Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/4ae64b-f73e-408c-b4a8-cbb3d635d82f/1/C4RkQYtoKDZnrSUOrFsr_8mHxxk.roa
File:                     C4RkQYtoKDZnrSUOrFsr_8mHxxk.roa (raw, json)
Hash identifier:          wRbJK1HqrkujAq/LkQqS02F5qvtCbEZzwb1Z0yAjC+Q=
Subject key identifier:   0B:84:64:41:8B:68:28:36:67:AD:25:0E:AC:5B:2B:FF:C9:87:C7:19
Certificate issuer:       /CN=69042c1f27a7d7862475087023dc97c3330f73c6
Certificate serial:       018C414B7A6F58CF40505B46F55660D78416
Authority key identifier: 69:04:2C:1F:27:A7:D7:86:24:75:08:70:23:DC:97:C3:33:0F:73:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aQQsHyen14YkdQhwI9yXwzMPc8Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/4ae64b-f73e-408c-b4a8-cbb3d635d82f/1/C4RkQYtoKDZnrSUOrFsr_8mHxxk.roa
Signing time:             Wed 06 Dec 2023 22:41:54 +0000
ROA not before:           Wed 06 Dec 2023 22:41:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     48847
IP address blocks:        185.104.68.144/28 maxlen: 28
                          185.104.70.0/28 maxlen: 28
                          185.104.71.0/28 maxlen: 28
                          185.104.71.32/28 maxlen: 28
                          185.104.71.176/29 maxlen: 29
                          185.104.68.240/29 maxlen: 29
                          185.104.70.220/30 maxlen: 30
                          185.104.68.0/26 maxlen: 26
                          185.104.68.64/26 maxlen: 26
                          185.104.71.0/24 maxlen: 24
                          185.104.70.0/24 maxlen: 24
                          185.104.68.0/22 maxlen: 22
                          185.104.68.0/24 maxlen: 24
                          185.104.71.16/30 maxlen: 30
                          185.104.71.20/30 maxlen: 30
                          2a06:3480::/29 maxlen: 29

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 00:31:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:41:4b:7a:6f:58:cf:40:50:5b:46:f5:56:60:d7:84:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69042c1f27a7d7862475087023dc97c3330f73c6
        Validity
            Not Before: Dec  6 22:41:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0b8464418b68283667ad250eac5b2bffc987c719
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:05:8e:4c:e0:26:2a:3d:38:15:ee:0a:a6:b6:
                    a0:59:4f:22:85:10:64:65:c7:3c:94:43:8b:47:58:
                    00:85:2e:50:bf:7e:f1:38:de:a3:9b:41:c7:18:cc:
                    20:73:42:f2:59:ea:a2:04:17:e9:de:0a:b4:ed:b5:
                    21:f7:d3:d7:29:37:76:35:4e:70:38:33:ae:d3:b4:
                    87:34:64:1b:87:5b:34:c4:2a:58:80:e8:c1:2b:5b:
                    3b:e6:b7:22:84:af:c2:22:5d:ae:f9:2c:27:b4:2d:
                    1b:e9:07:f7:10:c4:70:64:31:68:ce:26:03:80:70:
                    46:a6:8e:9f:43:86:18:7b:d5:b5:9a:85:1a:3a:99:
                    83:05:c4:db:a1:70:2a:09:31:69:5a:11:be:40:0c:
                    61:59:04:53:81:0c:16:fa:81:8e:4c:45:04:e0:1b:
                    b9:16:54:7a:a1:dd:00:d9:3b:f4:df:a0:65:ee:33:
                    ca:74:b8:5a:6b:ba:8a:c4:82:30:24:07:5f:e9:c1:
                    f1:28:ba:1a:73:e4:8c:98:d4:b1:4d:20:22:c1:21:
                    06:e3:6c:eb:7b:f9:7f:ac:98:3f:18:ce:e7:ce:c1:
                    02:7e:e6:98:a5:94:56:07:cc:f8:14:0a:29:a2:7b:
                    a3:4f:03:ea:6b:fb:b9:b8:4b:2a:9c:73:4f:e9:70:
                    7a:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:84:64:41:8B:68:28:36:67:AD:25:0E:AC:5B:2B:FF:C9:87:C7:19
            X509v3 Authority Key Identifier:
                keyid:69:04:2C:1F:27:A7:D7:86:24:75:08:70:23:DC:97:C3:33:0F:73:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aQQsHyen14YkdQhwI9yXwzMPc8Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/4ae64b-f73e-408c-b4a8-cbb3d635d82f/1/C4RkQYtoKDZnrSUOrFsr_8mHxxk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/4ae64b-f73e-408c-b4a8-cbb3d635d82f/1/aQQsHyen14YkdQhwI9yXwzMPc8Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.104.68.0/22
                IPv6:
                  2a06:3480::/29

    Signature Algorithm: sha256WithRSAEncryption
         19:0b:b9:16:47:a6:2a:24:99:d6:69:29:8b:0d:18:68:15:0c:
         4b:cb:b2:33:4e:56:d4:51:2a:7b:9c:6e:9f:2b:61:ad:dd:1b:
         e1:09:6d:f8:33:3e:f0:bc:48:95:93:b0:29:a4:90:95:7e:dd:
         c8:1e:0b:be:d3:52:39:52:b9:1d:0c:27:80:3b:27:49:c3:f2:
         56:a1:41:ad:3a:c1:c6:fd:78:36:69:2e:2d:35:bb:4c:42:2e:
         e2:89:35:77:49:72:4d:ee:43:7c:b8:c4:ec:22:b0:fe:dc:e6:
         ea:26:25:09:0f:35:8b:06:e7:45:a7:f8:2a:ab:4f:73:bd:4d:
         21:15:b5:30:57:63:49:c6:cf:9d:9a:74:47:22:0d:c6:10:22:
         0b:bf:f0:49:3c:f5:2f:12:ca:53:db:75:5e:b1:7f:d3:e6:d0:
         8f:27:35:a8:8f:45:4d:22:3c:19:e1:e5:27:d0:1d:5f:f8:b2:
         4c:8c:3a:97:dd:0d:b7:bf:36:70:5e:49:e3:95:4f:fd:ca:c0:
         16:88:72:c4:b8:3d:db:b0:a6:18:71:1b:93:c8:cc:ed:97:05:
         ea:7c:d7:05:aa:aa:f9:e4:77:6a:b1:8a:f1:51:9c:10:56:fc:
         9e:78:0e:6a:39:14:56:04:7f:a9:f8:d0:91:eb:0e:9c:56:a2:
         19:4c:83:28
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYxBS3pvWM9AUFtG9VZg14QWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5MDQyYzFmMjdhN2Q3ODYyNDc1MDg3MDIzZGM5N2MzMzMw
ZjczYzYwHhcNMjMxMjA2MjI0MTU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjg0NjQ0MThiNjgyODM2NjdhZDI1MGVhYzViMmJmZmM5ODdjNzE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1QWOTOAmKj04Fe4KpragWU8ihRBk
Zcc8lEOLR1gAhS5Qv37xON6jm0HHGMwgc0LyWeqiBBfp3gq07bUh99PXKTd2NU5w
ODOu07SHNGQbh1s0xCpYgOjBK1s75rcihK/CIl2u+SwntC0b6Qf3EMRwZDFoziYD
gHBGpo6fQ4YYe9W1moUaOpmDBcTboXAqCTFpWhG+QAxhWQRTgQwW+oGOTEUE4Bu5
FlR6od0A2Tv036Bl7jPKdLhaa7qKxIIwJAdf6cHxKLoac+SMmNSxTSAiwSEG42zr
e/l/rJg/GM7nzsECfuaYpZRWB8z4FAoponujTwPqa/u5uEsqnHNP6XB6TQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAuEZEGLaCg2Z60lDqxbK//Jh8cZMB8GA1UdIwQY
MBaAFGkELB8np9eGJHUIcCPcl8MzD3PGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVFRc0h5ZW4xNFlrZFFod0k5eVh3ek1QYzhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy80YWU2NGItZjczZS00MDhjLWI0YTgt
Y2JiM2Q2MzVkODJmLzEvQzRSa1FZdG9LRFpuclNVT3JGc3JfOG1IeHhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy80YWU2NGItZjczZS00MDhjLWI0YTgtY2JiM2Q2MzVkODJm
LzEvYVFRc0h5ZW4xNFlrZFFod0k5eVh3ek1QYzhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuWhEMA0E
AgACMAcDBQMqBjSAMA0GCSqGSIb3DQEBCwUAA4IBAQAZC7kWR6YqJJnWaSmLDRho
FQxLy7IzTlbUUSp7nG6fK2Gt3RvhCW34Mz7wvEiVk7AppJCVft3IHgu+01I5Urkd
DCeAOydJw/JWoUGtOsHG/Xg2aS4tNbtMQi7iiTV3SXJN7kN8uMTsIrD+3ObqJiUJ
DzWLBudFp/gqq09zvU0hFbUwV2NJxs+dmnRHIg3GECILv/BJPPUvEspT23VesX/T
5tCPJzWoj0VNIjwZ4eUn0B1f+LJMjDqX3Q23vzZwXknjlU/9ysAWiHLEuD3bsKYY
cRuTyMztlwXqfNcFqqr55HdqsYrxUZwQVvyeeA5qORRWBH+p+NCR6w6cVqIZTIMo
-----END CERTIFICATE-----