Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/zGYtJb6ktd-sUU-KRvqYe2e2W3M.roa
File:                     zGYtJb6ktd-sUU-KRvqYe2e2W3M.roa (raw, json)
Hash identifier:          v3y7e3VlmEv/9KY/5ZytkfV1n/UiitEYxsE2IVwDSYo=
Subject key identifier:   CC:66:2D:25:BE:A4:B5:DF:AC:51:4F:8A:46:FA:98:7B:67:B6:5B:73
Certificate issuer:       /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial:       018D6617DC11A91F8D4C2536486E40A35B11
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/zGYtJb6ktd-sUU-KRvqYe2e2W3M.roa
Signing time:             Thu 01 Feb 2024 19:14:16 +0000
ROA not before:           Thu 01 Feb 2024 19:14:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3320
IP address blocks:        5.35.192.0/21 maxlen: 24
                          84.234.16.0/20 maxlen: 24
                          85.204.160.0/22 maxlen: 24
                          86.107.108.0/23 maxlen: 24
                          89.34.124.0/23 maxlen: 24
                          89.39.172.0/23 maxlen: 24
                          193.124.20.0/23 maxlen: 24
                          194.88.96.0/21 maxlen: 24
                          194.88.112.0/20 maxlen: 24
                          194.135.26.0/23 maxlen: 24

Validation:               Failed, certificate revoked on Wed 17 Apr 2024 08:54:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:66:17:dc:11:a9:1f:8d:4c:25:36:48:6e:40:a3:5b:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
        Validity
            Not Before: Feb  1 19:14:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cc662d25bea4b5dfac514f8a46fa987b67b65b73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:e0:97:69:5e:49:7b:64:31:74:e8:12:c2:d6:
                    2d:6b:2b:8d:7f:c4:18:97:6b:3a:22:5c:cb:90:1a:
                    71:8b:57:ef:0f:7d:22:68:ac:df:5a:0f:80:7c:a8:
                    c1:0d:c3:4e:b4:8d:9e:26:ad:b8:24:8a:b2:f7:72:
                    37:50:61:dd:a6:9d:79:8d:c9:dd:a4:14:49:c1:49:
                    43:a4:f7:0e:69:80:08:a2:73:44:bb:53:c1:81:2d:
                    73:39:b2:51:05:bb:1f:e5:c2:ad:8d:29:13:b7:26:
                    7e:b7:a0:46:54:c3:1e:09:1e:9e:8f:60:a3:e8:8c:
                    71:13:85:cf:e9:0d:eb:25:61:82:8a:a8:88:7f:03:
                    a1:9f:75:77:f2:f2:b2:ab:ad:17:bd:8a:ae:a4:0d:
                    5a:13:4d:43:20:23:65:e2:9a:47:e6:c7:d1:7b:78:
                    08:79:5a:7c:8a:d2:e5:d0:94:ee:0f:61:08:df:c1:
                    58:27:96:34:25:8f:13:14:90:68:ca:54:86:ba:01:
                    8c:b0:90:84:17:e6:0e:cd:61:8a:49:6b:6d:c8:10:
                    9a:12:bc:c5:f1:3b:86:98:8e:ce:36:f8:bf:d9:d9:
                    3e:c7:63:50:95:8b:0c:65:10:97:e2:9c:6c:cf:bc:
                    f8:6e:43:59:06:74:cc:3d:0c:e8:5d:9b:df:42:b0:
                    7a:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:66:2D:25:BE:A4:B5:DF:AC:51:4F:8A:46:FA:98:7B:67:B6:5B:73
