Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/d6e796-0e14-45b1-9cf3-5ad58abfbb1f/1/ObjyQt4LMKYw4omWMSfUVRoLlNk.roa
File:                     ObjyQt4LMKYw4omWMSfUVRoLlNk.roa (raw, json)
Hash identifier:          4LMw91kTkCczSHWKzsgz/HEBZCvm1kTjKepVO+e5GU0=
Subject key identifier:   39:B8:F2:42:DE:0B:30:A6:30:E2:89:96:31:27:D4:55:1A:0B:94:D9
Certificate issuer:       /CN=93202129969576ce357fae26c9c7cf98a8250ea6
Certificate serial:       018CC56EA13E6E10F2CAC45104CF010C2812
Authority key identifier: 93:20:21:29:96:95:76:CE:35:7F:AE:26:C9:C7:CF:98:A8:25:0E:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kyAhKZaVds41f64mycfPmKglDqY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/d6e796-0e14-45b1-9cf3-5ad58abfbb1f/1/ObjyQt4LMKYw4omWMSfUVRoLlNk.roa
Signing time:             Mon 01 Jan 2024 14:30:10 +0000
ROA not before:           Mon 01 Jan 2024 14:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6677
IP address blocks:        85.220.0.0/17 maxlen: 17
                          157.157.2.0/24 maxlen: 24
                          157.157.4.0/24 maxlen: 24
                          157.157.0.0/16 maxlen: 16
                          213.167.150.0/24 maxlen: 24
                          31.209.192.0/18 maxlen: 18
                          213.167.128.0/19 maxlen: 19
                          212.30.192.0/19 maxlen: 19
                          192.147.34.0/24 maxlen: 24
                          194.105.224.0/24 maxlen: 24
                          194.105.224.0/19 maxlen: 19
                          2001:1a98::/32 maxlen: 32
                          2001:1a98::/29 maxlen: 29

Validation:               Failed, certificate revoked on Sun 03 Mar 2024 14:45:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:a1:3e:6e:10:f2:ca:c4:51:04:cf:01:0c:28:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93202129969576ce357fae26c9c7cf98a8250ea6
        Validity
            Not Before: Jan  1 14:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=39b8f242de0b30a630e289963127d4551a0b94d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:f1:42:2f:ee:7e:91:a3:b1:6f:3e:d3:70:94:
                    8b:ff:3a:b2:22:9d:63:82:83:15:79:61:1c:e5:d0:
                    87:98:08:eb:9f:c4:1c:bd:8a:50:55:cc:14:82:b7:
                    d4:9d:64:02:bd:5c:cf:b3:c1:17:2c:a5:71:c2:72:
                    33:63:6f:f1:01:ec:01:72:32:d2:ad:01:6e:f2:80:
                    06:ca:e1:13:9c:b7:1e:6e:3f:00:f3:f0:1e:73:f4:
                    6c:81:7f:8b:a5:fc:5b:9a:4e:c6:d7:89:f9:e4:57:
                    bc:f6:3f:ba:0d:ab:b8:e6:c2:da:37:da:5f:ba:7b:
                    b7:1f:da:d0:51:a3:59:e8:82:7c:f2:ad:ee:64:4e:
                    c3:1a:91:07:d6:72:53:3b:9a:26:06:7b:a4:e3:7e:
                    89:24:4a:f8:67:c1:71:0e:2e:4b:3f:b4:a6:a5:b2:
                    df:e6:db:21:ea:88:d8:7f:39:99:7f:fe:47:f6:aa:
                    ad:dd:52:b6:cb:37:d4:c5:31:f4:4a:dc:24:07:56:
                    95:db:94:9a:b4:90:4d:0e:16:a0:9e:01:55:25:b0:
                    21:39:23:ee:da:60:c3:85:11:40:90:48:55:25:f3:
                    3b:b3:4b:39:5a:21:24:f6:ff:e2:78:71:08:5a:b1:
                    e4:3d:d7:d1:cd:31:de:fc:ac:fa:7d:1d:c2:b6:d1:
                    5b:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:B8:F2:42:DE:0B:30:A6:30:E2:89:96:31:27:D4:55:1A:0B:94:D9
            X509v3 Authority Key Identifier:
