Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/IlhEVcs-HkjYoqsQqDH_rJrnPds.roa
File:                     IlhEVcs-HkjYoqsQqDH_rJrnPds.roa (raw, json)
Hash identifier:          wW7aFLncInkBFhoNqqA6kVyFEp5syleyYG0PUWetW7g=
Subject key identifier:   22:58:44:55:CB:3E:1E:48:D8:A2:AB:10:A8:31:FF:AC:9A:E7:3D:DB
Certificate issuer:       /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial:       018A38C4DABF29A89B54E08DAE7B3351FB41
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/IlhEVcs-HkjYoqsQqDH_rJrnPds.roa
Signing time:             Sun 27 Aug 2023 20:52:19 +0000
ROA not before:           Sun 27 Aug 2023 20:52:19 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     9123
IP address blocks:        91.186.198.0/24 maxlen: 24
                          91.186.199.0/24 maxlen: 24
                          91.186.196.0/24 maxlen: 24
                          91.186.197.0/24 maxlen: 24
                          94.241.141.0/24 maxlen: 24
                          94.241.142.0/24 maxlen: 24
                          94.241.143.0/24 maxlen: 24
                          94.241.140.0/24 maxlen: 24
                          94.241.168.0/24 maxlen: 24
                          94.241.169.0/24 maxlen: 24
                          94.241.170.0/24 maxlen: 24
                          94.241.171.0/24 maxlen: 24
                          178.253.40.0/24 maxlen: 24
                          178.253.41.0/24 maxlen: 24
                          178.253.42.0/24 maxlen: 24
                          178.253.43.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 02 Nov 2023 07:44:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:38:c4:da:bf:29:a8:9b:54:e0:8d:ae:7b:33:51:fb:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
        Validity
            Not Before: Aug 27 20:52:19 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=22584455cb3e1e48d8a2ab10a831ffac9ae73ddb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:e1:ad:59:90:23:75:11:ff:c9:d0:d1:9b:db:
                    5c:c9:d6:d1:bb:83:b2:36:42:f2:c0:fd:22:21:ec:
                    31:47:fe:1c:d6:43:a3:ee:69:f6:68:12:7e:c0:49:
                    c9:63:f9:32:f2:2f:ac:d9:3a:8f:7b:be:00:98:d0:
                    7b:c8:92:59:34:ec:00:6d:ea:70:74:30:b6:03:10:
                    f3:bf:e1:b9:49:c5:98:c5:66:9a:14:55:00:3c:25:
                    50:da:14:14:84:cc:e8:a0:df:4b:04:6a:50:6c:ae:
                    f0:e8:d1:f6:76:27:0c:26:6d:d1:65:ca:97:c4:49:
                    47:b1:4f:f5:1d:f6:8b:48:d4:89:20:70:60:18:4d:
                    aa:bc:63:0f:6c:9c:6b:96:5e:25:e6:cf:1e:66:58:
                    06:af:4f:95:6c:9c:4f:5d:a8:6f:8b:8f:9d:59:6a:
                    ae:0b:f1:6c:ff:5f:59:52:33:52:bc:22:66:e8:53:
                    1a:cb:8c:40:0b:0e:2a:ac:59:b8:2c:50:25:87:e6:
                    4f:27:57:2a:ea:19:9f:0a:9a:d1:73:4d:a8:af:20:
