Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/a1ae75-2d6b-4cc6-acef-dce6d6909247/1/yfkdEbH5pGG8QXK30RsWf2kX080.roa
File:                     yfkdEbH5pGG8QXK30RsWf2kX080.roa (raw, json)
Hash identifier:          kYl/SD0Ekddi9NYR5nqQVfaAXoK14QEITrQ1XSD99do=
Subject key identifier:   C9:F9:1D:11:B1:F9:A4:61:BC:41:72:B7:D1:1B:16:7F:69:17:D3:CD
Certificate issuer:       /CN=940a10a256728f11a4bbaadc3204b7f0a35a5000
Certificate serial:       018CCAD976EA9D43395A5CA49922210C3669
Authority key identifier: 94:0A:10:A2:56:72:8F:11:A4:BB:AA:DC:32:04:B7:F0:A3:5A:50:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lAoQolZyjxGku6rcMgS38KNaUAA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/a1ae75-2d6b-4cc6-acef-dce6d6909247/1/yfkdEbH5pGG8QXK30RsWf2kX080.roa
Signing time:             Tue 02 Jan 2024 15:44:58 +0000
ROA not before:           Tue 02 Jan 2024 15:44:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8860
IP address blocks:        195.189.80.0/22 maxlen: 24
                          79.98.104.0/21 maxlen: 24
                          185.228.24.0/22 maxlen: 24
                          185.239.124.0/24 maxlen: 24
                          185.55.228.0/22 maxlen: 24
                          185.239.127.0/24 maxlen: 24
                          185.239.126.0/24 maxlen: 24
                          194.145.63.0/24 maxlen: 24
                          185.199.37.0/24 maxlen: 24
                          185.199.38.0/24 maxlen: 24
                          185.52.204.0/22 maxlen: 24
                          2a02:80e0::/30 maxlen: 30

Validation:               Failed, certificate revoked on Thu 25 Apr 2024 08:45:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:d9:76:ea:9d:43:39:5a:5c:a4:99:22:21:0c:36:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=940a10a256728f11a4bbaadc3204b7f0a35a5000
        Validity
            Not Before: Jan  2 15:44:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c9f91d11b1f9a461bc4172b7d11b167f6917d3cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:9f:3d:10:62:13:13:ff:58:8d:3e:93:bf:46:
                    02:e1:65:61:64:0f:14:bd:dc:df:95:3e:7f:8f:f2:
                    da:ed:16:82:7d:35:3d:4b:37:b9:9f:c5:96:61:60:
                    07:c0:f0:ed:71:5f:83:02:5d:8b:87:74:f2:bc:77:
                    27:a6:61:15:b8:5c:f4:bd:80:e6:3f:40:f4:2d:e5:
                    cc:5c:22:1c:a8:63:fa:61:21:3b:d4:f1:ce:70:e1:
                    0b:e1:d3:a7:ac:9b:75:0b:08:fd:40:f3:23:4d:7d:
                    97:37:8a:6b:7d:e3:28:07:29:fb:02:70:0b:20:6d:
                    8a:51:cd:5e:cb:90:cf:f6:68:c3:32:70:37:d6:b0:
                    cc:8a:23:5d:f6:e5:70:01:ad:56:21:35:47:79:e8:
                    b9:58:9b:c3:37:41:38:b8:09:be:32:27:0a:98:46:
                    05:ab:cb:ce:ce:53:f6:16:7c:a9:19:17:ac:c1:97:
                    b8:5f:ed:dd:88:62:c6:a5:ba:01:5c:85:14:50:f8:
                    6a:e7:f9:6d:38:9f:8c:10:f6:e6:a3:50:e5:92:1e:
                    98:36:1b:a5:24:93:b6:20:bf:94:3f:4e:1b:ca:5d:
                    bb:84:26:c6:85:a8:0b:a5:70:c9:56:e1:61:4c:30:
                    b0:4f:e2:13:22:10:61:4a:54:f8:0d:81:a0:3e:12:
                    2b:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:F9:1D:11:B1:F9:A4:61:BC:41:72:B7:D1:1B:16:7F:69:17:D3:CD
            X509v3 Authority Key Identifier:
                keyid:94:0A:10:A2:56:72:8F:11:A4:BB:AA:DC:32:04:B7:F0:A3:5A:50:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lAoQolZyjxGku6rcMgS38KNaUAA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/a1ae75-2d6b-4cc6-acef-dce6d6909247/1/yfkdEbH5pGG8QXK30RsWf2kX080.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/a1ae75-2d6b-4cc6-acef-dce6d6909247/1/lAoQolZyjxGku6rcMgS38KNaUAA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.98.104.0/21
                  185.52.204.0/22
                  185.55.228.0/22
                  185.199.37.0-185.199.38.255
                  185.228.24.0/22
                  185.239.124.0/24
                  185.239.126.0/23
                  194.145.63.0/24
                  195.189.80.0/22
                IPv6:
                  2a02:80e0::/30

    Signature Algorithm: sha256WithRSAEncryption
         58:e8:40:af:89:8e:a4:11:5f:99:dc:c4:9f:da:17:ae:8d:30:
         27:de:50:b2:4e:84:f2:51:88:2f:bb:96:00:7f:71:23:eb:a7:
         59:c5:86:53:56:77:35:e1:38:30:15:e7:5f:d6:bc:24:a6:1a:
         d8:78:22:96:af:54:e8:17:1a:ac:db:fb:1c:1c:a8:1b:6d:b9:
         35:65:96:f4:46:1a:e4:e8:7d:25:9b:08:89:49:04:11:42:c9:
         40:4d:e3:58:89:64:4c:98:58:7b:05:84:4e:5b:da:c6:f0:73:
         51:10:76:1e:a7:dc:66:5b:8e:c7:94:4e:28:72:5a:0d:ce:92:
         aa:32:44:fe:ca:f6:dd:ba:09:8a:13:e8:c5:62:18:00:fa:9d:
         96:86:63:31:a5:bf:27:3b:56:51:ce:eb:50:3e:bd:e9:d3:a0:
         40:55:23:44:96:b0:4a:ef:e0:22:6c:66:1b:da:80:99:f7:b8:
         d5:78:08:2a:80:f7:51:0f:77:81:6a:94:4f:e6:3d:15:4d:ab:
         69:a2:82:3e:5d:bf:58:78:70:f0:b4:52:79:43:41:ca:e3:93:
         0b:4d:c5:39:37:58:e8:00:98:e0:c8:91:84:eb:c7:16:ed:02:
         9d:d9:cd:ef:19:d7:11:7f:0c:9b:9d:dc:ea:22:50:5e:f2:87:
         0c:b2:c1:b9
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAYzK2XbqnUM5WlykmSIhDDZpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MGExMGEyNTY3MjhmMTFhNGJiYWFkYzMyMDRiN2YwYTM1
YTUwMDAwHhcNMjQwMTAyMTU0NDU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWY5MWQxMWIxZjlhNDYxYmM0MTcyYjdkMTFiMTY3ZjY5MTdkM2NkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl589EGITE/9YjT6Tv0YC4WVhZA8U
vdzflT5/j/La7RaCfTU9Sze5n8WWYWAHwPDtcV+DAl2Lh3TyvHcnpmEVuFz0vYDm
P0D0LeXMXCIcqGP6YSE71PHOcOEL4dOnrJt1Cwj9QPMjTX2XN4prfeMoByn7AnAL
IG2KUc1ey5DP9mjDMnA31rDMiiNd9uVwAa1WITVHeei5WJvDN0E4uAm+MicKmEYF
q8vOzlP2FnypGReswZe4X+3diGLGpboBXIUUUPhq5/ltOJ+MEPbmo1Dlkh6YNhul
JJO2IL+UP04byl27hCbGhagLpXDJVuFhTDCwT+ITIhBhSlT4DYGgPhIrkQIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFMn5HRGx+aRhvEFyt9EbFn9pF9PNMB8GA1UdIwQY
MBaAFJQKEKJWco8RpLuq3DIEt/CjWlAAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEFvUW9sWnlqeEdrdTZyY01nUzM4S05hVUFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9hMWFlNzUtMmQ2Yi00Y2M2LWFjZWYt
ZGNlNmQ2OTA5MjQ3LzEveWZrZEViSDVwR0c4UVhLMzBSc1dmMmtYMDgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9hMWFlNzUtMmQ2Yi00Y2M2LWFjZWYtZGNlNmQ2OTA5MjQ3
LzEvbEFvUW9sWnlqeEdrdTZyY01nUzM4S05hVUFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTBEBAIAATA+AwQDT2JoAwQC
uTTMAwQCuTfkMAwDBAC5xyUDBAC5xyYDBAK55BgDBAC573wDBAG5734DBADCkT8D
BALDvVAwDQQCAAIwBwMFAioCgOAwDQYJKoZIhvcNAQELBQADggEBAFjoQK+JjqQR
X5ncxJ/aF66NMCfeULJOhPJRiC+7lgB/cSPrp1nFhlNWdzXhODAV51/WvCSmGth4
IpavVOgXGqzb+xwcqBttuTVllvRGGuTofSWbCIlJBBFCyUBN41iJZEyYWHsFhE5b
2sbwc1EQdh6n3GZbjseUTihyWg3OkqoyRP7K9t26CYoT6MViGAD6nZaGYzGlvyc7
VlHO61A+venToEBVI0SWsErv4CJsZhvagJn3uNV4CCqA91EPd4FqlE/mPRVNq2mi
gj5dv1h4cPC0UnlDQcrjkwtNxTk3WOgAmODIkYTrxxbtAp3Zze8Z1xF/DJud3Ooi
UF7yhwyywbk=
-----END CERTIFICATE-----