Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/e08b8e-bf22-435c-8b1f-46bb7aec1f30/1/iSuRiTGnW4EbURgvoRAd2-oi9qg.roa
File:                     iSuRiTGnW4EbURgvoRAd2-oi9qg.roa (raw, json)
Hash identifier:          9eHrWSVofy+PsAo69rD3YuRoH4dj++73K1/YNG3N7Ew=
Subject key identifier:   89:2B:91:89:31:A7:5B:81:1B:51:18:2F:A1:10:1D:DB:EA:22:F6:A8
Certificate issuer:       /CN=af2f2e86dd7cc9101658ff8d5a5241445fcd1d6a
Certificate serial:       018BA6F9E1D775ABB8C2A0CCA55D36E6B587
Authority key identifier: AF:2F:2E:86:DD:7C:C9:10:16:58:FF:8D:5A:52:41:44:5F:CD:1D:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ry8uht18yRAWWP-NWlJBRF_NHWo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/e08b8e-bf22-435c-8b1f-46bb7aec1f30/1/iSuRiTGnW4EbURgvoRAd2-oi9qg.roa
Signing time:             Mon 06 Nov 2023 23:31:15 +0000
ROA not before:           Mon 06 Nov 2023 23:31:15 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     44947
IP address blocks:        128.65.173.0/24 maxlen: 24
                          128.65.174.0/24 maxlen: 24
                          128.65.175.0/24 maxlen: 24
                          194.26.2.0/24 maxlen: 24
                          194.26.3.0/24 maxlen: 24
                          128.65.165.0/24 maxlen: 24
                          128.65.166.0/24 maxlen: 24
                          194.26.21.0/24 maxlen: 24
                          128.65.167.0/24 maxlen: 24
                          128.65.168.0/24 maxlen: 24
                          128.65.169.0/24 maxlen: 24
                          128.65.170.0/24 maxlen: 24
                          128.65.171.0/24 maxlen: 24
                          128.65.172.0/24 maxlen: 24
                          194.26.20.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 08 Nov 2023 17:53:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:a6:f9:e1:d7:75:ab:b8:c2:a0:cc:a5:5d:36:e6:b5:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af2f2e86dd7cc9101658ff8d5a5241445fcd1d6a
        Validity
            Not Before: Nov  6 23:31:15 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=892b918931a75b811b51182fa1101ddbea22f6a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:81:51:45:b2:ff:d1:14:77:49:22:72:65:90:
                    b3:1c:79:2b:91:cf:98:45:57:9c:c8:ce:58:e7:c2:
                    3a:ba:2b:a7:bd:b3:6b:cf:55:1e:92:df:24:23:0e:
                    33:12:d3:91:96:22:69:27:4f:06:cb:0d:c6:75:99:
                    aa:94:46:2b:38:b2:44:3e:ca:22:1d:10:96:77:1d:
                    6e:ec:27:d4:32:ab:d1:35:1c:1f:63:c2:43:43:26:
                    a6:18:e6:b9:11:e4:82:12:14:af:85:ef:05:5a:d2:
                    d9:60:07:70:7c:5d:f2:4f:0d:89:20:36:fe:f5:fb:
                    73:68:75:03:9b:3d:c0:a1:fb:fc:ef:24:03:e6:7d:
                    aa:ee:bc:de:bd:23:e5:66:7b:ed:ea:b8:c7:1d:84:
                    96:c0:f2:0f:64:2f:cf:4d:d9:bc:ee:f2:b9:ed:e8:
                    cc:1c:89:b6:37:45:92:30:a7:e5:96:63:07:5c:ed:
                    0f:20:4b:98:cc:c5:f5:77:51:10:59:46:55:72:14:
                    27:b8:05:f9:4c:a3:67:bc:b2:3a:9d:b3:ca:3c:ba:
                    54:16:7c:c6:2f:29:e4:1c:27:7f:99:ac:ee:bf:39:
                    d1:d9:c2:0a:61:0c:cd:f7:c1:d1:6c:ac:8c:1b:b4:
                    f5:f4:05:84:74:a7:c6:04:9c:dc:a7:c9:da:34:2b:
                    48:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:2B:91:89:31:A7:5B:81:1B:51:18:2F:A1:10:1D:DB:EA:22:F6:A8
            X509v3 Authority Key Identifier:
                keyid:AF:2F:2E:86:DD:7C:C9:10:16:58:FF:8D:5A:52:41:44:5F:CD:1D:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ry8uht18yRAWWP-NWlJBRF_NHWo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/e08b8e-bf22-435c-8b1f-46bb7aec1f30/1/iSuRiTGnW4EbURgvoRAd2-oi9qg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/e08b8e-bf22-435c-8b1f-46bb7aec1f30/1/ry8uht18yRAWWP-NWlJBRF_NHWo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  128.65.165.0-128.65.175.255
                  194.26.2.0/23
                  194.26.20.0/23

    Signature Algorithm: sha256WithRSAEncryption
         88:8b:d6:21:14:4d:9e:fd:34:b3:53:fd:cd:ef:62:69:36:7a:
         6d:59:cb:2c:89:49:25:2b:61:bf:57:21:22:49:3a:b9:f0:42:
         22:df:eb:a9:11:41:d6:89:71:59:76:91:03:9a:f4:71:db:c3:
         2c:98:b6:33:86:20:a9:fd:16:b1:5b:18:5a:0f:56:79:4b:62:
         49:67:37:92:e3:81:de:ad:0f:90:59:99:f4:28:0f:89:2b:f9:
         43:06:d8:3e:cd:b2:2b:07:80:90:4a:c3:4b:4a:fa:33:f2:4f:
         68:6a:65:e8:60:27:9e:83:88:0d:de:c6:5c:2a:8c:2f:75:14:
         e8:d8:71:3e:7b:a2:b4:96:66:bd:ac:3a:bb:48:ed:01:70:06:
         89:23:e6:43:0e:ae:43:5a:89:cf:14:10:78:61:5c:7b:41:44:
         91:b6:6e:bd:b1:fa:61:e6:e5:79:46:ab:4a:21:9c:5d:b9:08:
         d4:be:58:99:6a:d6:29:3a:77:f0:1d:29:8f:06:8a:f0:3f:fb:
         cc:09:5d:33:81:31:b1:14:26:38:4a:34:72:22:62:c0:aa:57:
         74:e4:d4:c0:b5:63:e2:67:20:f9:22:6a:1d:7b:57:93:84:21:
         22:9b:70:79:66:4b:bf:6d:7f:df:9b:fc:92:2b:ab:74:7f:6b:
         73:81:98:63
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYum+eHXdau4wqDMpV025rWHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmMmYyZTg2ZGQ3Y2M5MTAxNjU4ZmY4ZDVhNTI0MTQ0NWZj
ZDFkNmEwHhcNMjMxMTA2MjMzMTE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTJiOTE4OTMxYTc1YjgxMWI1MTE4MmZhMTEwMWRkYmVhMjJmNmE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoIFRRbL/0RR3SSJyZZCzHHkrkc+Y
RVecyM5Y58I6uiunvbNrz1Uekt8kIw4zEtORliJpJ08Gyw3GdZmqlEYrOLJEPsoi
HRCWdx1u7CfUMqvRNRwfY8JDQyamGOa5EeSCEhSvhe8FWtLZYAdwfF3yTw2JIDb+
9ftzaHUDmz3Aofv87yQD5n2q7rzevSPlZnvt6rjHHYSWwPIPZC/PTdm87vK57ejM
HIm2N0WSMKfllmMHXO0PIEuYzMX1d1EQWUZVchQnuAX5TKNnvLI6nbPKPLpUFnzG
LynkHCd/mazuvznR2cIKYQzN98HRbKyMG7T19AWEdKfGBJzcp8naNCtIuwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFIkrkYkxp1uBG1EYL6EQHdvqIvaoMB8GA1UdIwQY
MBaAFK8vLobdfMkQFlj/jVpSQURfzR1qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnk4dWh0MTh5UkFXV1AtTldsSkJSRl9OSFdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC9lMDhiOGUtYmYyMi00MzVjLThiMWYt
NDZiYjdhZWMxZjMwLzEvaVN1UmlUR25XNEViVVJndm9SQWQyLW9pOXFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC9lMDhiOGUtYmYyMi00MzVjLThiMWYtNDZiYjdhZWMxZjMw
LzEvcnk4dWh0MTh5UkFXV1AtTldsSkJSRl9OSFdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaMAwDBACAQaUD
BASAQaADBAHCGgIDBAHCGhQwDQYJKoZIhvcNAQELBQADggEBAIiL1iEUTZ79NLNT
/c3vYmk2em1ZyyyJSSUrYb9XISJJOrnwQiLf66kRQdaJcVl2kQOa9HHbwyyYtjOG
IKn9FrFbGFoPVnlLYklnN5Ljgd6tD5BZmfQoD4kr+UMG2D7NsisHgJBKw0tK+jPy
T2hqZehgJ56DiA3exlwqjC91FOjYcT57orSWZr2sOrtI7QFwBokj5kMOrkNaic8U
EHhhXHtBRJG2br2x+mHm5XlGq0ohnF25CNS+WJlq1ik6d/AdKY8GivA/+8wJXTOB
MbEUJjhKNHIiYsCqV3Tk1MC1Y+JnIPkiah17V5OEISKbcHlmS79tf9+b/JIrq3R/
a3OBmGM=
-----END CERTIFICATE-----