                    01:4d:31:83:c2:53:9a:f2:cf:16:16:24:c1:6d:e0:
                    7b:14:61:d5:61:56:dc:ab:3b:65:7a:f6:4f:c3:be:
                    32:37:18:20:0b:dd:ba:23:39:b6:4d:09:ba:74:94:
                    bc:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:58:44:55:CB:3E:1E:48:D8:A2:AB:10:A8:31:FF:AC:9A:E7:3D:DB
            X509v3 Authority Key Identifier:
                keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/IlhEVcs-HkjYoqsQqDH_rJrnPds.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.186.196.0/22
                  94.241.140.0/22
                  94.241.168.0/22
                  178.253.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         96:f0:e5:c4:16:a6:0b:7f:5e:25:b8:99:15:0c:c5:92:5f:2b:
         37:58:42:56:e2:55:59:d9:6a:e0:83:ad:8b:2e:40:bd:9f:1d:
         89:44:e9:b7:ea:1f:1a:0e:80:84:f4:36:3d:8a:10:25:bb:16:
         29:54:73:e6:cb:e4:0f:60:3c:00:c8:7d:eb:19:e0:42:05:1d:
         83:94:03:c6:6f:eb:98:94:51:7e:7e:f4:42:60:90:ad:64:5a:
         e4:58:26:57:ee:f0:dd:7c:88:72:26:86:47:da:0a:0d:da:9b:
         ab:ce:39:89:f4:72:ce:dc:c6:59:50:8f:a2:c3:d7:81:18:17:
         d6:02:59:b2:ec:61:11:40:c8:d0:3a:ee:21:57:51:88:d1:8c:
         44:dc:f8:30:e7:c9:71:dd:fa:71:b3:69:16:bd:37:e1:81:6b:
         ce:84:a3:a0:9b:97:15:4d:ba:6f:5b:a5:db:ae:a9:16:53:b3:
         26:08:b9:c3:ed:86:eb:78:54:db:f4:be:96:d6:2c:56:99:e2:
         01:7f:55:24:ab:d7:9f:31:bf:be:31:64:90:47:43:a1:ba:a8:
         c9:b6:cd:65:c1:4d:78:e2:49:5c:26:6b:4f:b9:41:e4:33:2c:
         f7:79:34:47:0e:4f:56:37:bd:68:0d:c3:1a:1d:a6:18:77:fc:
         3a:19:93:28
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYo4xNq/KaibVOCNrnszUftBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjMwODI3MjA1MjE5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjU4NDQ1NWNiM2UxZTQ4ZDhhMmFiMTBhODMxZmZhYzlhZTczZGRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmeGtWZAjdRH/ydDRm9tcydbRu4Oy
NkLywP0iIewxR/4c1kOj7mn2aBJ+wEnJY/ky8i+s2TqPe74AmNB7yJJZNOwAbepw
dDC2AxDzv+G5ScWYxWaaFFUAPCVQ2hQUhMzooN9LBGpQbK7w6NH2dicMJm3RZcqX
xElHsU/1HfaLSNSJIHBgGE2qvGMPbJxrll4l5s8eZlgGr0+VbJxPXahvi4+dWWqu
C/Fs/19ZUjNSvCJm6FMay4xACw4qrFm4LFAlh+ZPJ1cq6hmfCprRc02oryABTTGD
wlOa8s8WFiTBbeB7FGHVYVbcqztlevZPw74yNxggC926Izm2TQm6dJS8cwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFCJYRFXLPh5I2KKrEKgx/6ya5z3bMB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvSWxoRVZjcy1Ia2pZb3FzUXFESF9ySnJuUGRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCW7rEAwQC
XvGMAwQCXvGoAwQCsv0oMA0GCSqGSIb3DQEBCwUAA4IBAQCW8OXEFqYLf14luJkV
DMWSXys3WEJW4lVZ2Wrgg62LLkC9nx2JROm36h8aDoCE9DY9ihAluxYpVHPmy+QP
YDwAyH3rGeBCBR2DlAPGb+uYlFF+fvRCYJCtZFrkWCZX7vDdfIhyJoZH2goN2pur
zjmJ9HLO3MZZUI+iw9eBGBfWAlmy7GERQMjQOu4hV1GI0YxE3Pgw58lx3fpxs2kW
vTfhgWvOhKOgm5cVTbpvW6XbrqkWU7MmCLnD7YbreFTb9L6W1ixWmeIBf1Ukq9ef
Mb++MWSQR0OhuqjJts1lwU144klcJmtPuUHkMyz3eTRHDk9WN71oDcMaHaYYd/w6
GZMo
-----END CERTIFICATE-----