Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/f2d9df-16eb-449e-83f0-a4635df47d70/1/I3Alz1CVYv9QO1gkideCRzt1CwU.roa
File:                     I3Alz1CVYv9QO1gkideCRzt1CwU.roa (raw, json)
Hash identifier:          UvawyMeC1XZZM4UXCiiJtsBUNo/ZCTUekJR4A7PiKt8=
Subject key identifier:   23:70:25:CF:50:95:62:FF:50:3B:58:24:89:D7:82:47:3B:75:0B:05
Certificate issuer:       /CN=64d171f93cc1ca716fc806e36a55852cdf4f1c1c
Certificate serial:       018DDABB5BFDD005D5A0EBCEFB194CEFCB5F
Authority key identifier: 64:D1:71:F9:3C:C1:CA:71:6F:C8:06:E3:6A:55:85:2C:DF:4F:1C:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZNFx-TzBynFvyAbjalWFLN9PHBw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/f2d9df-16eb-449e-83f0-a4635df47d70/1/I3Alz1CVYv9QO1gkideCRzt1CwU.roa
Signing time:             Sat 24 Feb 2024 10:48:48 +0000
ROA not before:           Sat 24 Feb 2024 10:48:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47962
IP address blocks:        37.122.152.0/22 maxlen: 22
                          37.122.153.0/24 maxlen: 24
                          37.122.154.0/23 maxlen: 23
                          37.122.154.0/24 maxlen: 24
                          37.122.155.0/24 maxlen: 24
                          37.122.156.0/23 maxlen: 23
                          37.122.156.0/24 maxlen: 24
                          37.122.157.0/24 maxlen: 24
                          176.106.224.0/22 maxlen: 22
                          176.106.224.0/23 maxlen: 23
                          176.106.224.0/24 maxlen: 24
                          176.106.230.0/23 maxlen: 23
                          176.106.230.0/24 maxlen: 24
                          176.106.231.0/24 maxlen: 24
                          2a0f:6a80:1::/48 maxlen: 48

Validation:               Failed, certificate revoked on Wed 24 Jul 2024 20:59:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:da:bb:5b:fd:d0:05:d5:a0:eb:ce:fb:19:4c:ef:cb:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=64d171f93cc1ca716fc806e36a55852cdf4f1c1c
        Validity
            Not Before: Feb 24 10:48:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=237025cf509562ff503b582489d782473b750b05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:2d:d5:d6:1e:8d:e3:c3:c9:dc:6e:31:91:74:
                    4c:e5:e1:59:94:ba:1d:38:e5:00:3d:d9:53:2a:7f:
                    0c:1e:ce:51:92:bc:93:c6:2b:69:4b:2f:83:a5:10:
                    11:66:7d:f0:b0:45:c2:ad:98:f1:74:c3:68:6f:06:
                    65:76:fe:22:e5:4c:7b:bf:a8:f3:14:5d:f7:33:3b:
                    66:ec:eb:81:2b:23:89:83:bd:c0:80:97:69:15:70:
                    be:e6:57:1f:7b:b2:03:3a:cd:c1:43:7c:0f:53:11:
                    6c:d6:20:e2:3d:6f:a9:17:27:d0:45:40:05:f7:be:
                    79:81:70:34:be:6d:d0:f7:3a:6e:a9:1c:ba:4a:e1:
                    cf:76:72:f8:4b:22:e9:57:cc:14:68:03:1a:91:26:
                    8e:95:f9:42:ec:96:f5:b3:2e:68:bb:49:c4:a0:db:
                    65:ec:67:57:cd:53:ab:5a:f5:2a:17:d7:b6:85:b1:
                    50:5b:35:dc:e0:84:e3:6f:01:03:36:2d:d8:70:d8:
                    df:6c:63:f6:c8:2c:70:82:c0:ed:32:f3:eb:3d:73:
                    f1:54:46:d2:2a:78:2e:8c:55:e7:77:04:4c:61:9d:
                    86:b4:43:fa:af:7a:c1:14:77:05:19:21:14:a2:dd:
                    13:c9:f7:23:63:8a:7d:2f:2f:3a:44:fb:12:f1:5a:
                    94:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:70:25:CF:50:95:62:FF:50:3B:58:24:89:D7:82:47:3B:75:0B:05
