Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/795098-a2f0-4733-9709-e6eb919d7a02/1/mqgRAArABale9RsRa6eDKLzWfTQ.roa
File:                     mqgRAArABale9RsRa6eDKLzWfTQ.roa (raw, json)
Hash identifier:          aJoPnhBrBgbVfepx/HsYtyxdb8wl/2rD51lYRO/2Opw=
Subject key identifier:   9A:A8:11:00:0A:C0:05:A9:5E:F5:1B:11:6B:A7:83:28:BC:D6:7D:34
Certificate issuer:       /CN=e48da335b072536d58e6b7cdf4cdb16445bcbc33
Certificate serial:       018CC348DDC498F562D0EAB023001BF6A739
Authority key identifier: E4:8D:A3:35:B0:72:53:6D:58:E6:B7:CD:F4:CD:B1:64:45:BC:BC:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5I2jNbByU21Y5rfN9M2xZEW8vDM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/795098-a2f0-4733-9709-e6eb919d7a02/1/mqgRAArABale9RsRa6eDKLzWfTQ.roa
Signing time:             Mon 01 Jan 2024 04:29:41 +0000
ROA not before:           Mon 01 Jan 2024 04:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197107
IP address blocks:        185.58.88.0/24 maxlen: 24
                          185.58.89.0/24 maxlen: 24
                          185.58.90.0/24 maxlen: 24
                          185.58.91.0/24 maxlen: 24
                          195.225.64.0/24 maxlen: 24
                          195.225.66.0/24 maxlen: 24
                          178.20.192.0/24 maxlen: 24
                          178.20.196.0/24 maxlen: 24
                          178.20.197.0/24 maxlen: 24
                          178.20.198.0/24 maxlen: 24
                          178.20.199.0/24 maxlen: 24
                          178.20.193.0/24 maxlen: 24
                          178.20.194.0/24 maxlen: 24
                          178.20.195.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 19 Nov 2024 16:35:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:dd:c4:98:f5:62:d0:ea:b0:23:00:1b:f6:a7:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e48da335b072536d58e6b7cdf4cdb16445bcbc33
        Validity
            Not Before: Jan  1 04:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9aa811000ac005a95ef51b116ba78328bcd67d34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:69:9e:26:fe:5d:10:8e:b1:6a:fd:10:94:e5:
                    f4:cb:57:90:57:93:1b:c6:96:74:3f:28:a4:b5:7c:
                    4f:8f:61:cc:31:22:9a:e6:7a:51:32:f9:b4:85:60:
                    6a:89:26:71:b3:91:49:1e:3c:21:41:df:fe:1c:2e:
                    cd:76:42:a6:8e:a5:01:3b:33:03:57:d1:99:28:e2:
                    89:64:4b:70:77:b7:86:fd:61:54:35:c4:76:de:de:
                    b8:d2:8e:07:34:06:95:bc:26:05:1f:c5:57:8b:ce:
                    f1:4e:ba:24:63:59:7a:8c:04:bd:2f:00:c8:c9:a5:
                    e6:55:85:ab:6e:e5:00:7d:5a:23:6f:ec:f6:a7:47:
                    7b:9c:24:16:38:46:c3:6e:78:75:01:70:85:8b:3a:
                    a1:9c:5e:bb:df:6c:60:11:ec:ef:01:20:6c:6c:2f:
                    2f:a7:9a:a6:23:b4:59:d6:50:d9:30:b2:61:d2:65:
                    52:8f:20:fb:4e:e1:d8:4d:12:e5:e8:cb:f0:a6:a4:
                    da:e4:2e:1d:e9:ca:f7:9f:02:39:2c:b4:27:48:71:
                    ce:27:b3:05:31:7c:b0:14:96:c4:b6:81:64:eb:ec:
                    ee:fa:17:2f:c5:72:5e:db:e7:85:72:16:33:e0:10:
                    f2:8f:6a:83:fc:85:4a:61:3e:2e:96:3d:97:7b:7e:
                    7a:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:A8:11:00:0A:C0:05:A9:5E:F5:1B:11:6B:A7:83:28:BC:D6:7D:34
