Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/s8RvAXjKW1SOeLkaOr4_r5fnHDc.roa
File:                     s8RvAXjKW1SOeLkaOr4_r5fnHDc.roa (raw, json)
Hash identifier:          76xkJqMRqyfQxOEt5thJb+GJpkhfEfBBwZQFdFs48n8=
Subject key identifier:   B3:C4:6F:01:78:CA:5B:54:8E:78:B9:1A:3A:BE:3F:AF:97:E7:1C:37
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       01872C659DECE6F484370FAFB7F9B42AA60B
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/s8RvAXjKW1SOeLkaOr4_r5fnHDc.roa
Signing time:             Wed 29 Mar 2023 08:04:29 +0000
ROA not before:           Wed 29 Mar 2023 08:04:29 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     203639
IP address blocks:        194.87.204.0/24 maxlen: 24
                          212.193.14.0/24 maxlen: 24
                          194.87.208.0/24 maxlen: 24
                          194.87.221.0/24 maxlen: 24
                          194.87.226.0/24 maxlen: 24
                          194.87.231.0/24 maxlen: 24
                          195.133.15.0/24 maxlen: 24
                          192.124.190.0/24 maxlen: 24
                          193.124.202.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 11 Apr 2023 13:06:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:2c:65:9d:ec:e6:f4:84:37:0f:af:b7:f9:b4:2a:a6:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Mar 29 08:04:29 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b3c46f0178ca5b548e78b91a3abe3faf97e71c37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:0e:a4:c1:93:d3:88:80:4a:e5:c8:73:88:b4:
                    17:df:1a:4b:7c:73:c9:6f:63:b0:3c:61:e9:c1:dc:
                    ae:86:4c:ba:c8:b9:7d:05:2a:64:99:04:76:02:77:
                    40:89:28:e7:0a:87:a7:be:33:8b:96:94:25:17:d5:
                    68:e1:cf:04:50:38:2b:9f:32:12:9b:89:48:63:3b:
                    5e:7a:63:52:16:70:48:f0:4d:36:e7:20:34:2a:cf:
                    2f:14:d3:a2:a1:60:c6:e9:f7:dc:68:62:55:eb:6f:
                    fe:53:87:51:a3:48:11:d2:de:51:47:20:46:55:27:
                    bc:a7:0b:96:e8:e0:91:89:0c:7f:da:c3:87:d3:6f:
                    61:5f:32:fc:23:87:c8:46:a9:d4:b2:15:9d:f3:8f:
                    e0:71:45:3d:f2:9c:ab:04:a4:d6:47:c9:ca:26:b6:
                    bb:ae:b4:86:64:a4:1f:9c:ff:34:30:d5:a4:6a:39:
                    e6:d9:69:6f:40:f8:3e:9a:83:3e:1f:ff:6c:ef:33:
                    11:0d:56:ee:b2:37:67:78:43:10:e5:0e:3e:84:88:
                    0a:41:96:60:b0:50:9c:98:3d:99:49:db:9b:0e:cc:
                    37:c4:be:c1:bc:79:13:56:a6:e3:37:77:02:0e:f9:
                    e4:52:5d:93:b9:53:09:9d:5e:92:cd:1b:04:cf:5b:
                    dc:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:C4:6F:01:78:CA:5B:54:8E:78:B9:1A:3A:BE:3F:AF:97:E7:1C:37
