Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/VkBSfEINmC_ISULwzF8BH9bR2Wg.roa
File:                     VkBSfEINmC_ISULwzF8BH9bR2Wg.roa (raw, json)
Hash identifier:          1qsvfSjeRt638mVjcXJ7JcPWi8Fc6yJRkH1faivwVMc=
Subject key identifier:   56:40:52:7C:42:0D:98:2F:C8:49:42:F0:CC:5F:01:1F:D6:D1:D9:68
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0187706CC2D4273C9FF2981A2AA2EBB68D55
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/VkBSfEINmC_ISULwzF8BH9bR2Wg.roa
Signing time:             Tue 11 Apr 2023 13:06:28 +0000
ROA not before:           Tue 11 Apr 2023 13:06:28 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     203639
IP address blocks:        194.87.204.0/24 maxlen: 24
                          212.193.14.0/24 maxlen: 24
                          194.87.208.0/24 maxlen: 24
                          194.87.221.0/24 maxlen: 24
                          194.87.226.0/24 maxlen: 24
                          194.87.231.0/24 maxlen: 24
                          195.133.15.0/24 maxlen: 24
                          192.124.190.0/24 maxlen: 24
                          194.87.76.0/24 maxlen: 24
                          193.124.202.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 14 Apr 2023 09:22:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:70:6c:c2:d4:27:3c:9f:f2:98:1a:2a:a2:eb:b6:8d:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Apr 11 13:06:28 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5640527c420d982fc84942f0cc5f011fd6d1d968
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:ba:bc:83:aa:95:e1:d2:54:07:8c:75:f4:94:
                    74:e0:0e:d2:ac:24:4a:ad:cf:66:f1:71:ee:f0:e4:
                    83:2a:6a:bd:31:69:a2:3b:ac:c2:c0:ae:85:fc:06:
                    2f:9f:3b:55:82:ea:71:25:ba:2e:76:a4:22:3c:75:
                    bf:73:ca:16:d2:63:06:90:c6:e7:3f:24:bb:19:55:
                    e5:42:c7:62:7d:38:9d:f7:27:bf:e6:41:00:38:78:
                    8d:97:81:58:2a:91:a6:85:08:a2:27:06:3e:36:f2:
                    2f:db:49:aa:8e:3c:87:6b:5b:0e:e6:e0:4c:f8:09:
                    dc:87:5a:c2:f4:eb:2e:a6:f0:4f:03:62:d7:d6:c9:
                    c6:15:a8:6a:81:69:f4:1a:99:cd:ac:ba:72:6b:45:
                    31:a9:d8:a1:66:5e:be:a8:22:46:7e:a9:1c:7a:24:
                    ea:ff:c9:4a:cd:85:4f:f0:7e:3b:f5:3a:b5:97:62:
                    5f:cc:48:65:4e:75:00:6a:5c:e7:4a:e4:f8:64:e5:
                    2b:0a:f7:2e:c8:ef:6c:91:85:75:29:f4:06:a3:4e:
                    70:52:da:6c:ea:21:b4:fa:ee:89:ca:51:0d:53:1e:
                    d8:24:6f:90:b7:38:5c:7a:bc:e7:0e:1a:ce:ce:9b:
                    b0:4a:c6:04:d6:36:59:68:4f:a9:d8:37:cc:16:84:
                    39:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:40:52:7C:42:0D:98:2F:C8:49:42:F0:CC:5F:01:1F:D6:D1:D9:68
