Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/abe628-fce7-447e-853e-94fdc9fbdcac/1/s-D4BvmepOgPY2VAkV7RFL9lrOo.roa
File:                     s-D4BvmepOgPY2VAkV7RFL9lrOo.roa (raw, json)
Hash identifier:          n0QlFB78EcgUEp2KzxZcqULrbo2iKkwk/E5N5lW635g=
Subject key identifier:   B3:E0:F8:06:F9:9E:A4:E8:0F:63:65:40:91:5E:D1:14:BF:65:AC:EA
Certificate issuer:       /CN=1ae1c7aa0b395e0612ec423fe07fb0389aaa4003
Certificate serial:       0189AADF95EE3897A3C2ACBCA117033D181D
Authority key identifier: 1A:E1:C7:AA:0B:39:5E:06:12:EC:42:3F:E0:7F:B0:38:9A:AA:40:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GuHHqgs5XgYS7EI_4H-wOJqqQAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/abe628-fce7-447e-853e-94fdc9fbdcac/1/s-D4BvmepOgPY2VAkV7RFL9lrOo.roa
Signing time:             Mon 31 Jul 2023 07:35:26 +0000
ROA not before:           Mon 31 Jul 2023 07:35:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     39657
IP address blocks:        185.63.12.0/22 maxlen: 24
                          81.93.32.0/22 maxlen: 22
                          81.93.32.0/20 maxlen: 24
                          81.93.32.0/21 maxlen: 21
                          81.93.36.0/22 maxlen: 22
                          81.93.40.0/21 maxlen: 21
                          81.93.40.0/22 maxlen: 22
                          81.93.44.0/22 maxlen: 22
                          93.88.32.0/22 maxlen: 22
                          93.88.32.0/20 maxlen: 24
                          93.88.36.0/22 maxlen: 22
                          93.88.40.0/22 maxlen: 22
                          81.30.16.0/20 maxlen: 20
                          93.88.44.0/22 maxlen: 22
                          81.30.20.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 01 Aug 2023 13:53:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:aa:df:95:ee:38:97:a3:c2:ac:bc:a1:17:03:3d:18:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1ae1c7aa0b395e0612ec423fe07fb0389aaa4003
        Validity
            Not Before: Jul 31 07:35:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b3e0f806f99ea4e80f636540915ed114bf65acea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:35:e1:df:f2:73:0e:bf:7c:74:7b:05:bd:d3:
                    57:0b:0a:cd:62:0e:27:32:c6:c4:c1:4e:d4:92:95:
                    b9:3d:54:df:56:10:1c:ad:e6:52:34:ce:aa:54:76:
                    7c:8b:75:c1:ee:78:0e:2e:60:cc:1e:4b:2e:bf:00:
                    1e:cf:a0:b0:d1:a4:50:05:d2:c6:34:cb:c8:e1:f9:
                    00:91:d0:a4:e4:e5:29:4b:61:2e:c1:3d:20:66:b5:
                    94:b0:bf:77:46:ca:c4:fd:99:51:74:84:06:e9:9e:
                    c8:a7:7b:86:fc:7f:7c:48:a7:f8:4b:73:9e:73:f8:
                    f3:f5:ba:1f:7c:1e:0e:0f:85:f3:78:a0:bf:4c:fb:
                    2e:d8:e8:b2:24:50:bf:13:81:bc:b0:da:43:3e:b4:
                    f0:a3:3c:f3:3b:41:b1:ce:9b:57:8a:cd:05:22:64:
                    a0:f1:0e:01:de:c5:0e:d7:d2:84:24:cd:59:ed:ff:
                    35:d0:2a:7c:1c:8b:fd:ba:10:33:9c:e1:46:44:4b:
                    b1:f9:ef:dc:3a:e2:f8:c5:33:b1:a5:c0:3c:cf:b3:
                    43:4b:2f:a3:d2:d1:4d:49:27:95:ad:81:b0:df:9c:
                    57:d2:ea:b9:0d:6d:10:e3:ef:bc:ae:af:19:67:1f:
                    71:aa:ee:e1:77:b5:c4:e9:a2:6c:ff:65:1f:b0:1d:
                    d6:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:E0:F8:06:F9:9E:A4:E8:0F:63:65:40:91:5E:D1:14:BF:65:AC:EA
            X509v3 Authority Key Identifier:
                keyid:1A:E1:C7:AA:0B:39:5E:06:12:EC:42:3F:E0:7F:B0:38:9A:AA:40:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GuHHqgs5XgYS7EI_4H-wOJqqQAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/abe628-fce7-447e-853e-94fdc9fbdcac/1/s-D4BvmepOgPY2VAkV7RFL9lrOo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/abe628-fce7-447e-853e-94fdc9fbdcac/1/GuHHqgs5XgYS7EI_4H-wOJqqQAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.30.16.0/20
                  81.93.32.0/20
                  93.88.32.0/20
                  185.63.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         aa:9f:a2:06:ee:e8:00:da:4a:0c:27:e7:8b:79:b9:b7:95:6d:
         d6:5f:0d:7f:66:af:aa:12:dd:c5:4e:fd:82:ec:0b:e6:ad:77:
         b0:3d:65:75:16:96:ee:c5:88:8c:b3:59:b4:43:75:3b:82:27:
         8c:3a:80:11:5d:dd:f8:7a:2e:74:da:d8:48:71:52:6f:42:47:
         42:a9:b1:ec:73:ef:3f:77:cd:f0:4b:62:8a:c8:d8:40:0f:8b:
         bc:9a:dc:2b:c1:73:b7:6f:2c:5f:65:e7:b7:c9:f5:58:5a:1e:
         d5:53:a1:f0:81:48:6d:f3:6c:24:b5:d5:b5:0d:f3:f0:16:d6:
         ac:9f:dd:f1:60:f7:8c:5a:68:c0:56:87:74:7c:e8:11:94:b9:
         57:60:80:09:eb:e0:54:ea:68:e4:6c:9d:03:6b:f7:45:d3:21:
         a2:5f:78:f5:b9:bf:d3:6b:01:75:e7:24:2c:b8:9c:0c:08:54:
         b1:32:89:59:e9:a1:31:1b:7b:f3:fb:bb:9b:c3:19:6c:21:ff:
         8b:e8:c6:9c:10:28:53:7a:a8:d9:93:06:11:85:1c:f7:90:74:
         51:95:4a:2d:d2:f1:fb:a6:df:f8:ff:a5:df:b3:75:44:ca:1b:
         c1:9f:41:53:d2:7d:4c:e1:64:04:a0:b7:49:4f:68:81:c0:ff:
         ab:79:2a:9f
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYmq35XuOJejwqy8oRcDPRgdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhZTFjN2FhMGIzOTVlMDYxMmVjNDIzZmUwN2ZiMDM4OWFh
YTQwMDMwHhcNMjMwNzMxMDczNTI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2UwZjgwNmY5OWVhNGU4MGY2MzY1NDA5MTVlZDExNGJmNjVhY2VhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhDXh3/JzDr98dHsFvdNXCwrNYg4n
MsbEwU7UkpW5PVTfVhAcreZSNM6qVHZ8i3XB7ngOLmDMHksuvwAez6Cw0aRQBdLG
NMvI4fkAkdCk5OUpS2EuwT0gZrWUsL93RsrE/ZlRdIQG6Z7Ip3uG/H98SKf4S3Oe
c/jz9boffB4OD4XzeKC/TPsu2OiyJFC/E4G8sNpDPrTwozzzO0GxzptXis0FImSg
8Q4B3sUO19KEJM1Z7f810Cp8HIv9uhAznOFGREux+e/cOuL4xTOxpcA8z7NDSy+j
0tFNSSeVrYGw35xX0uq5DW0Q4++8rq8ZZx9xqu7hd7XE6aJs/2UfsB3WcwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFLPg+Ab5nqToD2NlQJFe0RS/ZazqMB8GA1UdIwQY
MBaAFBrhx6oLOV4GEuxCP+B/sDiaqkADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3VISHFnczVYZ1lTN0VJXzRILXdPSnFxUUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC9hYmU2MjgtZmNlNy00NDdlLTg1M2Ut
OTRmZGM5ZmJkY2FjLzEvcy1ENEJ2bWVwT2dQWTJWQWtWN1JGTDlsck9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC9hYmU2MjgtZmNlNy00NDdlLTg1M2UtOTRmZGM5ZmJkY2Fj
LzEvR3VISHFnczVYZ1lTN0VJXzRILXdPSnFxUUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQEUR4QAwQE
UV0gAwQEXVggAwQCuT8MMA0GCSqGSIb3DQEBCwUAA4IBAQCqn6IG7ugA2koMJ+eL
ebm3lW3WXw1/Zq+qEt3FTv2C7AvmrXewPWV1FpbuxYiMs1m0Q3U7gieMOoARXd34
ei502thIcVJvQkdCqbHsc+8/d83wS2KKyNhAD4u8mtwrwXO3byxfZee3yfVYWh7V
U6HwgUht82wktdW1DfPwFtasn93xYPeMWmjAVod0fOgRlLlXYIAJ6+BU6mjkbJ0D
a/dF0yGiX3j1ub/TawF15yQsuJwMCFSxMolZ6aExG3vz+7ubwxlsIf+L6MacEChT
eqjZkwYRhRz3kHRRlUot0vH7pt/4/6Xfs3VEyhvBn0FT0n1M4WQEoLdJT2iBwP+r
eSqf
-----END CERTIFICATE-----