Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/5b92a7-2837-469e-8214-e811e23c1804/1/exeLjVIBBZK2HFUKuUiJ5Guh9mw.roa
File:                     exeLjVIBBZK2HFUKuUiJ5Guh9mw.roa (raw, json)
Hash identifier:          HdipIB7+7hObmLUfc9EULHNDzKLI0oGWplax3vnkXG0=
Subject key identifier:   7B:17:8B:8D:52:01:05:92:B6:1C:55:0A:B9:48:89:E4:6B:A1:F6:6C
Certificate issuer:       /CN=918901662a8ec5ff4d3f48d29099230a0575ec8a
Certificate serial:       018571E79B3D3C5EE3690F532C1B9ED47331
Authority key identifier: 91:89:01:66:2A:8E:C5:FF:4D:3F:48:D2:90:99:23:0A:05:75:EC:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kYkBZiqOxf9NP0jSkJkjCgV17Io.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/5b92a7-2837-469e-8214-e811e23c1804/1/exeLjVIBBZK2HFUKuUiJ5Guh9mw.roa
Signing time:             Mon 02 Jan 2023 09:54:42 +0000
ROA not before:           Mon 02 Jan 2023 09:54:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     56902
IP address blocks:        45.142.138.0/24 maxlen: 24
                          45.142.137.0/24 maxlen: 24
                          45.142.139.0/24 maxlen: 24
                          45.142.136.0/24 maxlen: 24
                          5.100.240.0/24 maxlen: 24
                          5.100.243.0/24 maxlen: 24
                          5.100.242.0/24 maxlen: 24
                          5.100.241.0/24 maxlen: 24
                          185.128.125.0/24 maxlen: 24
                          185.128.124.0/24 maxlen: 24
                          185.187.129.0/24 maxlen: 24
                          185.187.128.0/24 maxlen: 24
                          185.187.131.0/24 maxlen: 24
                          185.187.130.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 03 Jan 2023 13:27:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:e7:9b:3d:3c:5e:e3:69:0f:53:2c:1b:9e:d4:73:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=918901662a8ec5ff4d3f48d29099230a0575ec8a
        Validity
            Not Before: Jan  2 09:54:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=7b178b8d52010592b61c550ab94889e46ba1f66c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:4b:d9:e8:af:37:a9:50:d0:81:4f:8f:de:6f:
                    41:16:af:13:7b:d1:15:a8:ee:48:d6:1f:54:0d:f5:
                    36:c6:46:de:73:14:54:08:b6:c0:d3:b3:08:b1:ff:
                    93:48:c5:fd:29:78:c3:54:07:03:b0:81:51:6c:0c:
                    26:df:2b:76:d2:08:29:6b:32:91:04:1f:a2:a8:64:
                    e9:55:37:ab:e5:a0:d0:48:df:dd:d5:14:bc:db:f8:
                    03:8a:ae:7e:29:40:e7:c7:0d:e1:c7:9a:c8:ff:a4:
                    02:3e:be:d0:66:85:0b:fa:21:37:f8:ce:12:bc:f5:
                    5a:5e:a3:dd:d2:3d:53:3f:26:5d:fc:7e:9d:da:50:
                    6b:7f:89:b8:eb:c3:81:02:20:d5:0a:d2:cb:f8:21:
                    bd:12:99:f0:c5:49:5b:b4:09:e4:dd:9c:91:4c:b1:
                    9a:15:77:83:d9:ba:2d:2c:6f:57:0c:96:f5:0e:cb:
                    cb:65:f8:cb:43:40:09:d3:eb:65:1a:e2:c3:6e:18:
                    52:88:7b:26:55:88:78:e7:c8:b8:49:bb:a1:12:b4:
                    ff:94:b6:24:6b:18:8e:55:28:68:64:32:08:9b:d9:
                    13:3c:25:a9:aa:c1:e8:4e:ff:6f:71:d8:7e:e5:85:
                    1a:5f:98:ae:34:b7:69:51:b7:da:98:be:a6:a0:b5:
                    b5:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:17:8B:8D:52:01:05:92:B6:1C:55:0A:B9:48:89:E4:6B:A1:F6:6C
