Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/fdf296-75e5-4635-9546-cea75d0cd671/1/mtcBIgIvvO0PZwv_Fsa9NOjRwag.roa
File:                     mtcBIgIvvO0PZwv_Fsa9NOjRwag.roa (raw, json)
Hash identifier:          8U9HbEDz/aHTH9cobLB5XmrOUy9lDLbLFFBxUPwS9Rs=
Subject key identifier:   9A:D7:01:22:02:2F:BC:ED:0F:67:0B:FF:16:C6:BD:34:E8:D1:C1:A8
Certificate issuer:       /CN=8847aa91b06d8c6b87284f3f45a21dc281f7ba55
Certificate serial:       01916E8FC983B84A0C286FB3001875B500FE
Authority key identifier: 88:47:AA:91:B0:6D:8C:6B:87:28:4F:3F:45:A2:1D:C2:81:F7:BA:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iEeqkbBtjGuHKE8_RaIdwoH3ulU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/fdf296-75e5-4635-9546-cea75d0cd671/1/mtcBIgIvvO0PZwv_Fsa9NOjRwag.roa
Signing time:             Tue 20 Aug 2024 06:53:22 +0000
ROA not before:           Tue 20 Aug 2024 06:53:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50810
IP address blocks:        37.98.64.0/18 maxlen: 22
                          37.98.114.0/24 maxlen: 24
                          93.117.176.0/20 maxlen: 22
                          93.119.208.0/20 maxlen: 22
                          178.131.0.0/18 maxlen: 22
                          178.131.4.0/24 maxlen: 24
                          178.131.64.0/18 maxlen: 22
                          178.131.128.0/18 maxlen: 22
                          188.211.0.0/20 maxlen: 20
                          188.211.15.0/24 maxlen: 24
                          188.212.240.0/21 maxlen: 21
                          188.213.192.0/22 maxlen: 22

Validation:               Failed, certificate revoked on Sun 27 Oct 2024 11:21:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:6e:8f:c9:83:b8:4a:0c:28:6f:b3:00:18:75:b5:00:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8847aa91b06d8c6b87284f3f45a21dc281f7ba55
        Validity
            Not Before: Aug 20 06:53:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9ad70122022fbced0f670bff16c6bd34e8d1c1a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:2d:eb:c3:1f:05:f9:a2:6b:7f:35:4b:e4:54:
                    c2:02:73:43:0c:fa:4f:b8:22:22:78:dc:fb:c3:6b:
                    b7:aa:c3:aa:f8:d1:2b:05:db:7e:e5:cc:e6:67:5a:
                    29:e8:49:07:73:34:6d:c9:3e:09:fe:66:bc:78:01:
                    09:d1:03:5e:17:ec:c3:86:bb:3c:ec:27:85:50:9a:
                    80:05:19:1a:72:ca:d7:75:3b:6c:f3:c9:d6:a0:98:
                    2d:8f:03:e8:3d:47:60:2b:58:cf:ff:69:70:68:d3:
                    67:3c:66:18:8a:aa:44:34:90:9c:a1:50:df:cc:05:
                    e7:ab:83:fa:99:ce:20:a8:a5:54:6f:cd:bf:06:0c:
                    d4:f9:a1:11:19:f1:1a:ba:bb:fe:2b:e7:19:51:4e:
                    98:e3:9a:f2:24:66:1d:47:6b:17:16:a9:6f:37:04:
                    31:ba:9e:3e:4e:10:1c:81:35:b7:4d:2e:f1:3c:0d:
                    9d:9c:9a:47:f8:e0:10:b3:31:5f:41:37:f3:47:28:
                    0b:95:c5:c5:29:4e:88:50:6b:e8:6a:c5:1f:e1:35:
                    23:c1:57:6e:c1:c8:83:6c:95:56:e5:52:46:ee:1d:
                    62:78:c1:89:2a:d9:14:67:59:c1:ab:92:19:8f:e5:
                    eb:7a:78:0f:9f:4a:17:12:e9:a6:23:b3:d8:a7:69:
                    db:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:D7:01:22:02:2F:BC:ED:0F:67:0B:FF:16:C6:BD:34:E8:D1:C1:A8
            X509v3 Authority Key Identifier:
                keyid:88:47:AA:91:B0:6D:8C:6B:87:28:4F:3F:45:A2:1D:C2:81:F7:BA:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iEeqkbBtjGuHKE8_RaIdwoH3ulU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/fdf296-75e5-4635-9546-cea75d0cd671/1/mtcBIgIvvO0PZwv_Fsa9NOjRwag.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/fdf296-75e5-4635-9546-cea75d0cd671/1/iEeqkbBtjGuHKE8_RaIdwoH3ulU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.98.64.0/18
                  93.117.176.0/20
                  93.119.208.0/20
                  178.131.0.0-178.131.191.255
                  188.211.0.0/20
                  188.212.240.0/21
                  188.213.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7d:b3:d6:15:5f:fd:81:ac:06:c6:bf:33:d9:4e:70:57:11:bb:
         d2:6b:a2:f9:b4:ec:df:10:45:c8:cb:76:54:7f:da:ef:11:89:
         e1:ac:f6:14:6f:c7:8f:57:6e:cb:4d:b5:7b:6f:d0:41:15:49:
         19:3f:71:12:fc:34:1a:50:12:83:4d:21:33:9d:44:aa:5d:60:
         1e:10:58:e8:de:37:74:38:f9:a2:24:fe:38:cd:f9:ac:42:57:
         17:d1:43:ea:47:d2:fa:62:e6:cf:2e:ce:4f:aa:8a:69:10:98:
         67:95:8f:4c:ad:a3:89:03:e1:dc:7c:dd:ed:12:63:ea:bc:b9:
         6b:ed:89:f2:03:50:71:95:b4:8b:56:23:47:cc:a3:d0:35:ee:
         6b:2f:e0:5b:ec:2a:18:a6:ff:01:ae:0a:c0:6d:c0:a4:8f:ef:
         3d:ae:8a:f6:28:62:f3:36:af:27:16:c6:2c:d4:6f:b8:9a:32:
         c6:ce:a8:95:ad:32:7d:f8:78:58:53:e4:8b:e7:2e:0a:a1:fe:
         f2:10:5b:7f:c9:40:10:cf:bb:29:2c:c2:97:8a:e5:94:ea:03:
         17:de:86:53:fd:5a:a1:99:0f:fc:e5:80:e6:b0:9a:48:54:09:
         db:1f:52:8d:60:ef:b2:fb:5e:be:36:27:0f:42:e4:be:50:56:
         d7:0f:63:66
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgISAZFuj8mDuEoMKG+zABh1tQD+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NDdhYTkxYjA2ZDhjNmI4NzI4NGYzZjQ1YTIxZGMyODFm
N2JhNTUwHhcNMjQwODIwMDY1MzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWQ3MDEyMjAyMmZiY2VkMGY2NzBiZmYxNmM2YmQzNGU4ZDFjMWE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtS3rwx8F+aJrfzVL5FTCAnNDDPpP
uCIieNz7w2u3qsOq+NErBdt+5czmZ1op6EkHczRtyT4J/ma8eAEJ0QNeF+zDhrs8
7CeFUJqABRkacsrXdTts88nWoJgtjwPoPUdgK1jP/2lwaNNnPGYYiqpENJCcoVDf
zAXnq4P6mc4gqKVUb82/BgzU+aERGfEaurv+K+cZUU6Y45ryJGYdR2sXFqlvNwQx
up4+ThAcgTW3TS7xPA2dnJpH+OAQszFfQTfzRygLlcXFKU6IUGvoasUf4TUjwVdu
wciDbJVW5VJG7h1ieMGJKtkUZ1nBq5IZj+XrengPn0oXEummI7PYp2nbIwIDAQAB
o4ICNDCCAjAwHQYDVR0OBBYEFJrXASICL7ztD2cL/xbGvTTo0cGoMB8GA1UdIwQY
MBaAFIhHqpGwbYxrhyhPP0WiHcKB97pVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUVlcWtiQnRqR3VIS0U4X1JhSWR3b0gzdWxVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC9mZGYyOTYtNzVlNS00NjM1LTk1NDYt
Y2VhNzVkMGNkNjcxLzEvbXRjQklnSXZ2TzBQWnd2X0ZzYTlOT2pSd2FnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC9mZGYyOTYtNzVlNS00NjM1LTk1NDYtY2VhNzVkMGNkNjcx
LzEvaUVlcWtiQnRqR3VIS0U4X1JhSWR3b0gzdWxVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEoGCCsGAQUFBwEHAQH/BDswOTA3BAIAATAxAwQGJWJAAwQE
XXWwAwQEXXfQMAsDAwCygwMEBrKDgAMEBLzTAAMEA7zU8AMEArzVwDANBgkqhkiG
9w0BAQsFAAOCAQEAfbPWFV/9gawGxr8z2U5wVxG70mui+bTs3xBFyMt2VH/a7xGJ
4az2FG/Hj1duy021e2/QQRVJGT9xEvw0GlASg00hM51Eql1gHhBY6N43dDj5oiT+
OM35rEJXF9FD6kfS+mLmzy7OT6qKaRCYZ5WPTK2jiQPh3Hzd7RJj6ry5a+2J8gNQ
cZW0i1YjR8yj0DXuay/gW+wqGKb/Aa4KwG3ApI/vPa6K9ihi8zavJxbGLNRvuJoy
xs6ola0yffh4WFPki+cuCqH+8hBbf8lAEM+7KSzCl4rllOoDF96GU/1aoZkP/OWA
5rCaSFQJ2x9SjWDvsvtevjYnD0LkvlBW1w9jZg==
-----END CERTIFICATE-----