Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/Iy7OluYGF8Jig1fXrYnSICZLDXo.roa
File:                     Iy7OluYGF8Jig1fXrYnSICZLDXo.roa (raw, json)
Hash identifier:          H+H05Y1VNRf0UezZBWTbdwSR0sVXevvj+CiQ6dfdFrw=
Subject key identifier:   23:2E:CE:96:E6:06:17:C2:62:83:57:D7:AD:89:D2:20:26:4B:0D:7A
Certificate issuer:       /CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Certificate serial:       018D2D9CAC878D86E87F0CDA56BEF573E6DD
Authority key identifier: 72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/Iy7OluYGF8Jig1fXrYnSICZLDXo.roa
Signing time:             Sun 21 Jan 2024 20:00:58 +0000
ROA not before:           Sun 21 Jan 2024 20:00:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        5.182.187.0/24 maxlen: 24
                          5.182.198.0/24 maxlen: 24
                          63.246.130.0/24 maxlen: 24
                          63.246.131.0/24 maxlen: 24
                          63.246.132.0/24 maxlen: 24
                          63.246.133.0/24 maxlen: 24
                          63.246.137.0/24 maxlen: 24
                          63.246.144.0/24 maxlen: 24
                          63.246.151.0/24 maxlen: 24
                          63.246.158.0/24 maxlen: 24
                          78.31.204.0/24 maxlen: 24
                          94.154.170.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 04 Apr 2024 04:51:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:2d:9c:ac:87:8d:86:e8:7f:0c:da:56:be:f5:73:e6:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
        Validity
            Not Before: Jan 21 20:00:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=232ece96e60617c2628357d7ad89d220264b0d7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:33:de:cf:ec:e2:a4:5d:5a:f0:92:eb:e5:b2:
                    8d:94:25:ab:b1:ca:6d:7d:42:00:58:8f:5f:7b:b1:
                    fe:51:37:2d:89:dd:21:9f:2b:4e:9e:c3:a7:c9:fa:
                    ef:99:b0:33:77:7c:80:ac:d5:75:0e:19:9b:29:f9:
                    af:e4:97:64:53:54:32:4c:56:33:af:0c:41:9c:fe:
                    d9:22:c8:2e:0c:3d:0a:5f:68:bc:76:88:93:62:02:
                    08:63:f2:93:cf:23:02:58:94:7e:43:36:a7:63:5d:
                    91:2a:db:6e:f9:c1:08:c4:0c:46:3a:ce:10:9c:d8:
                    ed:f6:ac:ce:c4:e8:92:89:89:22:7b:65:bf:2a:56:
                    ea:90:b8:27:71:eb:93:e0:65:97:e3:1e:c9:04:48:
                    a4:c1:ca:9f:02:7a:32:fe:a2:f8:d8:e2:37:4c:d4:
                    32:67:b5:c4:8a:e4:5d:45:65:1f:67:ac:88:40:b2:
                    16:83:22:28:b4:45:e8:5b:ca:33:11:23:00:66:76:
                    2e:d1:47:7f:27:03:15:e2:3e:c2:86:91:e6:3d:5c:
                    47:4e:89:3f:42:5f:58:1c:f1:b3:fa:e8:88:b5:07:
                    35:76:c2:54:71:91:5c:55:56:44:69:a2:da:41:29:
                    b5:85:42:23:0f:0b:75:ae:4c:d2:56:bf:66:f1:e4:
                    84:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:2E:CE:96:E6:06:17:C2:62:83:57:D7:AD:89:D2:20:26:4B:0D:7A
