Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/58e655-e713-45d2-958a-1822867e1596/1/8mJSNYMTXUQqd4PTH41GlIUnYLM.roa
File:                     8mJSNYMTXUQqd4PTH41GlIUnYLM.roa (raw, json)
Hash identifier:          jA5X98sjM3FfqQA7r5xVnyIqQCNUsYsXRhO8L/qNeJk=
Subject key identifier:   F2:62:52:35:83:13:5D:44:2A:77:83:D3:1F:8D:46:94:85:27:60:B3
Certificate issuer:       /CN=dc4e453affe895b6452b84027437c5c00fd37067
Certificate serial:       018CC9BB09E1B569DAF1B6E290FE77FE44A6
Authority key identifier: DC:4E:45:3A:FF:E8:95:B6:45:2B:84:02:74:37:C5:C0:0F:D3:70:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3E5FOv_olbZFK4QCdDfFwA_TcGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/58e655-e713-45d2-958a-1822867e1596/1/8mJSNYMTXUQqd4PTH41GlIUnYLM.roa
Signing time:             Tue 02 Jan 2024 10:32:07 +0000
ROA not before:           Tue 02 Jan 2024 10:32:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35226
IP address blocks:        185.179.40.0/24 maxlen: 24
                          89.184.56.0/23 maxlen: 23
                          89.16.64.0/19 maxlen: 19
                          109.106.96.0/20 maxlen: 20
                          78.143.128.0/18 maxlen: 18
                          109.106.112.0/21 maxlen: 21
                          109.106.124.0/22 maxlen: 22
                          89.184.32.0/22 maxlen: 22
                          89.184.40.0/21 maxlen: 21
                          89.184.48.0/21 maxlen: 21

Validation:               Failed, certificate revoked on Fri 23 Feb 2024 09:52:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:09:e1:b5:69:da:f1:b6:e2:90:fe:77:fe:44:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc4e453affe895b6452b84027437c5c00fd37067
        Validity
            Not Before: Jan  2 10:32:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f262523583135d442a7783d31f8d4694852760b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:51:2b:9f:a8:c5:ca:52:39:af:c5:7b:0b:c7:
                    33:f4:cb:21:3c:a5:31:90:ad:9e:45:32:74:5f:f6:
                    aa:5e:5c:66:8e:09:fd:65:f5:a1:11:06:d4:07:1d:
                    80:89:a8:9f:40:c1:5a:e6:11:1a:be:b5:91:a9:69:
                    c5:a7:90:8c:2a:67:59:b1:a8:a5:89:e8:ee:1b:cb:
                    0b:4a:9b:c5:de:83:a4:59:36:78:2e:7a:02:b4:f4:
                    52:03:90:cc:50:c5:d8:90:56:de:8c:ec:3a:74:7e:
                    63:a5:cd:78:f0:8b:70:80:3f:7f:27:0f:b1:83:fb:
                    23:ce:15:8a:92:01:dd:64:8f:4f:b1:58:6a:e4:86:
                    18:d3:30:af:65:ef:32:bf:37:fd:85:4c:8f:39:1b:
                    05:b7:71:e5:07:1f:a9:53:9e:fd:51:1b:1e:ee:7c:
                    87:4f:e7:cc:9e:9f:1e:1a:07:bd:e6:b0:d1:87:9b:
                    d2:45:9e:2a:dd:56:68:cb:24:e6:9c:c9:9d:88:43:
                    5f:da:78:c5:c5:f4:c6:2c:bf:eb:75:b3:2f:91:d1:
                    4f:07:0c:6f:9d:72:9a:7e:27:6b:50:0d:14:08:f9:
                    0b:0c:60:55:23:94:29:3d:a9:b8:40:54:43:3f:0f:
                    1a:94:75:74:b0:a9:88:1c:73:82:d0:1f:54:6c:98:
                    8d:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:62:52:35:83:13:5D:44:2A:77:83:D3:1F:8D:46:94:85:27:60:B3
            X509v3 Authority Key Identifier:
                keyid:DC:4E:45:3A:FF:E8:95:B6:45:2B:84:02:74:37:C5:C0:0F:D3:70:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3E5FOv_olbZFK4QCdDfFwA_TcGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/58e655-e713-45d2-958a-1822867e1596/1/8mJSNYMTXUQqd4PTH41GlIUnYLM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/58e655-e713-45d2-958a-1822867e1596/1/3E5FOv_olbZFK4QCdDfFwA_TcGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.143.128.0/18
                  89.16.64.0/19
                  89.184.32.0/22
                  89.184.40.0-89.184.57.255
                  109.106.96.0-109.106.119.255
                  109.106.124.0/22
                  185.179.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:32:28:62:61:da:b5:00:07:c3:4b:0e:53:23:fa:7d:43:f8:
         2a:07:e8:31:ad:82:9f:9a:f2:34:34:e2:6f:bf:b1:b5:fa:ae:
         53:27:e9:c0:b5:d3:63:de:ec:ba:92:a1:22:75:0b:29:41:48:
         dd:7c:61:bc:1b:67:04:02:66:24:8d:b7:d2:11:4c:f3:c5:2a:
         cd:bd:1e:29:00:d9:6b:bd:a7:dd:b1:f2:42:c4:af:49:2f:4c:
         b8:e4:66:32:3c:7e:bc:1b:64:cf:f0:87:85:c5:10:19:e5:ce:
         eb:40:60:4a:2b:eb:16:42:47:68:ba:84:17:22:2a:11:aa:e8:
         4e:f8:94:ff:b7:7c:3a:85:4f:5c:de:60:83:32:a0:94:58:76:
         8d:73:f9:8a:64:41:5e:02:75:c4:e7:c4:e7:86:bd:05:fc:40:
         75:a4:f9:04:21:fe:b6:1b:88:28:cf:97:8d:80:6e:23:0e:95:
         fd:b8:f4:67:fa:e7:96:81:cf:32:f0:be:bd:bb:93:07:6f:e3:
         38:bb:69:26:bf:a4:61:73:67:90:ca:06:73:d7:53:e8:b2:3c:
         e5:18:42:50:6b:84:b1:aa:46:3c:47:87:3b:74:62:1f:d4:58:
         3a:73:80:90:e2:b3:98:cd:ca:92:62:4e:41:bc:22:1c:04:d8:
         c2:89:f5:6a
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAYzJuwnhtWna8bbikP53/kSmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjNGU0NTNhZmZlODk1YjY0NTJiODQwMjc0MzdjNWMwMGZk
MzcwNjcwHhcNMjQwMTAyMTAzMjA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjYyNTIzNTgzMTM1ZDQ0MmE3NzgzZDMxZjhkNDY5NDg1Mjc2MGIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj1Ern6jFylI5r8V7C8cz9MshPKUx
kK2eRTJ0X/aqXlxmjgn9ZfWhEQbUBx2AiaifQMFa5hEavrWRqWnFp5CMKmdZsail
iejuG8sLSpvF3oOkWTZ4LnoCtPRSA5DMUMXYkFbejOw6dH5jpc148ItwgD9/Jw+x
g/sjzhWKkgHdZI9PsVhq5IYY0zCvZe8yvzf9hUyPORsFt3HlBx+pU579URse7nyH
T+fMnp8eGge95rDRh5vSRZ4q3VZoyyTmnMmdiENf2njFxfTGLL/rdbMvkdFPBwxv
nXKafidrUA0UCPkLDGBVI5QpPam4QFRDPw8alHV0sKmIHHOC0B9UbJiNcwIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFPJiUjWDE11EKneD0x+NRpSFJ2CzMB8GA1UdIwQY
MBaAFNxORTr/6JW2RSuEAnQ3xcAP03BnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0U1Rk92X29sYlpGSzRRQ2REZkZ3QV9UY0djLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS81OGU2NTUtZTcxMy00NWQyLTk1OGEt
MTgyMjg2N2UxNTk2LzEvOG1KU05ZTVRYVVFxZDRQVEg0MUdsSVVuWUxNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS81OGU2NTUtZTcxMy00NWQyLTk1OGEtMTgyMjg2N2UxNTk2
LzEvM0U1Rk92X29sYlpGSzRRQ2REZkZ3QV9UY0djLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjBABAIAATA6AwQGTo+AAwQF
WRBAAwQCWbggMAwDBANZuCgDBAFZuDgwDAMEBW1qYAMEA21qcAMEAm1qfAMEALmz
KDANBgkqhkiG9w0BAQsFAAOCAQEAmjIoYmHatQAHw0sOUyP6fUP4KgfoMa2Cn5ry
NDTib7+xtfquUyfpwLXTY97supKhInULKUFI3XxhvBtnBAJmJI230hFM88Uqzb0e
KQDZa72n3bHyQsSvSS9MuORmMjx+vBtkz/CHhcUQGeXO60BgSivrFkJHaLqEFyIq
EaroTviU/7d8OoVPXN5ggzKglFh2jXP5imRBXgJ1xOfE54a9BfxAdaT5BCH+thuI
KM+XjYBuIw6V/bj0Z/rnloHPMvC+vbuTB2/jOLtpJr+kYXNnkMoGc9dT6LI85RhC
UGuEsapGPEeHO3RiH9RYOnOAkOKzmM3KkmJOQbwiHATYwon1ag==
-----END CERTIFICATE-----