Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/u-Bjnx-7GN7V4dOToxO8gJWPa28.roa
File:                     u-Bjnx-7GN7V4dOToxO8gJWPa28.roa (raw, json)
Hash identifier:          mY0Q4roW5H5pVZLQmq55BNcQEe9X32kGB1fArXkheDg=
Subject key identifier:   BB:E0:63:9F:1F:BB:18:DE:D5:E1:D3:93:A3:13:BC:80:95:8F:6B:6F
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01856D81D9A88022191D946F16A202CBA051
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/u-Bjnx-7GN7V4dOToxO8gJWPa28.roa
Signing time:             Sun 01 Jan 2023 13:25:04 +0000
ROA not before:           Sun 01 Jan 2023 13:25:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     25206
IP address blocks:        87.120.112.0/24 maxlen: 24
                          87.120.113.0/24 maxlen: 24
                          87.120.115.0/24 maxlen: 24
                          87.120.117.0/24 maxlen: 24
                          87.120.112.0/20 maxlen: 20
                          87.120.112.0/21 maxlen: 21
                          87.120.114.0/24 maxlen: 24
                          87.120.116.0/24 maxlen: 24
                          87.120.118.0/24 maxlen: 24
                          87.120.119.0/24 maxlen: 24
                          87.120.121.0/24 maxlen: 24
                          87.120.123.0/24 maxlen: 24
                          87.120.125.0/24 maxlen: 24
                          87.120.120.0/21 maxlen: 21
                          87.120.120.0/24 maxlen: 24
                          87.120.122.0/24 maxlen: 24
                          87.120.124.0/24 maxlen: 24
                          87.120.127.0/24 maxlen: 24
                          87.120.126.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 06:29:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:81:d9:a8:80:22:19:1d:94:6f:16:a2:02:cb:a0:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  1 13:25:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=bbe0639f1fbb18ded5e1d393a313bc80958f6b6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:8c:c3:67:70:2c:9a:0a:92:5e:4f:ee:60:4e:
                    14:91:59:25:3f:03:81:fd:47:dc:56:16:75:c4:e6:
                    61:e5:cb:e1:f6:d3:88:20:35:04:3c:3e:70:b6:f5:
                    c1:d3:28:4c:8e:03:ab:d8:ad:3c:28:eb:96:6d:48:
                    d8:13:8d:40:2b:0b:18:41:d2:84:fe:70:4f:c2:e3:
                    52:44:8a:62:26:36:eb:14:2e:36:70:b8:69:fd:78:
                    7f:b1:09:d2:a7:3b:83:3e:3f:1a:8b:b9:2e:b1:77:
                    35:8e:df:c7:c7:39:9b:c2:e9:74:5b:47:4a:6d:45:
                    e7:08:7e:bd:21:15:6f:be:4f:fa:65:e9:46:ec:49:
                    61:0c:18:6a:e8:43:11:31:44:5c:ad:e1:70:9d:b8:
                    f6:c0:1f:b2:62:37:4b:96:47:93:ee:04:14:1d:fe:
                    a1:85:d7:6c:aa:c2:ab:f7:8d:9d:d6:fc:23:ef:f0:
                    ea:f8:2c:c8:6d:28:d0:07:50:93:10:d2:aa:2f:ec:
                    70:3e:45:b1:c8:e3:ab:10:98:06:cf:12:ff:be:20:
                    e3:6f:43:a7:18:66:e0:e0:d9:9c:63:90:bb:da:cc:
                    e7:7b:b6:4b:f3:68:be:5d:a9:12:14:65:23:9c:da:
                    c1:5f:3e:70:dc:77:01:7b:c5:30:90:b8:42:8c:48:
                    d3:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:E0:63:9F:1F:BB:18:DE:D5:E1:D3:93:A3:13:BC:80:95:8F:6B:6F
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/u-Bjnx-7GN7V4dOToxO8gJWPa28.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.120.112.0/20

    Signature Algorithm: sha256WithRSAEncryption
         46:d8:79:66:b7:e9:dc:f0:a3:7a:0c:6d:00:a7:1c:08:33:b6:
         52:18:e6:d5:3a:0d:a6:a8:3b:55:b5:d0:3c:35:80:71:09:fc:
         4f:98:29:39:76:1a:f1:2f:b2:63:3b:69:91:ed:14:06:e6:3f:
         fa:a5:c9:48:57:5c:cc:f7:3e:34:98:33:63:93:5a:a8:a5:d2:
         d5:b4:73:66:a6:48:92:c1:14:19:48:54:73:4c:bc:0a:74:ef:
         37:98:63:e7:2c:c3:7e:3c:df:4d:74:0c:11:7e:b0:ad:79:90:
         4f:54:0c:43:44:90:b0:5b:9e:64:79:5f:41:81:15:f0:24:dc:
         88:97:b4:2f:af:7c:c4:ec:bc:57:11:29:2b:ee:d2:8c:52:13:
         37:2c:58:49:6d:21:bf:4f:1e:61:a0:5c:f9:80:82:7c:86:76:
         63:6e:4b:24:70:4d:20:0f:1e:65:ad:de:55:0d:55:38:a7:25:
         58:4a:73:bf:bd:f2:38:79:42:2b:01:ed:a4:5d:5e:7c:22:88:
         5e:6b:44:ac:fc:92:60:a0:d1:bc:cf:56:e6:2c:14:2e:a9:93:
         4f:7c:85:28:fb:09:9c:85:17:89:e8:f4:ab:03:7b:1c:62:49:
         3e:52:e6:45:76:50:29:b1:1e:a7:b1:23:7e:67:d4:db:98:54:
         ac:53:0a:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVtgdmogCIZHZRvFqICy6BRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwMTAxMTMyNTA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmUwNjM5ZjFmYmIxOGRlZDVlMWQzOTNhMzEzYmM4MDk1OGY2YjZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn4zDZ3AsmgqSXk/uYE4UkVklPwOB
/UfcVhZ1xOZh5cvh9tOIIDUEPD5wtvXB0yhMjgOr2K08KOuWbUjYE41AKwsYQdKE
/nBPwuNSRIpiJjbrFC42cLhp/Xh/sQnSpzuDPj8ai7kusXc1jt/Hxzmbwul0W0dK
bUXnCH69IRVvvk/6ZelG7ElhDBhq6EMRMURcreFwnbj2wB+yYjdLlkeT7gQUHf6h
hddsqsKr942d1vwj7/Dq+CzIbSjQB1CTENKqL+xwPkWxyOOrEJgGzxL/viDjb0On
GGbg4NmcY5C72szne7ZL82i+XakSFGUjnNrBXz5w3HcBe8UwkLhCjEjT7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLvgY58fuxje1eHTk6MTvICVj2tvMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvdS1Cam54LTdHTjdWNGRPVG94TzhnSldQYTI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEV3hwMA0G
CSqGSIb3DQEBCwUAA4IBAQBG2Hlmt+nc8KN6DG0ApxwIM7ZSGObVOg2mqDtVtdA8
NYBxCfxPmCk5dhrxL7JjO2mR7RQG5j/6pclIV1zM9z40mDNjk1qopdLVtHNmpkiS
wRQZSFRzTLwKdO83mGPnLMN+PN9NdAwRfrCteZBPVAxDRJCwW55keV9BgRXwJNyI
l7Qvr3zE7LxXESkr7tKMUhM3LFhJbSG/Tx5hoFz5gIJ8hnZjbkskcE0gDx5lrd5V
DVU4pyVYSnO/vfI4eUIrAe2kXV58Iohea0Ss/JJgoNG8z1bmLBQuqZNPfIUo+wmc
hReJ6PSrA3scYkk+UuZFdlApsR6nsSN+Z9TbmFSsUwrn
-----END CERTIFICATE-----