Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/56d6a8-0752-4cbd-8845-52fe10513129/1/DXzz9c3fmHSTXniR9yTmfPHhTSU.roa
File:                     DXzz9c3fmHSTXniR9yTmfPHhTSU.roa (raw, json)
Hash identifier:          3qcHIlH/2kiEejKhorgtcJ54tne8TQZUaBa7Y+7aRHI=
Subject key identifier:   0D:7C:F3:F5:CD:DF:98:74:93:5E:78:91:F7:24:E6:7C:F1:E1:4D:25
Certificate issuer:       /CN=dc899c28664ee8194a64048e46c60c6e5f190c53
Certificate serial:       0185711E60E13E7C97A388D3547FEE4F19A2
Authority key identifier: DC:89:9C:28:66:4E:E8:19:4A:64:04:8E:46:C6:0C:6E:5F:19:0C:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3ImcKGZO6BlKZASORsYMbl8ZDFM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/56d6a8-0752-4cbd-8845-52fe10513129/1/DXzz9c3fmHSTXniR9yTmfPHhTSU.roa
Signing time:             Mon 02 Jan 2023 06:14:54 +0000
ROA not before:           Mon 02 Jan 2023 06:14:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     13173
IP address blocks:        213.167.93.0/24 maxlen: 24
                          213.167.94.0/23 maxlen: 23
                          185.70.156.0/22 maxlen: 24
                          213.167.64.0/19 maxlen: 24
                          213.167.64.0/24 maxlen: 24
                          213.167.69.0/24 maxlen: 24
                          213.167.67.0/24 maxlen: 24
                          213.167.77.0/24 maxlen: 24
                          213.167.72.0/24 maxlen: 24
                          213.167.78.0/24 maxlen: 24
                          213.167.74.0/23 maxlen: 23
                          213.167.80.0/23 maxlen: 23
                          213.167.82.0/24 maxlen: 24
                          213.167.82.0/23 maxlen: 23
                          213.167.91.0/24 maxlen: 24
                          2a00:f180::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 02:29:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:1e:60:e1:3e:7c:97:a3:88:d3:54:7f:ee:4f:19:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc899c28664ee8194a64048e46c60c6e5f190c53
        Validity
            Not Before: Jan  2 06:14:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0d7cf3f5cddf9874935e7891f724e67cf1e14d25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:6d:e1:26:38:66:41:42:41:87:30:5b:f0:60:
                    1c:64:a8:c4:21:85:7e:33:4c:ad:1d:7c:5c:78:a7:
                    7a:27:7a:e4:c8:c2:ec:9a:cd:a2:44:d5:68:8b:c6:
                    48:60:d1:ca:e8:3c:f5:40:50:1f:42:ce:0e:61:d6:
                    0c:d5:29:c8:d7:e0:7f:9b:46:8d:43:b3:68:bb:1f:
                    d2:0c:1c:26:b9:ad:c4:53:ca:1e:87:f7:36:cf:41:
                    2c:89:98:d2:7e:ad:3f:7f:17:a6:76:14:50:55:62:
                    4e:95:42:9d:75:c8:d2:26:53:65:6a:47:92:cf:4f:
                    8d:c1:cb:02:57:8a:16:5b:7b:c8:ed:dd:49:fa:2a:
                    75:84:34:01:bb:2c:63:e0:cd:8f:98:1b:51:b8:41:
                    54:3c:a3:0b:fd:06:e6:f9:e2:db:a2:75:59:14:2d:
                    4a:61:25:16:c3:80:4b:dc:18:ee:1c:d1:48:35:a2:
                    5a:3b:9a:fa:bf:9b:66:ef:0f:b8:50:28:7f:79:65:
                    e7:7e:24:80:eb:ca:87:a8:67:fc:bc:6e:b8:7d:c0:
                    ec:9c:01:16:56:18:3f:1c:79:e7:69:c3:30:60:50:
                    2e:05:f2:18:53:ea:76:ac:aa:d5:31:e2:d5:bd:43:
                    ad:75:e4:38:97:6d:00:73:97:aa:00:8e:f7:f6:60:
                    29:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:7C:F3:F5:CD:DF:98:74:93:5E:78:91:F7:24:E6:7C:F1:E1:4D:25
            X509v3 Authority Key Identifier:
                keyid:DC:89:9C:28:66:4E:E8:19:4A:64:04:8E:46:C6:0C:6E:5F:19:0C:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3ImcKGZO6BlKZASORsYMbl8ZDFM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/56d6a8-0752-4cbd-8845-52fe10513129/1/DXzz9c3fmHSTXniR9yTmfPHhTSU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/56d6a8-0752-4cbd-8845-52fe10513129/1/3ImcKGZO6BlKZASORsYMbl8ZDFM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.70.156.0/22
                  213.167.64.0/19
                IPv6:
                  2a00:f180::/32

    Signature Algorithm: sha256WithRSAEncryption
         a4:76:94:9e:58:bd:72:60:0d:c0:5b:79:1f:07:b0:9a:0b:86:
         5b:72:0f:f3:71:f8:3b:6b:84:57:81:19:a9:4f:f2:b6:b6:f9:
         46:7d:4e:c4:f9:90:79:c6:35:75:51:6c:17:3c:f1:ac:56:42:
         69:5c:4b:fa:20:a8:30:24:f7:7a:fb:ef:09:10:d7:c9:4e:cc:
         62:c4:cd:c7:ed:08:7d:12:85:90:19:c4:0a:93:0e:ab:da:eb:
         1f:b0:0a:62:58:f3:64:0b:e3:c2:e0:22:09:d4:1b:89:f5:37:
         dc:56:69:20:14:7d:55:b7:61:5b:79:7b:69:9a:06:48:ea:3a:
         19:90:52:c3:b6:84:5c:46:97:ae:34:62:ec:7c:25:ba:42:40:
         3a:98:cf:32:ad:97:6d:89:ca:57:2d:b8:4f:fe:b6:d0:2c:a2:
         d3:02:94:f4:39:21:03:af:c4:a0:43:76:dc:e4:f2:6f:17:78:
         7d:e8:44:19:76:28:60:44:3b:2b:b5:14:6b:ce:73:32:db:19:
         90:ec:76:9d:c3:a2:dd:e7:fd:1b:ad:ce:6b:75:85:a8:77:db:
         2c:44:e7:fe:00:9c:95:cb:af:7b:3e:7d:32:10:13:1a:9d:fa:
         3c:49:5e:d3:dd:4d:1a:6d:a0:35:b4:11:b2:a7:44:27:e4:72:
         b2:a5:b0:e6
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVxHmDhPnyXo4jTVH/uTxmiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjODk5YzI4NjY0ZWU4MTk0YTY0MDQ4ZTQ2YzYwYzZlNWYx
OTBjNTMwHhcNMjMwMTAyMDYxNDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDdjZjNmNWNkZGY5ODc0OTM1ZTc4OTFmNzI0ZTY3Y2YxZTE0ZDI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5W3hJjhmQUJBhzBb8GAcZKjEIYV+
M0ytHXxceKd6J3rkyMLsms2iRNVoi8ZIYNHK6Dz1QFAfQs4OYdYM1SnI1+B/m0aN
Q7Noux/SDBwmua3EU8oeh/c2z0EsiZjSfq0/fxemdhRQVWJOlUKddcjSJlNlakeS
z0+NwcsCV4oWW3vI7d1J+ip1hDQBuyxj4M2PmBtRuEFUPKML/Qbm+eLbonVZFC1K
YSUWw4BL3BjuHNFINaJaO5r6v5tm7w+4UCh/eWXnfiSA68qHqGf8vG64fcDsnAEW
Vhg/HHnnacMwYFAuBfIYU+p2rKrVMeLVvUOtdeQ4l20Ac5eqAI739mAplwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFA188/XN35h0k154kfck5nzx4U0lMB8GA1UdIwQY
MBaAFNyJnChmTugZSmQEjkbGDG5fGQxTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0ltY0tHWk82QmxLWkFTT1JzWU1ibDhaREZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny81NmQ2YTgtMDc1Mi00Y2JkLTg4NDUt
NTJmZTEwNTEzMTI5LzEvRFh6ejljM2ZtSFNUWG5pUjl5VG1mUEhoVFNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny81NmQ2YTgtMDc1Mi00Y2JkLTg4NDUtNTJmZTEwNTEzMTI5
LzEvM0ltY0tHWk82QmxLWkFTT1JzWU1ibDhaREZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuUacAwQF
1adAMA0EAgACMAcDBQAqAPGAMA0GCSqGSIb3DQEBCwUAA4IBAQCkdpSeWL1yYA3A
W3kfB7CaC4Zbcg/zcfg7a4RXgRmpT/K2tvlGfU7E+ZB5xjV1UWwXPPGsVkJpXEv6
IKgwJPd6++8JENfJTsxixM3H7Qh9EoWQGcQKkw6r2usfsApiWPNkC+PC4CIJ1BuJ
9TfcVmkgFH1Vt2FbeXtpmgZI6joZkFLDtoRcRpeuNGLsfCW6QkA6mM8yrZdticpX
LbhP/rbQLKLTApT0OSEDr8SgQ3bc5PJvF3h96EQZdihgRDsrtRRrznMy2xmQ7Had
w6Ld5/0brc5rdYWod9ssROf+AJyVy697Pn0yEBManfo8SV7T3U0abaA1tBGyp0Qn
5HKypbDm
-----END CERTIFICATE-----