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/s8RvAXjKW1SOeLkaOr4_r5fnHDc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.124.190.0/24
                  193.124.202.0/24
                  194.87.204.0/24
                  194.87.208.0/24
                  194.87.221.0/24
                  194.87.226.0/24
                  194.87.231.0/24
                  195.133.15.0/24
                  212.193.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:6f:46:39:1a:03:2d:a2:10:ab:24:68:27:1d:9b:40:f4:d6:
         26:fd:71:95:da:83:3a:52:35:89:c8:47:10:85:47:3e:4a:d6:
         0f:3c:08:f2:9b:8f:9e:1c:a5:b0:b1:9e:26:14:71:d6:0f:02:
         43:bd:71:bb:9d:53:d2:b8:86:e6:0f:f7:03:4b:fe:90:54:a6:
         41:71:b2:14:fa:10:21:c2:57:5a:95:82:f0:93:6f:1c:80:24:
         6a:c6:18:5b:5f:84:4a:df:70:b8:15:e2:a9:da:83:fb:46:4e:
         42:a6:d7:f7:96:9c:bb:26:4b:f7:2d:1f:bb:1a:bb:4b:4b:a6:
         bf:3c:e1:45:58:29:fb:6f:53:1e:d7:93:e4:d3:bb:2e:8b:7a:
         9c:84:97:75:42:64:31:a7:e0:55:7c:a2:fd:b1:54:e6:2b:ac:
         14:97:1e:88:3b:21:21:d1:d9:20:ff:95:1a:49:a8:b9:29:a0:
         ab:af:c3:85:63:b0:6b:a7:68:1d:e5:4b:4e:63:0a:0d:e6:41:
         df:3f:66:41:88:42:ab:f9:3a:35:0d:bd:42:ea:c3:40:70:11:
         6e:96:91:17:13:6c:67:5b:6d:c3:b8:87:af:ca:35:e3:78:42:
         d7:ac:42:05:d2:60:d1:14:18:19:42:75:b7:4e:c2:d2:00:5a:
         6d:43:dd:b4
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYcsZZ3s5vSENw+vt/m0KqYLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwMzI5MDgwNDI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2M0NmYwMTc4Y2E1YjU0OGU3OGI5MWEzYWJlM2ZhZjk3ZTcxYzM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiw6kwZPTiIBK5chziLQX3xpLfHPJ
b2OwPGHpwdyuhky6yLl9BSpkmQR2AndAiSjnCoenvjOLlpQlF9Vo4c8EUDgrnzIS
m4lIYzteemNSFnBI8E025yA0Ks8vFNOioWDG6ffcaGJV62/+U4dRo0gR0t5RRyBG
VSe8pwuW6OCRiQx/2sOH029hXzL8I4fIRqnUshWd84/gcUU98pyrBKTWR8nKJra7
rrSGZKQfnP80MNWkajnm2WlvQPg+moM+H/9s7zMRDVbusjdneEMQ5Q4+hIgKQZZg
sFCcmD2ZSdubDsw3xL7BvHkTVqbjN3cCDvnkUl2TuVMJnV6SzRsEz1vcyQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFLPEbwF4yltUjni5Gjq+P6+X5xw3MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvczhSdkFYaktXMVNPZUxrYU9yNF9yNWZuSERjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAwHy+AwQA
wXzKAwQAwlfMAwQAwlfQAwQAwlfdAwQAwlfiAwQAwlfnAwQAw4UPAwQA1MEOMA0G
CSqGSIb3DQEBCwUAA4IBAQAob0Y5GgMtohCrJGgnHZtA9NYm/XGV2oM6UjWJyEcQ
hUc+StYPPAjym4+eHKWwsZ4mFHHWDwJDvXG7nVPSuIbmD/cDS/6QVKZBcbIU+hAh
wldalYLwk28cgCRqxhhbX4RK33C4FeKp2oP7Rk5Cptf3lpy7Jkv3LR+7GrtLS6a/
POFFWCn7b1Me15Pk07sui3qchJd1QmQxp+BVfKL9sVTmK6wUlx6IOyEh0dkg/5Ua
Sai5KaCrr8OFY7Brp2gd5UtOYwoN5kHfP2ZBiEKr+To1Db1C6sNAcBFulpEXE2xn
W23DuIevyjXjeELXrEIF0mDRFBgZQnW3TsLSAFptQ920
-----END CERTIFICATE-----