                keyid:93:20:21:29:96:95:76:CE:35:7F:AE:26:C9:C7:CF:98:A8:25:0E:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kyAhKZaVds41f64mycfPmKglDqY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/d6e796-0e14-45b1-9cf3-5ad58abfbb1f/1/ObjyQt4LMKYw4omWMSfUVRoLlNk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/d6e796-0e14-45b1-9cf3-5ad58abfbb1f/1/kyAhKZaVds41f64mycfPmKglDqY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.209.192.0/18
                  85.220.0.0/17
                  157.157.0.0/16
                  192.147.34.0/24
                  194.105.224.0/19
                  212.30.192.0/19
                  213.167.128.0/19
                IPv6:
                  2001:1a98::/29

    Signature Algorithm: sha256WithRSAEncryption
         32:6a:6b:44:dd:53:d4:d4:9e:b4:14:2a:36:2d:42:25:18:f9:
         f8:09:83:46:31:3b:34:2e:a6:64:da:9c:86:a3:28:6a:25:35:
         e3:54:0e:75:46:88:cc:94:18:3f:0f:56:a4:5f:2d:b4:0d:2e:
         d7:74:a9:32:dd:c3:fa:8a:73:e4:29:96:f0:c6:97:db:32:19:
         07:00:ee:12:ba:09:1c:7a:8c:35:3c:5d:5b:c0:ba:72:57:38:
         41:9e:2f:c5:1f:f6:21:5d:bc:ca:7a:c0:19:4e:21:77:2c:a9:
         7e:49:c3:5f:30:b6:bb:c3:38:59:10:74:3b:e4:aa:7b:0d:c2:
         dc:bc:c0:e3:c3:c7:3c:b9:f0:bc:69:09:83:d6:65:ab:88:24:
         f7:c0:58:08:a7:44:5b:7e:9f:45:4e:98:57:f4:53:d4:d2:c1:
         d9:38:86:82:6a:54:54:1f:19:3d:bc:51:24:6e:00:79:0e:84:
         34:85:60:30:d1:69:63:39:2a:0a:9d:0d:1f:e5:19:3d:c7:35:
         41:57:54:13:64:a7:8d:12:7e:66:ad:7f:a1:2e:a7:81:09:d4:
         91:b2:ab:51:a7:50:3f:60:51:44:52:e1:a6:21:59:5e:55:e0:
         45:0c:7a:f9:c8:dd:ed:5f:3d:32:fb:63:bf:28:83:ec:02:36:
         27:f2:6c:c0
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYzFbqE+bhDyysRRBM8BDCgSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzMjAyMTI5OTY5NTc2Y2UzNTdmYWUyNmM5YzdjZjk4YTgy
NTBlYTYwHhcNMjQwMTAxMTQzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWI4ZjI0MmRlMGIzMGE2MzBlMjg5OTYzMTI3ZDQ1NTFhMGI5NGQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqfFCL+5+kaOxbz7TcJSL/zqyIp1j
goMVeWEc5dCHmAjrn8QcvYpQVcwUgrfUnWQCvVzPs8EXLKVxwnIzY2/xAewBcjLS
rQFu8oAGyuETnLcebj8A8/Aec/RsgX+Lpfxbmk7G14n55Fe89j+6Dau45sLaN9pf
unu3H9rQUaNZ6IJ88q3uZE7DGpEH1nJTO5omBnuk436JJEr4Z8FxDi5LP7SmpbLf
5tsh6ojYfzmZf/5H9qqt3VK2yzfUxTH0StwkB1aV25SatJBNDhagngFVJbAhOSPu
2mDDhRFAkEhVJfM7s0s5WiEk9v/ieHEIWrHkPdfRzTHe/Kz6fR3CttFbKwIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFDm48kLeCzCmMOKJljEn1FUaC5TZMB8GA1UdIwQY
MBaAFJMgISmWlXbONX+uJsnHz5ioJQ6mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3lBaEtaYVZkczQxZjY0bXljZlBtS2dsRHFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS9kNmU3OTYtMGUxNC00NWIxLTljZjMt
NWFkNThhYmZiYjFmLzEvT2JqeVF0NExNS1l3NG9tV01TZlVWUm9MbE5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS9kNmU3OTYtMGUxNC00NWIxLTljZjMtNWFkNThhYmZiYjFm
LzEva3lBaEtaYVZkczQxZjY0bXljZlBtS2dsRHFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDAvBAIAATApAwQGH9HAAwQH
VdwAAwMAnZ0DBADAkyIDBAXCaeADBAXUHsADBAXVp4AwDQQCAAIwBwMFAyABGpgw
DQYJKoZIhvcNAQELBQADggEBADJqa0TdU9TUnrQUKjYtQiUY+fgJg0YxOzQupmTa
nIajKGolNeNUDnVGiMyUGD8PVqRfLbQNLtd0qTLdw/qKc+QplvDGl9syGQcA7hK6
CRx6jDU8XVvAunJXOEGeL8Uf9iFdvMp6wBlOIXcsqX5Jw18wtrvDOFkQdDvkqnsN
wty8wOPDxzy58LxpCYPWZauIJPfAWAinRFt+n0VOmFf0U9TSwdk4hoJqVFQfGT28
USRuAHkOhDSFYDDRaWM5KgqdDR/lGT3HNUFXVBNkp40Sfmatf6Eup4EJ1JGyq1Gn
UD9gUURS4aYhWV5V4EUMevnI3e1fPTL7Y78og+wCNifybMA=
-----END CERTIFICATE-----