Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/243f91-8747-4981-9cbf-1d373499924e/1/2ZCWlESW9RarKflUdRmy0aHacn4.roa
File:                     2ZCWlESW9RarKflUdRmy0aHacn4.roa (raw, json)
Hash identifier:          EJvgZ0F/SIf6fPAB1DD9GrBOXvWpBguNl4mouPuGijQ=
Subject key identifier:   D9:90:96:94:44:96:F5:16:AB:29:F9:54:75:19:B2:D1:A1:DA:72:7E
Certificate issuer:       /CN=c755702467770ed69b367b77bbe640bc6db4153e
Certificate serial:       018C678E7B57DBA41B22EE6B5B753A83BFF7
Authority key identifier: C7:55:70:24:67:77:0E:D6:9B:36:7B:77:BB:E6:40:BC:6D:B4:15:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x1VwJGd3DtabNnt3u-ZAvG20FT4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/243f91-8747-4981-9cbf-1d373499924e/1/2ZCWlESW9RarKflUdRmy0aHacn4.roa
Signing time:             Thu 14 Dec 2023 09:00:40 +0000
ROA not before:           Thu 14 Dec 2023 09:00:40 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     201935
IP address blocks:        84.254.137.0/24 maxlen: 24
                          84.254.144.0/24 maxlen: 24
                          84.254.144.0/23 maxlen: 24
                          84.254.145.0/24 maxlen: 24
                          84.254.146.0/24 maxlen: 24
                          84.254.164.0/24 maxlen: 24
                          95.210.133.0/24 maxlen: 24
                          176.227.131.0/24 maxlen: 24
                          176.227.139.0/24 maxlen: 24
                          176.227.138.0/24 maxlen: 24
                          84.254.130.0/24 maxlen: 24
                          84.254.131.0/24 maxlen: 24
                          95.210.111.0/24 maxlen: 24
                          95.210.132.0/24 maxlen: 24
                          95.210.132.0/23 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 06:31:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:67:8e:7b:57:db:a4:1b:22:ee:6b:5b:75:3a:83:bf:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c755702467770ed69b367b77bbe640bc6db4153e
        Validity
            Not Before: Dec 14 09:00:40 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d99096944496f516ab29f9547519b2d1a1da727e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:f8:11:4b:c9:d7:46:c2:52:4f:86:2d:26:3a:
                    b2:4d:16:5e:e2:55:47:70:98:3c:db:16:f3:24:c5:
                    0e:4f:54:e0:5b:d5:44:9f:82:27:c3:0f:64:54:7e:
                    90:6f:33:21:9b:79:c5:1a:c1:bb:ce:d8:af:e3:ec:
                    af:44:fc:f2:31:97:02:e1:6f:2e:98:67:4c:61:4c:
                    46:0f:8b:0c:ea:57:da:30:84:b7:c5:49:d4:c1:e7:
                    b4:ae:9f:97:fd:40:fe:eb:09:30:b1:31:0f:39:cd:
                    84:da:02:19:05:06:80:5c:c3:03:20:87:22:9a:a9:
                    4d:a7:34:da:e3:bd:02:eb:ef:46:df:93:e7:0d:5f:
                    4e:9f:56:6c:5d:63:39:b7:b4:b8:bc:bd:39:b6:f1:
                    74:33:fd:45:73:47:83:0e:0a:07:d0:e3:ed:68:2b:
                    e4:96:ae:4c:91:d5:3d:ce:d2:5a:31:4d:a7:fd:f0:
                    08:26:a7:40:ef:1f:77:42:09:f2:08:44:e2:31:6d:
                    ba:ee:0d:19:b9:92:b1:b4:28:03:f0:ca:d3:2e:bb:
                    47:d6:6e:20:b1:56:ae:84:8c:7d:d2:db:3c:2c:4c:
                    d5:43:c3:b9:7b:e4:87:50:3b:c8:79:54:d4:73:16:
                    22:61:a2:8e:46:0b:56:3b:34:0a:c1:4f:31:08:98:
                    75:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:90:96:94:44:96:F5:16:AB:29:F9:54:75:19:B2:D1:A1:DA:72:7E