            X509v3 Authority Key Identifier:
                keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/zGYtJb6ktd-sUU-KRvqYe2e2W3M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.35.192.0/21
                  84.234.16.0/20
                  85.204.160.0/22
                  86.107.108.0/23
                  89.34.124.0/23
                  89.39.172.0/23
                  193.124.20.0/23
                  194.88.96.0/21
                  194.88.112.0/20
                  194.135.26.0/23

    Signature Algorithm: sha256WithRSAEncryption
         05:e7:44:18:1f:b7:6b:d9:54:ca:0b:ef:d9:39:a9:80:f9:38:
         21:b6:61:6c:ef:3f:c7:2d:51:84:b5:6c:27:3f:e0:7a:43:8e:
         00:0b:b0:d3:d8:54:21:a2:3b:fa:23:70:b0:dd:42:7b:88:2c:
         c2:a0:65:6b:fb:6a:79:fe:4c:6c:a2:5e:84:fd:4f:60:10:53:
         44:df:ad:32:20:2c:6e:8b:61:97:0c:74:c8:4f:f4:0f:4b:80:
         59:5d:3e:4a:45:5d:de:12:1c:3f:cf:0f:bd:74:16:e8:8b:ea:
         e0:57:d7:cb:3d:0d:6b:4f:77:82:91:88:15:3e:a3:ca:73:15:
         ee:6e:39:db:14:75:c2:2b:30:a0:06:5a:2a:b8:6a:ad:23:c8:
         db:05:53:60:13:5f:22:98:c5:77:24:ca:46:f1:55:96:4d:ae:
         a0:57:2b:55:1b:9c:3c:b0:bd:87:a5:76:ea:c5:4c:70:92:d6:
         5c:c0:cf:52:f6:3c:04:58:d2:7e:e0:13:4e:44:0e:bc:75:65:
         f4:5c:a3:37:3b:e8:79:b6:4f:35:3b:8d:ee:83:90:85:ea:01:
         0f:54:3a:69:c7:25:95:dc:a4:ed:63:4e:92:f3:85:e7:44:c7:
         b8:51:f2:e6:18:eb:95:72:f2:06:58:a7:bf:c3:ef:9e:87:17:
         38:57:ba:13
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAY1mF9wRqR+NTCU2SG5Ao1sRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjQwMjAxMTkxNDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzY2MmQyNWJlYTRiNWRmYWM1MTRmOGE0NmZhOTg3YjY3YjY1YjczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkOCXaV5Je2QxdOgSwtYtayuNf8QY
l2s6IlzLkBpxi1fvD30iaKzfWg+AfKjBDcNOtI2eJq24JIqy93I3UGHdpp15jcnd
pBRJwUlDpPcOaYAIonNEu1PBgS1zObJRBbsf5cKtjSkTtyZ+t6BGVMMeCR6ej2Cj
6IxxE4XP6Q3rJWGCiqiIfwOhn3V38vKyq60XvYqupA1aE01DICNl4ppH5sfRe3gI
eVp8itLl0JTuD2EI38FYJ5Y0JY8TFJBoylSGugGMsJCEF+YOzWGKSWttyBCaErzF
8TuGmI7ONvi/2dk+x2NQlYsMZRCX4pxsz7z4bkNZBnTMPQzoXZvfQrB6cwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFMxmLSW+pLXfrFFPikb6mHtntltzMB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvekdZdEpiNmt0ZC1zVVUtS1J2cVllMmUyVzNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQDBSPAAwQE
VOoQAwQCVcygAwQBVmtsAwQBWSJ8AwQBWSesAwQBwXwUAwQDwlhgAwQEwlhwAwQB
wocaMA0GCSqGSIb3DQEBCwUAA4IBAQAF50QYH7dr2VTKC+/ZOamA+TghtmFs7z/H
LVGEtWwnP+B6Q44AC7DT2FQhojv6I3Cw3UJ7iCzCoGVr+2p5/kxsol6E/U9gEFNE
360yICxui2GXDHTIT/QPS4BZXT5KRV3eEhw/zw+9dBboi+rgV9fLPQ1rT3eCkYgV
PqPKcxXubjnbFHXCKzCgBloquGqtI8jbBVNgE18imMV3JMpG8VWWTa6gVytVG5w8
sL2HpXbqxUxwktZcwM9S9jwEWNJ+4BNORA68dWX0XKM3O+h5tk81O43ug5CF6gEP
VDppxyWV3KTtY06S84XnRMe4UfLmGOuVcvIGWKe/w++ehxc4V7oT
-----END CERTIFICATE-----