Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/TlQhMkx39dCzWmqYrey6qjhSrFU.roa
File:                     TlQhMkx39dCzWmqYrey6qjhSrFU.roa (raw, json)
Hash identifier:          neYk6mzjBK8lxYXzknspXW10+fP5hS9Z5OcWKEXLvpM=
Subject key identifier:   4E:54:21:32:4C:77:F5:D0:B3:5A:6A:98:AD:EC:BA:AA:38:52:AC:55
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018CC8DCEE5B04C0AEE3D297E6B4A7007ED9
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/TlQhMkx39dCzWmqYrey6qjhSrFU.roa
Signing time:             Tue 02 Jan 2024 06:29:31 +0000
ROA not before:           Tue 02 Jan 2024 06:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51396
IP address blocks:        2.58.95.0/24 maxlen: 24
                          84.54.51.0/24 maxlen: 24
                          94.103.125.0/24 maxlen: 24
                          141.98.4.0/24 maxlen: 24
                          94.103.124.0/24 maxlen: 24
                          31.13.211.0/24 maxlen: 24
                          87.121.58.0/24 maxlen: 24
                          87.121.69.0/24 maxlen: 24
                          45.128.232.0/24 maxlen: 24
                          147.78.102.0/24 maxlen: 24
                          193.35.18.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 09 Jan 2024 07:21:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:ee:5b:04:c0:ae:e3:d2:97:e6:b4:a7:00:7e:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 06:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4e5421324c77f5d0b35a6a98adecbaaa3852ac55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:a2:4a:98:0c:61:f5:a0:4a:ca:f5:bd:d8:04:
                    95:8f:a6:47:61:f3:61:c0:34:90:a4:30:16:70:71:
                    5a:13:6c:2b:19:4b:e8:39:38:d3:a6:37:70:40:39:
                    f4:35:fc:02:d4:5e:8f:d9:36:11:1d:a7:92:2f:65:
                    f7:1e:91:06:9f:71:46:b9:41:23:67:3d:cd:83:8e:
                    44:b5:63:b8:e2:11:0c:b5:e1:b0:fb:a8:55:42:30:
                    78:19:6c:46:dd:fe:06:dd:51:8d:d4:eb:c3:dd:6b:
                    d6:2d:95:c5:34:96:69:12:12:da:55:46:e9:bc:43:
                    4d:47:d4:23:da:c2:8f:1e:3a:66:4d:22:fe:90:36:
                    d0:28:ad:50:db:7b:c0:f7:fc:de:37:c5:50:75:3d:
                    6c:cd:37:9a:d7:3c:66:23:b4:11:56:07:93:b7:d4:
                    76:ed:f9:e0:0e:c3:c8:f4:56:f7:d5:9f:fa:be:4d:
                    df:67:7c:43:e2:3b:e9:80:72:e5:32:1c:a5:db:3e:
                    d6:28:07:24:b4:32:bd:1e:56:60:73:19:85:02:6f:
                    f4:fe:f5:ef:7b:b1:4a:e5:9c:fc:58:5b:b7:22:25:
                    71:25:13:1c:75:e7:14:4c:02:8f:b2:cc:e8:03:5c:
                    33:9b:27:c4:e3:73:c0:d6:84:7a:a8:02:00:c4:2d:
                    8c:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:54:21:32:4C:77:F5:D0:B3:5A:6A:98:AD:EC:BA:AA:38:52:AC:55
