Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/oiE4Yd--MohtiScn4siTKKMt3N4.roa
File:                     oiE4Yd--MohtiScn4siTKKMt3N4.roa (raw, json)
Hash identifier:          QvqtwxsY6ZeQaFqD0j7EjaOEEJO+Ei2VE4/JAWE/fmA=
Subject key identifier:   A2:21:38:61:DF:BE:32:88:6D:89:27:27:E2:C8:93:28:A3:2D:DC:DE
Certificate issuer:       /CN=767f3bd4bfbd3071c38cd4d7092bd3490920c3d9
Certificate serial:       018BD36ADB4851A3BC874F725F135B3612BA
Authority key identifier: 76:7F:3B:D4:BF:BD:30:71:C3:8C:D4:D7:09:2B:D3:49:09:20:C3:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dn871L-9MHHDjNTXCSvTSQkgw9k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/oiE4Yd--MohtiScn4siTKKMt3N4.roa
Signing time:             Wed 15 Nov 2023 14:37:57 +0000
ROA not before:           Wed 15 Nov 2023 14:37:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     7393
IP address blocks:        178.22.29.0/24 maxlen: 24
                          62.106.80.0/24 maxlen: 24
                          62.3.51.0/24 maxlen: 24
                          212.18.107.0/24 maxlen: 24
                          91.246.57.0/24 maxlen: 24
                          77.72.82.0/24 maxlen: 24
                          84.246.83.0/24 maxlen: 24
                          193.163.95.0/24 maxlen: 24
                          46.253.136.0/24 maxlen: 24
                          46.31.66.0/24 maxlen: 24
                          5.57.213.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 20 Nov 2023 10:47:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:d3:6a:db:48:51:a3:bc:87:4f:72:5f:13:5b:36:12:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=767f3bd4bfbd3071c38cd4d7092bd3490920c3d9
        Validity
            Not Before: Nov 15 14:37:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a2213861dfbe32886d892727e2c89328a32ddcde
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:31:ff:e6:c1:de:c1:73:77:69:4b:5b:4c:6d:
                    77:37:c9:11:20:b5:1e:80:09:67:60:85:40:50:4d:
                    38:da:af:33:e6:81:cf:fb:cc:6b:b2:90:db:ca:57:
                    b5:51:cd:48:66:8b:7a:33:15:d6:df:34:e5:99:a6:
                    6b:87:72:ad:19:0c:44:3c:f3:5e:cf:a6:fa:47:d7:
                    58:77:13:ac:90:b4:13:cc:76:02:6b:c9:7f:3f:80:
                    bc:bf:5b:df:16:63:4b:0b:2e:55:2f:a2:cf:ab:bc:
                    73:86:15:25:ac:64:44:5d:38:94:47:02:e8:ad:fc:
                    88:e3:3b:ac:22:d1:e3:f1:d7:02:df:a0:df:12:e9:
                    0f:7c:24:cc:a6:67:d5:3c:48:41:06:2a:10:86:70:
                    4a:b9:0f:82:15:85:ee:d6:e5:29:89:49:1f:e5:5b:
                    06:65:b7:09:34:7c:aa:98:d2:f0:da:6e:c4:91:2a:
                    fe:4e:a0:c7:3b:38:52:fc:74:68:d3:5c:1a:ae:64:
                    ee:55:5f:c1:18:21:e9:c0:62:e7:d9:8a:0a:d8:5b:
                    05:02:04:19:b7:a2:22:d5:8f:e3:44:73:19:5a:42:
                    4c:35:c7:bc:e2:34:0d:dd:51:3f:5f:eb:7b:5e:20:
                    8e:d6:1b:7d:15:d5:32:d9:80:9a:a3:e7:0d:00:85:
                    ab:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:21:38:61:DF:BE:32:88:6D:89:27:27:E2:C8:93:28:A3:2D:DC:DE
            X509v3 Authority Key Identifier:
                keyid:76:7F:3B:D4:BF:BD:30:71:C3:8C:D4:D7:09:2B:D3:49:09:20:C3:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dn871L-9MHHDjNTXCSvTSQkgw9k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/oiE4Yd--MohtiScn4siTKKMt3N4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/dn871L-9MHHDjNTXCSvTSQkgw9k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.57.213.0/24
                  46.31.66.0/24
                  46.253.136.0/24
                  62.3.51.0/24
                  62.106.80.0/24
                  77.72.82.0/24
                  84.246.83.0/24
                  91.246.57.0/24
                  178.22.29.0/24
                  193.163.95.0/24
                  212.18.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:de:6f:94:16:97:c9:a0:99:33:20:4f:c7:46:4b:5e:da:94:
         31:c1:a8:ea:3b:f6:66:b6:e4:66:c0:ba:da:23:22:44:98:91:
         92:6d:40:ee:21:72:56:9a:99:4f:46:5b:0e:7f:b2:a8:68:50:
         65:9f:ed:a7:4a:d3:1a:d9:f4:82:97:6f:2c:99:1b:7a:bb:4e:
         67:6a:69:f5:9b:fe:64:1d:61:63:1d:f0:94:cd:3c:8e:9f:41:
         a8:d7:6d:af:75:76:a9:55:59:09:64:76:c6:28:ab:f9:5c:4c:
         80:d5:c3:cd:c7:4f:b7:20:cc:56:2a:c9:03:7a:ad:0c:45:77:
         ef:0e:dc:52:e5:c4:f3:2b:ef:39:1b:11:eb:d6:56:17:71:89:
         cd:d0:88:0a:96:ad:42:aa:7d:f6:6e:42:83:1c:08:2c:71:88:
         6a:cb:b1:33:fd:f7:ec:3f:f8:b5:cb:5e:de:ca:1d:42:4b:6e:
         69:85:0a:a2:4d:a5:8b:6d:6f:fc:29:8c:8c:c1:99:0a:f6:e0:
         a4:7e:0c:38:3f:d0:2c:4a:07:36:a7:43:5b:a6:92:28:6c:fd:
         41:01:dd:61:4f:9b:09:3e:c7:cf:a5:9b:70:38:13:a5:f9:35:
         2e:22:bd:72:8c:3a:47:93:28:1c:13:4e:09:d9:07:db:b3:c5:
         10:9a:16:22
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYvTattIUaO8h09yXxNbNhK6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2N2YzYmQ0YmZiZDMwNzFjMzhjZDRkNzA5MmJkMzQ5MDky
MGMzZDkwHhcNMjMxMTE1MTQzNzU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjIxMzg2MWRmYmUzMjg4NmQ4OTI3MjdlMmM4OTMyOGEzMmRkY2RlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5jH/5sHewXN3aUtbTG13N8kRILUe
gAlnYIVAUE042q8z5oHP+8xrspDbyle1Uc1IZot6MxXW3zTlmaZrh3KtGQxEPPNe
z6b6R9dYdxOskLQTzHYCa8l/P4C8v1vfFmNLCy5VL6LPq7xzhhUlrGREXTiURwLo
rfyI4zusItHj8dcC36DfEukPfCTMpmfVPEhBBioQhnBKuQ+CFYXu1uUpiUkf5VsG
ZbcJNHyqmNLw2m7EkSr+TqDHOzhS/HRo01warmTuVV/BGCHpwGLn2YoK2FsFAgQZ
t6Ii1Y/jRHMZWkJMNce84jQN3VE/X+t7XiCO1ht9FdUy2YCao+cNAIWrywIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFKIhOGHfvjKIbYknJ+LIkyijLdzeMB8GA1UdIwQY
MBaAFHZ/O9S/vTBxw4zU1wkr00kJIMPZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZG44NzFMLTlNSEhEak5UWENTdlRTUWtndzlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi9mZjVjYzYtOGY2MS00NDdiLWI2NTgt
NGZiNTU5YjNiOWIzLzEvb2lFNFlkLS1Nb2h0aVNjbjRzaVRLS010M040LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi9mZjVjYzYtOGY2MS00NDdiLWI2NTgtNGZiNTU5YjNiOWIz
LzEvZG44NzFMLTlNSEhEak5UWENTdlRTUWtndzlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQABTnVAwQA
Lh9CAwQALv2IAwQAPgMzAwQAPmpQAwQATUhSAwQAVPZTAwQAW/Y5AwQAshYdAwQA
waNfAwQA1BJrMA0GCSqGSIb3DQEBCwUAA4IBAQCW3m+UFpfJoJkzIE/HRkte2pQx
wajqO/ZmtuRmwLraIyJEmJGSbUDuIXJWmplPRlsOf7KoaFBln+2nStMa2fSCl28s
mRt6u05namn1m/5kHWFjHfCUzTyOn0Go122vdXapVVkJZHbGKKv5XEyA1cPNx0+3
IMxWKskDeq0MRXfvDtxS5cTzK+85GxHr1lYXcYnN0IgKlq1Cqn32bkKDHAgscYhq
y7Ez/ffsP/i1y17eyh1CS25phQqiTaWLbW/8KYyMwZkK9uCkfgw4P9AsSgc2p0Nb
ppIobP1BAd1hT5sJPsfPpZtwOBOl+TUuIr1yjDpHkygcE04J2Qfbs8UQmhYi
-----END CERTIFICATE-----