            X509v3 Authority Key Identifier:
                keyid:91:89:01:66:2A:8E:C5:FF:4D:3F:48:D2:90:99:23:0A:05:75:EC:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kYkBZiqOxf9NP0jSkJkjCgV17Io.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/5b92a7-2837-469e-8214-e811e23c1804/1/exeLjVIBBZK2HFUKuUiJ5Guh9mw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/5b92a7-2837-469e-8214-e811e23c1804/1/kYkBZiqOxf9NP0jSkJkjCgV17Io.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.100.240.0/22
                  45.142.136.0/22
                  185.128.124.0/23
                  185.187.128.0/22

    Signature Algorithm: sha256WithRSAEncryption
         39:01:2f:c5:cb:37:0f:97:41:e0:47:eb:e5:c2:12:22:0e:d6:
         f2:03:cd:ca:bc:b9:25:6e:99:34:f0:2a:38:29:5c:77:9b:0e:
         c5:88:2b:b4:da:b9:01:ce:de:6c:a5:6c:1c:c6:d9:c6:5d:4a:
         7e:55:9b:d7:e9:26:4f:f9:4b:49:c3:59:1c:72:92:f7:19:32:
         36:59:c9:38:b4:de:60:f5:1d:6c:77:d4:5f:17:1a:c8:a1:fe:
         a7:1d:e4:24:31:6e:24:ec:e1:bd:94:85:9e:3b:ea:79:40:2c:
         b3:60:36:c2:5b:db:81:97:57:40:75:1b:91:26:fb:5a:32:b3:
         df:87:3d:5c:d7:af:03:a2:9a:24:09:f0:bc:90:f4:ad:95:e6:
         5d:1e:36:aa:a8:9a:a8:ab:2c:49:87:9a:96:ed:f9:3a:54:92:
         dc:63:3f:86:1b:35:62:62:47:73:4f:4e:45:5f:4d:5b:d9:ed:
         9e:3c:7c:a3:fa:20:37:ef:bd:1e:44:ea:4f:e3:e8:10:f6:02:
         a9:fe:f3:dd:63:04:ad:2d:9e:16:d8:53:17:1e:2e:ea:fc:90:
         fe:52:2f:31:ba:07:c9:e0:2d:70:f5:e0:6e:9c:9f:8d:26:59:
         21:7b:4f:c4:73:47:b8:c7:f3:c6:06:b5:70:e8:75:25:f4:73:
         67:8d:fc:be
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYVx55s9PF7jaQ9TLBue1HMxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxODkwMTY2MmE4ZWM1ZmY0ZDNmNDhkMjkwOTkyMzBhMDU3
NWVjOGEwHhcNMjMwMTAyMDk1NDQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjE3OGI4ZDUyMDEwNTkyYjYxYzU1MGFiOTQ4ODllNDZiYTFmNjZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmEvZ6K83qVDQgU+P3m9BFq8Te9EV
qO5I1h9UDfU2xkbecxRUCLbA07MIsf+TSMX9KXjDVAcDsIFRbAwm3yt20ggpazKR
BB+iqGTpVTer5aDQSN/d1RS82/gDiq5+KUDnxw3hx5rI/6QCPr7QZoUL+iE3+M4S
vPVaXqPd0j1TPyZd/H6d2lBrf4m468OBAiDVCtLL+CG9EpnwxUlbtAnk3ZyRTLGa
FXeD2botLG9XDJb1DsvLZfjLQ0AJ0+tlGuLDbhhSiHsmVYh458i4SbuhErT/lLYk
axiOVShoZDIIm9kTPCWpqsHoTv9vcdh+5YUaX5iuNLdpUbfamL6moLW1oQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFHsXi41SAQWSthxVCrlIieRrofZsMB8GA1UdIwQY
MBaAFJGJAWYqjsX/TT9I0pCZIwoFdeyKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1lrQlppcU94ZjlOUDBqU2tKa2pDZ1YxN0lvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC81YjkyYTctMjgzNy00NjllLTgyMTQt
ZTgxMWUyM2MxODA0LzEvZXhlTGpWSUJCWksySEZVS3VVaUo1R3VoOW13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC81YjkyYTctMjgzNy00NjllLTgyMTQtZTgxMWUyM2MxODA0
LzEva1lrQlppcU94ZjlOUDBqU2tKa2pDZ1YxN0lvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCBWTwAwQC
LY6IAwQBuYB8AwQCubuAMA0GCSqGSIb3DQEBCwUAA4IBAQA5AS/FyzcPl0HgR+vl
whIiDtbyA83KvLklbpk08Co4KVx3mw7FiCu02rkBzt5spWwcxtnGXUp+VZvX6SZP
+UtJw1kccpL3GTI2Wck4tN5g9R1sd9RfFxrIof6nHeQkMW4k7OG9lIWeO+p5QCyz
YDbCW9uBl1dAdRuRJvtaMrPfhz1c168DopokCfC8kPStleZdHjaqqJqoqyxJh5qW
7fk6VJLcYz+GGzViYkdzT05FX01b2e2ePHyj+iA3770eROpP4+gQ9gKp/vPdYwSt
LZ4W2FMXHi7q/JD+Ui8xugfJ4C1w9eBunJ+NJlkhe0/Ec0e4x/PGBrVw6HUl9HNn
jfy+
-----END CERTIFICATE-----