Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/f8s4MsJBikff3FJECBUnSz9HgXI.roa
File:                     f8s4MsJBikff3FJECBUnSz9HgXI.roa (raw, json)
Hash identifier:          qGllE0+FFRz/fOgrkuLXRPrXaVNkhxmdwvChI8kNytM=
Subject key identifier:   7F:CB:38:32:C2:41:8A:47:DF:DC:52:44:08:15:27:4B:3F:47:81:72
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       018CC26D1F949E32B13124FDF5DDA3F9688E
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/f8s4MsJBikff3FJECBUnSz9HgXI.roa
Signing time:             Mon 01 Jan 2024 00:29:40 +0000
ROA not before:           Mon 01 Jan 2024 00:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25198
IP address blocks:        93.114.194.0/24 maxlen: 24
                          86.107.179.0/24 maxlen: 24
                          86.107.178.0/24 maxlen: 24
                          185.101.107.0/24 maxlen: 24
                          89.34.27.0/24 maxlen: 24
                          89.41.181.0/24 maxlen: 24
                          89.41.180.0/24 maxlen: 24
                          188.211.233.0/24 maxlen: 24
                          188.241.219.0/24 maxlen: 24
                          188.241.218.0/24 maxlen: 24
                          89.36.95.0/24 maxlen: 24
                          89.36.94.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 03 Jun 2024 08:41:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:1f:94:9e:32:b1:31:24:fd:f5:dd:a3:f9:68:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Jan  1 00:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7fcb3832c2418a47dfdc52440815274b3f478172
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:71:c7:44:e6:ec:e0:75:a3:c6:0b:16:df:6f:
                    1d:09:39:ae:b2:17:be:c0:8e:ad:d1:e4:fd:f9:81:
                    d3:56:a3:03:ac:ec:ad:8d:87:93:17:97:86:62:df:
                    49:c4:a5:19:93:5a:83:23:4d:a1:eb:8b:86:33:6f:
                    8b:ee:b4:00:6f:b7:8b:63:8a:0b:0c:3d:9f:a6:a9:
                    df:08:00:9f:60:31:25:71:3b:b9:f8:12:b1:1d:a9:
                    41:76:86:61:66:dc:45:dc:06:70:87:e8:ea:53:b0:
                    cb:ff:51:fc:3b:1e:c1:8d:60:73:c8:a7:d8:9c:61:
                    2f:33:63:0f:e4:5b:31:97:d2:56:d2:ea:8b:b3:bf:
                    49:b7:48:ce:65:5d:c3:c1:ac:1c:6d:ad:62:79:bd:
                    2f:73:6a:44:39:6b:cc:b9:ea:50:1c:a0:44:4e:bd:
                    d6:83:1f:3f:64:51:08:cb:60:2a:3a:54:58:7e:1c:
                    3b:73:ce:d2:cf:cb:9f:c6:0f:6d:0b:c4:5c:3f:97:
                    91:52:57:95:c5:bf:fb:7f:13:eb:2e:fa:99:99:a9:
                    e6:35:d1:05:55:75:0b:65:75:53:06:44:3d:e9:66:
                    ba:c0:f0:c6:c1:f3:44:ff:c5:f4:b7:11:b3:75:0b:
                    38:fa:20:ce:43:5b:67:08:0a:71:b9:91:44:9b:29:
                    05:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:CB:38:32:C2:41:8A:47:DF:DC:52:44:08:15:27:4B:3F:47:81:72
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/f8s4MsJBikff3FJECBUnSz9HgXI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.107.178.0/23
                  89.34.27.0/24
                  89.36.94.0/23
                  89.41.180.0/23
                  93.114.194.0/24
                  185.101.107.0/24
                  188.211.233.0/24
                  188.241.218.0/23

    Signature Algorithm: sha256WithRSAEncryption
         52:d2:7a:68:ee:cc:58:76:6d:86:78:f1:35:8b:bc:9c:b5:37:
         05:61:ed:0e:b0:64:d8:97:14:51:7c:03:47:8b:94:df:eb:cc:
         10:c0:f3:2b:4f:d0:dd:91:6e:f3:00:d8:06:36:c8:0e:f7:b3:
         cf:74:1d:8e:50:46:7c:a4:70:35:a5:7c:8a:83:1e:69:36:cc:
         50:c6:79:b0:02:44:de:e1:45:37:3a:de:af:85:cb:4d:0c:14:
         5c:7a:07:d7:f0:42:c1:77:34:ff:25:ad:db:6c:50:1b:44:23:
         86:35:25:ab:3a:d3:8b:19:bf:10:8c:2c:db:72:76:83:71:66:
         b9:b3:04:60:41:7c:e2:9f:9e:d3:44:30:68:30:c3:50:28:05:
         c4:1d:b1:8b:e1:0b:57:1b:0d:8f:b2:cf:49:33:8d:c6:9c:fb:
         2c:03:18:c7:d7:b8:68:6d:28:bd:07:52:fa:19:5c:18:87:f5:
         02:ef:9b:d7:2e:52:ee:78:b3:e9:63:39:ee:eb:92:63:59:01:
         eb:5c:a3:ca:0e:79:95:91:ce:3e:a8:84:32:81:cf:2e:b8:45:
         70:6b:fb:61:ed:23:9c:49:78:f3:92:0e:4e:90:78:86:f4:ad:
         0c:9f:0f:14:0b:f7:29:a7:48:5a:ab:e0:51:0c:75:aa:6b:74:
         0a:fa:aa:1b
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYzCbR+UnjKxMST99d2j+WiOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjQwMTAxMDAyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmNiMzgzMmMyNDE4YTQ3ZGZkYzUyNDQwODE1Mjc0YjNmNDc4MTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxnHHRObs4HWjxgsW328dCTmushe+
wI6t0eT9+YHTVqMDrOytjYeTF5eGYt9JxKUZk1qDI02h64uGM2+L7rQAb7eLY4oL
DD2fpqnfCACfYDElcTu5+BKxHalBdoZhZtxF3AZwh+jqU7DL/1H8Ox7BjWBzyKfY
nGEvM2MP5Fsxl9JW0uqLs79Jt0jOZV3Dwawcba1ieb0vc2pEOWvMuepQHKBETr3W
gx8/ZFEIy2AqOlRYfhw7c87Sz8ufxg9tC8RcP5eRUleVxb/7fxPrLvqZmanmNdEF
VXULZXVTBkQ96Wa6wPDGwfNE/8X0txGzdQs4+iDOQ1tnCApxuZFEmykFXQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFH/LODLCQYpH39xSRAgVJ0s/R4FyMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvZjhzNE1zSkJpa2ZmM0ZKRUNCVW5TejlIZ1hJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQBVmuyAwQA
WSIbAwQBWSReAwQBWSm0AwQAXXLCAwQAuWVrAwQAvNPpAwQBvPHaMA0GCSqGSIb3
DQEBCwUAA4IBAQBS0npo7sxYdm2GePE1i7yctTcFYe0OsGTYlxRRfANHi5Tf68wQ
wPMrT9DdkW7zANgGNsgO97PPdB2OUEZ8pHA1pXyKgx5pNsxQxnmwAkTe4UU3Ot6v
hctNDBRcegfX8ELBdzT/Ja3bbFAbRCOGNSWrOtOLGb8QjCzbcnaDcWa5swRgQXzi
n57TRDBoMMNQKAXEHbGL4QtXGw2Pss9JM43GnPssAxjH17hobSi9B1L6GVwYh/UC
75vXLlLueLPpYznu65JjWQHrXKPKDnmVkc4+qIQygc8uuEVwa/th7SOcSXjzkg5O
kHiG9K0Mnw8UC/cpp0haq+BRDHWqa3QK+qob
-----END CERTIFICATE-----