Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/c1acd6-230a-4e36-a58f-f555e2e68a10/1/CsLTUZloZXRYJHyK2H8JpKCJYx0.roa
File:                     CsLTUZloZXRYJHyK2H8JpKCJYx0.roa (raw, json)
Hash identifier:          VfeOh94UaUKAIeMgC9xP+J0fxRHr9Ri5vdD4oCX8iYM=
Subject key identifier:   0A:C2:D3:51:99:68:65:74:58:24:7C:8A:D8:7F:09:A4:A0:89:63:1D
Certificate issuer:       /CN=61b534437503668815add93cd17d0ad3e1b1a877
Certificate serial:       018A6F22507C9B858AC52FAA4EBA1E9199BC
Authority key identifier: 61:B5:34:43:75:03:66:88:15:AD:D9:3C:D1:7D:0A:D3:E1:B1:A8:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbU0Q3UDZogVrdk80X0K0-GxqHc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/c1acd6-230a-4e36-a58f-f555e2e68a10/1/CsLTUZloZXRYJHyK2H8JpKCJYx0.roa
Signing time:             Thu 07 Sep 2023 10:13:54 +0000
ROA not before:           Thu 07 Sep 2023 10:13:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     20507
IP address blocks:        85.223.101.0/24 maxlen: 24
                          82.215.0.0/18 maxlen: 24
                          82.215.17.0/24 maxlen: 24
                          82.215.19.0/24 maxlen: 24
                          85.223.126.0/24 maxlen: 24
                          217.149.192.0/24 maxlen: 24
                          217.149.192.0/19 maxlen: 24
                          217.149.202.0/24 maxlen: 24
                          217.149.201.0/24 maxlen: 24
                          217.149.203.0/24 maxlen: 24
                          217.149.219.0/24 maxlen: 24
                          217.149.217.0/24 maxlen: 24
                          217.149.218.0/24 maxlen: 24
                          2a01:3a8::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 18:31:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:6f:22:50:7c:9b:85:8a:c5:2f:aa:4e:ba:1e:91:99:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b534437503668815add93cd17d0ad3e1b1a877
        Validity
            Not Before: Sep  7 10:13:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0ac2d3519968657458247c8ad87f09a4a089631d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:c5:74:61:21:17:27:ac:e2:42:81:73:9c:f7:
                    71:4b:c9:97:21:86:ce:9d:2a:e1:9c:00:1c:5f:89:
                    3d:ea:c2:5e:71:55:ea:f2:65:c0:80:75:80:c7:1e:
                    4a:a7:33:da:1e:ed:fd:7b:ff:35:02:0f:f0:15:b9:
                    2a:6a:3e:31:53:4f:1e:6e:b6:d0:ff:bf:37:88:40:
                    f8:93:e5:13:c4:17:4d:6d:46:e7:4e:02:3b:c1:89:
                    29:3b:00:e3:33:d6:6e:32:79:f5:44:9f:69:a2:03:
                    c5:64:aa:8d:ea:ff:b5:15:c9:a7:cd:51:ef:7b:ed:
                    62:73:f5:23:74:d5:8c:0f:2a:85:e6:4d:40:62:b0:
                    4b:49:3b:70:d4:76:58:7b:ad:bb:5b:3e:8c:58:a7:
                    b7:7a:d5:db:d2:13:20:d8:80:f6:0a:dc:33:bb:f9:
                    07:ba:f8:5f:99:0b:dc:bb:fe:5f:c2:f5:19:43:55:
                    54:d6:46:e4:e4:19:f4:6d:e7:0b:cc:42:59:e6:d2:
                    56:2d:10:28:3b:a1:de:c5:36:a2:a1:db:56:c8:92:
                    b3:a6:4f:90:95:5d:ef:b6:93:38:30:70:3b:4e:51:
                    47:fc:fe:1e:9e:54:59:42:45:b6:c7:c0:76:98:aa:
                    da:fd:42:df:e2:43:bd:86:9a:4c:02:1f:13:c2:f6:
                    5b:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:C2:D3:51:99:68:65:74:58:24:7C:8A:D8:7F:09:A4:A0:89:63:1D