            X509v3 Authority Key Identifier:
                keyid:C7:55:70:24:67:77:0E:D6:9B:36:7B:77:BB:E6:40:BC:6D:B4:15:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x1VwJGd3DtabNnt3u-ZAvG20FT4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/243f91-8747-4981-9cbf-1d373499924e/1/2ZCWlESW9RarKflUdRmy0aHacn4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/243f91-8747-4981-9cbf-1d373499924e/1/x1VwJGd3DtabNnt3u-ZAvG20FT4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.254.130.0/23
                  84.254.137.0/24
                  84.254.144.0-84.254.146.255
                  84.254.164.0/24
                  95.210.111.0/24
                  95.210.132.0/23
                  176.227.131.0/24
                  176.227.138.0/23

    Signature Algorithm: sha256WithRSAEncryption
         70:3f:d1:db:e4:f3:ad:0f:c3:6c:1e:74:0d:d6:24:20:4f:3f:
         ec:06:a4:82:2d:de:db:c2:43:db:0e:3d:72:fd:f2:ef:80:6b:
         6e:ba:3b:64:1e:a8:3d:be:af:d5:b5:78:02:3c:e2:4a:76:b4:
         81:98:13:96:a9:a9:fe:f4:f6:e3:ca:a3:8e:9b:f5:91:fd:5a:
         c6:29:28:51:c1:fd:20:ea:ed:f5:28:83:02:0d:4f:2c:57:33:
         ca:ca:41:b6:a7:53:74:ab:77:e9:98:cb:90:7c:f0:3d:39:10:
         32:bd:e7:19:df:3b:f0:80:44:90:e0:7a:0d:5b:de:16:91:66:
         64:b7:f3:2d:15:c7:e3:d2:1a:5f:1d:1f:56:46:51:bf:c1:82:
         7d:5b:d4:ab:b9:de:87:ea:3f:94:56:f8:21:3e:5d:1f:eb:e5:
         15:52:3e:3e:a9:d5:61:b0:3d:02:94:d7:29:03:82:3e:32:20:
         72:c9:1d:c0:c9:26:f1:43:b1:2c:2e:54:b1:87:99:ae:75:bc:
         44:fd:4c:c7:2c:57:7e:66:67:a9:c6:48:2d:87:89:c2:0f:9a:
         ad:fe:54:b7:d3:86:4d:45:eb:57:92:fa:98:ae:ca:2d:ce:a9:
         e1:c4:03:6c:c5:f1:1a:25:ba:e8:04:7a:fd:5a:92:ae:4e:bd:
         2e:68:a9:c4
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYxnjntX26QbIu5rW3U6g7/3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NTU3MDI0Njc3NzBlZDY5YjM2N2I3N2JiZTY0MGJjNmRi
NDE1M2UwHhcNMjMxMjE0MDkwMDQwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTkwOTY5NDQ0OTZmNTE2YWIyOWY5NTQ3NTE5YjJkMWExZGE3MjdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtfgRS8nXRsJST4YtJjqyTRZe4lVH
cJg82xbzJMUOT1TgW9VEn4Inww9kVH6QbzMhm3nFGsG7ztiv4+yvRPzyMZcC4W8u
mGdMYUxGD4sM6lfaMIS3xUnUwee0rp+X/UD+6wkwsTEPOc2E2gIZBQaAXMMDIIci
mqlNpzTa470C6+9G35PnDV9On1ZsXWM5t7S4vL05tvF0M/1Fc0eDDgoH0OPtaCvk
lq5MkdU9ztJaMU2n/fAIJqdA7x93QgnyCETiMW267g0ZuZKxtCgD8MrTLrtH1m4g
sVauhIx90ts8LEzVQ8O5e+SHUDvIeVTUcxYiYaKORgtWOzQKwU8xCJh1KQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFNmQlpRElvUWqyn5VHUZstGh2nJ+MB8GA1UdIwQY
MBaAFMdVcCRndw7WmzZ7d7vmQLxttBU+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDFWd0pHZDNEdGFiTm50M3UtWkF2RzIwRlQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy8yNDNmOTEtODc0Ny00OTgxLTljYmYt
MWQzNzM0OTk5MjRlLzEvMlpDV2xFU1c5UmFyS2ZsVWRSbXkwYUhhY240LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy8yNDNmOTEtODc0Ny00OTgxLTljYmYtMWQzNzM0OTk5MjRl
LzEveDFWd0pHZDNEdGFiTm50M3UtWkF2RzIwRlQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQBVP6CAwQA
VP6JMAwDBARU/pADBABU/pIDBABU/qQDBABf0m8DBAFf0oQDBACw44MDBAGw44ow
DQYJKoZIhvcNAQELBQADggEBAHA/0dvk860Pw2wedA3WJCBPP+wGpIIt3tvCQ9sO
PXL98u+Aa266O2QeqD2+r9W1eAI84kp2tIGYE5apqf709uPKo46b9ZH9WsYpKFHB
/SDq7fUogwINTyxXM8rKQbanU3Srd+mYy5B88D05EDK95xnfO/CARJDgeg1b3haR
ZmS38y0Vx+PSGl8dH1ZGUb/Bgn1b1Ku53ofqP5RW+CE+XR/r5RVSPj6p1WGwPQKU
1ykDgj4yIHLJHcDJJvFDsSwuVLGHma51vET9TMcsV35mZ6nGSC2HicIPmq3+VLfT
hk1F61eS+piuyi3OqeHEA2zF8RoluugEev1akq5OvS5oqcQ=
-----END CERTIFICATE-----