            X509v3 Authority Key Identifier:
                keyid:E4:8D:A3:35:B0:72:53:6D:58:E6:B7:CD:F4:CD:B1:64:45:BC:BC:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5I2jNbByU21Y5rfN9M2xZEW8vDM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/795098-a2f0-4733-9709-e6eb919d7a02/1/mqgRAArABale9RsRa6eDKLzWfTQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/795098-a2f0-4733-9709-e6eb919d7a02/1/5I2jNbByU21Y5rfN9M2xZEW8vDM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.20.192.0/21
                  185.58.88.0/22
                  195.225.64.0/24
                  195.225.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:40:9b:68:99:74:bc:60:75:1c:d4:0d:38:1e:e3:37:5d:16:
         e6:86:0a:a9:cd:fe:61:ad:f1:86:72:96:40:75:c9:52:8f:ad:
         cb:a1:54:8a:6d:51:e3:9a:7c:29:f1:16:75:5d:dd:2f:8e:44:
         ea:f4:9f:59:62:6d:73:cb:db:79:66:bb:13:c0:c8:2a:58:05:
         85:56:e3:fd:21:cf:cf:d9:7e:03:95:d4:63:88:f3:0f:d3:45:
         8e:53:f4:19:3e:7d:54:37:21:ae:97:5e:9f:18:45:7e:06:d8:
         09:0d:39:56:9d:39:b6:31:a3:8f:6e:f0:b3:9e:7f:9d:4d:6e:
         f1:8d:66:ea:3f:be:c1:61:65:91:00:2b:fd:be:5b:df:a0:19:
         94:dd:93:7c:de:ba:64:f3:e4:3d:6d:c6:20:68:c4:3e:88:6e:
         81:73:38:4a:97:2f:8e:16:74:3d:9a:c3:5d:bc:15:55:df:98:
         51:45:a9:53:e4:ea:80:28:c3:cc:34:50:a0:dd:14:e6:54:cd:
         66:44:dc:a2:f8:ca:ea:1d:e2:02:02:8b:00:24:9a:fe:a9:48:
         28:b8:63:4c:67:1f:76:b4:54:7f:bb:8a:46:b2:8c:5f:8e:b0:
         b2:fd:59:d4:7b:cf:61:02:af:6c:57:2d:d5:b0:3f:3a:06:b0:
         30:91:2e:81
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzDSN3EmPVi0OqwIwAb9qc5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0OGRhMzM1YjA3MjUzNmQ1OGU2YjdjZGY0Y2RiMTY0NDVi
Y2JjMzMwHhcNMjQwMTAxMDQyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWE4MTEwMDBhYzAwNWE5NWVmNTFiMTE2YmE3ODMyOGJjZDY3ZDM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq2meJv5dEI6xav0QlOX0y1eQV5Mb
xpZ0PyiktXxPj2HMMSKa5npRMvm0hWBqiSZxs5FJHjwhQd/+HC7NdkKmjqUBOzMD
V9GZKOKJZEtwd7eG/WFUNcR23t640o4HNAaVvCYFH8VXi87xTrokY1l6jAS9LwDI
yaXmVYWrbuUAfVojb+z2p0d7nCQWOEbDbnh1AXCFizqhnF6732xgEezvASBsbC8v
p5qmI7RZ1lDZMLJh0mVSjyD7TuHYTRLl6MvwpqTa5C4d6cr3nwI5LLQnSHHOJ7MF
MXywFJbEtoFk6+zu+hcvxXJe2+eFchYz4BDyj2qD/IVKYT4ulj2Xe3564QIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFJqoEQAKwAWpXvUbEWungyi81n00MB8GA1UdIwQY
MBaAFOSNozWwclNtWOa3zfTNsWRFvLwzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUkyak5iQnlVMjFZNXJmTjlNMnhaRVc4dkRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC83OTUwOTgtYTJmMC00NzMzLTk3MDkt
ZTZlYjkxOWQ3YTAyLzEvbXFnUkFBckFCYWxlOVJzUmE2ZURLTHpXZlRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC83OTUwOTgtYTJmMC00NzMzLTk3MDktZTZlYjkxOWQ3YTAy
LzEvNUkyak5iQnlVMjFZNXJmTjlNMnhaRVc4dkRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQDshTAAwQC
uTpYAwQAw+FAAwQAw+FCMA0GCSqGSIb3DQEBCwUAA4IBAQCIQJtomXS8YHUc1A04
HuM3XRbmhgqpzf5hrfGGcpZAdclSj63LoVSKbVHjmnwp8RZ1Xd0vjkTq9J9ZYm1z
y9t5ZrsTwMgqWAWFVuP9Ic/P2X4DldRjiPMP00WOU/QZPn1UNyGul16fGEV+BtgJ
DTlWnTm2MaOPbvCznn+dTW7xjWbqP77BYWWRACv9vlvfoBmU3ZN83rpk8+Q9bcYg
aMQ+iG6BczhKly+OFnQ9msNdvBVV35hRRalT5OqAKMPMNFCg3RTmVM1mRNyi+Mrq
HeICAosAJJr+qUgouGNMZx92tFR/u4pGsoxfjrCy/VnUe89hAq9sVy3VsD86BrAw
kS6B
-----END CERTIFICATE-----