Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/248588-1f8d-48d1-8bb2-971b0c065460/1/XSlWferbYjhk7fAQrHSvhDNRaFA.roa
File:                     XSlWferbYjhk7fAQrHSvhDNRaFA.roa (raw, json)
Hash identifier:          NwhT7r2+ysB6BTEdlaxu8bcavKI2465n7mU1PtFdAM0=
Subject key identifier:   5D:29:56:7D:EA:DB:62:38:64:ED:F0:10:AC:74:AF:84:33:51:68:50
Certificate issuer:       /CN=022e76e8994b66613748e021b5f4007f01b54d4f
Certificate serial:       018B60BB184E8120417B63A5466DE8F54876
Authority key identifier: 02:2E:76:E8:99:4B:66:61:37:48:E0:21:B5:F4:00:7F:01:B5:4D:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ai526JlLZmE3SOAhtfQAfwG1TU8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/248588-1f8d-48d1-8bb2-971b0c065460/1/XSlWferbYjhk7fAQrHSvhDNRaFA.roa
Signing time:             Tue 24 Oct 2023 08:09:16 +0000
ROA not before:           Tue 24 Oct 2023 08:09:16 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     15962
IP address blocks:        95.105.128.0/18 maxlen: 18
                          95.105.128.0/17 maxlen: 17
                          185.50.212.0/22 maxlen: 22
                          178.143.128.0/17 maxlen: 17
                          213.151.246.0/24 maxlen: 24
                          213.151.248.0/24 maxlen: 24
                          85.237.224.0/19 maxlen: 19
                          109.230.0.0/18 maxlen: 18
                          213.151.192.0/18 maxlen: 18
                          92.52.0.0/18 maxlen: 18
                          78.141.64.0/18 maxlen: 18
                          178.143.0.0/17 maxlen: 17
                          178.143.0.0/16 maxlen: 16
                          5.178.48.0/20 maxlen: 20
                          95.105.192.0/18 maxlen: 18

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 02:29:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:60:bb:18:4e:81:20:41:7b:63:a5:46:6d:e8:f5:48:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=022e76e8994b66613748e021b5f4007f01b54d4f
        Validity
            Not Before: Oct 24 08:09:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5d29567deadb623864edf010ac74af8433516850
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:e4:00:a0:48:38:58:38:5e:81:d8:86:13:71:
                    c6:1e:47:2d:92:cc:21:d1:dd:05:d8:de:32:06:3f:
                    09:a2:79:dc:ff:aa:25:4c:5b:fc:9e:77:62:58:20:
                    ad:30:ca:35:5d:81:7b:f7:fe:31:21:94:4a:69:eb:
                    b1:41:1e:1f:59:b4:9b:c8:c5:80:3e:e6:87:63:3b:
                    9d:4b:05:14:f5:f6:84:1a:a1:71:fc:35:30:46:fc:
                    ba:0e:8b:95:51:7c:b0:2a:b0:63:f6:c5:8f:46:76:
                    fb:21:35:af:78:00:c1:85:1e:32:e0:6c:66:f6:fa:
                    2d:42:66:eb:0e:ca:6b:9b:cb:6f:fd:70:4b:ab:28:
                    09:0f:82:55:94:d2:76:d9:24:2a:df:05:97:56:02:
                    44:14:2d:00:bb:79:59:81:d0:47:c8:e5:85:ab:d4:
                    6e:72:30:19:79:49:ba:f0:51:6f:5e:2c:c2:43:44:
                    c6:52:00:9e:5d:e1:fa:e6:57:4e:b6:b4:a2:54:d6:
                    4e:4b:24:3b:b7:48:ec:70:d0:d3:da:67:29:e5:93:
                    1b:81:55:e0:47:16:35:21:1e:50:32:af:fd:62:8b:
                    4a:4d:07:5d:f9:16:be:2f:e9:a0:53:90:37:7c:29:
                    7d:db:d5:bf:97:2d:94:72:9d:5e:5d:b5:b6:91:16:
                    a7:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:29:56:7D:EA:DB:62:38:64:ED:F0:10:AC:74:AF:84:33:51:68:50
            X509v3 Authority Key Identifier:
