Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/0E4dESvcetWRIqi42KQPEE0Ptv4.roa
File:                     0E4dESvcetWRIqi42KQPEE0Ptv4.roa (raw, json)
Hash identifier:          goBCdu6JgQZdH3y1MG6D6fSQVlhVxAuDSYSI99uBum0=
Subject key identifier:   D0:4E:1D:11:2B:DC:7A:D5:91:22:A8:B8:D8:A4:0F:10:4D:0F:B6:FE
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018977197F0F4AE334F1B1059BBB880A5A41
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/0E4dESvcetWRIqi42KQPEE0Ptv4.roa
Signing time:             Fri 21 Jul 2023 06:18:26 +0000
ROA not before:           Fri 21 Jul 2023 06:18:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     209854
IP address blocks:        185.244.139.0/24 maxlen: 24
                          212.119.32.0/23 maxlen: 24
                          212.119.34.0/24 maxlen: 24
                          194.169.168.0/22 maxlen: 24
                          193.218.35.0/24 maxlen: 24
                          45.144.227.0/24 maxlen: 24
                          91.190.101.0/24 maxlen: 24
                          62.197.144.0/20 maxlen: 24
                          45.135.184.0/24 maxlen: 24
                          92.62.120.0/22 maxlen: 24

Validation:               Failed, certificate revoked on Thu 02 Nov 2023 12:41:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:77:19:7f:0f:4a:e3:34:f1:b1:05:9b:bb:88:0a:5a:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jul 21 06:18:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d04e1d112bdc7ad59122a8b8d8a40f104d0fb6fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:52:c5:5e:cc:56:e4:25:c6:0a:e3:0f:77:05:
                    f5:9c:65:05:ae:09:0f:ad:5a:3f:8f:f7:b4:7b:68:
                    40:72:fc:c1:9a:2c:97:fe:ae:26:0b:aa:9e:b3:44:
                    e4:81:4d:af:23:f4:6d:d4:4f:fc:40:b1:70:77:ec:
                    2f:bd:a9:f6:29:f3:aa:10:cd:9a:27:a3:06:3b:53:
                    66:90:6b:dd:34:50:ea:37:bf:da:d2:1b:3c:91:94:
                    dc:84:59:06:05:4b:a4:9d:97:b4:6f:8d:14:c4:ed:
                    35:d1:60:f6:f1:65:9c:78:ba:26:a4:d5:24:53:f9:
                    f5:7e:bd:de:3d:60:37:20:c7:53:66:08:8c:b3:a0:
                    92:5f:02:12:01:39:06:1d:59:af:c7:c7:99:ac:7d:
                    25:5a:6d:ef:c9:95:28:40:c2:4a:cf:57:9a:05:f9:
                    09:e6:13:4b:8e:16:f6:00:4b:1b:bb:14:87:67:a4:
                    72:13:60:ed:85:5f:f1:69:9f:2a:2b:c9:30:ac:50:
                    1d:9c:f8:d8:6d:ad:42:61:38:54:67:ae:98:98:a9:
                    12:63:b5:fc:56:fc:47:00:03:7c:72:89:ef:f7:da:
                    ff:da:c5:70:0c:c4:3f:2e:5b:b5:5b:74:49:b2:35:
                    2d:b7:34:ae:7b:c6:eb:09:c5:67:0c:9b:c5:85:71:
                    42:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:4E:1D:11:2B:DC:7A:D5:91:22:A8:B8:D8:A4:0F:10:4D:0F:B6:FE