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/TlQhMkx39dCzWmqYrey6qjhSrFU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.95.0/24
                  31.13.211.0/24
                  45.128.232.0/24
                  84.54.51.0/24
                  87.121.58.0/24
                  87.121.69.0/24
                  94.103.124.0/23
                  141.98.4.0/24
                  147.78.102.0/24
                  193.35.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:45:8b:5e:d2:5b:42:44:91:a7:f8:27:da:47:6d:4e:ba:33:
         d0:3e:ea:6a:df:e4:57:38:87:52:da:a2:68:e3:20:df:17:ab:
         2e:a5:ac:5b:51:08:59:25:3a:48:fd:96:cd:8c:c7:b3:d5:4b:
         0d:11:ed:52:38:75:0a:dd:dc:3b:9a:b0:83:43:4c:f7:ad:c8:
         6b:80:3a:05:d8:bc:33:e9:de:27:74:17:0f:be:b7:21:08:43:
         ee:a8:94:b7:c3:a8:ab:eb:62:4e:88:09:ac:90:25:b7:cb:f4:
         79:97:63:6a:3b:c4:5c:90:07:e5:6c:03:5e:68:86:58:81:87:
         2f:08:e3:78:2d:54:72:09:0a:6b:5c:c3:9f:7f:ec:2e:d8:ae:
         ff:7c:90:2e:3d:77:bb:47:d6:f7:cc:85:51:df:1e:72:92:89:
         70:45:8a:2d:f2:ba:82:79:97:44:47:65:32:c3:bf:d7:1a:ff:
         6c:f7:ac:5d:8e:2a:fb:3d:4f:ea:58:3c:02:dc:4b:cf:69:8a:
         5f:dc:3b:d0:ef:fd:9f:83:a0:5a:3e:d4:a0:f9:f8:7d:bf:4d:
         fa:f1:48:9f:58:2b:2f:d5:71:d5:dd:b2:a8:46:17:62:6c:36:
         11:aa:b5:83:06:3c:55:c2:f5:2d:31:3a:61:4c:61:0b:9d:51:
         10:be:14:b2
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYzI3O5bBMCu49KX5rSnAH7ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTAyMDYyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTU0MjEzMjRjNzdmNWQwYjM1YTZhOThhZGVjYmFhYTM4NTJhYzU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg6JKmAxh9aBKyvW92ASVj6ZHYfNh
wDSQpDAWcHFaE2wrGUvoOTjTpjdwQDn0NfwC1F6P2TYRHaeSL2X3HpEGn3FGuUEj
Zz3Ng45EtWO44hEMteGw+6hVQjB4GWxG3f4G3VGN1OvD3WvWLZXFNJZpEhLaVUbp
vENNR9Qj2sKPHjpmTSL+kDbQKK1Q23vA9/zeN8VQdT1szTea1zxmI7QRVgeTt9R2
7fngDsPI9Fb31Z/6vk3fZ3xD4jvpgHLlMhyl2z7WKAcktDK9HlZgcxmFAm/0/vXv
e7FK5Zz8WFu3IiVxJRMcdecUTAKPsszoA1wzmyfE43PA1oR6qAIAxC2MAQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFE5UITJMd/XQs1pqmK3suqo4UqxVMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvVGxRaE1reDM5ZEN6V21xWXJleTZxamhTckZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQAAjpfAwQA
Hw3TAwQALYDoAwQAVDYzAwQAV3k6AwQAV3lFAwQBXmd8AwQAjWIEAwQAk05mAwQA
wSMSMA0GCSqGSIb3DQEBCwUAA4IBAQAiRYte0ltCRJGn+CfaR21OujPQPupq3+RX
OIdS2qJo4yDfF6supaxbUQhZJTpI/ZbNjMez1UsNEe1SOHUK3dw7mrCDQ0z3rchr
gDoF2Lwz6d4ndBcPvrchCEPuqJS3w6ir62JOiAmskCW3y/R5l2NqO8RckAflbANe
aIZYgYcvCON4LVRyCQprXMOff+wu2K7/fJAuPXe7R9b3zIVR3x5ykolwRYot8rqC
eZdER2Uyw7/XGv9s96xdjir7PU/qWDwC3EvPaYpf3DvQ7/2fg6BaPtSg+fh9v036
8UifWCsv1XHV3bKoRhdibDYRqrWDBjxVwvUtMTphTGELnVEQvhSy
-----END CERTIFICATE-----