Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/a214a5-4449-44af-87ff-c967c9db5752/1/gAZDwDfvvtsne-zZv6_IDpPTWZA.roa
File:                     gAZDwDfvvtsne-zZv6_IDpPTWZA.roa (raw, json)
Hash identifier:          6J+XCd9b9WtXLzc4UduTQoYpXCBnydWQ5pfWDgw1Rco=
Subject key identifier:   80:06:43:C0:37:EF:BE:DB:27:7B:EC:D9:BF:AF:C8:0E:93:D3:59:90
Certificate issuer:       /CN=7bf39e6eb3131ecf3cddcd0c9e378c352da41fc2
Certificate serial:       018CC7950F815BC96EA67CF06D3351C80F6F
Authority key identifier: 7B:F3:9E:6E:B3:13:1E:CF:3C:DD:CD:0C:9E:37:8C:35:2D:A4:1F:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e_OebrMTHs883c0MnjeMNS2kH8I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/a214a5-4449-44af-87ff-c967c9db5752/1/gAZDwDfvvtsne-zZv6_IDpPTWZA.roa
Signing time:             Tue 02 Jan 2024 00:31:23 +0000
ROA not before:           Tue 02 Jan 2024 00:31:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24843
IP address blocks:        193.57.130.0/23 maxlen: 23
                          193.57.130.0/24 maxlen: 24
                          193.57.131.0/24 maxlen: 24
                          193.57.129.0/24 maxlen: 24
                          193.57.128.0/24 maxlen: 24
                          193.57.128.0/23 maxlen: 23
                          185.108.35.0/24 maxlen: 24
                          193.8.206.0/24 maxlen: 24
                          193.8.206.0/23 maxlen: 23
                          193.8.207.0/24 maxlen: 24
                          193.8.220.0/23 maxlen: 23
                          193.8.220.0/24 maxlen: 24
                          2a02:c804::/32 maxlen: 32

Validation:               Failed, certificate revoked on Thu 04 Apr 2024 16:45:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:0f:81:5b:c9:6e:a6:7c:f0:6d:33:51:c8:0f:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7bf39e6eb3131ecf3cddcd0c9e378c352da41fc2
        Validity
            Not Before: Jan  2 00:31:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=800643c037efbedb277becd9bfafc80e93d35990
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:58:db:19:ac:ef:93:14:88:0d:d5:e7:26:8f:
                    0c:bc:7c:a7:84:29:db:27:d2:92:47:e9:1e:9d:b2:
                    61:78:d5:08:3e:31:fa:30:77:64:1d:2a:ef:06:0f:
                    57:80:7d:42:7e:22:e0:37:7c:07:da:de:22:a4:5a:
                    18:99:33:09:7c:d9:b1:9f:5f:1e:5f:18:a3:07:26:
                    72:48:ff:5b:b6:74:4b:1e:74:83:dd:9c:d1:d9:23:
                    5e:a2:00:18:32:23:a0:d7:27:f6:ea:3a:d2:37:80:
                    de:f3:bb:2c:a7:9c:2a:f7:0e:dd:d8:a8:ba:8c:32:
                    22:01:36:1d:71:1f:0b:76:09:13:f5:b1:44:f5:5b:
                    98:b9:68:b3:8f:7d:64:cd:eb:ea:e7:86:38:09:06:
                    92:36:4e:72:15:4b:58:bb:d3:0d:8f:65:c1:d9:3b:
                    35:50:47:e7:11:5f:4b:a3:d1:55:4c:3d:bb:0b:25:
                    1f:30:4c:3f:5c:ff:41:c7:b3:4b:ab:84:fa:56:70:
                    96:dd:b9:03:48:13:da:eb:76:d7:8a:4d:12:da:88:
                    6b:17:19:d7:4b:2a:3e:ab:1b:c6:43:fc:00:1f:47:
                    fc:36:b0:b8:05:72:ab:38:82:6a:22:1c:d5:1b:75:
                    ed:f9:37:72:31:fc:40:b7:67:9c:dd:e3:48:a9:5e:
                    68:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:06:43:C0:37:EF:BE:DB:27:7B:EC:D9:BF:AF:C8:0E:93:D3:59:90
