Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/z3LMFJ5bqDSmhsZTdOrnbgh8XIo.roa
File:                     z3LMFJ5bqDSmhsZTdOrnbgh8XIo.roa (raw, json)
Hash identifier:          p847ENrtmUO8jLOO6eOa6WBsUQpdmbW6kAiQB9u5fMI=
Subject key identifier:   CF:72:CC:14:9E:5B:A8:34:A6:86:C6:53:74:EA:E7:6E:08:7C:5C:8A
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018CC501133DD3E3C614FB802DC9DE3BDCCE
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/z3LMFJ5bqDSmhsZTdOrnbgh8XIo.roa
Signing time:             Mon 01 Jan 2024 12:30:31 +0000
ROA not before:           Mon 01 Jan 2024 12:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48806
IP address blocks:        91.217.236.0/24 maxlen: 24
                          185.228.225.0/24 maxlen: 24
                          89.31.216.0/24 maxlen: 24
                          37.46.149.0/24 maxlen: 24
                          193.84.132.0/24 maxlen: 24
                          185.244.137.0/24 maxlen: 24
                          185.239.241.0/24 maxlen: 24
                          185.245.5.0/24 maxlen: 24
                          185.245.7.0/24 maxlen: 24
                          193.218.32.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 10 Jan 2024 13:38:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:13:3d:d3:e3:c6:14:fb:80:2d:c9:de:3b:dc:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 12:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cf72cc149e5ba834a686c65374eae76e087c5c8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:89:d7:4e:35:9c:16:ff:18:b6:cf:45:97:83:
                    7a:0c:38:31:03:51:e1:88:34:a4:d9:5f:de:0d:35:
                    65:0d:aa:6b:ac:15:cb:c7:18:5b:f0:5f:d6:4a:b1:
                    70:5b:08:b1:f9:24:f1:ae:94:77:6e:59:57:38:eb:
                    ac:c5:23:a7:17:14:ce:8a:7a:92:0c:72:c1:57:b2:
                    9e:b6:6a:47:44:b3:83:89:98:65:2e:0f:37:6b:5e:
                    10:d0:4a:9c:05:31:c9:a3:1c:75:45:5c:16:d1:95:
                    76:0e:09:60:75:2d:5f:26:b8:4c:29:62:a9:60:71:
                    b1:3b:1b:a9:92:ad:82:46:c8:d7:c4:a6:96:4e:9a:
                    fd:bf:2e:76:73:e3:4d:70:ca:05:a7:3e:d7:6f:e9:
                    cd:bf:d8:30:dc:89:7b:ce:16:dc:94:1f:67:b3:82:
                    6e:ef:62:0b:ed:a3:12:d9:56:3a:dd:c5:45:6b:c3:
                    ba:7a:ec:3f:3a:bd:d7:aa:52:38:9b:82:d2:f3:a7:
                    68:8b:b3:25:66:3c:30:cf:dd:06:bd:19:e0:9a:c4:
                    d7:1e:05:41:e3:dc:96:ed:2e:fc:ab:27:8b:69:5a:
                    36:64:1e:dd:bf:0e:6e:42:14:25:4f:6f:40:f0:f2:
                    bd:63:1e:c5:2f:b8:b0:06:24:26:ba:22:80:ec:bd:
                    1f:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:72:CC:14:9E:5B:A8:34:A6:86:C6:53:74:EA:E7:6E:08:7C:5C:8A
