Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/qfaRcXT_lCO5QrdYBwV6bCmfxiE.roa
File:                     qfaRcXT_lCO5QrdYBwV6bCmfxiE.roa (raw, json)
Hash identifier:          oX89T6MhOn/CcW49uGWfJaPfxcjQwdvGISV5YPUrmSk=
Subject key identifier:   A9:F6:91:71:74:FF:94:23:B9:42:B7:58:07:05:7A:6C:29:9F:C6:21
Certificate issuer:       /CN=3622fc2f8ad8b008357dbe6f0195960c9de61bd5
Certificate serial:       018EC529C381F3537F5FFF6AA4FD7B36C078
Authority key identifier: 36:22:FC:2F:8A:D8:B0:08:35:7D:BE:6F:01:95:96:0C:9D:E6:1B:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/qfaRcXT_lCO5QrdYBwV6bCmfxiE.roa
Signing time:             Tue 09 Apr 2024 23:20:32 +0000
ROA not before:           Tue 09 Apr 2024 23:20:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200373
IP address blocks:        95.141.242.0/24 maxlen: 24
                          104.167.24.0/21 maxlen: 21
                          104.207.32.0/19 maxlen: 19
                          2a0a:1f40::/32 maxlen: 32
                          2a0a:1f41::/32 maxlen: 32
                          2a13:3f80::/32 maxlen: 32
                          2a13:3f83::/32 maxlen: 32
                          2a13:3f84::/32 maxlen: 32
                          2a13:3f85::/32 maxlen: 32
                          2a13:3f86::/32 maxlen: 32
                          2a13:3f87::/32 maxlen: 32

Validation:               Failed, certificate revoked on Wed 17 Apr 2024 08:23:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c5:29:c3:81:f3:53:7f:5f:ff:6a:a4:fd:7b:36:c0:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3622fc2f8ad8b008357dbe6f0195960c9de61bd5
        Validity
            Not Before: Apr  9 23:20:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a9f6917174ff9423b942b75807057a6c299fc621
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:a6:33:c8:9c:ed:8a:3d:32:5d:59:38:0a:57:
                    c5:e8:ca:a9:b5:f0:df:92:f8:ac:8e:35:c7:47:2f:
                    5f:6a:0c:c0:7f:be:41:a9:b8:05:d5:e9:c8:da:e6:
                    84:d5:ef:e1:12:85:8d:cc:1d:e9:41:6e:37:04:6a:
                    8b:00:d9:39:0b:4a:dc:5c:06:d0:bd:c5:06:a1:8c:
                    c3:32:01:b0:4c:7a:af:66:e4:3b:68:d6:50:89:64:
                    ad:d6:76:fd:22:01:2c:fa:45:2e:e2:f1:7a:9e:f5:
                    40:70:90:76:35:f2:68:b0:d0:09:c2:be:f4:37:25:
                    b5:72:4e:99:58:85:57:20:8d:26:53:aa:53:03:66:
                    c4:30:4e:28:60:0f:83:91:0d:3f:de:a1:54:3c:9d:
                    31:26:6d:a3:ef:89:b2:80:fb:b5:17:ef:4b:c1:41:
                    8d:37:de:5b:2c:3b:91:80:c3:d6:49:0e:21:c4:00:
                    4b:be:05:16:5e:ff:eb:90:45:e7:15:fa:4d:0c:02:
                    00:db:b8:e0:ed:6e:20:e8:34:f4:ee:67:35:62:30:
                    9a:4a:e2:74:5d:35:38:85:5c:9f:6a:4e:5b:71:28:
                    c6:18:4d:b3:52:af:57:75:26:3c:2f:5f:b6:e6:10:
                    05:17:9f:6d:ac:bc:09:e6:aa:6e:58:c0:ef:52:fc:
                    74:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:F6:91:71:74:FF:94:23:B9:42:B7:58:07:05:7A:6C:29:9F:C6:21
            X509v3 Authority Key Identifier:
                keyid:36:22:FC:2F:8A:D8:B0:08:35:7D:BE:6F:01:95:96:0C:9D:E6:1B:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/qfaRcXT_lCO5QrdYBwV6bCmfxiE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.141.242.0/24
                  104.167.24.0/21
                  104.207.32.0/19
                IPv6:
                  2a0a:1f40::/31
                  2a13:3f80::/32
                  2a13:3f83::-2a13:3f87:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         0c:2b:d7:35:2e:c7:e8:43:9e:f8:d0:5c:9d:cd:17:62:b2:9b:
         c5:a2:f3:96:1a:54:7f:13:c5:67:cd:e5:13:bc:33:41:55:f7:
         b0:c4:ec:ea:da:89:dc:83:d6:2e:2c:6b:8c:79:ed:6a:60:8f:
         72:46:4d:01:7c:ac:58:d7:ec:b6:d0:ef:68:b3:78:c7:ee:03:
         4d:4e:06:06:1e:1d:dd:60:d4:49:06:7a:f5:dc:52:04:4d:e5:
         7f:55:0c:dc:dc:56:22:ab:69:d4:52:b3:d8:35:74:1a:c1:68:
         32:93:a1:7c:79:d5:fb:eb:f1:81:40:1c:16:0b:30:e8:f0:0c:
         ec:e1:19:83:71:b2:ce:57:8c:af:21:25:f2:40:df:f2:77:03:
         83:59:79:47:1d:d6:43:f9:46:51:96:c6:f3:40:5d:5b:7b:8c:
         82:99:c9:43:a0:5b:f0:27:76:96:b8:0e:00:27:68:ae:d4:ba:
         d9:36:e4:d2:74:c9:fd:7d:1f:cf:1b:18:66:4e:23:85:64:c3:
         0b:c4:ee:21:16:0a:0d:81:57:38:62:23:97:64:bc:57:46:f4:
         aa:df:78:95:71:cd:9c:35:a2:7d:d5:04:d4:93:d7:40:d4:21:
         a3:fe:96:05:21:13:91:45:37:8b:9f:32:34:70:73:9d:0e:20:
         3e:6b:6b:fc
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAY7FKcOB81N/X/9qpP17NsB4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2MjJmYzJmOGFkOGIwMDgzNTdkYmU2ZjAxOTU5NjBjOWRl
NjFiZDUwHhcNMjQwNDA5MjMyMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWY2OTE3MTc0ZmY5NDIzYjk0MmI3NTgwNzA1N2E2YzI5OWZjNjIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2aYzyJztij0yXVk4ClfF6MqptfDf
kvisjjXHRy9fagzAf75BqbgF1enI2uaE1e/hEoWNzB3pQW43BGqLANk5C0rcXAbQ
vcUGoYzDMgGwTHqvZuQ7aNZQiWSt1nb9IgEs+kUu4vF6nvVAcJB2NfJosNAJwr70
NyW1ck6ZWIVXII0mU6pTA2bEME4oYA+DkQ0/3qFUPJ0xJm2j74mygPu1F+9LwUGN
N95bLDuRgMPWSQ4hxABLvgUWXv/rkEXnFfpNDAIA27jg7W4g6DT07mc1YjCaSuJ0
XTU4hVyfak5bcSjGGE2zUq9XdSY8L1+25hAFF59trLwJ5qpuWMDvUvx0aQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFKn2kXF0/5QjuUK3WAcFemwpn8YhMB8GA1UdIwQY
MBaAFDYi/C+K2LAINX2+bwGVlgyd5hvVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmlMOEw0cllzQWcxZmI1dkFaV1dESjNtRzlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS9mNjNlNTgtOWVmYy00MDgyLTgyYmIt
MDg4MzVkZmY2YzRmLzEvcWZhUmNYVF9sQ081UXJkWUJ3VjZiQ21meGlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS9mNjNlNTgtOWVmYy00MDgyLTgyYmItMDg4MzVkZmY2YzRm
LzEvTmlMOEw0cllzQWcxZmI1dkFaV1dESjNtRzlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDAYBAIAATASAwQAX43yAwQD
aKcYAwQFaM8gMCQEAgACMB4DBQEqCh9AAwUAKhM/gDAOAwUAKhM/gwMFAyoTP4Aw
DQYJKoZIhvcNAQELBQADggEBAAwr1zUux+hDnvjQXJ3NF2Kym8Wi85YaVH8TxWfN
5RO8M0FV97DE7OraidyD1i4sa4x57Wpgj3JGTQF8rFjX7LbQ72izeMfuA01OBgYe
Hd1g1EkGevXcUgRN5X9VDNzcViKradRSs9g1dBrBaDKToXx51fvr8YFAHBYLMOjw
DOzhGYNxss5XjK8hJfJA3/J3A4NZeUcd1kP5RlGWxvNAXVt7jIKZyUOgW/Andpa4
DgAnaK7Uutk25NJ0yf19H88bGGZOI4VkwwvE7iEWCg2BVzhiI5dkvFdG9KrfeJVx
zZw1on3VBNST10DUIaP+lgUhE5FFN4ufMjRwc50OID5ra/w=
-----END CERTIFICATE-----