Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/9aaf24-5346-4480-bbf3-a6410919e898/1/Gs2HxTdBdaHuGmOD3cgex5kcd1A.roa
File:                     Gs2HxTdBdaHuGmOD3cgex5kcd1A.roa (raw, json)
Hash identifier:          EngYXOko/dHxhkYWvm55G+T8pXZTe34wCHWN/CkFvkc=
Subject key identifier:   1A:CD:87:C5:37:41:75:A1:EE:1A:63:83:DD:C8:1E:C7:99:1C:77:50
Certificate issuer:       /CN=0b2ce7fd2f5b1b79757c8973ae3f7b0be686385b
Certificate serial:       018CC727333E369DE619AC5F1E0B8C897F34
Authority key identifier: 0B:2C:E7:FD:2F:5B:1B:79:75:7C:89:73:AE:3F:7B:0B:E6:86:38:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Cyzn_S9bG3l1fIlzrj97C-aGOFs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/9aaf24-5346-4480-bbf3-a6410919e898/1/Gs2HxTdBdaHuGmOD3cgex5kcd1A.roa
Signing time:             Mon 01 Jan 2024 22:31:24 +0000
ROA not before:           Mon 01 Jan 2024 22:31:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202921
IP address blocks:        185.148.214.0/24 maxlen: 24
                          185.148.215.0/24 maxlen: 24
                          147.161.24.0/22 maxlen: 22
                          212.69.128.0/24 maxlen: 24
                          212.69.129.0/24 maxlen: 24
                          212.69.130.0/24 maxlen: 24
                          212.69.128.0/22 maxlen: 22
                          212.69.131.0/24 maxlen: 24
                          185.148.212.0/22 maxlen: 22
                          185.148.212.0/24 maxlen: 24
                          185.148.213.0/24 maxlen: 24
                          2a0d:f780::/29 maxlen: 29

Validation:               Failed, certificate revoked on Wed 31 Jan 2024 11:28:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:33:3e:36:9d:e6:19:ac:5f:1e:0b:8c:89:7f:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b2ce7fd2f5b1b79757c8973ae3f7b0be686385b
        Validity
            Not Before: Jan  1 22:31:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1acd87c5374175a1ee1a6383ddc81ec7991c7750
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:a7:18:16:39:3b:e2:da:8c:b4:5d:d9:46:ea:
                    ce:5e:a8:80:41:d9:a3:df:dc:e8:60:4c:fc:eb:15:
                    6f:7d:8f:a0:dc:e3:21:33:c8:17:bb:f1:a3:11:4d:
                    08:56:ed:44:5d:e3:c9:25:c8:bd:a9:6f:4b:a8:0f:
                    f2:e4:22:ea:a5:5f:ed:de:0c:a5:bc:94:39:d9:f7:
                    af:36:4d:d6:de:b7:b3:54:f3:fa:15:b5:c4:80:9c:
                    29:ae:85:3d:e4:3c:8c:b2:51:e2:41:ea:87:86:a4:
                    08:cf:81:1b:52:ff:9f:ab:61:9b:c0:e2:43:92:a4:
                    8c:ec:dd:2d:b2:0f:9d:a1:a7:69:31:8f:ac:2c:14:
                    39:98:7a:ac:73:d4:8d:e4:60:66:dc:be:0a:d9:e9:
                    86:e5:64:c7:51:81:82:82:d6:fc:dd:a3:59:fd:eb:
                    0c:71:7f:15:4a:22:9e:ab:53:45:5a:59:73:60:50:
                    e8:d6:4a:ba:5f:0b:a7:8b:b6:79:7b:b4:31:10:79:
                    71:dc:35:3e:69:74:46:53:fa:9d:a1:6b:84:39:95:
                    6b:36:a3:d1:c6:ca:a0:43:a8:14:47:21:e4:eb:a9:
                    be:0b:a3:af:07:0f:be:e8:72:37:cc:53:06:fa:c5:
                    57:be:90:a7:2f:c6:ca:37:88:d0:16:94:c7:db:e9:
                    df:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:CD:87:C5:37:41:75:A1:EE:1A:63:83:DD:C8:1E:C7:99:1C:77:50
