:0a:82:c7:c8:5d:17:2d:fc:ab:
                    81:43:5a:b4:91:0f:d9:f1:7e:45:f3:6d:92:f9:e3:
                    c8:78:79:54:1a:8f:2b:e3:10:fb:09:e5:fa:0e:fe:
                    d4:29:5c:d3:32:cf:64:22:07:71:da:55:81:a6:d2:
                    81:f0:25:49:61:36:04:80:08:d9:99:39:c9:70:b4:
                    31:b9:c6:75:aa:77:b6:4d:48:5f:32:34:98:ed:e6:
                    21:ee:63:3f:5e:c5:ce:90:67:99:03:ec:5d:51:a7:
                    7e:90:01:b7:ba:40:53:c0:0d:e9:6d:84:c2:80:d8:
                    d0:0a:45:c2:3f:6d:97:6b:f6:11:12:54:5c:e5:3c:
                    3a:cd:4c:77:41:50:de:1d:a5:e4:4d:4a:16:55:da:
                    7e:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:8B:59:D5:D0:28:FF:11:EF:A6:8C:89:60:AF:86:F9:DE:54:4F:FA
            X509v3 Authority Key Identifier:
                keyid:BA:0E:12:64:E0:7B:37:08:BC:B9:DB:5A:14:E7:CC:92:70:86:39:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ug4SZOB7Nwi8udtaFOfMknCGOVg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/64c2fa-df54-47ff-a8c9-bfe0ccb79fcc/1/y4tZ1dAo_xHvpoyJYK-G-d5UT_o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/64c2fa-df54-47ff-a8c9-bfe0ccb79fcc/1/ug4SZOB7Nwi8udtaFOfMknCGOVg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.75.200.0/21
                  46.254.160.0/21
                  93.179.104.0/21
                  109.201.96.0/19
                  178.57.208.0/21
                  185.8.220.0/22
                  188.68.8.0/21
                  188.68.168.0/21
                  188.68.192.0/21
                IPv6:
                  2a03:3cc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         08:0a:67:ab:8d:8c:6e:d0:a6:21:35:ea:1c:6e:7e:d8:60:ee:
         52:bc:25:fe:51:13:a7:a8:cd:46:11:5b:34:2f:46:3e:a9:20:
         76:90:7d:54:58:8f:ea:1f:3c:e0:8c:98:b7:d5:67:71:66:79:
         0e:47:ea:a7:af:0c:a2:8d:81:00:14:99:80:2b:9b:f4:a9:11:
         94:c0:63:71:94:66:4d:6f:1b:fa:d4:f9:2b:3c:2f:52:50:f0:
         33:c5:5a:14:42:31:73:81:2b:ba:43:c9:d0:8c:07:8f:20:10:
         ca:d2:15:14:27:7e:2d:e4:4d:66:42:5c:25:d6:13:f1:4c:cf:
         c4:71:07:d6:1d:aa:bb:a0:9c:d9:9d:30:b3:21:21:25:f0:0e:
         8f:f8:00:40:1b:7e:30:48:4a:af:46:4a:2f:d2:b5:79:6b:6f:
         da:bc:53:1a:9a:0c:af:32:0f:5e:62:43:7f:78:25:2d:90:0d:
         1a:6f:a3:0b:44:c9:36:d4:59:47:23:17:5d:94:31:51:68:46:
         39:fc:92:ff:87:6d:40:a1:11:ec:dc:3b:e4:61:ec:31:5b:7c:
         d4:ad:0e:f5:c4:17:15:d4:03:28:ec:12:fa:2b:62:be:33:1e:
         7c:11:e4:65:21:1d:3e:5c:88:f7:9c:76:08:ba:ee:d6:5a:77:
         2f:8e:0e:bd
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAYyqFlEr8FjkYrmXvCxBU47PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhMGUxMjY0ZTA3YjM3MDhiY2I5ZGI1YTE0ZTdjYzkyNzA4
NjM5NTgwHhcNMjMxMjI3MDcwMzU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjhiNTlkNWQwMjhmZjExZWZhNjhjODk2MGFmODZmOWRlNTQ0ZmZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgDl1PmeX+noIeKCPt1Lw9+PE1nM0
YlqVZnuIGkDPn7x5A1+VGBr4j5qP6TlBOwcDJiiFYA6IxxVxkA/OSHVolLu9S4V9
B+xBfSIal2Msz4ke34c/1BKzBrjwB0SG/d28FtccTexQNoQylLi1jN4KgsfIXRct
/KuBQ1q0kQ/Z8X5F822S+ePIeHlUGo8r4xD7CeX6Dv7UKVzTMs9kIgdx2lWBptKB
8CVJYTYEgAjZmTnJcLQxucZ1qne2TUhfMjSY7eYh7mM/XsXOkGeZA+xdUad+kAG3
ukBTwA3pbYTCgNjQCkXCP22Xa/YRElRc5Tw6zUx3QVDeHaXkTUoWVdp+3QIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFMuLWdXQKP8R76aMiWCvhvneVE/6MB8GA1UdIwQY
MBaAFLoOEmTgezcIvLnbWhTnzJJwhjlYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWc0U1pPQjdOd2k4dWR0YUZPZk1rbkNHT1ZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS82NGMyZmEtZGY1NC00N2ZmLWE4Yzkt
YmZlMGNjYjc5ZmNjLzEveTR0WjFkQW9feEh2cG95SllLLUctZDVVVF9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS82NGMyZmEtZGY1NC00N2ZmLWE4YzktYmZlMGNjYjc5ZmNj
LzEvdWc0U1pPQjdOd2k4dWR0YUZPZk1rbkNHT1ZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQDJUvIAwQD
Lv6gAwQDXbNoAwQFbclgAwQDsjnQAwQCuQjcAwQDvEQIAwQDvESoAwQDvETAMA0E
AgACMAcDBQMqAzzAMA0GCSqGSIb3DQEBCwUAA4IBAQAICmerjYxu0KYhNeocbn7Y
YO5SvCX+UROnqM1GEVs0L0Y+qSB2kH1UWI/qHzzgjJi31WdxZnkOR+qnrwyijYEA
FJmAK5v0qRGUwGNxlGZNbxv61PkrPC9SUPAzxVoUQjFzgSu6Q8nQjAePIBDK0hUU
J34t5E1mQlwl1hPxTM/EcQfWHaq7oJzZnTCzISEl8A6P+ABAG34wSEqvRkov0rV5
a2/avFMamgyvMg9eYkN/eCUtkA0ab6MLRMk21FlHIxddlDFRaEY5/JL/h21AoRHs
3DvkYewxW3zUrQ71xBcV1AMo7BL6K2K+Mx58EeRlIR0+XIj3nHYIuu7WWncvjg69
-----END CERTIFICATE-----