Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/243f91-8747-4981-9cbf-1d373499924e/1/sQDD6m3GkxQ30JWiqpqqY9OWw38.roa
File:                     sQDD6m3GkxQ30JWiqpqqY9OWw38.roa (raw, json)
Hash identifier:          v885Te1wTXVa1pHZq6+/VWzjHNoNN6yzMxF7QsWXlaI=
Subject key identifier:   B1:00:C3:EA:6D:C6:93:14:37:D0:95:A2:AA:9A:AA:63:D3:96:C3:7F
Certificate issuer:       /CN=c755702467770ed69b367b77bbe640bc6db4153e
Certificate serial:       0188D7C8731A8BE1730D49C84195DD264870
Authority key identifier: C7:55:70:24:67:77:0E:D6:9B:36:7B:77:BB:E6:40:BC:6D:B4:15:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x1VwJGd3DtabNnt3u-ZAvG20FT4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/243f91-8747-4981-9cbf-1d373499924e/1/sQDD6m3GkxQ30JWiqpqqY9OWw38.roa
Signing time:             Tue 20 Jun 2023 07:50:18 +0000
ROA not before:           Tue 20 Jun 2023 07:50:18 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     201935
IP address blocks:        84.254.137.0/24 maxlen: 24
                          84.254.144.0/24 maxlen: 24
                          84.254.144.0/23 maxlen: 24
                          84.254.145.0/24 maxlen: 24
                          95.210.111.0/24 maxlen: 24
                          95.210.132.0/24 maxlen: 24
                          95.210.132.0/23 maxlen: 24
                          95.210.133.0/24 maxlen: 24
                          176.227.131.0/24 maxlen: 24
                          84.254.130.0/24 maxlen: 24
                          84.254.131.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 19 Jul 2023 12:24:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:d7:c8:73:1a:8b:e1:73:0d:49:c8:41:95:dd:26:48:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c755702467770ed69b367b77bbe640bc6db4153e
        Validity
            Not Before: Jun 20 07:50:18 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b100c3ea6dc6931437d095a2aa9aaa63d396c37f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:34:9d:db:62:07:60:7a:97:28:36:c7:99:0d:
                    fc:cc:0e:a7:8f:31:9e:98:ae:42:0e:d1:b4:6a:bb:
                    67:c2:d0:e4:6c:cd:66:36:1b:d8:26:d4:ed:32:47:
                    69:3e:2b:fb:97:a1:ea:5c:37:76:69:d9:b0:96:17:
                    ad:b0:1d:cc:ef:51:89:ec:7d:61:5a:10:ef:89:c3:
                    04:07:3c:9a:31:c2:b3:7a:ee:80:d7:48:a8:d7:63:
                    2e:aa:bb:19:f6:d7:d2:61:80:1d:ca:70:ae:b0:e9:
                    1c:97:04:4e:7c:f2:b1:75:b9:85:d5:ab:fc:1e:b6:
                    a1:b0:9c:64:3d:49:3f:aa:b8:69:86:53:26:b6:22:
                    16:69:87:01:82:e1:96:cb:76:91:e9:0d:37:e8:7a:
                    9d:8d:7d:45:2f:c4:f2:37:c7:f3:b3:22:48:ce:b5:
                    e9:69:af:cb:85:01:ca:e9:9b:90:8b:49:db:9b:13:
                    35:76:cd:81:e7:14:bf:fa:d8:48:3d:e3:34:c7:c2:
                    7f:c4:a5:d7:2b:c8:6d:66:7d:b7:b9:75:55:43:56:
                    eb:df:d7:07:9f:76:0e:7d:f6:3d:5b:a3:8c:96:37:
                    32:6a:5a:b8:d8:b2:66:58:79:ed:bd:39:26:6a:c9:
                    b0:ad:db:4e:2a:64:a3:cd:d1:df:a8:31:94:a9:8b:
                    f4:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:00:C3:EA:6D:C6:93:14:37:D0:95:A2:AA:9A:AA:63:D3:96:C3:7F
            X509v3 Authority Key Identifier:
                keyid:C7:55:70:24:67:77:0E:D6:9B:36:7B:77:BB:E6:40:BC:6D:B4:15:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x1VwJGd3DtabNnt3u-ZAvG20FT4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/243f91-8747-4981-9cbf-1d373499924e/1/sQDD6m3GkxQ30JWiqpqqY9OWw38.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/243f91-8747-4981-9cbf-1d373499924e/1/x1VwJGd3DtabNnt3u-ZAvG20FT4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.254.130.0/23
                  84.254.137.0/24
                  84.254.144.0/23
                  95.210.111.0/24
                  95.210.132.0/23
                  176.227.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:c5:5f:20:f0:1f:7b:27:ec:e3:77:91:0b:75:58:62:2b:09:
         12:53:5a:9d:8c:5f:35:27:d8:f1:78:97:91:85:16:74:a5:a2:
         fd:95:c3:61:80:03:66:ea:ef:38:65:15:24:38:44:83:0f:f3:
         ac:54:a1:7a:60:6c:a9:82:58:46:ab:3d:a8:1d:cc:aa:33:50:
         e3:54:98:f2:bd:0d:59:36:94:0a:97:bb:01:14:5b:2d:48:c0:
         52:c5:58:c3:08:5f:97:53:23:b4:42:4b:b2:b0:b7:0a:4f:7f:
         1e:84:43:df:11:8b:a1:b7:5e:83:94:0c:02:29:71:de:9a:30:
         c2:b8:aa:be:da:28:77:cc:eb:d7:8e:71:e7:48:b1:19:f6:9c:
         4e:8b:ae:07:fc:ca:33:13:a1:f4:8f:b6:69:82:71:93:8e:dd:
         85:be:25:bb:7e:9e:06:b1:f1:89:52:95:88:d5:36:3e:49:b3:
         74:d4:b0:f6:59:73:ae:04:d1:c4:2b:12:b5:16:8a:ae:c1:11:
         ab:53:63:cb:60:03:c1:ff:50:cf:13:12:71:5d:46:eb:c9:0a:
         a7:47:fa:b3:70:a4:c8:66:2b:cb:0a:c2:fb:cf:c4:30:2e:0b:
         bb:f6:2c:30:80:80:1e:10:54:82:c1:d2:86:3b:7f:6e:3f:44:
         b0:1d:6a:b0
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYjXyHMai+FzDUnIQZXdJkhwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NTU3MDI0Njc3NzBlZDY5YjM2N2I3N2JiZTY0MGJjNmRi
NDE1M2UwHhcNMjMwNjIwMDc1MDE4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTAwYzNlYTZkYzY5MzE0MzdkMDk1YTJhYTlhYWE2M2QzOTZjMzdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlDSd22IHYHqXKDbHmQ38zA6njzGe
mK5CDtG0artnwtDkbM1mNhvYJtTtMkdpPiv7l6HqXDd2admwlhetsB3M71GJ7H1h
WhDvicMEBzyaMcKzeu6A10io12MuqrsZ9tfSYYAdynCusOkclwROfPKxdbmF1av8
HrahsJxkPUk/qrhphlMmtiIWaYcBguGWy3aR6Q036HqdjX1FL8TyN8fzsyJIzrXp
aa/LhQHK6ZuQi0nbmxM1ds2B5xS/+thIPeM0x8J/xKXXK8htZn23uXVVQ1br39cH
n3YOffY9W6OMljcyalq42LJmWHntvTkmasmwrdtOKmSjzdHfqDGUqYv0xwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFLEAw+ptxpMUN9CVoqqaqmPTlsN/MB8GA1UdIwQY
MBaAFMdVcCRndw7WmzZ7d7vmQLxttBU+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDFWd0pHZDNEdGFiTm50M3UtWkF2RzIwRlQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy8yNDNmOTEtODc0Ny00OTgxLTljYmYt
MWQzNzM0OTk5MjRlLzEvc1FERDZtM0dreFEzMEpXaXFwcXFZOU9XdzM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy8yNDNmOTEtODc0Ny00OTgxLTljYmYtMWQzNzM0OTk5MjRl
LzEveDFWd0pHZDNEdGFiTm50M3UtWkF2RzIwRlQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQBVP6CAwQA
VP6JAwQBVP6QAwQAX9JvAwQBX9KEAwQAsOODMA0GCSqGSIb3DQEBCwUAA4IBAQBH
xV8g8B97J+zjd5ELdVhiKwkSU1qdjF81J9jxeJeRhRZ0paL9lcNhgANm6u84ZRUk
OESDD/OsVKF6YGypglhGqz2oHcyqM1DjVJjyvQ1ZNpQKl7sBFFstSMBSxVjDCF+X
UyO0QkuysLcKT38ehEPfEYuht16DlAwCKXHemjDCuKq+2ih3zOvXjnHnSLEZ9pxO
i64H/MozE6H0j7ZpgnGTjt2FviW7fp4GsfGJUpWI1TY+SbN01LD2WXOuBNHEKxK1
FoquwRGrU2PLYAPB/1DPExJxXUbryQqnR/qzcKTIZivLCsL7z8QwLgu79iwwgIAe
EFSCwdKGO39uP0SwHWqw
-----END CERTIFICATE-----