Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/958c2c-b4c3-432d-9ab1-0cc83b00fc58/1/lKm53Mg2oMt_h626-BZkuUMMjHM.roa
File:                     lKm53Mg2oMt_h626-BZkuUMMjHM.roa (raw, json)
Hash identifier:          X2fRSkXVWXCEJC33YdPRY3IPB9WU0km/Lw6G2p68adU=
Subject key identifier:   94:A9:B9:DC:C8:36:A0:CB:7F:87:AD:BA:F8:16:64:B9:43:0C:8C:73
Certificate issuer:       /CN=79101035d53377c5a72bedca522fc1456e0b8419
Certificate serial:       0185703077D0F918782E92D2FDA27DF7C9C9
Authority key identifier: 79:10:10:35:D5:33:77:C5:A7:2B:ED:CA:52:2F:C1:45:6E:0B:84:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eRAQNdUzd8WnK-3KUi_BRW4LhBk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/958c2c-b4c3-432d-9ab1-0cc83b00fc58/1/lKm53Mg2oMt_h626-BZkuUMMjHM.roa
Signing time:             Mon 02 Jan 2023 01:55:02 +0000
ROA not before:           Mon 02 Jan 2023 01:55:02 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     28849
IP address blocks:        217.23.112.0/24 maxlen: 24
                          217.23.117.0/24 maxlen: 24
                          217.23.113.0/24 maxlen: 24
                          217.23.112.0/20 maxlen: 20
                          217.23.114.0/24 maxlen: 24
                          217.23.115.0/24 maxlen: 24
                          217.23.116.0/24 maxlen: 24
                          217.23.124.0/24 maxlen: 24
                          217.23.125.0/24 maxlen: 24
                          217.23.119.0/24 maxlen: 24
                          217.23.121.0/24 maxlen: 24
                          217.23.122.0/24 maxlen: 24
                          217.23.123.0/24 maxlen: 24
                          217.23.126.0/24 maxlen: 24
                          217.23.127.0/24 maxlen: 24
                          185.15.156.0/22 maxlen: 22

Validation:               Failed, certificate revoked on Thu 08 Jun 2023 20:10:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:30:77:d0:f9:18:78:2e:92:d2:fd:a2:7d:f7:c9:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79101035d53377c5a72bedca522fc1456e0b8419
        Validity
            Not Before: Jan  2 01:55:02 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=94a9b9dcc836a0cb7f87adbaf81664b9430c8c73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:02:67:c5:9f:aa:76:27:5d:f7:73:da:09:f3:
                    78:9d:8e:1c:85:63:01:f7:0f:65:50:c4:de:40:14:
                    25:f5:ca:98:7b:7d:37:f5:25:38:69:c8:30:26:ea:
                    00:2f:dd:dc:bd:2d:5e:63:55:0c:cf:c4:3a:79:2e:
                    4b:cd:4f:3b:1d:67:a9:a2:9c:c6:82:9a:8e:a0:df:
                    38:96:38:dd:15:8f:24:c5:59:77:9c:80:97:bc:c4:
                    4b:33:cb:08:d6:0e:d3:1f:5a:61:38:d9:0f:36:a9:
                    07:eb:e0:79:66:e2:17:6e:c9:5b:44:52:94:3a:56:
                    d3:83:1e:e0:69:5a:ea:ca:c8:d5:9c:4f:a7:93:e8:
                    d3:5c:13:81:4a:0e:e7:26:55:01:86:7e:cf:d3:57:
                    37:5b:f8:b5:57:58:af:cc:43:e4:86:b5:ef:81:ec:
                    5f:c4:c6:a0:14:30:b4:ba:2a:42:f4:13:24:d5:81:
                    90:7c:e5:1e:39:93:b3:68:84:32:3c:b1:87:92:94:
                    d9:c7:fb:aa:4f:d3:a5:6e:4e:f0:ed:9e:6e:9a:ca:
                    a3:f9:9c:fd:1b:07:8f:53:1f:71:b9:99:38:01:00:
                    80:40:30:03:e3:06:3a:44:61:b7:e6:61:31:11:2f:
                    0a:8e:4e:7a:06:af:10:da:82:0e:bd:78:9a:fe:2a:
                    23:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:A9:B9:DC:C8:36:A0:CB:7F:87:AD:BA:F8:16:64:B9:43:0C:8C:73
            X509v3 Authority Key Identifier:
                keyid:79:10:10:35:D5:33:77:C5:A7:2B:ED:CA:52:2F:C1:45:6E:0B:84:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eRAQNdUzd8WnK-3KUi_BRW4LhBk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/958c2c-b4c3-432d-9ab1-0cc83b00fc58/1/lKm53Mg2oMt_h626-BZkuUMMjHM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/958c2c-b4c3-432d-9ab1-0cc83b00fc58/1/eRAQNdUzd8WnK-3KUi_BRW4LhBk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.15.156.0/22
                  217.23.112.0/20

    Signature Algorithm: sha256WithRSAEncryption
         9a:70:54:ae:f1:08:f7:be:b5:61:c2:38:59:48:6f:13:39:b0:
         de:03:11:33:6c:1a:9f:31:b8:da:a9:a7:ca:37:2e:64:43:01:
         d6:bd:d5:93:c8:66:e0:20:0f:4b:b7:34:08:b0:48:62:81:d0:
         73:3b:40:8a:a1:b2:ef:24:e3:f5:1b:8c:68:de:5a:d5:33:6a:
         36:49:73:66:44:f9:88:6e:59:d7:1e:b0:0b:bd:c7:65:6a:08:
         30:5f:e9:15:00:6a:17:ef:ec:4d:19:ec:55:a0:21:1d:31:98:
         83:f2:3f:bc:37:3d:e3:7b:24:19:95:e4:39:ac:36:98:fa:db:
         17:24:74:ca:92:f3:47:bc:7d:3d:ff:94:0f:f6:0a:7b:de:4e:
         d5:e5:a5:04:19:2d:86:ef:87:5e:ae:00:b8:d1:24:51:64:a8:
         25:8a:6b:5d:44:3b:d7:0d:be:f5:51:e4:6c:b2:9f:4d:99:69:
         14:aa:70:17:6f:72:2c:67:82:8e:f4:10:9a:f6:6b:90:dd:28:
         25:96:c6:54:59:32:93:d2:88:ff:82:2a:fd:38:48:d1:d0:97:
         83:32:86:44:52:a0:f9:7b:e9:20:47:f9:47:82:ae:15:20:69:
         be:ec:24:4e:ce:e8:9f:c6:87:c3:c0:a5:9f:e5:0a:e9:7e:38:
         c7:01:7a:3b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVwMHfQ+Rh4LpLS/aJ998nJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5MTAxMDM1ZDUzMzc3YzVhNzJiZWRjYTUyMmZjMTQ1NmUw
Yjg0MTkwHhcNMjMwMTAyMDE1NTAyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGE5YjlkY2M4MzZhMGNiN2Y4N2FkYmFmODE2NjRiOTQzMGM4YzczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhgJnxZ+qdidd93PaCfN4nY4chWMB
9w9lUMTeQBQl9cqYe3039SU4acgwJuoAL93cvS1eY1UMz8Q6eS5LzU87HWepopzG
gpqOoN84ljjdFY8kxVl3nICXvMRLM8sI1g7TH1phONkPNqkH6+B5ZuIXbslbRFKU
OlbTgx7gaVrqysjVnE+nk+jTXBOBSg7nJlUBhn7P01c3W/i1V1ivzEPkhrXvgexf
xMagFDC0uipC9BMk1YGQfOUeOZOzaIQyPLGHkpTZx/uqT9Olbk7w7Z5umsqj+Zz9
GwePUx9xuZk4AQCAQDAD4wY6RGG35mExES8Kjk56Bq8Q2oIOvXia/ioj+QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJSpudzINqDLf4etuvgWZLlDDIxzMB8GA1UdIwQY
MBaAFHkQEDXVM3fFpyvtylIvwUVuC4QZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVJBUU5kVXpkOFduSy0zS1VpX0JSVzRMaEJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS85NThjMmMtYjRjMy00MzJkLTlhYjEt
MGNjODNiMDBmYzU4LzEvbEttNTNNZzJvTXRfaDYyNi1CWmt1VU1NakhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS85NThjMmMtYjRjMy00MzJkLTlhYjEtMGNjODNiMDBmYzU4
LzEvZVJBUU5kVXpkOFduSy0zS1VpX0JSVzRMaEJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuQ+cAwQE
2RdwMA0GCSqGSIb3DQEBCwUAA4IBAQCacFSu8Qj3vrVhwjhZSG8TObDeAxEzbBqf
MbjaqafKNy5kQwHWvdWTyGbgIA9LtzQIsEhigdBzO0CKobLvJOP1G4xo3lrVM2o2
SXNmRPmIblnXHrALvcdlaggwX+kVAGoX7+xNGexVoCEdMZiD8j+8Nz3jeyQZleQ5
rDaY+tsXJHTKkvNHvH09/5QP9gp73k7V5aUEGS2G74dergC40SRRZKglimtdRDvX
Db71UeRssp9NmWkUqnAXb3IsZ4KO9BCa9muQ3SgllsZUWTKT0oj/gir9OEjR0JeD
MoZEUqD5e+kgR/lHgq4VIGm+7CROzuifxofDwKWf5QrpfjjHAXo7
-----END CERTIFICATE-----