            X509v3 Authority Key Identifier:
                keyid:7B:F3:9E:6E:B3:13:1E:CF:3C:DD:CD:0C:9E:37:8C:35:2D:A4:1F:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e_OebrMTHs883c0MnjeMNS2kH8I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/a214a5-4449-44af-87ff-c967c9db5752/1/gAZDwDfvvtsne-zZv6_IDpPTWZA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/a214a5-4449-44af-87ff-c967c9db5752/1/e_OebrMTHs883c0MnjeMNS2kH8I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.108.35.0/24
                  193.8.206.0/23
                  193.8.220.0/23
                  193.57.128.0/22
                IPv6:
                  2a02:c804::/32

    Signature Algorithm: sha256WithRSAEncryption
         23:a0:79:9f:7d:3f:f2:91:6a:df:18:e3:63:71:8f:d0:4c:62:
         37:37:4e:21:80:41:ba:ca:a9:23:c7:01:c6:a4:13:84:8b:62:
         98:15:f8:0d:81:4c:ee:c3:d6:ca:00:b4:a8:d9:2c:cb:21:0c:
         72:23:00:32:db:23:2a:43:c5:da:84:bb:8d:18:a7:1d:dd:5f:
         0e:1f:39:07:5a:32:bf:c9:74:d7:a0:73:f8:14:be:42:42:a5:
         cc:51:7b:e0:77:35:43:56:90:7d:ec:36:df:41:ae:45:59:9b:
         a5:f6:c5:c7:a0:4e:ec:af:4f:59:2b:7c:0d:ff:b8:4e:c9:50:
         c3:84:1e:05:5f:35:b0:49:a6:f1:71:1a:33:be:f6:01:f3:b9:
         0a:32:95:cc:ac:59:c9:35:80:83:5d:c4:40:7a:0e:52:be:ca:
         d9:1d:f5:0b:aa:49:b6:78:6f:8e:c4:7f:79:43:da:51:cc:cc:
         6d:02:18:ea:0c:12:90:a8:38:29:d7:a1:b1:1e:c8:22:0a:58:
         76:b3:df:f6:62:1c:5e:4e:80:cb:47:c7:ae:d0:56:72:c1:dd:
         84:1c:ce:ca:05:76:a1:33:dc:28:fe:45:d0:2c:32:90:a5:f1:
         fc:52:05:5c:de:6e:9d:1d:ab:b9:27:2c:54:bd:72:e4:4f:64:
         b6:bd:c5:5e
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYzHlQ+BW8lupnzwbTNRyA9vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiZjM5ZTZlYjMxMzFlY2YzY2RkY2QwYzllMzc4YzM1MmRh
NDFmYzIwHhcNMjQwMTAyMDAzMTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDA2NDNjMDM3ZWZiZWRiMjc3YmVjZDliZmFmYzgwZTkzZDM1OTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjVjbGazvkxSIDdXnJo8MvHynhCnb
J9KSR+kenbJheNUIPjH6MHdkHSrvBg9XgH1CfiLgN3wH2t4ipFoYmTMJfNmxn18e
XxijByZySP9btnRLHnSD3ZzR2SNeogAYMiOg1yf26jrSN4De87ssp5wq9w7d2Ki6
jDIiATYdcR8LdgkT9bFE9VuYuWizj31kzevq54Y4CQaSNk5yFUtYu9MNj2XB2Ts1
UEfnEV9Lo9FVTD27CyUfMEw/XP9Bx7NLq4T6VnCW3bkDSBPa63bXik0S2ohrFxnX
Syo+qxvGQ/wAH0f8NrC4BXKrOIJqIhzVG3Xt+TdyMfxAt2ec3eNIqV5oRQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFIAGQ8A3777bJ3vs2b+vyA6T01mQMB8GA1UdIwQY
MBaAFHvznm6zEx7PPN3NDJ43jDUtpB/CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZV9PZWJyTVRIczg4M2MwTW5qZU1OUzJrSDhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy9hMjE0YTUtNDQ0OS00NGFmLTg3ZmYt
Yzk2N2M5ZGI1NzUyLzEvZ0FaRHdEZnZ2dHNuZS16WnY2X0lEcFBUV1pBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy9hMjE0YTUtNDQ0OS00NGFmLTg3ZmYtYzk2N2M5ZGI1NzUy
LzEvZV9PZWJyTVRIczg4M2MwTW5qZU1OUzJrSDhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQAuWwjAwQB
wQjOAwQBwQjcAwQCwTmAMA0EAgACMAcDBQAqAsgEMA0GCSqGSIb3DQEBCwUAA4IB
AQAjoHmffT/ykWrfGONjcY/QTGI3N04hgEG6yqkjxwHGpBOEi2KYFfgNgUzuw9bK
ALSo2SzLIQxyIwAy2yMqQ8XahLuNGKcd3V8OHzkHWjK/yXTXoHP4FL5CQqXMUXvg
dzVDVpB97DbfQa5FWZul9sXHoE7sr09ZK3wN/7hOyVDDhB4FXzWwSabxcRozvvYB
87kKMpXMrFnJNYCDXcRAeg5SvsrZHfULqkm2eG+OxH95Q9pRzMxtAhjqDBKQqDgp
16GxHsgiClh2s9/2YhxeToDLR8eu0FZywd2EHM7KBXahM9wo/kXQLDKQpfH8UgVc
3m6dHau5JyxUvXLkT2S2vcVe
-----END CERTIFICATE-----