            X509v3 Authority Key Identifier:
                keyid:64:D1:71:F9:3C:C1:CA:71:6F:C8:06:E3:6A:55:85:2C:DF:4F:1C:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZNFx-TzBynFvyAbjalWFLN9PHBw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/f2d9df-16eb-449e-83f0-a4635df47d70/1/I3Alz1CVYv9QO1gkideCRzt1CwU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/f2d9df-16eb-449e-83f0-a4635df47d70/1/ZNFx-TzBynFvyAbjalWFLN9PHBw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.122.152.0-37.122.157.255
                  176.106.224.0/22
                  176.106.230.0/23
                IPv6:
                  2a0f:6a80:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         76:8b:7a:8b:b1:fa:8a:b0:77:98:7a:6c:9e:af:eb:9c:c5:db:
         2d:ba:01:ab:68:2a:ba:94:ad:3e:22:bd:3e:02:d1:c3:24:34:
         c6:4f:c6:f8:e6:ff:53:a6:2e:d1:b4:19:a5:5f:29:d7:51:ac:
         17:34:5c:c3:18:3f:ec:8d:63:8e:5c:31:ed:91:98:45:e2:67:
         49:bb:7d:45:1b:71:dc:86:3a:43:eb:ab:90:ed:cc:b5:ef:91:
         06:78:e4:f2:e0:b3:e2:c1:4a:f1:37:49:3b:76:dd:22:02:96:
         80:1b:ab:14:0a:7a:c2:7c:ac:81:6c:26:3a:01:4d:1f:08:6d:
         4e:ad:67:00:42:4b:f4:29:3d:cc:c3:84:c8:ad:2f:ec:71:8d:
         b5:88:48:45:6b:64:da:28:55:1d:6a:12:23:af:bb:a6:d0:f7:
         27:74:dd:e6:5d:a3:57:8d:94:19:ca:f9:45:14:1c:8e:0c:c7:
         bd:95:bf:c9:9f:0a:47:56:e5:5a:18:30:bd:5f:f4:1e:ae:36:
         6c:b3:79:e8:43:4a:fa:ef:3e:e6:b4:32:05:dd:ca:72:3a:f7:
         a7:38:9f:4a:82:7c:a3:a8:c0:cf:83:9b:db:fd:96:af:25:62:
         58:00:c4:3d:dd:21:85:6f:44:47:ab:e3:00:7f:ba:9e:56:b9:
         34:e5:59:40
-----BEGIN CERTIFICATE-----
MIIFIjCCBAqgAwIBAgISAY3au1v90AXVoOvO+xlM78tfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0ZDE3MWY5M2NjMWNhNzE2ZmM4MDZlMzZhNTU4NTJjZGY0
ZjFjMWMwHhcNMjQwMjI0MTA0ODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzcwMjVjZjUwOTU2MmZmNTAzYjU4MjQ4OWQ3ODI0NzNiNzUwYjA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApy3V1h6N48PJ3G4xkXRM5eFZlLod
OOUAPdlTKn8MHs5RkryTxitpSy+DpRARZn3wsEXCrZjxdMNobwZldv4i5Ux7v6jz
FF33Mztm7OuBKyOJg73AgJdpFXC+5lcfe7IDOs3BQ3wPUxFs1iDiPW+pFyfQRUAF
9755gXA0vm3Q9zpuqRy6SuHPdnL4SyLpV8wUaAMakSaOlflC7Jb1sy5ou0nEoNtl
7GdXzVOrWvUqF9e2hbFQWzXc4ITjbwEDNi3YcNjfbGP2yCxwgsDtMvPrPXPxVEbS
KngujFXndwRMYZ2GtEP6r3rBFHcFGSEUot0TyfcjY4p9Ly86RPsS8VqU/wIDAQAB
o4ICLjCCAiowHQYDVR0OBBYEFCNwJc9QlWL/UDtYJInXgkc7dQsFMB8GA1UdIwQY
MBaAFGTRcfk8wcpxb8gG42pVhSzfTxwcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWk5GeC1UekJ5bkZ2eUFiamFsV0ZMTjlQSEJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy9mMmQ5ZGYtMTZlYi00NDllLTgzZjAt
YTQ2MzVkZjQ3ZDcwLzEvSTNBbHoxQ1ZZdjlRTzFna2lkZUNSenQxQ3dVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy9mMmQ5ZGYtMTZlYi00NDllLTgzZjAtYTQ2MzVkZjQ3ZDcw
LzEvWk5GeC1UekJ5bkZ2eUFiamFsV0ZMTjlQSEJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEQGCCsGAQUFBwEHAQH/BDUwMzAgBAIAATAaMAwDBAMlepgD
BAElepwDBAKwauADBAGwauYwDwQCAAIwCQMHACoPaoAAATANBgkqhkiG9w0BAQsF
AAOCAQEAdot6i7H6irB3mHpsnq/rnMXbLboBq2gqupStPiK9PgLRwyQ0xk/G+Ob/
U6Yu0bQZpV8p11GsFzRcwxg/7I1jjlwx7ZGYReJnSbt9RRtx3IY6Q+urkO3Mte+R
Bnjk8uCz4sFK8TdJO3bdIgKWgBurFAp6wnysgWwmOgFNHwhtTq1nAEJL9Ck9zMOE
yK0v7HGNtYhIRWtk2ihVHWoSI6+7ptD3J3Td5l2jV42UGcr5RRQcjgzHvZW/yZ8K
R1blWhgwvV/0Hq42bLN56ENK+u8+5rQyBd3Kcjr3pzifSoJ8o6jAz4Ob2/2WryVi
WADEPd0hhW9ER6vjAH+6nla5NOVZQA==
-----END CERTIFICATE-----