            X509v3 Authority Key Identifier:
                keyid:0B:2C:E7:FD:2F:5B:1B:79:75:7C:89:73:AE:3F:7B:0B:E6:86:38:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Cyzn_S9bG3l1fIlzrj97C-aGOFs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9aaf24-5346-4480-bbf3-a6410919e898/1/Gs2HxTdBdaHuGmOD3cgex5kcd1A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9aaf24-5346-4480-bbf3-a6410919e898/1/Cyzn_S9bG3l1fIlzrj97C-aGOFs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.161.24.0/22
                  185.148.212.0/22
                  212.69.128.0/22
                IPv6:
                  2a0d:f780::/29

    Signature Algorithm: sha256WithRSAEncryption
         63:66:8f:bb:ae:2f:d3:44:61:0d:80:5a:b8:de:b0:9c:bf:7c:
         14:d7:28:8a:1b:e7:b1:36:08:c7:e2:26:94:2c:ae:f2:f0:ab:
         68:1e:66:01:18:de:08:b4:bb:53:bc:a0:f7:13:49:e1:3d:36:
         5b:95:54:b1:b7:6f:1b:7a:e4:8f:35:7d:96:2c:67:8f:2f:81:
         d3:22:3b:33:11:e4:cc:9a:56:da:7c:f6:e2:86:d4:63:55:6e:
         3c:38:63:eb:b3:f6:af:1b:1c:82:21:f6:62:48:d0:49:f8:cd:
         c7:c3:04:50:bf:fc:5f:4e:14:64:7f:c7:d6:6b:97:1c:40:f6:
         7d:f4:4c:30:c4:d3:89:e5:26:ba:04:18:af:5b:36:06:a5:22:
         1b:e6:02:e1:f2:2f:d6:33:1f:10:f8:cc:b2:05:21:a7:0c:fb:
         9e:33:aa:9e:4d:61:c0:94:af:f2:81:c6:9d:df:63:75:f7:78:
         25:f1:0e:ef:5a:2c:18:ba:db:ec:70:a6:06:9e:65:19:57:e6:
         a7:25:d6:88:a0:34:b3:15:c6:dd:d9:fa:a3:f1:7a:50:6a:9c:
         02:65:4e:81:96:47:8f:db:82:36:27:eb:23:e7:47:ab:8f:c1:
         84:91:57:35:fe:9e:a0:aa:4b:df:c5:01:17:d0:74:c7:3a:2e:
         ff:23:6d:76
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYzHJzM+Np3mGaxfHguMiX80MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiMmNlN2ZkMmY1YjFiNzk3NTdjODk3M2FlM2Y3YjBiZTY4
NjM4NWIwHhcNMjQwMTAxMjIzMTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYWNkODdjNTM3NDE3NWExZWUxYTYzODNkZGM4MWVjNzk5MWM3NzUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq6cYFjk74tqMtF3ZRurOXqiAQdmj
39zoYEz86xVvfY+g3OMhM8gXu/GjEU0IVu1EXePJJci9qW9LqA/y5CLqpV/t3gyl
vJQ52fevNk3W3rezVPP6FbXEgJwproU95DyMslHiQeqHhqQIz4EbUv+fq2GbwOJD
kqSM7N0tsg+doadpMY+sLBQ5mHqsc9SN5GBm3L4K2emG5WTHUYGCgtb83aNZ/esM
cX8VSiKeq1NFWllzYFDo1kq6Xwuni7Z5e7QxEHlx3DU+aXRGU/qdoWuEOZVrNqPR
xsqgQ6gURyHk66m+C6OvBw++6HI3zFMG+sVXvpCnL8bKN4jQFpTH2+nfmwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFBrNh8U3QXWh7hpjg93IHseZHHdQMB8GA1UdIwQY
MBaAFAss5/0vWxt5dXyJc64/ewvmhjhbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ3l6bl9TOWJHM2wxZklsenJqOTdDLWFHT0ZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85YWFmMjQtNTM0Ni00NDgwLWJiZjMt
YTY0MTA5MTllODk4LzEvR3MySHhUZEJkYUh1R21PRDNjZ2V4NWtjZDFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85YWFmMjQtNTM0Ni00NDgwLWJiZjMtYTY0MTA5MTllODk4
LzEvQ3l6bl9TOWJHM2wxZklsenJqOTdDLWFHT0ZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQCk6EYAwQC
uZTUAwQC1EWAMA0EAgACMAcDBQMqDfeAMA0GCSqGSIb3DQEBCwUAA4IBAQBjZo+7
ri/TRGENgFq43rCcv3wU1yiKG+exNgjH4iaULK7y8KtoHmYBGN4ItLtTvKD3E0nh
PTZblVSxt28beuSPNX2WLGePL4HTIjszEeTMmlbafPbihtRjVW48OGPrs/avGxyC
IfZiSNBJ+M3HwwRQv/xfThRkf8fWa5ccQPZ99EwwxNOJ5Sa6BBivWzYGpSIb5gLh
8i/WMx8Q+MyyBSGnDPueM6qeTWHAlK/ygcad32N193gl8Q7vWiwYutvscKYGnmUZ
V+anJdaIoDSzFcbd2fqj8XpQapwCZU6BlkeP24I2J+sj50erj8GEkVc1/p6gqkvf
xQEX0HTHOi7/I212
-----END CERTIFICATE-----