Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/ca4c34-2704-4f82-bff8-a7ccd0098477/1/83LANOUl0AZf8f8K-aHdeIbqKOs.roa
File:                     83LANOUl0AZf8f8K-aHdeIbqKOs.roa (raw, json)
Hash identifier:          n5SgROMJPexOnNyvllHWea+NBlM/SHb1bWW5c7seFe4=
Subject key identifier:   F3:72:C0:34:E5:25:D0:06:5F:F1:FF:0A:F9:A1:DD:78:86:EA:28:EB
Certificate issuer:       /CN=4e622bc550687b6d0ef60788ceadb0fc820a381f
Certificate serial:       018774D6841D324EBF47F3D753A91A890F5B
Authority key identifier: 4E:62:2B:C5:50:68:7B:6D:0E:F6:07:88:CE:AD:B0:FC:82:0A:38:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TmIrxVBoe20O9geIzq2w_IIKOB8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/ca4c34-2704-4f82-bff8-a7ccd0098477/1/83LANOUl0AZf8f8K-aHdeIbqKOs.roa
Signing time:             Wed 12 Apr 2023 09:40:28 +0000
ROA not before:           Wed 12 Apr 2023 09:40:28 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     13113
IP address blocks:        213.144.64.0/19 maxlen: 24
                          87.253.96.0/19 maxlen: 24
                          37.60.32.0/21 maxlen: 24
                          93.88.112.0/20 maxlen: 24
                          185.145.84.0/22 maxlen: 24
                          109.75.112.0/20 maxlen: 24
                          5.198.224.0/20 maxlen: 24
                          185.3.252.0/22 maxlen: 24
                          5.172.208.0/21 maxlen: 24
                          2a03:3d80::/29 maxlen: 48
                          2a0c:8a80::/29 maxlen: 48

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 04:30:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:74:d6:84:1d:32:4e:bf:47:f3:d7:53:a9:1a:89:0f:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e622bc550687b6d0ef60788ceadb0fc820a381f
        Validity
            Not Before: Apr 12 09:40:28 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f372c034e525d0065ff1ff0af9a1dd7886ea28eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:a9:e0:b2:a1:53:31:43:fe:18:e9:a4:ef:bd:
                    b6:89:08:b2:99:cb:e7:05:bf:98:b0:23:3d:bc:98:
                    af:5c:f3:c9:f8:15:db:19:e7:49:c5:38:79:5b:b0:
                    a4:76:87:e7:34:54:7d:f4:fa:ff:c1:20:d1:ae:af:
                    66:21:02:07:a6:94:59:9c:57:be:0c:ed:7f:87:14:
                    d6:73:41:51:10:9b:c8:94:77:2e:81:83:b5:30:16:
                    08:da:39:ef:01:5c:d5:37:5d:22:d7:85:ea:4c:7d:
                    24:f1:3d:15:a3:02:68:48:7e:50:e2:d2:ac:0b:27:
                    4f:d5:e9:8b:e7:50:a5:97:78:7d:59:dc:31:bc:0e:
                    9f:03:39:53:ff:5f:1d:8a:aa:84:a0:41:e6:ab:83:
                    16:fc:e6:a3:79:6c:e0:e4:89:a9:cc:89:1e:80:ae:
                    22:4f:f6:3d:7b:7e:68:7c:0a:7c:86:c4:ac:63:ea:
                    4f:cb:f3:97:27:3f:13:70:34:bc:35:77:bb:62:55:
                    d4:ac:b3:e6:54:d0:21:96:03:ed:66:a8:20:34:0d:
                    de:d6:07:b1:d3:42:6b:b2:16:cd:03:35:c2:2b:c6:
                    8a:29:94:66:81:11:42:c0:42:81:ce:fb:12:72:78:
                    de:42:35:f4:a7:29:82:ad:1f:97:70:0b:df:1d:cd:
                    f0:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:72:C0:34:E5:25:D0:06:5F:F1:FF:0A:F9:A1:DD:78:86:EA:28:EB
            X509v3 Authority Key Identifier:
                keyid:4E:62:2B:C5:50:68:7B:6D:0E:F6:07:88:CE:AD:B0:FC:82:0A:38:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TmIrxVBoe20O9geIzq2w_IIKOB8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/ca4c34-2704-4f82-bff8-a7ccd0098477/1/83LANOUl0AZf8f8K-aHdeIbqKOs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/ca4c34-2704-4f82-bff8-a7ccd0098477/1/TmIrxVBoe20O9geIzq2w_IIKOB8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.172.208.0/21
                  5.198.224.0/20
                  37.60.32.0/21
                  87.253.96.0/19
                  93.88.112.0/20
                  109.75.112.0/20
                  185.3.252.0/22
                  185.145.84.0/22
                  213.144.64.0/19
                IPv6:
                  2a03:3d80::/29
                  2a0c:8a80::/29

    Signature Algorithm: sha256WithRSAEncryption
         4c:77:a3:0c:bf:14:44:5f:5a:bc:2d:0b:a7:aa:53:eb:50:ff:
         c8:e5:a7:8f:8c:c4:fd:36:76:f9:54:f9:23:1b:16:52:62:e0:
         47:19:46:a9:0d:c1:9f:5e:5f:9d:07:17:8c:82:c4:2c:3e:f2:
         24:24:0e:08:24:91:40:df:58:17:43:e6:6a:bc:33:ce:58:a4:
         ff:0e:23:40:71:a9:0b:3c:b5:b9:cb:80:34:9b:98:1b:11:cb:
         5a:a9:73:6e:30:da:9f:26:46:b9:df:21:dc:7a:6d:1a:4f:16:
         c1:ff:42:4b:aa:1c:6f:97:a7:54:51:b4:90:6c:81:42:b8:d7:
         6b:35:1c:b5:f1:4f:3b:2c:20:ed:bc:0d:88:f8:f3:96:7b:9d:
         3c:05:de:7e:0a:41:7a:e7:b2:31:89:23:d2:5d:91:fe:2a:58:
         6a:99:18:d6:e6:a2:2d:a6:ec:6e:ea:d4:3a:7b:bb:01:fd:1e:
         d5:a2:4e:ee:cd:99:a4:cf:4b:54:f9:56:65:07:8d:99:44:bf:
         47:2f:64:55:44:37:dc:51:87:fe:ed:90:0f:7f:01:2f:14:63:
         1b:c9:87:ae:e6:40:33:8a:b2:38:6b:3b:e4:39:8b:e5:b1:36:
         cb:4c:75:ba:70:83:74:8e:b1:ed:d5:cb:71:f4:fb:be:44:a2:
         10:98:f3:9c
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAYd01oQdMk6/R/PXU6kaiQ9bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlNjIyYmM1NTA2ODdiNmQwZWY2MDc4OGNlYWRiMGZjODIw
YTM4MWYwHhcNMjMwNDEyMDk0MDI4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzcyYzAzNGU1MjVkMDA2NWZmMWZmMGFmOWExZGQ3ODg2ZWEyOGViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhKngsqFTMUP+GOmk7722iQiymcvn
Bb+YsCM9vJivXPPJ+BXbGedJxTh5W7CkdofnNFR99Pr/wSDRrq9mIQIHppRZnFe+
DO1/hxTWc0FREJvIlHcugYO1MBYI2jnvAVzVN10i14XqTH0k8T0VowJoSH5Q4tKs
CydP1emL51Cll3h9WdwxvA6fAzlT/18diqqEoEHmq4MW/OajeWzg5ImpzIkegK4i
T/Y9e35ofAp8hsSsY+pPy/OXJz8TcDS8NXe7YlXUrLPmVNAhlgPtZqggNA3e1gex
00JrshbNAzXCK8aKKZRmgRFCwEKBzvsScnjeQjX0pymCrR+XcAvfHc3w1QIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFPNywDTlJdAGX/H/Cvmh3XiG6ijrMB8GA1UdIwQY
MBaAFE5iK8VQaHttDvYHiM6tsPyCCjgfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVG1JcnhWQm9lMjBPOWdlSXpxMndfSUlLT0I4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS9jYTRjMzQtMjcwNC00ZjgyLWJmZjgt
YTdjY2QwMDk4NDc3LzEvODNMQU5PVWwwQVpmOGY4Sy1hSGRlSWJxS09zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS9jYTRjMzQtMjcwNC00ZjgyLWJmZjgtYTdjY2QwMDk4NDc3
LzEvVG1JcnhWQm9lMjBPOWdlSXpxMndfSUlLT0I4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDA8BAIAATA2AwQDBazQAwQE
BcbgAwQDJTwgAwQFV/1gAwQEXVhwAwQEbUtwAwQCuQP8AwQCuZFUAwQF1ZBAMBQE
AgACMA4DBQMqAz2AAwUDKgyKgDANBgkqhkiG9w0BAQsFAAOCAQEATHejDL8URF9a
vC0Lp6pT61D/yOWnj4zE/TZ2+VT5IxsWUmLgRxlGqQ3Bn15fnQcXjILELD7yJCQO
CCSRQN9YF0Pmarwzzlik/w4jQHGpCzy1ucuANJuYGxHLWqlzbjDanyZGud8h3Hpt
Gk8Wwf9CS6ocb5enVFG0kGyBQrjXazUctfFPOywg7bwNiPjzlnudPAXefgpBeuey
MYkj0l2R/ipYapkY1uaiLabsburUOnu7Af0e1aJO7s2ZpM9LVPlWZQeNmUS/Ry9k
VUQ33FGH/u2QD38BLxRjG8mHruZAM4qyOGs75DmL5bE2y0x1unCDdI6x7dXLcfT7
vkSiEJjznA==
-----END CERTIFICATE-----