            X509v3 Authority Key Identifier:
                keyid:72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/Iy7OluYGF8Jig1fXrYnSICZLDXo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.187.0/24
                  5.182.198.0/24
                  63.246.130.0-63.246.133.255
                  63.246.137.0/24
                  63.246.144.0/24
                  63.246.151.0/24
                  63.246.158.0/24
                  78.31.204.0/24
                  94.154.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:12:63:ec:96:8f:5b:b9:85:88:2d:31:5c:7d:b3:f3:29:8c:
         95:41:25:2a:1e:bb:87:0e:6b:36:f8:93:c6:67:7f:c6:d4:c2:
         87:31:de:7c:24:74:69:f5:81:31:89:0c:d3:5d:e1:a6:b1:33:
         21:0c:f4:71:1a:17:95:4e:f8:b1:e0:dc:68:8b:64:0e:fb:41:
         3c:91:ba:ff:23:18:81:3c:1d:de:d5:bd:74:fa:4d:cf:27:87:
         c7:82:6a:18:e7:ca:8c:a9:70:19:bd:0c:fa:01:de:df:64:1f:
         91:16:21:23:98:50:34:c9:09:42:f1:19:9a:98:c7:64:f7:80:
         37:79:56:32:fa:f0:a2:d9:5c:38:5a:2e:b8:96:8b:6d:79:ad:
         22:9a:a4:84:16:5c:38:4c:e3:02:50:a3:34:2f:0e:da:29:d5:
         9b:7e:b5:9f:e0:96:74:bf:30:7f:f2:28:ee:a0:eb:a1:f9:1a:
         21:72:1b:f1:03:39:57:69:b9:e4:df:5c:4e:18:5a:07:26:ef:
         33:9d:d5:d0:85:5a:87:31:bb:a8:0e:4b:ca:66:8d:8c:61:ba:
         16:db:3f:7b:25:32:68:84:c1:bb:2b:58:72:07:be:13:52:a1:
         13:64:44:6b:a0:84:a4:ed:43:a5:f2:2c:69:c4:01:49:db:8a:
         52:17:f3:df
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAY0tnKyHjYbofwzaVr71c+bdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYjc4ZjY2ODJmYzM5YzU1YjQxZDQ4ZjgwYjg4MzhkNWQy
ZGJmMDcwHhcNMjQwMTIxMjAwMDU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzJlY2U5NmU2MDYxN2MyNjI4MzU3ZDdhZDg5ZDIyMDI2NGIwZDdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkzPez+zipF1a8JLr5bKNlCWrscpt
fUIAWI9fe7H+UTctid0hnytOnsOnyfrvmbAzd3yArNV1DhmbKfmv5JdkU1QyTFYz
rwxBnP7ZIsguDD0KX2i8doiTYgIIY/KTzyMCWJR+QzanY12RKttu+cEIxAxGOs4Q
nNjt9qzOxOiSiYkie2W/KlbqkLgnceuT4GWX4x7JBEikwcqfAnoy/qL42OI3TNQy
Z7XEiuRdRWUfZ6yIQLIWgyIotEXoW8ozESMAZnYu0Ud/JwMV4j7ChpHmPVxHTok/
Ql9YHPGz+uiItQc1dsJUcZFcVVZEaaLaQSm1hUIjDwt1rkzSVr9m8eSE8QIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFCMuzpbmBhfCYoNX162J0iAmSw16MB8GA1UdIwQY
MBaAFHK3j2aC/DnFW0HUj4C4g41dLb8HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEt
ZjNlNTA2YWVhYTAxLzEvSXk3T2x1WUdGOEppZzFmWHJZblNJQ1pMRFhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEtZjNlNTA2YWVhYTAx
LzEvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQABba7AwQA
BbbGMAwDBAE/9oIDBAE/9oQDBAA/9okDBAA/9pADBAA/9pcDBAA/9p4DBABOH8wD
BABemqowDQYJKoZIhvcNAQELBQADggEBAF8SY+yWj1u5hYgtMVx9s/MpjJVBJSoe
u4cOazb4k8Znf8bUwocx3nwkdGn1gTGJDNNd4aaxMyEM9HEaF5VO+LHg3GiLZA77
QTyRuv8jGIE8Hd7VvXT6Tc8nh8eCahjnyoypcBm9DPoB3t9kH5EWISOYUDTJCULx
GZqYx2T3gDd5VjL68KLZXDhaLriWi215rSKapIQWXDhM4wJQozQvDtop1Zt+tZ/g
lnS/MH/yKO6g66H5GiFyG/EDOVdpueTfXE4YWgcm7zOd1dCFWocxu6gOS8pmjYxh
uhbbP3slMmiEwbsrWHIHvhNSoRNkRGughKTtQ6XyLGnEAUnbilIX898=
-----END CERTIFICATE-----