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/VkBSfEINmC_ISULwzF8BH9bR2Wg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.124.190.0/24
                  193.124.202.0/24
                  194.87.76.0/24
                  194.87.204.0/24
                  194.87.208.0/24
                  194.87.221.0/24
                  194.87.226.0/24
                  194.87.231.0/24
                  195.133.15.0/24
                  212.193.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:46:b4:e6:23:38:5b:11:28:8c:a3:36:29:37:90:15:be:4a:
         7e:68:22:16:6c:59:90:29:c0:3f:de:ce:d7:da:72:48:bb:f8:
         f5:ec:12:ba:f6:bb:f0:72:ff:94:41:a4:16:59:f0:cc:0c:51:
         6b:e8:5e:97:c4:01:16:73:82:14:2d:eb:78:37:80:7a:05:9b:
         7e:9b:73:65:e3:e2:6e:0f:d0:c8:2d:d1:30:72:7b:1b:4b:2e:
         1b:15:68:b7:1a:9b:13:98:3d:3b:6b:7c:a4:64:1b:99:da:3a:
         0c:51:ed:85:94:d1:0c:e1:f4:de:8d:94:c9:48:5e:3b:f0:5f:
         bb:be:ef:86:0a:7b:1b:b3:de:7f:06:6f:0c:2c:61:93:72:72:
         f7:38:10:e9:c4:4e:49:b2:f6:da:f0:e2:82:e4:f2:72:b0:0b:
         61:35:26:4e:94:8a:97:2c:2d:69:e0:c1:83:7d:90:53:99:88:
         cd:64:0e:f8:f9:6d:13:9e:7c:53:0c:28:9f:f8:4a:24:6a:bd:
         40:d8:ba:a8:bc:af:e6:43:af:05:c2:14:24:cb:f9:98:3f:4b:
         fc:01:51:f9:ac:00:29:c4:0d:c0:34:f6:6f:c3:00:8d:7e:5e:
         b9:97:ce:6a:22:cd:a2:5f:02:27:65:8d:ea:c5:1e:2b:4d:de:
         7c:95:52:04
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYdwbMLUJzyf8pgaKqLrto1VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwNDExMTMwNjI4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjQwNTI3YzQyMGQ5ODJmYzg0OTQyZjBjYzVmMDExZmQ2ZDFkOTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg7q8g6qV4dJUB4x19JR04A7SrCRK
rc9m8XHu8OSDKmq9MWmiO6zCwK6F/AYvnztVgupxJboudqQiPHW/c8oW0mMGkMbn
PyS7GVXlQsdifTid9ye/5kEAOHiNl4FYKpGmhQiiJwY+NvIv20mqjjyHa1sO5uBM
+Anch1rC9OsupvBPA2LX1snGFahqgWn0GpnNrLpya0UxqdihZl6+qCJGfqkceiTq
/8lKzYVP8H479Tq1l2JfzEhlTnUAalznSuT4ZOUrCvcuyO9skYV1KfQGo05wUtps
6iG0+u6JylENUx7YJG+QtzhcerznDhrOzpuwSsYE1jZZaE+p2DfMFoQ5JwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFFZAUnxCDZgvyElC8MxfAR/W0dloMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvVmtCU2ZFSU5tQ19JU1VMd3pGOEJIOWJSMldnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQAwHy+AwQA
wXzKAwQAwldMAwQAwlfMAwQAwlfQAwQAwlfdAwQAwlfiAwQAwlfnAwQAw4UPAwQA
1MEOMA0GCSqGSIb3DQEBCwUAA4IBAQBORrTmIzhbESiMozYpN5AVvkp+aCIWbFmQ
KcA/3s7X2nJIu/j17BK69rvwcv+UQaQWWfDMDFFr6F6XxAEWc4IULet4N4B6BZt+
m3Nl4+JuD9DILdEwcnsbSy4bFWi3GpsTmD07a3ykZBuZ2joMUe2FlNEM4fTejZTJ
SF478F+7vu+GCnsbs95/Bm8MLGGTcnL3OBDpxE5Jsvba8OKC5PJysAthNSZOlIqX
LC1p4MGDfZBTmYjNZA74+W0TnnxTDCif+Eokar1A2LqovK/mQ68FwhQky/mYP0v8
AVH5rAApxA3ANPZvwwCNfl65l85qIs2iXwInZY3qxR4rTd58lVIE
-----END CERTIFICATE-----