Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/CoUJNRq_oG14z3p_4_4DVqbYdxc.roa
File:                     CoUJNRq_oG14z3p_4_4DVqbYdxc.roa (raw, json)
Hash identifier:          KwVpFnBF+hP9JkB4onXWrMAibrSGW6VN0nZH/J0QUCU=
Subject key identifier:   0A:85:09:35:1A:BF:A0:6D:78:CF:7A:7F:E3:FE:03:56:A6:D8:77:17
Certificate issuer:       /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial:       0185708CE0B348203810C3E8F7CB39B9FF24
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/CoUJNRq_oG14z3p_4_4DVqbYdxc.roa
Signing time:             Mon 02 Jan 2023 03:35:58 +0000
ROA not before:           Mon 02 Jan 2023 03:35:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     42362
IP address blocks:        83.239.208.0/20 maxlen: 20
                          85.172.224.0/20 maxlen: 20
                          85.172.128.0/19 maxlen: 19
                          85.172.240.0/20 maxlen: 20
                          85.173.224.0/19 maxlen: 19
                          85.173.32.0/19 maxlen: 19
                          85.172.192.0/21 maxlen: 21
                          83.239.192.0/21 maxlen: 21
                          85.172.200.0/22 maxlen: 22
                          85.172.208.0/20 maxlen: 20

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 02:30:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:8c:e0:b3:48:20:38:10:c3:e8:f7:cb:39:b9:ff:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
        Validity
            Not Before: Jan  2 03:35:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0a8509351abfa06d78cf7a7fe3fe0356a6d87717
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:88:66:05:30:18:2e:2b:80:c4:f7:d0:e3:4b:
                    9b:17:3f:cd:74:88:c9:75:5c:65:b1:ea:92:38:4c:
                    08:89:4b:80:2e:09:8e:eb:63:8e:82:08:ab:b8:ca:
                    74:d3:22:a0:f2:57:c6:59:d8:82:fa:c8:67:f0:e7:
                    46:18:c2:18:7a:72:fc:4b:cf:fa:7c:fb:64:c5:5f:
                    08:93:2e:38:85:a9:00:39:ee:01:ab:75:bb:32:2a:
                    28:a1:27:03:ff:3c:bb:5b:3b:d1:29:fe:cd:d0:aa:
                    61:a8:23:8c:13:cb:db:b0:b1:50:54:23:e5:2b:bb:
                    68:98:44:bf:2b:ca:e5:a0:76:50:0a:65:51:e6:93:
                    ec:a0:df:ab:02:3a:97:5a:87:f5:d4:89:be:4e:a3:
                    22:fb:29:9f:d4:b8:0d:f0:45:88:a6:ec:a2:d3:3e:
                    cf:76:15:e8:19:13:d5:35:ed:6e:66:f2:8f:c4:70:
                    68:99:cb:89:2b:6b:13:7b:ee:89:a8:bd:aa:3b:d1:
                    88:6d:9d:26:35:bc:da:6c:a8:02:a7:1d:68:c0:a6:
                    cb:19:9c:98:a4:31:0f:41:22:31:a6:4d:4a:54:c6:
                    d1:e1:3a:d3:c8:8c:16:0a:b6:0b:89:c6:d1:c6:92:
                    e8:97:0c:ee:8e:c2:fe:3d:f3:65:d4:4c:1e:3d:40:
                    ed:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:85:09:35:1A:BF:A0:6D:78:CF:7A:7F:E3:FE:03:56:A6:D8:77:17