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/z3LMFJ5bqDSmhsZTdOrnbgh8XIo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.46.149.0/24
                  89.31.216.0/24
                  91.217.236.0/24
                  185.228.225.0/24
                  185.239.241.0/24
                  185.244.137.0/24
                  185.245.5.0/24
                  185.245.7.0/24
                  193.84.132.0/24
                  193.218.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:73:7f:53:c1:b5:36:84:9b:92:04:a0:58:60:38:bf:8b:db:
         3e:a2:89:75:02:bd:1d:a5:4d:95:80:ce:62:eb:2b:80:4f:3e:
         4d:0b:b7:7c:ae:ef:c3:f3:04:52:0e:ad:87:bc:02:26:70:b6:
         4e:d2:df:22:26:5e:ff:d6:3c:79:a2:7d:b7:0d:6d:b9:e9:c8:
         d8:4f:ee:47:7d:76:a7:1a:de:bd:05:c0:30:99:8e:53:8d:8e:
         97:5f:f2:ce:ac:45:4d:90:0d:04:fc:86:f4:34:80:d8:b7:e9:
         f6:8b:8a:9b:fb:90:0f:56:c8:2f:1f:6b:78:94:ca:31:93:f1:
         08:ec:3e:aa:5c:3b:77:fe:a7:3d:a2:ed:59:e1:fa:0f:ae:32:
         88:2d:2c:93:1d:58:9f:01:b8:c1:4c:fc:fa:7b:87:07:21:18:
         c1:74:2a:67:58:17:3b:8b:fe:6a:42:05:64:bf:da:ac:18:22:
         65:dd:b1:8c:e6:b7:52:1f:f5:34:67:e8:21:21:2a:47:a0:4d:
         34:56:5e:55:07:5e:6b:9f:02:50:90:88:65:f0:89:24:b7:a1:
         e8:ff:16:51:3b:41:3e:9e:c5:a5:7e:50:f9:78:19:7b:cb:17:
         77:00:94:b4:d5:aa:5d:b0:13:88:9d:dd:52:26:4c:50:81:31:
         6a:89:5c:a5
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYzFARM90+PGFPuALcneO9zOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwMTAxMTIzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjcyY2MxNDllNWJhODM0YTY4NmM2NTM3NGVhZTc2ZTA4N2M1YzhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwInXTjWcFv8Yts9Fl4N6DDgxA1Hh
iDSk2V/eDTVlDaprrBXLxxhb8F/WSrFwWwix+STxrpR3bllXOOusxSOnFxTOinqS
DHLBV7KetmpHRLODiZhlLg83a14Q0EqcBTHJoxx1RVwW0ZV2DglgdS1fJrhMKWKp
YHGxOxupkq2CRsjXxKaWTpr9vy52c+NNcMoFpz7Xb+nNv9gw3Il7zhbclB9ns4Ju
72IL7aMS2VY63cVFa8O6euw/Or3XqlI4m4LS86doi7MlZjwwz90GvRngmsTXHgVB
49yW7S78qyeLaVo2ZB7dvw5uQhQlT29A8PK9Yx7FL7iwBiQmuiKA7L0ffwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFM9yzBSeW6g0pobGU3Tq524IfFyKMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvejNMTUZKNWJxRFNtaHNaVGRPcm5iZ2g4WElvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQAJS6VAwQA
WR/YAwQAW9nsAwQAueThAwQAue/xAwQAufSJAwQAufUFAwQAufUHAwQAwVSEAwQA
wdogMA0GCSqGSIb3DQEBCwUAA4IBAQBjc39TwbU2hJuSBKBYYDi/i9s+ool1Ar0d
pU2VgM5i6yuATz5NC7d8ru/D8wRSDq2HvAImcLZO0t8iJl7/1jx5on23DW256cjY
T+5HfXanGt69BcAwmY5TjY6XX/LOrEVNkA0E/Ib0NIDYt+n2i4qb+5APVsgvH2t4
lMoxk/EI7D6qXDt3/qc9ou1Z4foPrjKILSyTHVifAbjBTPz6e4cHIRjBdCpnWBc7
i/5qQgVkv9qsGCJl3bGM5rdSH/U0Z+ghISpHoE00Vl5VB15rnwJQkIhl8Ikkt6Ho
/xZRO0E+nsWlflD5eBl7yxd3AJS01apdsBOInd1SJkxQgTFqiVyl
-----END CERTIFICATE-----