Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/4b8aab-2099-43af-b41d-e3407174663b/1/5LMtj83qtXk2LFBELfngly3Ek0A.roa
File:                     5LMtj83qtXk2LFBELfngly3Ek0A.roa (raw, json)
Hash identifier:          /fB3sCKXk3no8Tt55vNyv5TkHvFPxtOl6SXOZhx7zcM=
Subject key identifier:   E4:B3:2D:8F:CD:EA:B5:79:36:2C:50:44:2D:F9:E0:97:2D:C4:93:40
Certificate issuer:       /CN=c3c0591e2eb49d0559e6fce7ee2aa81f0f59ba6f
Certificate serial:       01920EFBFEA232602616093FFA2AC39C9084
Authority key identifier: C3:C0:59:1E:2E:B4:9D:05:59:E6:FC:E7:EE:2A:A8:1F:0F:59:BA:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8BZHi60nQVZ5vzn7iqoHw9Zum8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/4b8aab-2099-43af-b41d-e3407174663b/1/5LMtj83qtXk2LFBELfngly3Ek0A.roa
Signing time:             Fri 20 Sep 2024 10:30:48 +0000
ROA not before:           Fri 20 Sep 2024 10:30:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39347
IP address blocks:        89.33.88.0/21 maxlen: 21
                          89.33.89.0/24 maxlen: 24
                          89.33.90.0/23 maxlen: 23
                          89.33.94.0/23 maxlen: 23
                          89.35.57.0/24 maxlen: 24
                          89.42.31.0/24 maxlen: 24
                          93.119.176.0/21 maxlen: 21
                          93.119.176.0/23 maxlen: 23
                          93.119.176.0/24 maxlen: 24
                          93.119.177.0/24 maxlen: 24
                          93.119.182.0/23 maxlen: 23
                          185.122.220.0/24 maxlen: 24
                          185.122.221.0/24 maxlen: 24
                          185.122.222.0/24 maxlen: 24
                          185.122.223.0/24 maxlen: 24
                          2a06:a880::/48 maxlen: 48

Validation:               Failed, certificate revoked on Fri 20 Sep 2024 20:24:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:0e:fb:fe:a2:32:60:26:16:09:3f:fa:2a:c3:9c:90:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c0591e2eb49d0559e6fce7ee2aa81f0f59ba6f
        Validity
            Not Before: Sep 20 10:30:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e4b32d8fcdeab579362c50442df9e0972dc49340
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:ac:b6:fa:ca:f1:cc:b3:22:31:e9:50:51:bc:
                    58:1b:af:a5:ee:a6:32:b0:05:7e:c1:7b:71:9a:0c:
                    21:94:15:29:d0:a7:50:a8:94:e1:22:f8:5b:16:c6:
                    a6:e1:d1:46:f9:57:b0:e4:f6:5e:ef:f8:28:47:84:
                    92:e4:04:ca:63:06:d4:54:58:3f:dd:e8:78:07:66:
                    af:47:01:7b:72:94:04:e5:24:b6:12:c2:f2:1c:99:
                    13:8c:37:a8:26:a5:4f:c0:6c:75:09:69:59:54:29:
                    10:4e:30:fc:c9:1c:22:b3:45:42:d7:5d:ea:55:93:
                    72:36:f6:3f:c7:68:03:bc:95:5b:47:0a:6c:5e:3f:
                    df:f5:cf:b7:08:ad:d6:cd:41:a6:2a:58:46:70:92:
                    13:35:81:4e:42:69:a4:14:83:2e:3a:55:79:14:ca:
                    99:a4:c0:f8:ad:1c:98:59:80:df:b2:2a:29:1f:fa:
                    c5:a1:3e:a9:b1:a8:47:9c:d7:22:0f:f6:ee:be:13:
                    c3:d9:00:1a:9e:3b:78:9d:eb:89:f8:d3:34:c0:28:
                    a5:88:a4:97:77:f4:03:02:ff:36:7d:03:f3:a8:ce:
                    f6:be:70:37:77:c0:52:62:f4:28:72:f3:e8:76:56:
                    73:d0:25:1c:bf:c1:69:44:54:04:0a:ac:7c:a4:55:
                    41:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:B3:2D:8F:CD:EA:B5:79:36:2C:50:44:2D:F9:E0:97:2D:C4:93:40
