Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/8bVqOSuArEXXZwALUbEG-d1xeWQ.roa
File:                     8bVqOSuArEXXZwALUbEG-d1xeWQ.roa (raw, json)
Hash identifier:          2W9BKyUzXhAHnfZ4QwEDWwmrWFULyWPvtx+5gBhE5aI=
Subject key identifier:   F1:B5:6A:39:2B:80:AC:45:D7:67:00:0B:51:B1:06:F9:DD:71:79:64
Certificate issuer:       /CN=25e4aed3ef72bee3141660d1149e16d079205f3c
Certificate serial:       018FD2DF1B4C887997AED130B22B590EE0CC
Authority key identifier: 25:E4:AE:D3:EF:72:BE:E3:14:16:60:D1:14:9E:16:D0:79:20:5F:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/8bVqOSuArEXXZwALUbEG-d1xeWQ.roa
Signing time:             Sat 01 Jun 2024 08:16:27 +0000
ROA not before:           Sat 01 Jun 2024 08:16:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213274
IP address blocks:        89.252.142.0/24 maxlen: 24
                          89.252.144.0/24 maxlen: 24
                          89.252.147.0/24 maxlen: 24
                          89.252.149.0/24 maxlen: 24
                          89.252.150.0/24 maxlen: 24
                          89.252.152.0/24 maxlen: 24
                          89.252.156.0/24 maxlen: 24
                          89.252.157.0/24 maxlen: 24
                          89.252.177.0/24 maxlen: 24
                          94.102.10.0/24 maxlen: 24
                          94.102.12.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 11 Oct 2024 07:08:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:d2:df:1b:4c:88:79:97:ae:d1:30:b2:2b:59:0e:e0:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25e4aed3ef72bee3141660d1149e16d079205f3c
        Validity
            Not Before: Jun  1 08:16:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f1b56a392b80ac45d767000b51b106f9dd717964
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:26:04:f6:10:1b:73:d2:32:a9:90:ca:89:c0:
                    c8:cb:b7:a6:58:94:a3:67:32:d4:c4:51:f6:36:a5:
                    a9:47:cd:6b:1b:e1:30:25:96:2e:ea:50:91:7a:ff:
                    98:3c:e0:f0:8d:f0:47:2d:81:5b:cc:c4:54:de:8f:
                    aa:31:b1:bc:ab:23:8b:90:95:ba:4d:fc:53:60:dc:
                    04:25:c3:3d:5b:0a:3d:c0:9c:4a:b5:71:c2:dd:9d:
                    40:2e:6a:60:f9:df:29:62:06:38:6a:9e:34:2e:38:
                    e6:ea:5a:33:46:5d:7c:c1:b0:9c:22:3b:ce:5c:8d:
                    25:6f:72:6e:fd:21:af:cb:d8:af:b6:f0:c1:c9:49:
                    0b:b0:3a:6e:c0:7b:57:0a:7a:b7:7b:2d:e2:08:16:
                    b4:f1:ca:8d:22:76:65:85:57:a9:40:f1:8a:9e:91:
                    fe:67:ad:55:32:d2:18:85:90:3e:25:91:87:00:e0:
                    a0:d5:be:6b:2d:d4:6d:b6:89:d1:04:b6:08:87:85:
                    22:7f:ee:64:30:ea:64:1f:ab:3f:0a:ee:26:61:f2:
                    be:d0:9b:8c:99:92:a9:4f:b6:45:d9:98:a3:cb:9a:
                    a4:da:9e:62:26:b1:cc:56:b2:5c:7d:76:37:58:7b:
                    35:35:03:c8:6c:7a:98:78:8f:aa:c3:3c:65:79:50:
                    f5:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:B5:6A:39:2B:80:AC:45:D7:67:00:0B:51:B1:06:F9:DD:71:79:64
            X509v3 Authority Key Identifier:
                keyid:25:E4:AE:D3:EF:72:BE:E3:14:16:60:D1:14:9E:16:D0:79:20:5F:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/8bVqOSuArEXXZwALUbEG-d1xeWQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.252.142.0/24
                  89.252.144.0/24
                  89.252.147.0/24
                  89.252.149.0-89.252.150.255
                  89.252.152.0/24
                  89.252.156.0/23
                  89.252.177.0/24
                  94.102.10.0/24
                  94.102.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:7d:af:7c:fa:ff:57:39:d0:b8:7f:3b:2a:12:ed:27:76:79:
         82:d1:b8:73:81:58:b2:b1:fd:91:f7:15:05:c0:8d:64:f7:6e:
         87:e1:25:96:53:36:38:b2:0e:5b:ec:3e:aa:62:1c:59:4f:12:
         48:37:fa:db:0a:c7:d1:c4:cb:85:10:d9:f9:1f:c7:28:00:38:
         d6:9b:d6:17:80:b8:9c:34:0c:70:18:db:31:98:db:2b:04:e0:
         4d:43:e4:70:04:ea:8e:96:fa:67:ee:fa:c9:9c:a2:3c:f2:af:
         bb:ee:e1:b1:aa:c0:47:e0:9a:67:61:59:b8:25:59:c1:6c:b4:
         ff:84:31:11:88:d2:c0:57:52:29:16:7b:9f:29:7d:45:a3:2c:
         90:db:81:af:2e:00:6c:8f:85:d3:e2:4a:d0:b9:c2:7a:80:92:
         8d:27:50:cc:f4:8b:3b:f7:59:50:8f:42:37:21:e6:ad:a6:98:
         42:0b:c4:c2:a8:84:71:bf:ef:b5:e7:49:e7:03:55:6c:04:4a:
         10:45:bc:64:ba:e7:f5:7a:54:f1:18:29:0d:0e:64:af:92:26:
         c9:59:3d:69:a7:18:7d:3d:45:c7:b4:fd:c7:96:34:5d:3b:29:
         cb:e3:01:2e:4a:43:30:4d:ba:24:92:2e:f1:b2:10:c7:ed:3e:
         67:a7:67:83
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAY/S3xtMiHmXrtEwsitZDuDMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1ZTRhZWQzZWY3MmJlZTMxNDE2NjBkMTE0OWUxNmQwNzky
MDVmM2MwHhcNMjQwNjAxMDgxNjI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWI1NmEzOTJiODBhYzQ1ZDc2NzAwMGI1MWIxMDZmOWRkNzE3OTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlSYE9hAbc9IyqZDKicDIy7emWJSj
ZzLUxFH2NqWpR81rG+EwJZYu6lCRev+YPODwjfBHLYFbzMRU3o+qMbG8qyOLkJW6
TfxTYNwEJcM9Wwo9wJxKtXHC3Z1ALmpg+d8pYgY4ap40Ljjm6lozRl18wbCcIjvO
XI0lb3Ju/SGvy9ivtvDByUkLsDpuwHtXCnq3ey3iCBa08cqNInZlhVepQPGKnpH+
Z61VMtIYhZA+JZGHAOCg1b5rLdRttonRBLYIh4Uif+5kMOpkH6s/Cu4mYfK+0JuM
mZKpT7ZF2Zijy5qk2p5iJrHMVrJcfXY3WHs1NQPIbHqYeI+qwzxleVD1AQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFPG1ajkrgKxF12cAC1GxBvndcXlkMB8GA1UdIwQY
MBaAFCXkrtPvcr7jFBZg0RSeFtB5IF88MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmVTdTAtOXl2dU1VRm1EUkZKNFcwSGtnWHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82MzM2ZDAtOTQ5NC00NmQzLTk4NjEt
ZWQzZTM4Zjk1NzdmLzEvOGJWcU9TdUFyRVhYWndBTFViRUctZDF4ZVdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82MzM2ZDAtOTQ5NC00NmQzLTk4NjEtZWQzZTM4Zjk1Nzdm
LzEvSmVTdTAtOXl2dU1VRm1EUkZKNFcwSGtnWHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQAWfyOAwQA
WfyQAwQAWfyTMAwDBABZ/JUDBABZ/JYDBABZ/JgDBAFZ/JwDBABZ/LEDBABeZgoD
BABeZgwwDQYJKoZIhvcNAQELBQADggEBAJd9r3z6/1c50Lh/OyoS7Sd2eYLRuHOB
WLKx/ZH3FQXAjWT3bofhJZZTNjiyDlvsPqpiHFlPEkg3+tsKx9HEy4UQ2fkfxygA
ONab1heAuJw0DHAY2zGY2ysE4E1D5HAE6o6W+mfu+smcojzyr7vu4bGqwEfgmmdh
WbglWcFstP+EMRGI0sBXUikWe58pfUWjLJDbga8uAGyPhdPiStC5wnqAko0nUMz0
izv3WVCPQjch5q2mmEILxMKohHG/77XnSecDVWwEShBFvGS65/V6VPEYKQ0OZK+S
JslZPWmnGH09Rce0/ceWNF07KcvjAS5KQzBNuiSSLvGyEMftPmenZ4M=
-----END CERTIFICATE-----