            X509v3 Authority Key Identifier:
                keyid:61:B5:34:43:75:03:66:88:15:AD:D9:3C:D1:7D:0A:D3:E1:B1:A8:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbU0Q3UDZogVrdk80X0K0-GxqHc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/c1acd6-230a-4e36-a58f-f555e2e68a10/1/CsLTUZloZXRYJHyK2H8JpKCJYx0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/c1acd6-230a-4e36-a58f-f555e2e68a10/1/YbU0Q3UDZogVrdk80X0K0-GxqHc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.215.0.0/18
                  85.223.101.0/24
                  85.223.126.0/24
                  217.149.192.0/19
                IPv6:
                  2a01:3a8::/32

    Signature Algorithm: sha256WithRSAEncryption
         54:f0:3b:6a:25:48:1b:54:c0:f6:c8:a7:6f:db:34:fc:78:c9:
         fb:c4:c2:b6:cb:ce:6a:38:6e:66:66:a5:1c:8e:16:cc:bb:59:
         59:18:bb:3d:e2:8b:2a:58:4e:3a:59:2e:76:c7:4b:25:c0:0e:
         59:b6:17:53:df:25:2d:cd:be:28:b7:e0:bd:84:7a:81:de:c5:
         2b:92:7d:93:ae:8b:1f:43:6d:94:97:ae:fc:8b:30:79:f6:57:
         8b:9a:08:f6:5f:3f:1a:29:da:4f:c6:05:bb:10:bb:54:8d:9a:
         5a:c3:0f:be:0e:da:48:b8:4a:f4:c2:9d:ce:3c:71:2d:e0:71:
         f6:5c:3f:35:a5:70:4f:87:98:a5:70:cc:1b:4e:6e:74:a2:a5:
         6d:da:17:ba:8e:61:9e:03:a2:56:5b:34:86:d3:3f:c3:11:c0:
         20:7d:d9:c4:5d:62:65:7d:97:c4:8a:e4:6c:df:5c:b3:d8:34:
         fd:1e:a9:9f:1d:b0:49:ba:23:b6:33:00:8f:79:76:83:ff:31:
         df:9e:83:3c:b0:c5:f0:56:b2:58:af:6f:f7:20:db:c6:a9:63:
         d3:59:5f:db:f6:0b:27:0b:79:f1:64:67:42:48:ad:94:ce:a5:
         1e:3a:99:25:17:d4:5f:cb:9f:67:b5:ff:77:f8:6d:7a:ce:40:
         fd:1c:cd:85
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYpvIlB8m4WKxS+qTroekZm8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxYjUzNDQzNzUwMzY2ODgxNWFkZDkzY2QxN2QwYWQzZTFi
MWE4NzcwHhcNMjMwOTA3MTAxMzU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWMyZDM1MTk5Njg2NTc0NTgyNDdjOGFkODdmMDlhNGEwODk2MzFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv8V0YSEXJ6ziQoFznPdxS8mXIYbO
nSrhnAAcX4k96sJecVXq8mXAgHWAxx5KpzPaHu39e/81Ag/wFbkqaj4xU08ebrbQ
/783iED4k+UTxBdNbUbnTgI7wYkpOwDjM9ZuMnn1RJ9pogPFZKqN6v+1FcmnzVHv
e+1ic/UjdNWMDyqF5k1AYrBLSTtw1HZYe627Wz6MWKe3etXb0hMg2ID2Ctwzu/kH
uvhfmQvcu/5fwvUZQ1VU1kbk5Bn0becLzEJZ5tJWLRAoO6HexTaiodtWyJKzpk+Q
lV3vtpM4MHA7TlFH/P4enlRZQkW2x8B2mKra/ULf4kO9hppMAh8TwvZbQwIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFArC01GZaGV0WCR8ith/CaSgiWMdMB8GA1UdIwQY
MBaAFGG1NEN1A2aIFa3ZPNF9CtPhsah3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWJVMFEzVURab2dWcmRrODBYMEswLUd4cUhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS9jMWFjZDYtMjMwYS00ZTM2LWE1OGYt
ZjU1NWUyZTY4YTEwLzEvQ3NMVFVabG9aWFJZSkh5SzJIOEpwS0NKWXgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS9jMWFjZDYtMjMwYS00ZTM2LWE1OGYtZjU1NWUyZTY4YTEw
LzEvWWJVMFEzVURab2dWcmRrODBYMEswLUd4cUhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQGUtcAAwQA
Vd9lAwQAVd9+AwQF2ZXAMA0EAgACMAcDBQAqAQOoMA0GCSqGSIb3DQEBCwUAA4IB
AQBU8DtqJUgbVMD2yKdv2zT8eMn7xMK2y85qOG5mZqUcjhbMu1lZGLs94osqWE46
WS52x0slwA5ZthdT3yUtzb4ot+C9hHqB3sUrkn2TrosfQ22Ul678izB59leLmgj2
Xz8aKdpPxgW7ELtUjZpaww++DtpIuEr0wp3OPHEt4HH2XD81pXBPh5ilcMwbTm50
oqVt2he6jmGeA6JWWzSG0z/DEcAgfdnEXWJlfZfEiuRs31yz2DT9HqmfHbBJuiO2
MwCPeXaD/zHfnoM8sMXwVrJYr2/3INvGqWPTWV/b9gsnC3nxZGdCSK2UzqUeOpkl
F9Rfy59ntf93+G16zkD9HM2F
-----END CERTIFICATE-----