                keyid:02:2E:76:E8:99:4B:66:61:37:48:E0:21:B5:F4:00:7F:01:B5:4D:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ai526JlLZmE3SOAhtfQAfwG1TU8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/248588-1f8d-48d1-8bb2-971b0c065460/1/XSlWferbYjhk7fAQrHSvhDNRaFA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/248588-1f8d-48d1-8bb2-971b0c065460/1/Ai526JlLZmE3SOAhtfQAfwG1TU8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.178.48.0/20
                  78.141.64.0/18
                  85.237.224.0/19
                  92.52.0.0/18
                  95.105.128.0/17
                  109.230.0.0/18
                  178.143.0.0/16
                  185.50.212.0/22
                  213.151.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         8e:15:5a:51:e3:f5:61:68:6a:ec:c0:48:e8:fa:b0:b8:1e:f8:
         1d:ba:87:a0:98:73:62:96:fd:ec:f7:4d:fb:88:75:cb:c9:dd:
         05:ca:cc:35:dd:e4:8d:05:7d:20:48:7f:cc:fe:6f:a3:c6:ac:
         00:bc:ad:dd:db:3e:c4:d3:ea:64:73:68:7b:63:3a:75:93:e6:
         be:37:0a:a3:ed:fa:97:72:9e:50:1e:6e:5f:b2:40:87:b6:1b:
         cf:f0:df:ec:a7:a8:ee:d4:41:d6:58:96:18:ff:6e:59:a1:0f:
         08:81:49:b9:4b:e5:91:23:02:22:93:d4:06:0f:4b:db:ca:31:
         43:eb:57:58:a0:da:70:b1:ad:cb:6d:f1:71:f1:a2:78:ee:d3:
         d1:81:e3:9a:8e:28:1f:57:2d:a4:41:19:13:54:89:01:88:87:
         b7:53:31:a3:04:3d:50:a1:a0:46:6a:1f:c2:e6:6e:bf:81:c0:
         15:ef:72:10:0d:92:63:29:cd:89:b1:c3:a8:e3:dd:f3:cf:67:
         8e:09:14:bc:fc:3a:f9:bf:88:d2:eb:e6:6d:34:a0:1e:82:6b:
         4f:c4:e5:a4:2a:5c:b8:3d:af:9e:80:45:a6:ac:e4:e0:79:ff:
         22:3b:b5:f8:e3:df:18:bf:d2:41:2d:95:12:96:ca:fb:4c:66:
         1c:f9:7c:c2
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgISAYtguxhOgSBBe2OlRm3o9Uh2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyMmU3NmU4OTk0YjY2NjEzNzQ4ZTAyMWI1ZjQwMDdmMDFi
NTRkNGYwHhcNMjMxMDI0MDgwOTE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDI5NTY3ZGVhZGI2MjM4NjRlZGYwMTBhYzc0YWY4NDMzNTE2ODUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoOQAoEg4WDhegdiGE3HGHkctkswh
0d0F2N4yBj8Jonnc/6olTFv8nndiWCCtMMo1XYF79/4xIZRKaeuxQR4fWbSbyMWA
PuaHYzudSwUU9faEGqFx/DUwRvy6DouVUXywKrBj9sWPRnb7ITWveADBhR4y4Gxm
9votQmbrDsprm8tv/XBLqygJD4JVlNJ22SQq3wWXVgJEFC0Au3lZgdBHyOWFq9Ru
cjAZeUm68FFvXizCQ0TGUgCeXeH65ldOtrSiVNZOSyQ7t0jscNDT2mcp5ZMbgVXg
RxY1IR5QMq/9YotKTQdd+Ra+L+mgU5A3fCl929W/ly2Ucp1eXbW2kRaniQIDAQAB
o4ICODCCAjQwHQYDVR0OBBYEFF0pVn3q22I4ZO3wEKx0r4QzUWhQMB8GA1UdIwQY
MBaAFAIuduiZS2ZhN0jgIbX0AH8BtU1PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQWk1MjZKbExabUUzU09BaHRmUUFmd0cxVFU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy8yNDg1ODgtMWY4ZC00OGQxLThiYjIt
OTcxYjBjMDY1NDYwLzEvWFNsV2ZlcmJZamhrN2ZBUXJIU3ZoRE5SYUZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy8yNDg1ODgtMWY4ZC00OGQxLThiYjItOTcxYjBjMDY1NDYw
LzEvQWk1MjZKbExabUUzU09BaHRmUUFmd0cxVFU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME4GCCsGAQUFBwEHAQH/BD8wPTA7BAIAATA1AwQEBbIwAwQG
To1AAwQFVe3gAwQGXDQAAwQHX2mAAwQGbeYAAwMAso8DBAK5MtQDBAbVl8AwDQYJ
KoZIhvcNAQELBQADggEBAI4VWlHj9WFoauzASOj6sLge+B26h6CYc2KW/ez3TfuI
dcvJ3QXKzDXd5I0FfSBIf8z+b6PGrAC8rd3bPsTT6mRzaHtjOnWT5r43CqPt+pdy
nlAebl+yQIe2G8/w3+ynqO7UQdZYlhj/blmhDwiBSblL5ZEjAiKT1AYPS9vKMUPr
V1ig2nCxrctt8XHxonju09GB45qOKB9XLaRBGRNUiQGIh7dTMaMEPVChoEZqH8Lm
br+BwBXvchANkmMpzYmxw6jj3fPPZ44JFLz8Ovm/iNLr5m00oB6Ca0/E5aQqXLg9
r56ARaas5OB5/yI7tfjj3xi/0kEtlRKWyvtMZhz5fMI=
-----END CERTIFICATE-----