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/0E4dESvcetWRIqi42KQPEE0Ptv4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.184.0/24
                  45.144.227.0/24
                  62.197.144.0/20
                  91.190.101.0/24
                  92.62.120.0/22
                  185.244.139.0/24
                  193.218.35.0/24
                  194.169.168.0/22
                  212.119.32.0-212.119.34.255

    Signature Algorithm: sha256WithRSAEncryption
         51:8c:4d:29:06:0a:84:43:a3:4f:38:fc:7f:b4:d8:45:cb:cd:
         6c:07:03:05:a5:bd:66:7c:ac:d3:9a:87:db:68:ac:ae:e4:dd:
         87:f3:43:da:b2:30:63:97:fe:1e:bd:6c:4e:e6:38:dc:3c:a1:
         44:e3:55:98:1e:57:8d:b1:c4:e0:9a:55:fa:51:75:3c:c7:92:
         de:ab:fa:1a:b1:2e:82:e0:35:c0:6e:bc:71:50:fd:91:56:03:
         bc:c3:69:df:82:2e:1a:ee:90:a9:c2:a9:f7:fd:1a:43:ea:c9:
         05:4e:02:cd:89:30:01:c6:a9:84:c7:9c:02:7a:40:15:c8:04:
         35:69:66:fa:a1:e0:52:d3:6f:ad:16:d2:a3:4e:57:ac:5b:b8:
         15:b8:bd:b5:2c:20:17:95:f9:5b:c4:d4:83:4d:30:e5:6d:42:
         92:b7:94:3e:24:85:8c:65:03:38:12:c0:23:f7:75:3c:8d:94:
         ca:f9:bf:7c:11:07:cc:90:c1:2e:6d:01:67:75:5c:ed:c8:06:
         ea:25:46:08:9b:89:fd:88:ba:79:95:f6:7f:af:55:18:88:53:
         b0:f8:8c:10:b5:5f:ed:95:40:91:af:32:a5:44:ba:0b:14:04:
         69:f2:5e:23:42:1e:7a:75:09:fe:b2:1a:d7:0d:e9:ca:a3:f5:
         6a:83:9d:0a
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYl3GX8PSuM08bEFm7uIClpBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNzIxMDYxODI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDRlMWQxMTJiZGM3YWQ1OTEyMmE4YjhkOGE0MGYxMDRkMGZiNmZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlVLFXsxW5CXGCuMPdwX1nGUFrgkP
rVo/j/e0e2hAcvzBmiyX/q4mC6qes0TkgU2vI/Rt1E/8QLFwd+wvvan2KfOqEM2a
J6MGO1NmkGvdNFDqN7/a0hs8kZTchFkGBUuknZe0b40UxO010WD28WWceLompNUk
U/n1fr3ePWA3IMdTZgiMs6CSXwISATkGHVmvx8eZrH0lWm3vyZUoQMJKz1eaBfkJ
5hNLjhb2AEsbuxSHZ6RyE2DthV/xaZ8qK8kwrFAdnPjYba1CYThUZ66YmKkSY7X8
VvxHAAN8conv99r/2sVwDMQ/Llu1W3RJsjUttzSue8brCcVnDJvFhXFCEwIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFNBOHREr3HrVkSKouNikDxBND7b+MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvMEU0ZEVTdmNldFdSSXFpNDJLUVBFRTBQdHY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQALYe4AwQA
LZDjAwQEPsWQAwQAW75lAwQCXD54AwQAufSLAwQAwdojAwQCwqmoMAwDBAXUdyAD
BADUdyIwDQYJKoZIhvcNAQELBQADggEBAFGMTSkGCoRDo084/H+02EXLzWwHAwWl
vWZ8rNOah9torK7k3YfzQ9qyMGOX/h69bE7mONw8oUTjVZgeV42xxOCaVfpRdTzH
kt6r+hqxLoLgNcBuvHFQ/ZFWA7zDad+CLhrukKnCqff9GkPqyQVOAs2JMAHGqYTH
nAJ6QBXIBDVpZvqh4FLTb60W0qNOV6xbuBW4vbUsIBeV+VvE1INNMOVtQpK3lD4k
hYxlAzgSwCP3dTyNlMr5v3wRB8yQwS5tAWd1XO3IBuolRgibif2IunmV9n+vVRiI
U7D4jBC1X+2VQJGvMqVEugsUBGnyXiNCHnp1Cf6yGtcN6cqj9WqDnQo=
-----END CERTIFICATE-----