Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/1c1eb2-1f65-4f71-8b32-b4bfe456dde0/1/GZU6T6wkJlgrff-8ucsuZtLtQC4.roa
File:                     GZU6T6wkJlgrff-8ucsuZtLtQC4.roa (raw, json)
Hash identifier:          R3FWJMKP5l4US6LO9kxp5adhimq/5M+CZ9i+OZSPZtE=
Subject key identifier:   19:95:3A:4F:AC:24:26:58:2B:7D:FF:BC:B9:CB:2E:66:D2:ED:40:2E
Certificate issuer:       /CN=996721831afb8b38307b49f5b9ee6292ad1e5850
Certificate serial:       018CC26D60F5825C28722A594A552BDCCBFE
Authority key identifier: 99:67:21:83:1A:FB:8B:38:30:7B:49:F5:B9:EE:62:92:AD:1E:58:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mWchgxr7izgwe0n1ue5ikq0eWFA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/1c1eb2-1f65-4f71-8b32-b4bfe456dde0/1/GZU6T6wkJlgrff-8ucsuZtLtQC4.roa
Signing time:             Mon 01 Jan 2024 00:29:57 +0000
ROA not before:           Mon 01 Jan 2024 00:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1299
IP address blocks:        86.107.255.0/24 maxlen: 24
                          89.43.156.0/22 maxlen: 24
                          79.132.145.0/24 maxlen: 24
                          46.247.245.0/24 maxlen: 24
                          79.132.153.0/24 maxlen: 24
                          79.132.154.0/24 maxlen: 24
                          85.112.211.0/24 maxlen: 24
                          185.223.148.0/24 maxlen: 24
                          86.105.91.0/24 maxlen: 24
                          185.183.63.0/24 maxlen: 24
                          86.107.248.0/21 maxlen: 24

Validation:               Failed, certificate revoked on Mon 08 Jan 2024 10:51:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:60:f5:82:5c:28:72:2a:59:4a:55:2b:dc:cb:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=996721831afb8b38307b49f5b9ee6292ad1e5850
        Validity
            Not Before: Jan  1 00:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=19953a4fac2426582b7dffbcb9cb2e66d2ed402e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:6d:04:75:47:5b:0d:cd:e7:f1:c5:1b:95:0f:
                    57:98:26:0a:60:77:06:f3:94:62:ed:1f:cb:25:d6:
                    a7:d6:14:79:9b:8f:71:bf:d0:20:56:cb:33:2c:41:
                    c3:a2:62:b9:1c:c1:1e:37:8b:f4:31:57:32:b6:3e:
                    ac:31:3b:96:c6:39:73:ac:e8:5a:fc:ac:8a:01:57:
                    ff:ac:f9:91:c1:10:06:a0:87:0e:00:a8:c5:44:6f:
                    f5:6c:fe:c5:ae:8e:aa:d5:67:6b:70:85:0e:2b:5f:
                    04:89:42:cd:f2:40:1a:84:5f:01:1b:93:d7:d6:1f:
                    6c:35:8e:59:2d:5f:22:db:90:c9:6d:01:f1:c5:da:
                    70:46:53:da:fe:55:36:3a:e9:04:14:ac:c7:19:83:
                    e6:44:e7:c5:06:bb:5b:91:31:45:75:e3:a0:28:bb:
                    38:cf:83:89:90:72:bb:a6:79:45:fd:22:11:1f:2a:
                    e5:5c:43:86:12:7c:a4:7a:a1:cb:cd:7a:6c:3e:61:
                    d4:ee:b3:7a:5c:ad:5d:86:7f:89:05:5c:ac:2f:b4:
                    a2:ab:73:1f:68:49:71:0b:58:6a:2a:19:8a:2f:69:
                    aa:0f:0c:97:5e:fc:fb:5c:28:41:fb:4e:88:bd:c7:
                    68:03:9f:44:e5:81:3b:39:74:6f:38:82:0a:d8:69:
                    96:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:95:3A:4F:AC:24:26:58:2B:7D:FF:BC:B9:CB:2E:66:D2:ED:40:2E
            X509v3 Authority Key Identifier:
                keyid:99:67:21:83:1A:FB:8B:38:30:7B:49:F5:B9:EE:62:92:AD:1E:58:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mWchgxr7izgwe0n1ue5ikq0eWFA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/1c1eb2-1f65-4f71-8b32-b4bfe456dde0/1/GZU6T6wkJlgrff-8ucsuZtLtQC4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/1c1eb2-1f65-4f71-8b32-b4bfe456dde0/1/mWchgxr7izgwe0n1ue5ikq0eWFA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.247.245.0/24
                  79.132.145.0/24
                  79.132.153.0-79.132.154.255
                  85.112.211.0/24
                  86.105.91.0/24
                  86.107.248.0/21
                  89.43.156.0/22
                  185.183.63.0/24
                  185.223.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:f8:a7:0a:32:c9:91:54:37:86:4f:59:3b:61:04:fa:84:00:
         94:e9:0b:b5:11:0b:05:cc:f4:41:45:f1:28:d8:da:3a:2f:b3:
         1a:11:65:6f:21:fb:10:0c:ec:2f:16:dc:4f:f9:02:6e:fd:31:
         ec:08:65:f9:71:9e:16:4e:31:14:59:7d:e5:20:2c:0d:8a:a8:
         55:76:a5:bb:b3:57:bf:ac:87:05:c4:3e:5f:1a:1b:b8:b6:6e:
         d1:2b:1b:bd:1d:68:f6:2b:c4:3c:d1:95:79:d6:5b:05:6e:95:
         ac:90:0f:8b:17:c4:5f:0b:1d:73:41:b5:4f:1c:86:fb:b7:31:
         23:0e:75:10:9c:4a:35:8e:07:e7:4e:e4:d1:7d:9b:e0:fb:55:
         0e:3e:2d:f5:08:84:e4:a3:ee:15:15:1d:ee:da:81:7e:58:80:
         8d:35:49:30:1f:7e:59:c7:e6:08:6c:83:41:79:87:17:c3:87:
         75:72:18:aa:ec:e5:37:29:a6:d7:e5:d2:45:64:8b:9c:c4:6d:
         2d:d8:29:0a:e9:71:05:78:5f:aa:39:97:9f:d4:d6:bb:31:0d:
         10:4a:c5:f1:e3:5e:bc:b2:15:7f:e3:35:74:20:a8:b9:c6:b4:
         32:76:fa:95:5c:7f:cf:98:2a:52:24:86:ed:4c:04:e4:98:b4:
         6b:ea:f1:25
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYzCbWD1glwocipZSlUr3Mv+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5NjcyMTgzMWFmYjhiMzgzMDdiNDlmNWI5ZWU2MjkyYWQx
ZTU4NTAwHhcNMjQwMTAxMDAyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTk1M2E0ZmFjMjQyNjU4MmI3ZGZmYmNiOWNiMmU2NmQyZWQ0MDJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzW0EdUdbDc3n8cUblQ9XmCYKYHcG
85Ri7R/LJdan1hR5m49xv9AgVsszLEHDomK5HMEeN4v0MVcytj6sMTuWxjlzrOha
/KyKAVf/rPmRwRAGoIcOAKjFRG/1bP7Fro6q1WdrcIUOK18EiULN8kAahF8BG5PX
1h9sNY5ZLV8i25DJbQHxxdpwRlPa/lU2OukEFKzHGYPmROfFBrtbkTFFdeOgKLs4
z4OJkHK7pnlF/SIRHyrlXEOGEnykeqHLzXpsPmHU7rN6XK1dhn+JBVysL7Siq3Mf
aElxC1hqKhmKL2mqDwyXXvz7XChB+06IvcdoA59E5YE7OXRvOIIK2GmWzwIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFBmVOk+sJCZYK33/vLnLLmbS7UAuMB8GA1UdIwQY
MBaAFJlnIYMa+4s4MHtJ9bnuYpKtHlhQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVdjaGd4cjdpemd3ZTBuMXVlNWlrcTBlV0ZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS8xYzFlYjItMWY2NS00ZjcxLThiMzIt
YjRiZmU0NTZkZGUwLzEvR1pVNlQ2d2tKbGdyZmYtOHVjc3VadEx0UUM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS8xYzFlYjItMWY2NS00ZjcxLThiMzItYjRiZmU0NTZkZGUw
LzEvbVdjaGd4cjdpemd3ZTBuMXVlNWlrcTBlV0ZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQALvf1AwQA
T4SRMAwDBABPhJkDBABPhJoDBABVcNMDBABWaVsDBANWa/gDBAJZK5wDBAC5tz8D
BAC535QwDQYJKoZIhvcNAQELBQADggEBAFX4pwoyyZFUN4ZPWTthBPqEAJTpC7UR
CwXM9EFF8SjY2jovsxoRZW8h+xAM7C8W3E/5Am79MewIZflxnhZOMRRZfeUgLA2K
qFV2pbuzV7+shwXEPl8aG7i2btErG70daPYrxDzRlXnWWwVulayQD4sXxF8LHXNB
tU8chvu3MSMOdRCcSjWOB+dO5NF9m+D7VQ4+LfUIhOSj7hUVHe7agX5YgI01STAf
flnH5ghsg0F5hxfDh3VyGKrs5Tcpptfl0kVki5zEbS3YKQrpcQV4X6o5l5/U1rsx
DRBKxfHjXryyFX/jNXQgqLnGtDJ2+pVcf8+YKlIkhu1MBOSYtGvq8SU=
-----END CERTIFICATE-----