Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/3QspYwC69V85usTPjPx-TmWrx8g.roa
File:                     3QspYwC69V85usTPjPx-TmWrx8g.roa (raw, json)
Hash identifier:          MCUA29T/CCvM0Cw0dHuxSMoGnCSW+cEFiQskbPb3nN4=
Subject key identifier:   DD:0B:29:63:00:BA:F5:5F:39:BA:C4:CF:8C:FC:7E:4E:65:AB:C7:C8
Certificate issuer:       /CN=8bdf76c54b9e6935c30a9b4c9ba9309ac470ec02
Certificate serial:       018974F8ECA4390FC14B09B702030748EC57
Authority key identifier: 8B:DF:76:C5:4B:9E:69:35:C3:0A:9B:4C:9B:A9:30:9A:C4:70:EC:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i992xUueaTXDCptMm6kwmsRw7AI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/3QspYwC69V85usTPjPx-TmWrx8g.roa
Signing time:             Thu 20 Jul 2023 20:23:37 +0000
ROA not before:           Thu 20 Jul 2023 20:23:37 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     39130
IP address blocks:        5.102.36.0/24 maxlen: 24
                          5.102.36.0/23 maxlen: 23
                          5.102.37.0/24 maxlen: 24
                          5.102.36.0/22 maxlen: 22
                          5.102.38.0/24 maxlen: 24
                          5.102.39.0/24 maxlen: 24
                          195.222.124.0/24 maxlen: 24
                          195.222.124.0/22 maxlen: 22
                          195.222.125.0/24 maxlen: 24
                          195.222.126.0/24 maxlen: 24
                          195.222.127.0/24 maxlen: 24
                          195.5.124.0/24 maxlen: 24
                          195.5.124.0/23 maxlen: 23
                          2a10:d80::/29 maxlen: 29

Validation:               Failed, certificate revoked on Thu 17 Aug 2023 13:20:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:74:f8:ec:a4:39:0f:c1:4b:09:b7:02:03:07:48:ec:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bdf76c54b9e6935c30a9b4c9ba9309ac470ec02
        Validity
            Not Before: Jul 20 20:23:37 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=dd0b296300baf55f39bac4cf8cfc7e4e65abc7c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:0a:80:bd:5a:89:a5:27:ec:c8:c9:4a:73:92:
                    52:c7:0f:47:cd:12:82:54:f5:2a:5a:18:bf:25:20:
                    dc:60:15:65:1c:66:9c:a5:41:20:b2:bc:fd:84:bc:
                    13:65:fd:71:44:86:5e:07:50:32:91:24:2a:b1:3d:
                    9d:f0:3a:fa:4b:e1:65:cf:a3:d5:8b:b2:22:f7:5f:
                    6a:5e:20:39:e1:92:5c:0b:ca:a0:4b:b8:15:ba:d5:
                    38:b2:b0:74:92:52:00:31:de:cb:21:d5:e0:e3:93:
                    48:02:6d:0d:99:19:69:53:30:04:7e:92:c5:91:d3:
                    ac:d7:01:20:de:19:60:b2:1a:f8:10:1f:a1:67:f3:
                    6e:8d:47:99:ea:6d:b2:e9:1d:f5:a2:63:f6:45:46:
                    73:2e:9a:d5:5c:99:5b:69:68:4c:1b:37:8c:a4:4f:
                    2f:f4:95:42:94:2f:42:96:67:ca:24:b6:ab:f1:51:
                    f1:3b:b8:f9:be:4b:75:b5:df:cc:0b:ae:09:b8:7e:
                    21:97:2d:d0:60:dc:85:d7:f0:3d:b4:db:2d:dc:b1:
                    73:ec:bb:c6:b4:6d:79:b9:fb:f6:cf:69:0d:d8:a9:
                    03:53:0b:03:f6:c0:40:b1:0f:bc:52:cf:8a:bb:c7:
                    61:da:71:cd:c8:65:17:de:af:32:b0:5d:a4:88:d5:
                    c5:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:0B:29:63:00:BA:F5:5F:39:BA:C4:CF:8C:FC:7E:4E:65:AB:C7:C8
