Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/1c6180-9950-4ce8-811e-f8d662b96dab/1/daKmPAJ-17vF_EnNctXA5JZ_8hs.roa
File:                     daKmPAJ-17vF_EnNctXA5JZ_8hs.roa (raw, json)
Hash identifier:          2ecUP2HP1BtmdYcYoPsvFrmrYnN4NooyZDN8etoxT5U=
Subject key identifier:   75:A2:A6:3C:02:7E:D7:BB:C5:FC:49:CD:72:D5:C0:E4:96:7F:F2:1B
Certificate issuer:       /CN=7d4d1c8790a913e832c733dff778dee79129700a
Certificate serial:       01856D78A38340E962DCCC9F44CC8F3541B8
Authority key identifier: 7D:4D:1C:87:90:A9:13:E8:32:C7:33:DF:F7:78:DE:E7:91:29:70:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fU0ch5CpE-gyxzPf93je55EpcAo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/1c6180-9950-4ce8-811e-f8d662b96dab/1/daKmPAJ-17vF_EnNctXA5JZ_8hs.roa
Signing time:             Sun 01 Jan 2023 13:15:00 +0000
ROA not before:           Sun 01 Jan 2023 13:15:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     12337
IP address blocks:        188.92.112.0/21 maxlen: 24
                          194.31.2.0/24 maxlen: 24
                          213.183.0.0/19 maxlen: 24
                          213.95.0.0/16 maxlen: 24
                          213.155.64.0/19 maxlen: 24
                          194.59.179.0/24 maxlen: 24
                          192.109.102.0/24 maxlen: 24
                          89.250.128.0/20 maxlen: 24
                          62.128.0.0/19 maxlen: 24
                          185.227.12.0/22 maxlen: 24
                          2001:780::/32 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 00:29:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:78:a3:83:40:e9:62:dc:cc:9f:44:cc:8f:35:41:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d4d1c8790a913e832c733dff778dee79129700a
        Validity
            Not Before: Jan  1 13:15:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=75a2a63c027ed7bbc5fc49cd72d5c0e4967ff21b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:03:cf:2c:d4:9e:3e:54:bf:0b:b6:fc:a6:74:
                    dd:48:a2:9c:27:90:2a:00:c2:04:65:c0:84:b2:69:
                    f9:72:7d:b7:40:f1:03:05:b1:fa:13:33:02:8d:52:
                    37:50:58:f6:88:47:c1:e3:d6:46:1a:ac:94:c3:fb:
                    09:d6:80:5c:28:95:34:b7:ee:0f:c7:10:e3:d1:23:
                    4e:a1:dc:23:ef:74:01:da:7b:14:a9:ad:f8:4a:21:
                    ad:e0:54:7b:37:2b:1d:28:f1:2b:57:33:56:7c:5d:
                    f2:33:55:58:51:d9:52:ab:6e:ed:cf:55:e3:32:60:
                    89:c1:2d:5b:b8:5d:ca:51:e7:29:2a:7e:15:f9:7e:
                    03:fc:bd:85:1e:b6:92:bc:8d:14:96:ae:2a:e1:8b:
                    51:ed:ba:97:4e:ac:49:ab:9f:ff:18:8c:75:b0:76:
                    1a:08:ac:96:09:b3:35:c9:b0:78:28:56:8d:fc:08:
                    a3:ec:00:62:95:92:f1:56:9b:4f:26:4a:c1:d8:27:
                    5f:b1:67:d2:0c:5b:82:02:7a:d7:ea:b8:58:a3:36:
                    66:b1:05:e6:3a:d3:35:f7:af:ff:54:6c:ef:fb:d6:
                    a3:80:d7:26:e7:4d:bf:ef:72:46:f9:a3:98:e3:3a:
                    ce:b5:69:cc:39:72:77:bd:7a:f2:33:92:42:48:7f:
                    8d:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:A2:A6:3C:02:7E:D7:BB:C5:FC:49:CD:72:D5:C0:E4:96:7F:F2:1B
            X509v3 Authority Key Identifier:
                keyid:7D:4D:1C:87:90:A9:13:E8:32:C7:33:DF:F7:78:DE:E7:91:29:70:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fU0ch5CpE-gyxzPf93je55EpcAo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/1c6180-9950-4ce8-811e-f8d662b96dab/1/daKmPAJ-17vF_EnNctXA5JZ_8hs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/1c6180-9950-4ce8-811e-f8d662b96dab/1/fU0ch5CpE-gyxzPf93je55EpcAo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.128.0.0/19
                  89.250.128.0/20
                  185.227.12.0/22
                  188.92.112.0/21
                  192.109.102.0/24
                  194.31.2.0/24
                  194.59.179.0/24
                  213.95.0.0/16
                  213.155.64.0/19
                  213.183.0.0/19
                IPv6:
                  2001:780::/32

    Signature Algorithm: sha256WithRSAEncryption
         65:1a:53:46:1b:15:8f:55:c6:94:b2:e5:b0:13:71:7b:b0:ba:
         c7:78:2c:62:4f:ef:bc:3c:0f:12:13:89:94:e1:4f:8d:40:6c:
         39:17:a3:23:ba:ba:6a:43:b3:5b:b2:ab:67:e8:15:9a:20:16:
         68:66:7b:05:d7:22:67:20:32:ec:11:08:d6:f4:e3:a4:48:63:
         ee:63:2e:30:b7:43:43:86:1e:9c:44:1d:f6:2d:f2:f4:c5:c4:
         af:43:d0:d1:06:26:ca:02:d9:52:84:37:8e:43:31:e2:2d:5b:
         ea:56:2e:f0:92:01:8a:9d:58:d5:8e:88:96:77:24:b8:55:3f:
         1f:22:7d:dd:95:f2:89:78:fe:29:11:b5:f8:47:fb:89:03:1b:
         81:84:5a:6b:e0:da:8e:5b:da:39:c9:8c:4a:14:1a:89:83:81:
         32:c7:47:ec:36:71:60:cd:93:75:2f:64:c9:b5:b4:7e:2c:9c:
         7a:80:fe:b1:8e:4c:f2:d9:54:59:75:7f:c2:eb:6f:4b:00:fd:
         0b:8e:b9:c3:91:c7:1d:f7:2d:65:c9:4d:0c:8c:20:ee:80:98:
         b5:3d:af:6b:d8:12:71:9d:2e:55:46:39:f8:31:81:03:75:61:
         d8:07:9f:9d:f5:20:46:a0:19:f7:60:00:ce:65:dc:13:56:e4:
         f7:81:98:5d
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYVteKODQOli3MyfRMyPNUG4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNGQxYzg3OTBhOTEzZTgzMmM3MzNkZmY3NzhkZWU3OTEy
OTcwMGEwHhcNMjMwMTAxMTMxNTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWEyYTYzYzAyN2VkN2JiYzVmYzQ5Y2Q3MmQ1YzBlNDk2N2ZmMjFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhAPPLNSePlS/C7b8pnTdSKKcJ5Aq
AMIEZcCEsmn5cn23QPEDBbH6EzMCjVI3UFj2iEfB49ZGGqyUw/sJ1oBcKJU0t+4P
xxDj0SNOodwj73QB2nsUqa34SiGt4FR7NysdKPErVzNWfF3yM1VYUdlSq27tz1Xj
MmCJwS1buF3KUecpKn4V+X4D/L2FHraSvI0Ulq4q4YtR7bqXTqxJq5//GIx1sHYa
CKyWCbM1ybB4KFaN/Aij7ABilZLxVptPJkrB2CdfsWfSDFuCAnrX6rhYozZmsQXm
OtM196//VGzv+9ajgNcm502/73JG+aOY4zrOtWnMOXJ3vXryM5JCSH+NvwIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFHWipjwCfte7xfxJzXLVwOSWf/IbMB8GA1UdIwQY
MBaAFH1NHIeQqRPoMscz3/d43ueRKXAKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlUwY2g1Q3BFLWd5eHpQZjkzamU1NUVwY0FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy8xYzYxODAtOTk1MC00Y2U4LTgxMWUt
ZjhkNjYyYjk2ZGFiLzEvZGFLbVBBSi0xN3ZGX0VuTmN0WEE1SlpfOGhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy8xYzYxODAtOTk1MC00Y2U4LTgxMWUtZjhkNjYyYjk2ZGFi
LzEvZlUwY2g1Q3BFLWd5eHpQZjkzamU1NUVwY0FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBBBAIAATA7AwQFPoAAAwQE
WfqAAwQCueMMAwQDvFxwAwQAwG1mAwQAwh8CAwQAwjuzAwMA1V8DBAXVm0ADBAXV
twAwDQQCAAIwBwMFACABB4AwDQYJKoZIhvcNAQELBQADggEBAGUaU0YbFY9VxpSy
5bATcXuwusd4LGJP77w8DxITiZThT41AbDkXoyO6umpDs1uyq2foFZogFmhmewXX
ImcgMuwRCNb046RIY+5jLjC3Q0OGHpxEHfYt8vTFxK9D0NEGJsoC2VKEN45DMeIt
W+pWLvCSAYqdWNWOiJZ3JLhVPx8ifd2V8ol4/ikRtfhH+4kDG4GEWmvg2o5b2jnJ
jEoUGomDgTLHR+w2cWDNk3UvZMm1tH4snHqA/rGOTPLZVFl1f8Lrb0sA/QuOucOR
xx33LWXJTQyMIO6AmLU9r2vYEnGdLlVGOfgxgQN1YdgHn531IEagGfdgAM5l3BNW
5PeBmF0=
-----END CERTIFICATE-----