Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/SYLEBNN-hxmvQWmMMRT9c5HFrKs.roa
File:                     SYLEBNN-hxmvQWmMMRT9c5HFrKs.roa (raw, json)
Hash identifier:          JtaTlFmtVAIU6aB3/LF0eB8bycPONMcAIZxJ0do7yzI=
Subject key identifier:   49:82:C4:04:D3:7E:87:19:AF:41:69:8C:31:14:FD:73:91:C5:AC:AB
Certificate issuer:       /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial:       018CC64ADC5C7D8113C82104E0E343E9065F
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/SYLEBNN-hxmvQWmMMRT9c5HFrKs.roa
Signing time:             Mon 01 Jan 2024 18:30:43 +0000
ROA not before:           Mon 01 Jan 2024 18:30:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30823
IP address blocks:        178.251.228.0/24 maxlen: 32
                          178.251.228.0/23 maxlen: 32
                          5.1.74.0/24 maxlen: 32
                          5.1.81.0/24 maxlen: 32
                          2a01:367::/32 maxlen: 32
                          2a01:367:c204::/48 maxlen: 48
                          2a00:f826:3::/48 maxlen: 48
                          2a01:366::/32 maxlen: 32
                          2a01:363::/32 maxlen: 32
                          2a01:367:cff3::/48 maxlen: 48
                          2a01:367:dead::/48 maxlen: 48
                          2a01:365::/32 maxlen: 32
                          2a01:364::/32 maxlen: 32

Validation:               Failed, certificate revoked on Fri 03 May 2024 14:40:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:dc:5c:7d:81:13:c8:21:04:e0:e3:43:e9:06:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
        Validity
            Not Before: Jan  1 18:30:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4982c404d37e8719af41698c3114fd7391c5acab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:6b:66:45:42:65:27:4d:98:30:ae:2f:93:66:
                    2a:33:43:23:dd:4d:36:24:86:94:85:ba:85:86:59:
                    2a:c7:9e:98:26:d8:f0:2c:97:8d:ef:39:f0:a8:9a:
                    ed:bb:4f:d6:60:4b:ae:00:7a:cb:5d:b5:16:8e:63:
                    17:bc:a5:04:46:77:f6:5b:12:03:23:64:a1:8c:7e:
                    ed:78:0a:f3:54:37:06:e7:b1:86:17:99:6f:33:5f:
                    98:33:5b:3e:b0:36:06:08:03:f1:43:a1:6b:36:9a:
                    07:33:af:ed:b1:8d:35:72:56:6f:f9:11:57:59:18:
                    33:78:37:25:23:33:0d:6e:96:76:27:65:7a:07:0b:
                    75:b6:30:28:8d:36:07:14:9e:1b:1d:20:b2:73:35:
                    7a:7b:10:8e:93:67:fb:c8:90:8c:98:2e:ff:d7:e7:
                    76:30:fa:7b:12:66:68:b2:4a:a9:ab:20:79:8d:f4:
                    b4:02:c2:ae:f3:f0:b5:42:2e:78:f8:c9:3a:ca:bf:
                    02:f0:8d:e6:58:ea:cb:e9:be:a9:a9:a1:a9:76:df:
                    f7:32:04:1a:9c:39:a0:67:60:27:f8:87:91:c3:bd:
                    02:43:f8:0e:24:8a:62:89:46:e1:18:79:f4:68:2a:
                    4d:0b:7a:2f:ba:3a:d4:d1:b3:87:01:94:f0:41:c2:
                    19:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:82:C4:04:D3:7E:87:19:AF:41:69:8C:31:14:FD:73:91:C5:AC:AB
            X509v3 Authority Key Identifier:
                keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/SYLEBNN-hxmvQWmMMRT9c5HFrKs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.1.74.0/24
                  5.1.81.0/24
                  178.251.228.0/23
                IPv6:
                  2a00:f826:3::/48
                  2a01:363::-2a01:367:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         99:31:5f:b7:a0:34:86:f5:7b:b1:3a:d9:fc:cb:98:04:46:a1:
         1e:e8:dc:7f:02:fb:9a:d9:8b:25:79:b2:94:77:87:64:04:5f:
         83:c2:51:78:72:f8:2a:64:61:ad:77:d1:41:f0:72:b2:d4:42:
         1d:fc:cd:ba:da:c7:d4:da:51:24:56:1a:d2:59:5f:a1:d8:fe:
         bc:e2:e8:32:3e:81:78:e0:02:86:66:26:23:b2:47:d4:ec:d7:
         e8:43:5a:56:2a:cb:d5:45:d3:de:32:77:96:14:a3:bb:fe:db:
         db:30:ae:73:a4:99:f7:ae:fd:72:a5:bb:05:d9:04:5b:b3:e1:
         a3:a7:74:9a:e8:ac:6e:20:e0:ac:84:b7:53:e3:f4:5d:ef:9c:
         de:2c:3a:88:d9:00:2a:fd:47:05:75:63:e9:a6:c4:dd:6b:bf:
         ce:1c:f0:b6:80:6f:04:89:f5:e3:d6:78:09:34:d3:05:99:40:
         b1:70:f3:c7:a4:66:07:8b:d7:e1:09:ee:88:54:c0:df:0a:95:
         82:38:02:33:f1:2a:32:13:52:93:fa:f9:81:46:ba:0d:3b:37:
         34:52:3e:06:70:fc:54:33:e9:f5:9b:1a:3d:f3:e1:b5:1f:f8:
         12:01:bd:d9:c0:47:66:65:9f:4a:da:a8:77:62:81:7a:be:dd:
         65:7f:fb:f9
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAYzGStxcfYETyCEE4OND6QZfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MjUzYzRmMjMzY2U5ODQ3Njk5YWU2OGVjYmY1ZDc1MTRi
MGZhZGIwHhcNMjQwMTAxMTgzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTgyYzQwNGQzN2U4NzE5YWY0MTY5OGMzMTE0ZmQ3MzkxYzVhY2FiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkGtmRUJlJ02YMK4vk2YqM0Mj3U02
JIaUhbqFhlkqx56YJtjwLJeN7znwqJrtu0/WYEuuAHrLXbUWjmMXvKUERnf2WxID
I2ShjH7teArzVDcG57GGF5lvM1+YM1s+sDYGCAPxQ6FrNpoHM6/tsY01clZv+RFX
WRgzeDclIzMNbpZ2J2V6Bwt1tjAojTYHFJ4bHSCyczV6exCOk2f7yJCMmC7/1+d2
MPp7EmZoskqpqyB5jfS0AsKu8/C1Qi54+Mk6yr8C8I3mWOrL6b6pqaGpdt/3MgQa
nDmgZ2An+IeRw70CQ/gOJIpiiUbhGHn0aCpNC3ovujrU0bOHAZTwQcIZ6QIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFEmCxATTfocZr0FpjDEU/XORxayrMB8GA1UdIwQY
MBaAFLQlPE8jPOmEdpmuaOy/XXUUsPrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMt
NThiMzhmNWFjODBiLzEvU1lMRUJOTi1oeG12UVdtTU1SVDljNUhGcktzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMtNThiMzhmNWFjODBi
LzEvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAYBAIAATASAwQABQFKAwQA
BQFRAwQBsvvkMB8EAgACMBkDBwAqAPgmAAMwDgMFACoBA2MDBQMqAQNgMA0GCSqG
SIb3DQEBCwUAA4IBAQCZMV+3oDSG9XuxOtn8y5gERqEe6Nx/Avua2YslebKUd4dk
BF+DwlF4cvgqZGGtd9FB8HKy1EId/M262sfU2lEkVhrSWV+h2P684ugyPoF44AKG
ZiYjskfU7NfoQ1pWKsvVRdPeMneWFKO7/tvbMK5zpJn3rv1ypbsF2QRbs+Gjp3Sa
6KxuIOCshLdT4/Rd75zeLDqI2QAq/UcFdWPppsTda7/OHPC2gG8EifXj1ngJNNMF
mUCxcPPHpGYHi9fhCe6IVMDfCpWCOAIz8SoyE1KT+vmBRroNOzc0Uj4GcPxUM+n1
mxo98+G1H/gSAb3ZwEdmZZ9K2qh3YoF6vt1lf/v5
-----END CERTIFICATE-----