Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/nK_9-maS9hEz3OhhIi2GXuyAd44.roa
File:                     nK_9-maS9hEz3OhhIi2GXuyAd44.roa (raw, json)
Hash identifier:          RnUp8+uhf+XeZmVV5ZAD1aatB/TONZoRobpJ8UrdTyc=
Subject key identifier:   9C:AF:FD:FA:66:92:F6:11:33:DC:E8:61:22:2D:86:5E:EC:80:77:8E
Certificate issuer:       /CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
Certificate serial:       018570672B509246E08BD1A5BA93694D41C2
Authority key identifier: 98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/nK_9-maS9hEz3OhhIi2GXuyAd44.roa
Signing time:             Mon 02 Jan 2023 02:54:47 +0000
ROA not before:           Mon 02 Jan 2023 02:54:47 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     57033
IP address blocks:        89.185.16.0/22 maxlen: 22
                          89.185.20.0/23 maxlen: 23
                          185.30.203.0/24 maxlen: 24
                          5.56.24.0/23 maxlen: 23
                          5.56.28.0/23 maxlen: 23
                          5.56.30.0/23 maxlen: 23
                          5.56.26.0/23 maxlen: 23
                          93.185.208.0/21 maxlen: 21
                          93.185.218.0/23 maxlen: 23
                          93.185.216.0/23 maxlen: 23
                          89.185.4.0/22 maxlen: 22
                          93.185.222.0/23 maxlen: 23
                          93.185.220.0/23 maxlen: 23
                          89.185.8.0/21 maxlen: 21

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 18:29:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:67:2b:50:92:46:e0:8b:d1:a5:ba:93:69:4d:41:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
        Validity
            Not Before: Jan  2 02:54:47 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9caffdfa6692f61133dce861222d865eec80778e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:8d:5c:da:e2:88:24:d5:2d:4c:80:de:1b:59:
                    76:ff:57:51:b6:fc:f8:66:64:e1:44:d9:be:23:8d:
                    12:98:e2:2c:f9:c4:75:28:8e:4e:64:18:14:b5:4d:
                    cc:a8:19:bd:63:0d:41:af:cf:12:ac:d6:d4:d8:4c:
                    1b:85:15:e0:d6:85:1b:b6:34:d3:1a:94:35:1d:9c:
                    8d:a3:b5:7f:3c:75:7d:5f:ce:66:7b:f7:4e:cb:2a:
                    d0:18:14:17:ed:32:d7:b1:8f:a9:14:51:61:7a:30:
                    69:0a:77:eb:e2:38:99:7a:f3:1c:45:e2:19:d2:d3:
                    82:66:61:1f:d3:f3:e9:15:66:fb:ef:d9:c9:65:d2:
                    ff:5f:ec:78:8c:6a:1e:5e:9b:e5:ab:2b:0a:69:32:
                    c3:a7:6a:a6:ff:0d:bb:4f:2f:ce:ce:74:0a:f2:64:
                    92:07:90:81:9a:5a:d2:7e:13:a3:c6:d3:b4:50:7c:
                    0a:d9:98:a5:65:dc:cf:36:14:5c:17:b6:08:bd:98:
                    bc:ce:d2:be:7b:77:27:89:68:0d:87:b4:48:c6:78:
                    93:29:16:d3:80:61:5f:51:79:48:32:82:dd:d2:0d:
                    41:ce:2b:77:15:6a:e2:77:37:ae:b4:69:bb:7e:38:
                    0d:89:6a:77:20:c8:b6:d7:2e:f0:73:bd:4e:a7:01:
                    f9:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:AF:FD:FA:66:92:F6:11:33:DC:E8:61:22:2D:86:5E:EC:80:77:8E
            X509v3 Authority Key Identifier:
                keyid:98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/nK_9-maS9hEz3OhhIi2GXuyAd44.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.56.24.0/21
                  89.185.4.0-89.185.21.255
                  93.185.208.0/20
                  185.30.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:76:60:e2:1c:3d:34:a3:f5:42:a8:e1:12:46:55:1d:5e:2e:
         4c:93:55:37:46:80:0b:ae:89:8d:33:20:5a:10:fd:ea:b2:a1:
         7a:5e:6e:6f:85:04:2f:5d:c7:45:dc:d5:e5:6b:99:b4:b5:9c:
         d8:92:39:df:83:88:4b:86:de:44:75:d3:52:1a:1f:bb:cc:ea:
         42:c9:91:ed:a6:fb:ce:3d:70:80:70:0f:e6:71:8e:8e:7e:00:
         e1:e3:2f:1f:24:6b:5b:16:b6:36:30:7d:c8:ed:10:f0:2e:ec:
         78:32:6e:88:70:ab:48:01:48:3a:f3:37:a2:8a:2a:6b:8c:4f:
         6d:37:5c:ea:83:7e:48:a2:e4:39:16:24:1d:b7:e2:00:9f:1f:
         22:21:56:a6:34:7d:c5:b6:59:d3:17:ee:5d:71:73:eb:d5:aa:
         bc:11:d7:d5:bf:01:7c:17:e7:d6:37:a6:4e:92:1e:a1:0b:7d:
         23:33:79:84:c7:01:8f:bf:de:9e:47:3d:6f:d5:01:f6:db:9e:
         4e:24:37:db:22:ab:b9:41:5e:99:2c:65:7f:9c:96:7a:74:b0:
         a1:4e:91:5e:16:f5:45:78:1f:f3:e1:c4:d2:ce:e0:e1:e4:90:
         2e:a6:3a:6f:a2:b2:6e:66:3f:d3:03:56:bd:83:ec:ca:c1:15:
         8e:49:0f:4b
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAYVwZytQkkbgi9GlupNpTUHCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MmNmODA5YzBlM2U4ZTU1NTJmOWQwZGQyZTI3ZTBkZDJk
OGRhYmUwHhcNMjMwMTAyMDI1NDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2FmZmRmYTY2OTJmNjExMzNkY2U4NjEyMjJkODY1ZWVjODA3NzhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkY1c2uKIJNUtTIDeG1l2/1dRtvz4
ZmThRNm+I40SmOIs+cR1KI5OZBgUtU3MqBm9Yw1Br88SrNbU2EwbhRXg1oUbtjTT
GpQ1HZyNo7V/PHV9X85me/dOyyrQGBQX7TLXsY+pFFFhejBpCnfr4jiZevMcReIZ
0tOCZmEf0/PpFWb779nJZdL/X+x4jGoeXpvlqysKaTLDp2qm/w27Ty/OznQK8mSS
B5CBmlrSfhOjxtO0UHwK2ZilZdzPNhRcF7YIvZi8ztK+e3cniWgNh7RIxniTKRbT
gGFfUXlIMoLd0g1Bzit3FWridzeutGm7fjgNiWp3IMi21y7wc71OpwH5PwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFJyv/fpmkvYRM9zoYSIthl7sgHeOMB8GA1UdIwQY
MBaAFJgs+AnA4+jlVS+dDdLifg3S2Nq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEt
ODJhZDE0NTU1ZWFhLzEvbktfOS1tYVM5aEV6M09oaElpMkdYdXlBZDQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEtODJhZDE0NTU1ZWFh
LzEvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQDBTgYMAwD
BAJZuQQDBAFZuRQDBARdudADBAC5HsswDQYJKoZIhvcNAQELBQADggEBAGJ2YOIc
PTSj9UKo4RJGVR1eLkyTVTdGgAuuiY0zIFoQ/eqyoXpebm+FBC9dx0Xc1eVrmbS1
nNiSOd+DiEuG3kR101IaH7vM6kLJke2m+849cIBwD+Zxjo5+AOHjLx8ka1sWtjYw
fcjtEPAu7Hgybohwq0gBSDrzN6KKKmuMT203XOqDfkii5DkWJB234gCfHyIhVqY0
fcW2WdMX7l1xc+vVqrwR19W/AXwX59Y3pk6SHqELfSMzeYTHAY+/3p5HPW/VAfbb
nk4kN9siq7lBXpksZX+clnp0sKFOkV4W9UV4H/PhxNLO4OHkkC6mOm+ism5mP9MD
Vr2D7MrBFY5JD0s=
-----END CERTIFICATE-----