Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/768fdb-d1b5-4bef-bcbd-4924fa000b7c/1/hSLYoLr026iv0l3fRgeBVIzvYNk.roa
File:                     hSLYoLr026iv0l3fRgeBVIzvYNk.roa (raw, json)
Hash identifier:          aBHi3ZyKOe21CoJOK4OE0p/d9zMfcV7kHXsLhR2+0hk=
Subject key identifier:   85:22:D8:A0:BA:F4:DB:A8:AF:D2:5D:DF:46:07:81:54:8C:EF:60:D9
Certificate issuer:       /CN=a63bcc6d25f7476fbb3ec33f6dbc3e9eead92212
Certificate serial:       018776E9B950804B71000B74A9A15EE3FA26
Authority key identifier: A6:3B:CC:6D:25:F7:47:6F:BB:3E:C3:3F:6D:BC:3E:9E:EA:D9:22:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pjvMbSX3R2-7PsM_bbw-nurZIhI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/768fdb-d1b5-4bef-bcbd-4924fa000b7c/1/hSLYoLr026iv0l3fRgeBVIzvYNk.roa
Signing time:             Wed 12 Apr 2023 19:20:41 +0000
ROA not before:           Wed 12 Apr 2023 19:20:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     35819
IP address blocks:        46.152.160.0/20 maxlen: 20
                          46.153.128.0/20 maxlen: 20
                          46.152.176.0/20 maxlen: 20
                          46.153.144.0/20 maxlen: 20
                          46.153.160.0/19 maxlen: 19
                          46.152.128.0/19 maxlen: 19
                          46.153.96.0/19 maxlen: 19
                          46.153.16.0/20 maxlen: 20
                          46.152.64.0/19 maxlen: 19
                          46.153.240.0/20 maxlen: 20
                          46.153.32.0/20 maxlen: 20
                          46.153.48.0/20 maxlen: 20
                          46.152.96.0/19 maxlen: 19
                          46.153.64.0/19 maxlen: 19
                          46.152.0.0/19 maxlen: 19
                          46.153.192.0/20 maxlen: 20
                          46.152.32.0/19 maxlen: 19
                          46.153.208.0/20 maxlen: 20
                          46.153.0.0/20 maxlen: 20
                          46.153.224.0/20 maxlen: 20

Validation:               Failed, certificate revoked on Wed 12 Apr 2023 19:21:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:76:e9:b9:50:80:4b:71:00:0b:74:a9:a1:5e:e3:fa:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a63bcc6d25f7476fbb3ec33f6dbc3e9eead92212
        Validity
            Not Before: Apr 12 19:20:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8522d8a0baf4dba8afd25ddf460781548cef60d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:33:96:07:59:6b:ac:85:5c:97:d3:1f:98:93:
                    00:16:ee:7c:4e:82:fe:d0:dc:fd:20:7e:a6:08:ba:
                    4c:e6:7b:f7:ba:a6:f1:1d:ea:19:8a:45:72:66:46:
                    2f:d3:58:8b:e7:de:a3:64:ea:42:2d:59:f5:3b:44:
                    31:de:d5:8d:fa:b7:7c:36:ba:66:91:dc:31:76:2c:
                    5a:60:5c:8b:8b:fe:77:b1:28:2f:4f:ae:15:68:95:
                    95:82:93:30:31:81:61:e0:7f:91:c6:59:16:ff:bb:
                    f1:36:f2:4b:44:13:d6:33:a4:1d:d3:d0:f6:4d:18:
                    81:54:89:76:e6:5d:26:ac:a1:3e:bc:22:b5:20:7e:
                    dc:d3:63:fb:69:a6:a5:0f:da:77:03:dc:6a:b0:e0:
                    4c:d8:c8:84:11:97:4d:8d:21:8f:4f:56:7d:54:53:
                    33:57:15:8e:20:02:2b:c7:19:b0:9b:4b:ff:59:71:
                    28:2e:28:0b:73:e8:89:16:15:80:d6:10:a1:0c:6c:
                    ad:4b:ad:78:9e:1d:65:33:c2:81:32:3b:01:32:67:
                    9e:57:e4:34:d2:55:6f:12:16:f9:8b:55:00:33:e1:
                    4e:18:9f:fa:f5:a4:ec:68:93:83:eb:25:8d:eb:31:
                    92:c0:c8:1f:7b:75:be:b0:cb:13:87:64:41:19:28:
                    18:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:22:D8:A0:BA:F4:DB:A8:AF:D2:5D:DF:46:07:81:54:8C:EF:60:D9
            X509v3 Authority Key Identifier:
                keyid:A6:3B:CC:6D:25:F7:47:6F:BB:3E:C3:3F:6D:BC:3E:9E:EA:D9:22:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pjvMbSX3R2-7PsM_bbw-nurZIhI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/768fdb-d1b5-4bef-bcbd-4924fa000b7c/1/hSLYoLr026iv0l3fRgeBVIzvYNk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/768fdb-d1b5-4bef-bcbd-4924fa000b7c/1/pjvMbSX3R2-7PsM_bbw-nurZIhI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.152.0.0-46.152.191.255
                  46.153.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         2f:29:b6:ac:35:fc:1b:d8:54:8a:bd:bf:8a:64:14:c4:17:ae:
         f0:58:3b:b2:3d:e9:90:56:be:1a:e1:2a:01:ce:3c:2a:39:1c:
         01:69:9b:16:0b:6f:16:c6:01:b9:11:b5:01:62:55:51:30:03:
         f4:9c:4d:21:ff:64:8f:af:fc:3a:b6:83:e4:46:ba:93:b0:29:
         40:74:81:89:1f:78:b7:2c:b2:a4:5b:9e:6e:87:5b:66:45:48:
         51:3d:8b:f5:09:9a:42:65:4a:e9:49:c4:f6:92:c8:58:58:fd:
         12:9c:b4:9b:49:5f:e8:bb:e1:e2:fb:17:71:56:40:01:2c:2b:
         78:b6:82:9c:b2:63:71:1b:ba:4b:f4:a3:f9:93:cd:90:b6:fe:
         ba:b6:59:a0:80:1e:72:3c:5e:95:0a:cf:92:c6:fb:d8:32:10:
         4a:12:1a:4e:ba:c6:4c:f1:96:83:ff:c6:5b:f0:26:84:c1:00:
         c2:d2:0a:63:f7:75:ac:27:b4:cd:fc:14:f1:53:95:43:f7:48:
         45:27:94:87:80:bc:4c:d6:2b:24:4c:34:b1:7f:52:2e:12:09:
         42:49:5a:3d:de:48:85:a7:9d:58:5d:dd:c9:a7:a7:10:cf:ab:
         81:95:9b:cd:ba:af:1f:56:70:d4:65:ba:1c:d8:63:6e:44:de:
         2e:42:ee:61
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYd26blQgEtxAAt0qaFe4/omMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2M2JjYzZkMjVmNzQ3NmZiYjNlYzMzZjZkYmMzZTllZWFk
OTIyMTIwHhcNMjMwNDEyMTkyMDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTIyZDhhMGJhZjRkYmE4YWZkMjVkZGY0NjA3ODE1NDhjZWY2MGQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqjOWB1lrrIVcl9MfmJMAFu58ToL+
0Nz9IH6mCLpM5nv3uqbxHeoZikVyZkYv01iL596jZOpCLVn1O0Qx3tWN+rd8Nrpm
kdwxdixaYFyLi/53sSgvT64VaJWVgpMwMYFh4H+RxlkW/7vxNvJLRBPWM6Qd09D2
TRiBVIl25l0mrKE+vCK1IH7c02P7aaalD9p3A9xqsOBM2MiEEZdNjSGPT1Z9VFMz
VxWOIAIrxxmwm0v/WXEoLigLc+iJFhWA1hChDGytS614nh1lM8KBMjsBMmeeV+Q0
0lVvEhb5i1UAM+FOGJ/69aTsaJOD6yWN6zGSwMgfe3W+sMsTh2RBGSgYAwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFIUi2KC69Nuor9Jd30YHgVSM72DZMB8GA1UdIwQY
MBaAFKY7zG0l90dvuz7DP228Pp7q2SISMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGp2TWJTWDNSMi03UHNNX2Jidy1udXJaSWhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS83NjhmZGItZDFiNS00YmVmLWJjYmQt
NDkyNGZhMDAwYjdjLzEvaFNMWW9McjAyNml2MGwzZlJnZUJWSXp2WU5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS83NjhmZGItZDFiNS00YmVmLWJjYmQtNDkyNGZhMDAwYjdj
LzEvcGp2TWJTWDNSMi03UHNNX2Jidy1udXJaSWhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASMAsDAwMumAME
Bi6YgAMDAC6ZMA0GCSqGSIb3DQEBCwUAA4IBAQAvKbasNfwb2FSKvb+KZBTEF67w
WDuyPemQVr4a4SoBzjwqORwBaZsWC28WxgG5EbUBYlVRMAP0nE0h/2SPr/w6toPk
RrqTsClAdIGJH3i3LLKkW55uh1tmRUhRPYv1CZpCZUrpScT2kshYWP0SnLSbSV/o
u+Hi+xdxVkABLCt4toKcsmNxG7pL9KP5k82Qtv66tlmggB5yPF6VCs+SxvvYMhBK
EhpOusZM8ZaD/8Zb8CaEwQDC0gpj93WsJ7TN/BTxU5VD90hFJ5SHgLxM1iskTDSx
f1IuEglCSVo93kiFp51YXd3Jp6cQz6uBlZvNuq8fVnDUZboc2GNuRN4uQu5h
-----END CERTIFICATE-----