            X509v3 Authority Key Identifier:
                keyid:8B:DF:76:C5:4B:9E:69:35:C3:0A:9B:4C:9B:A9:30:9A:C4:70:EC:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i992xUueaTXDCptMm6kwmsRw7AI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/3QspYwC69V85usTPjPx-TmWrx8g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/i992xUueaTXDCptMm6kwmsRw7AI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.102.36.0/22
                  195.5.124.0/23
                  195.222.124.0/22
                IPv6:
                  2a10:d80::/29

    Signature Algorithm: sha256WithRSAEncryption
         52:09:47:cf:fd:ff:d6:a1:9d:55:65:a1:5b:a9:6b:96:27:8a:
         a9:10:82:d8:85:b6:e0:2b:be:c2:b1:5a:66:d2:7c:44:6f:19:
         b2:bc:9f:e8:07:10:f7:2b:08:2d:3e:58:ba:7f:f3:3e:33:4e:
         b2:11:87:80:c0:fe:11:38:82:47:9d:71:47:88:ea:41:28:b2:
         02:50:1d:67:16:24:6f:e4:ac:49:d1:7a:f5:67:81:17:4d:65:
         d9:70:38:3f:b3:e6:f9:ce:17:67:4e:75:71:c4:67:80:87:e4:
         3e:a2:a3:49:a6:70:19:18:b4:54:b7:5c:15:44:bc:26:36:2a:
         37:ff:ac:8e:ca:4e:13:45:74:b1:5c:3c:19:f8:2d:51:c0:cd:
         87:0c:d6:ed:59:e4:5b:2e:aa:54:f0:6b:f6:6d:42:f3:7c:32:
         ab:31:94:d7:c8:96:3f:91:59:bf:34:78:88:8c:07:9f:0d:3f:
         79:fe:25:be:68:bf:cb:29:2c:fe:fe:c1:23:22:ec:0b:1e:85:
         64:f8:d1:9d:4b:a7:49:82:85:8b:a9:95:bd:6b:66:29:09:6c:
         d8:9b:a8:bf:66:2f:e9:b2:1f:04:29:78:e5:99:30:20:fd:16:
         f2:9b:91:a1:3d:0c:66:45:3c:eb:62:d1:cf:f7:e0:17:72:7d:
         d1:6a:05:87
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYl0+OykOQ/BSwm3AgMHSOxXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiZGY3NmM1NGI5ZTY5MzVjMzBhOWI0YzliYTkzMDlhYzQ3
MGVjMDIwHhcNMjMwNzIwMjAyMzM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDBiMjk2MzAwYmFmNTVmMzliYWM0Y2Y4Y2ZjN2U0ZTY1YWJjN2M4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8AqAvVqJpSfsyMlKc5JSxw9HzRKC
VPUqWhi/JSDcYBVlHGacpUEgsrz9hLwTZf1xRIZeB1AykSQqsT2d8Dr6S+Flz6PV
i7Ii919qXiA54ZJcC8qgS7gVutU4srB0klIAMd7LIdXg45NIAm0NmRlpUzAEfpLF
kdOs1wEg3hlgshr4EB+hZ/NujUeZ6m2y6R31omP2RUZzLprVXJlbaWhMGzeMpE8v
9JVClC9ClmfKJLar8VHxO7j5vkt1td/MC64JuH4hly3QYNyF1/A9tNst3LFz7LvG
tG15ufv2z2kN2KkDUwsD9sBAsQ+8Us+Ku8dh2nHNyGUX3q8ysF2kiNXFZwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFN0LKWMAuvVfObrEz4z8fk5lq8fIMB8GA1UdIwQY
MBaAFIvfdsVLnmk1wwqbTJupMJrEcOwCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTk5MnhVdWVhVFhEQ3B0TW02a3dtc1J3N0FJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS8yMTUxOWUtYjhkYy00MjQwLWFhNzgt
OGQyMTg2NjUwMjdkLzEvM1FzcFl3QzY5Vjg1dXNUUGpQeC1UbVdyeDhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS8yMTUxOWUtYjhkYy00MjQwLWFhNzgtOGQyMTg2NjUwMjdk
LzEvaTk5MnhVdWVhVFhEQ3B0TW02a3dtc1J3N0FJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQCBWYkAwQB
wwV8AwQCw958MA0EAgACMAcDBQMqEA2AMA0GCSqGSIb3DQEBCwUAA4IBAQBSCUfP
/f/WoZ1VZaFbqWuWJ4qpEILYhbbgK77CsVpm0nxEbxmyvJ/oBxD3KwgtPli6f/M+
M06yEYeAwP4ROIJHnXFHiOpBKLICUB1nFiRv5KxJ0Xr1Z4EXTWXZcDg/s+b5zhdn
TnVxxGeAh+Q+oqNJpnAZGLRUt1wVRLwmNio3/6yOyk4TRXSxXDwZ+C1RwM2HDNbt
WeRbLqpU8Gv2bULzfDKrMZTXyJY/kVm/NHiIjAefDT95/iW+aL/LKSz+/sEjIuwL
HoVk+NGdS6dJgoWLqZW9a2YpCWzYm6i/Zi/psh8EKXjlmTAg/Rbym5GhPQxmRTzr
YtHP9+AXcn3RagWH
-----END CERTIFICATE-----