            X509v3 Authority Key Identifier:
                keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/CoUJNRq_oG14z3p_4_4DVqbYdxc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.239.192.0/21
                  83.239.208.0/20
                  85.172.128.0/19
                  85.172.192.0-85.172.203.255
                  85.172.208.0-85.172.255.255
                  85.173.32.0/19
                  85.173.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         19:1f:26:eb:97:cf:dc:15:70:b5:a2:30:af:c2:4d:28:e1:79:
         3c:c5:b7:7c:5b:24:46:a4:4e:80:33:c7:ec:fc:c7:1e:bb:24:
         f6:e5:7d:1e:43:1d:28:da:9c:e8:1b:e7:05:52:e0:1c:63:49:
         cc:2a:ad:bc:8f:7a:73:dd:25:12:ef:9b:b8:5d:43:2d:47:80:
         e2:d8:4b:be:88:67:f9:20:96:c0:41:6a:4b:6d:82:51:a0:fe:
         41:af:e4:48:f7:f7:4f:cf:4f:8b:cd:4c:5a:10:40:f5:f9:35:
         73:1b:9a:d8:97:49:bd:b3:5b:3a:bd:b7:20:89:be:0d:26:5a:
         ee:1b:d4:dc:fa:f4:38:50:7c:9a:2a:14:e2:ee:6b:c8:7b:d3:
         bd:a8:16:27:9e:1d:38:21:0c:72:f6:12:2c:12:ab:b5:f1:5b:
         f0:88:ff:de:8d:92:70:0e:eb:91:d5:f0:19:8c:89:61:ab:77:
         af:6e:c0:b5:cf:9d:25:f2:e5:ad:3e:14:03:be:ac:b7:98:ab:
         51:97:02:92:f3:84:cf:26:de:b1:d5:cf:15:fb:c5:9e:40:24:
         e5:df:73:11:fb:85:e3:9e:68:e0:13:72:83:c2:1a:ff:5a:29:
         9c:cb:89:93:af:5b:99:19:11:83:4d:71:5b:04:c5:e3:5a:84:
         30:74:68:05
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAYVwjOCzSCA4EMPo98s5uf8kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjMwMTAyMDMzNTU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTg1MDkzNTFhYmZhMDZkNzhjZjdhN2ZlM2ZlMDM1NmE2ZDg3NzE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi4hmBTAYLiuAxPfQ40ubFz/NdIjJ
dVxlseqSOEwIiUuALgmO62OOggiruMp00yKg8lfGWdiC+shn8OdGGMIYenL8S8/6
fPtkxV8Iky44hakAOe4Bq3W7MioooScD/zy7WzvRKf7N0KphqCOME8vbsLFQVCPl
K7tomES/K8rloHZQCmVR5pPsoN+rAjqXWof11Im+TqMi+ymf1LgN8EWIpuyi0z7P
dhXoGRPVNe1uZvKPxHBomcuJK2sTe+6JqL2qO9GIbZ0mNbzabKgCpx1owKbLGZyY
pDEPQSIxpk1KVMbR4TrTyIwWCrYLicbRxpLolwzujsL+PfNl1EwePUDtTwIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFAqFCTUav6BteM96f+P+A1am2HcXMB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvQ29VSk5ScV9vRzE0ejNwXzRfNERWcWJZZHhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTA/BAIAATA5AwQDU+/AAwQE
U+/QAwQFVayAMAwDBAZVrMADBAJVrMgwCwMEBFWs0AMDAFWsAwQFVa0gAwQFVa3g
MA0GCSqGSIb3DQEBCwUAA4IBAQAZHybrl8/cFXC1ojCvwk0o4Xk8xbd8WyRGpE6A
M8fs/MceuyT25X0eQx0o2pzoG+cFUuAcY0nMKq28j3pz3SUS75u4XUMtR4Di2Eu+
iGf5IJbAQWpLbYJRoP5Br+RI9/dPz0+LzUxaEED1+TVzG5rYl0m9s1s6vbcgib4N
JlruG9Tc+vQ4UHyaKhTi7mvIe9O9qBYnnh04IQxy9hIsEqu18VvwiP/ejZJwDuuR
1fAZjIlhq3evbsC1z50l8uWtPhQDvqy3mKtRlwKS84TPJt6x1c8V+8WeQCTl33MR
+4XjnmjgE3KDwhr/Wimcy4mTr1uZGRGDTXFbBMXjWoQwdGgF
-----END CERTIFICATE-----