Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/220318-46f1-4ebf-a795-dd4a217d606b/1/bFcINtDmptwcxIHoupuy_Mw8_qc.roa
File:                     bFcINtDmptwcxIHoupuy_Mw8_qc.roa (raw, json)
Hash identifier:          mWmqd55lDyVHYhX5V8xUnRHCCGsq3wpivd1iH6+MyAs=
Subject key identifier:   6C:57:08:36:D0:E6:A6:DC:1C:C4:81:E8:BA:9B:B2:FC:CC:3C:FE:A7
Certificate issuer:       /CN=bb8d64a0dc21996b1c99e68cc951694e293edefe
Certificate serial:       018CC6B7967D95B5C3C76C888B3CD25B5834
Authority key identifier: BB:8D:64:A0:DC:21:99:6B:1C:99:E6:8C:C9:51:69:4E:29:3E:DE:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u41koNwhmWscmeaMyVFpTik-3v4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/220318-46f1-4ebf-a795-dd4a217d606b/1/bFcINtDmptwcxIHoupuy_Mw8_qc.roa
Signing time:             Mon 01 Jan 2024 20:29:29 +0000
ROA not before:           Mon 01 Jan 2024 20:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9000
IP address blocks:        212.50.32.0/24 maxlen: 24
                          212.50.33.0/24 maxlen: 24
                          212.50.37.0/24 maxlen: 24
                          212.50.36.0/24 maxlen: 24
                          212.50.41.0/24 maxlen: 24
                          212.50.44.0/24 maxlen: 24
                          212.50.39.0/24 maxlen: 24
                          212.50.55.0/24 maxlen: 24
                          212.50.54.0/24 maxlen: 24
                          212.50.61.0/24 maxlen: 24
                          2001:1b68::/29 maxlen: 29

Validation:               Failed, certificate revoked on Wed 28 Feb 2024 08:24:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:96:7d:95:b5:c3:c7:6c:88:8b:3c:d2:5b:58:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bb8d64a0dc21996b1c99e68cc951694e293edefe
        Validity
            Not Before: Jan  1 20:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6c570836d0e6a6dc1cc481e8ba9bb2fccc3cfea7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:bc:d5:a4:4e:d3:10:ce:0c:6b:c2:8e:3c:0e:
                    56:be:ec:49:12:0b:bb:de:8a:f2:67:2d:1d:b2:82:
                    58:c0:30:1b:ae:59:de:a3:08:b5:ac:6d:dd:50:16:
                    b0:87:ee:61:85:1b:aa:e4:c4:9c:b9:7c:68:ae:4b:
                    4c:14:64:cb:1a:7b:05:af:d1:d4:f1:2c:bd:93:1b:
                    40:01:ea:e2:1e:27:8a:f6:60:00:da:b5:cd:be:cf:
                    89:0e:58:9f:10:eb:06:2f:17:b7:51:73:f6:3e:01:
                    a9:c5:a6:88:84:4d:47:31:8b:45:34:97:70:b2:c7:
                    71:2c:1b:de:4f:2e:87:c9:e5:28:8b:a2:9e:dc:4e:
                    01:f1:79:76:3c:14:3e:79:80:19:56:35:f4:35:46:
                    22:5d:cd:02:e0:8d:7c:aa:e9:d5:c0:c7:5a:5c:56:
                    ba:dd:e0:c1:fa:08:37:b7:37:8b:7d:70:81:23:3f:
                    18:bc:c7:6f:ac:17:94:04:30:db:7a:23:c5:6f:3b:
                    b0:32:c1:94:6d:8e:67:09:b1:e5:82:7b:d5:6e:e7:
                    d9:78:94:8e:c7:94:7f:b4:b3:6f:e0:3c:9b:0c:27:
                    a4:70:cf:45:d1:2c:a7:64:6e:ce:65:7f:4d:5a:5f:
                    07:55:ff:ee:af:ee:13:3a:02:ee:51:e2:a2:5d:b3:
                    b3:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:57:08:36:D0:E6:A6:DC:1C:C4:81:E8:BA:9B:B2:FC:CC:3C:FE:A7
            X509v3 Authority Key Identifier:
                keyid:BB:8D:64:A0:DC:21:99:6B:1C:99:E6:8C:C9:51:69:4E:29:3E:DE:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u41koNwhmWscmeaMyVFpTik-3v4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/220318-46f1-4ebf-a795-dd4a217d606b/1/bFcINtDmptwcxIHoupuy_Mw8_qc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/220318-46f1-4ebf-a795-dd4a217d606b/1/u41koNwhmWscmeaMyVFpTik-3v4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.50.32.0/23
                  212.50.36.0/23
                  212.50.39.0/24
                  212.50.41.0/24
                  212.50.44.0/24
                  212.50.54.0/23
                  212.50.61.0/24
                IPv6:
                  2001:1b68::/29

    Signature Algorithm: sha256WithRSAEncryption
         4e:d3:19:49:55:2b:a3:7c:6e:1d:a3:34:63:f5:e8:33:f9:0f:
         ef:b4:28:5a:e3:50:b8:6d:a9:2a:2a:18:03:75:a9:46:91:1c:
         67:25:90:cc:f1:ae:8b:3c:3a:75:a3:f2:f0:55:b8:ff:1e:c6:
         d5:09:6b:8f:fa:01:61:5a:63:12:8b:62:80:d9:fb:6c:33:51:
         bd:02:c8:b2:37:a1:ff:4b:19:87:ce:93:f0:81:44:cf:9a:33:
         03:d4:86:35:79:82:44:6a:ce:2c:7a:a1:ec:bb:22:ce:32:c9:
         6b:da:52:6a:59:9a:47:15:df:e8:9c:9e:16:9b:8c:18:76:90:
         5d:6d:77:d8:a2:36:e4:f8:fa:db:75:57:a3:87:65:d3:09:28:
         ab:9b:32:86:d1:fc:12:cb:6c:a9:90:c0:f7:ae:16:65:77:49:
         0b:4c:5b:97:7f:19:dd:e4:9e:16:df:0c:cd:80:eb:73:6a:9f:
         57:96:91:18:8f:82:35:b2:fa:61:f2:6a:5c:a3:0d:8b:87:c1:
         ff:ed:33:8c:ab:e3:5e:72:de:e4:99:94:58:54:84:67:53:f5:
         f0:45:8d:e9:b5:48:58:cb:8e:95:4a:54:70:19:5e:9b:0d:21:
         0d:67:61:14:05:9c:f9:ef:92:92:6a:8c:9d:7c:0f:b8:25:a6:
         be:32:6d:98
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAYzGt5Z9lbXDx2yIizzSW1g0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiOGQ2NGEwZGMyMTk5NmIxYzk5ZTY4Y2M5NTE2OTRlMjkz
ZWRlZmUwHhcNMjQwMTAxMjAyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzU3MDgzNmQwZTZhNmRjMWNjNDgxZThiYTliYjJmY2NjM2NmZWE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvbzVpE7TEM4Ma8KOPA5WvuxJEgu7
3oryZy0dsoJYwDAbrlneowi1rG3dUBawh+5hhRuq5MScuXxorktMFGTLGnsFr9HU
8Sy9kxtAAeriHieK9mAA2rXNvs+JDlifEOsGLxe3UXP2PgGpxaaIhE1HMYtFNJdw
ssdxLBveTy6HyeUoi6Ke3E4B8Xl2PBQ+eYAZVjX0NUYiXc0C4I18qunVwMdaXFa6
3eDB+gg3tzeLfXCBIz8YvMdvrBeUBDDbeiPFbzuwMsGUbY5nCbHlgnvVbufZeJSO
x5R/tLNv4DybDCekcM9F0SynZG7OZX9NWl8HVf/ur+4TOgLuUeKiXbOzAQIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFGxXCDbQ5qbcHMSB6LqbsvzMPP6nMB8GA1UdIwQY
MBaAFLuNZKDcIZlrHJnmjMlRaU4pPt7+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTQxa29Od2htV3NjbWVhTXlWRnBUaWstM3Y0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC8yMjAzMTgtNDZmMS00ZWJmLWE3OTUt
ZGQ0YTIxN2Q2MDZiLzEvYkZjSU50RG1wdHdjeElIb3VwdXlfTXc4X3FjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC8yMjAzMTgtNDZmMS00ZWJmLWE3OTUtZGQ0YTIxN2Q2MDZi
LzEvdTQxa29Od2htV3NjbWVhTXlWRnBUaWstM3Y0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQB1DIgAwQB
1DIkAwQA1DInAwQA1DIpAwQA1DIsAwQB1DI2AwQA1DI9MA0EAgACMAcDBQMgARto
MA0GCSqGSIb3DQEBCwUAA4IBAQBO0xlJVSujfG4dozRj9egz+Q/vtCha41C4bakq
KhgDdalGkRxnJZDM8a6LPDp1o/LwVbj/HsbVCWuP+gFhWmMSi2KA2ftsM1G9Asiy
N6H/SxmHzpPwgUTPmjMD1IY1eYJEas4seqHsuyLOMslr2lJqWZpHFd/onJ4Wm4wY
dpBdbXfYojbk+PrbdVejh2XTCSirmzKG0fwSy2ypkMD3rhZld0kLTFuXfxnd5J4W
3wzNgOtzap9XlpEYj4I1svph8mpcow2Lh8H/7TOMq+Nect7kmZRYVIRnU/XwRY3p
tUhYy46VSlRwGV6bDSENZ2EUBZz575KSaoydfA+4Jaa+Mm2Y
-----END CERTIFICATE-----