Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/097748-5cc8-450f-9fbb-8c8d10e8eabc/1/P642jUmAvenReLMnezhv-oOlWYM.roa
File:                     P642jUmAvenReLMnezhv-oOlWYM.roa (raw, json)
Hash identifier:          C392/se3JpA78JpZiBiwFBLr8TwfXZRgvTNxXpbKKqk=
Subject key identifier:   3F:AE:36:8D:49:80:BD:E9:D1:78:B3:27:7B:38:6F:FA:83:A5:59:83
Certificate issuer:       /CN=e6faa0d2f5dec0201f55e40979c1909b6db77c3b
Certificate serial:       018CC8DEC99F3D386D55CFC00E9C7122AC60
Authority key identifier: E6:FA:A0:D2:F5:DE:C0:20:1F:55:E4:09:79:C1:90:9B:6D:B7:7C:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5vqg0vXewCAfVeQJecGQm223fDs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/097748-5cc8-450f-9fbb-8c8d10e8eabc/1/P642jUmAvenReLMnezhv-oOlWYM.roa
Signing time:             Tue 02 Jan 2024 06:31:32 +0000
ROA not before:           Tue 02 Jan 2024 06:31:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197075
IP address blocks:        81.29.176.0/22 maxlen: 23
                          46.31.104.0/21 maxlen: 24
                          185.186.12.0/22 maxlen: 23
                          185.47.138.0/24 maxlen: 24
                          185.37.116.0/22 maxlen: 23
                          185.246.95.0/24 maxlen: 24
                          185.59.20.0/22 maxlen: 23
                          37.77.160.0/21 maxlen: 24
                          2a02:2420::/32 maxlen: 48

Validation:               Failed, certificate revoked on Tue 20 Feb 2024 09:10:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:c9:9f:3d:38:6d:55:cf:c0:0e:9c:71:22:ac:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e6faa0d2f5dec0201f55e40979c1909b6db77c3b
        Validity
            Not Before: Jan  2 06:31:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3fae368d4980bde9d178b3277b386ffa83a55983
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:b8:39:8e:8c:bb:c5:eb:66:6c:85:42:bb:f6:
                    fb:ad:1d:0f:01:d7:78:02:08:ce:79:a3:84:93:42:
                    8e:9b:0a:c8:c2:50:d2:a7:02:a5:bf:43:13:39:a6:
                    39:8d:0a:5e:63:6c:d6:a7:d7:3e:60:f9:9f:06:2e:
                    fa:9d:14:3c:22:79:2d:f9:d5:dd:b4:78:09:10:91:
                    16:63:b9:d4:4d:fc:52:8c:5f:bb:00:f3:92:db:b2:
                    54:c6:74:d4:e6:c4:fe:fa:a8:ce:88:14:8d:99:3b:
                    2c:bc:f9:61:a5:50:e3:c1:a6:71:eb:3f:29:45:0f:
                    37:7d:f5:de:65:f2:ea:94:dd:28:25:98:23:c9:a7:
                    f8:e7:31:ee:17:33:3f:78:fa:03:31:11:a4:01:3a:
                    d1:8d:ca:11:b2:ac:7e:3f:16:d0:9a:c7:68:14:52:
                    10:2e:17:92:00:65:cb:61:19:62:0a:9d:ef:26:00:
                    de:26:a6:b6:48:42:cb:c2:60:f2:b8:27:6d:96:c0:
                    bf:cb:58:38:3f:ad:97:45:f1:3a:8d:d4:de:6b:0a:
                    b7:cb:74:16:57:e1:29:ac:67:36:52:c1:8d:f6:d0:
                    79:68:af:a1:28:3b:be:1e:dd:e1:b4:41:95:5b:12:
                    fa:62:27:5b:fb:9c:1d:be:2b:42:90:59:ef:83:2b:
                    b9:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:AE:36:8D:49:80:BD:E9:D1:78:B3:27:7B:38:6F:FA:83:A5:59:83
            X509v3 Authority Key Identifier:
                keyid:E6:FA:A0:D2:F5:DE:C0:20:1F:55:E4:09:79:C1:90:9B:6D:B7:7C:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5vqg0vXewCAfVeQJecGQm223fDs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/097748-5cc8-450f-9fbb-8c8d10e8eabc/1/P642jUmAvenReLMnezhv-oOlWYM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/097748-5cc8-450f-9fbb-8c8d10e8eabc/1/5vqg0vXewCAfVeQJecGQm223fDs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.77.160.0/21
                  46.31.104.0/21
                  81.29.176.0/22
                  185.37.116.0/22
                  185.47.138.0/24
                  185.59.20.0/22
                  185.186.12.0/22
                  185.246.95.0/24
                IPv6:
                  2a02:2420::/32

    Signature Algorithm: sha256WithRSAEncryption
         42:e0:94:77:da:6d:d5:45:c7:a2:de:39:ab:ad:d1:77:1a:65:
         a2:44:99:b7:5c:dd:e0:ea:5f:98:fa:d6:94:f4:47:b2:35:0c:
         f5:49:d8:ff:17:46:dc:4a:7d:c8:8b:02:6b:58:f7:21:3d:93:
         ad:79:03:9e:a0:f9:17:a1:97:df:de:62:50:1e:66:09:40:2e:
         9b:d5:12:70:4e:b3:7f:d5:78:b8:ec:2a:d4:3f:56:49:98:12:
         ed:ae:a9:08:f3:a1:e5:f3:9b:72:24:be:ea:14:f8:cf:fb:8d:
         9b:20:de:82:62:34:b4:91:8b:d1:19:c8:32:73:1a:f0:9b:43:
         a3:97:cf:5c:12:0e:e0:2f:5f:a3:97:f1:9f:a6:8c:e8:b8:d6:
         9b:f7:a5:47:d5:df:7d:b8:3f:de:f3:40:26:86:6c:f4:fe:af:
         06:1e:8d:91:ff:53:b7:fc:2a:d9:85:c0:7f:f4:34:f8:03:ea:
         24:05:d1:62:df:d2:d4:c6:3b:b4:4f:96:f2:8b:b3:c4:17:06:
         d5:7b:2a:1e:f0:71:87:49:9b:bc:ae:6a:68:0f:3a:39:8a:af:
         9f:f3:87:69:be:a4:82:0b:c4:64:4b:7c:d8:8a:eb:5d:fe:46:
         d2:87:34:80:42:28:d6:5a:e1:22:ea:19:f8:aa:f3:fb:5a:2f:
         1f:7c:8e:4d
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAYzI3smfPThtVc/ADpxxIqxgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2ZmFhMGQyZjVkZWMwMjAxZjU1ZTQwOTc5YzE5MDliNmRi
NzdjM2IwHhcNMjQwMTAyMDYzMTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmFlMzY4ZDQ5ODBiZGU5ZDE3OGIzMjc3YjM4NmZmYTgzYTU1OTgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo7g5joy7xetmbIVCu/b7rR0PAdd4
AgjOeaOEk0KOmwrIwlDSpwKlv0MTOaY5jQpeY2zWp9c+YPmfBi76nRQ8Inkt+dXd
tHgJEJEWY7nUTfxSjF+7APOS27JUxnTU5sT++qjOiBSNmTssvPlhpVDjwaZx6z8p
RQ83ffXeZfLqlN0oJZgjyaf45zHuFzM/ePoDMRGkATrRjcoRsqx+PxbQmsdoFFIQ
LheSAGXLYRliCp3vJgDeJqa2SELLwmDyuCdtlsC/y1g4P62XRfE6jdTeawq3y3QW
V+EprGc2UsGN9tB5aK+hKDu+Ht3htEGVWxL6Yidb+5wdvitCkFnvgyu5zQIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFD+uNo1JgL3p0XizJ3s4b/qDpVmDMB8GA1UdIwQY
MBaAFOb6oNL13sAgH1XkCXnBkJttt3w7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNXZxZzB2WGV3Q0FmVmVRSmVjR1FtMjIzZkRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8wOTc3NDgtNWNjOC00NTBmLTlmYmIt
OGM4ZDEwZThlYWJjLzEvUDY0MmpVbUF2ZW5SZUxNbmV6aHYtb09sV1lNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8wOTc3NDgtNWNjOC00NTBmLTlmYmItOGM4ZDEwZThlYWJj
LzEvNXZxZzB2WGV3Q0FmVmVRSmVjR1FtMjIzZkRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQDJU2gAwQD
Lh9oAwQCUR2wAwQCuSV0AwQAuS+KAwQCuTsUAwQCuboMAwQAufZfMA0EAgACMAcD
BQAqAiQgMA0GCSqGSIb3DQEBCwUAA4IBAQBC4JR32m3VRcei3jmrrdF3GmWiRJm3
XN3g6l+Y+taU9EeyNQz1Sdj/F0bcSn3IiwJrWPchPZOteQOeoPkXoZff3mJQHmYJ
QC6b1RJwTrN/1Xi47CrUP1ZJmBLtrqkI86Hl85tyJL7qFPjP+42bIN6CYjS0kYvR
Gcgycxrwm0Ojl89cEg7gL1+jl/GfpozouNab96VH1d99uD/e80Amhmz0/q8GHo2R
/1O3/CrZhcB/9DT4A+okBdFi39LUxju0T5byi7PEFwbVeyoe8HGHSZu8rmpoDzo5
iq+f84dpvqSCC8RkS3zYiutd/kbShzSAQijWWuEi6hn4qvP7Wi8ffI5N
-----END CERTIFICATE-----