            X509v3 Authority Key Identifier:
                keyid:C3:C0:59:1E:2E:B4:9D:05:59:E6:FC:E7:EE:2A:A8:1F:0F:59:BA:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8BZHi60nQVZ5vzn7iqoHw9Zum8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/4b8aab-2099-43af-b41d-e3407174663b/1/5LMtj83qtXk2LFBELfngly3Ek0A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/4b8aab-2099-43af-b41d-e3407174663b/1/w8BZHi60nQVZ5vzn7iqoHw9Zum8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.33.88.0/21
                  89.35.57.0/24
                  89.42.31.0/24
                  93.119.176.0/21
                  185.122.220.0/22
                IPv6:
                  2a06:a880::/48

    Signature Algorithm: sha256WithRSAEncryption
         8e:38:25:9f:09:6a:3a:c0:4d:e3:1f:e5:7a:cd:a0:5e:a3:d8:
         2b:40:8f:06:66:a1:9a:32:b1:f9:f3:12:d9:e1:c4:d2:16:3c:
         f3:0b:f0:4f:3d:0b:41:1f:6f:07:cc:6c:e0:dc:e3:19:85:54:
         b4:24:11:d4:72:49:97:05:9a:61:02:20:6d:c8:92:63:f2:ad:
         5e:22:49:02:ae:48:91:d3:74:f8:c8:a6:1d:42:3b:dc:40:10:
         8d:81:03:f0:57:55:fb:89:30:72:5f:a5:1e:ed:b3:eb:5c:3a:
         29:0e:47:c4:7c:9d:04:c6:4b:85:29:59:25:2b:16:91:fa:7f:
         df:3d:27:91:1d:42:92:ea:49:73:40:ec:f8:ee:c3:68:d1:08:
         05:89:29:c8:05:a1:fb:cd:f5:20:4a:b0:14:38:3a:47:20:c2:
         04:fc:15:ae:89:63:5e:c4:da:4e:86:48:7e:54:ce:d6:a4:ac:
         1a:d5:77:d6:92:d2:87:3e:cc:d9:c1:d6:f7:48:35:41:a9:b5:
         76:19:46:1d:df:14:43:6a:5b:15:f3:c5:3c:45:25:87:f5:7a:
         bf:9e:8a:c0:7e:0f:10:1d:ad:c6:b5:b2:12:93:b8:e0:1f:d3:
         3e:7c:0b:9f:d6:80:e9:5b:7c:f6:dd:f3:a0:54:e9:ec:fc:00:
         fe:80:fb:97
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAZIO+/6iMmAmFgk/+irDnJCEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzA1OTFlMmViNDlkMDU1OWU2ZmNlN2VlMmFhODFmMGY1
OWJhNmYwHhcNMjQwOTIwMTAzMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGIzMmQ4ZmNkZWFiNTc5MzYyYzUwNDQyZGY5ZTA5NzJkYzQ5MzQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnqy2+srxzLMiMelQUbxYG6+l7qYy
sAV+wXtxmgwhlBUp0KdQqJThIvhbFsam4dFG+Vew5PZe7/goR4SS5ATKYwbUVFg/
3eh4B2avRwF7cpQE5SS2EsLyHJkTjDeoJqVPwGx1CWlZVCkQTjD8yRwis0VC113q
VZNyNvY/x2gDvJVbRwpsXj/f9c+3CK3WzUGmKlhGcJITNYFOQmmkFIMuOlV5FMqZ
pMD4rRyYWYDfsiopH/rFoT6psahHnNciD/buvhPD2QAanjt4neuJ+NM0wCiliKSX
d/QDAv82fQPzqM72vnA3d8BSYvQocvPodlZz0CUcv8FpRFQECqx8pFVBdQIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFOSzLY/N6rV5NixQRC354JctxJNAMB8GA1UdIwQY
MBaAFMPAWR4utJ0FWeb85+4qqB8PWbpvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhCWkhpNjBuUVZaNXZ6bjdpcW9IdzladW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy80YjhhYWItMjA5OS00M2FmLWI0MWQt
ZTM0MDcxNzQ2NjNiLzEvNUxNdGo4M3F0WGsyTEZCRUxmbmdseTNFazBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy80YjhhYWItMjA5OS00M2FmLWI0MWQtZTM0MDcxNzQ2NjNi
LzEvdzhCWkhpNjBuUVZaNXZ6bjdpcW9IdzladW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzAkBAIAATAeAwQDWSFYAwQA
WSM5AwQAWSofAwQDXXewAwQCuXrcMA8EAgACMAkDBwAqBqiAAAAwDQYJKoZIhvcN
AQELBQADggEBAI44JZ8JajrATeMf5XrNoF6j2CtAjwZmoZoysfnzEtnhxNIWPPML
8E89C0EfbwfMbODc4xmFVLQkEdRySZcFmmECIG3IkmPyrV4iSQKuSJHTdPjIph1C
O9xAEI2BA/BXVfuJMHJfpR7ts+tcOikOR8R8nQTGS4UpWSUrFpH6f989J5EdQpLq
SXNA7Pjuw2jRCAWJKcgFofvN9SBKsBQ4OkcgwgT8Fa6JY17E2k6GSH5UztakrBrV
d9aS0oc+zNnB1vdINUGptXYZRh3fFENqWxXzxTxFJYf1er+eisB+DxAdrca1shKT
uOAf0z58C5/WgOlbfPbd86BU6ez8AP6A+5c=