Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/Wg9EUwYxPDO3n2c1JARrtBJsC2A.roa
File:                     Wg9EUwYxPDO3n2c1JARrtBJsC2A.roa (raw, json)
Hash identifier:          L0QT6BonnU4DVM1RGo0/0SriJj0pXvXs3YPfxFLX2ZI=
Subject key identifier:   5A:0F:44:53:06:31:3C:33:B7:9F:67:35:24:04:6B:B4:12:6C:0B:60
Certificate issuer:       /CN=eea02b197dbaf7deb74e0a27d9d4ecd3fae1e8ed
Certificate serial:       01857082D3A720688F37C109AD2EFAFDD889
Authority key identifier: EE:A0:2B:19:7D:BA:F7:DE:B7:4E:0A:27:D9:D4:EC:D3:FA:E1:E8:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7qArGX269963Tgon2dTs0_rh6O0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/Wg9EUwYxPDO3n2c1JARrtBJsC2A.roa
Signing time:             Mon 02 Jan 2023 03:24:59 +0000
ROA not before:           Mon 02 Jan 2023 03:24:59 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     57152
IP address blocks:        185.73.128.0/22 maxlen: 24
                          104.247.172.0/24 maxlen: 24
                          104.247.171.0/24 maxlen: 24
                          104.247.170.0/24 maxlen: 24
                          104.247.175.0/24 maxlen: 24
                          104.247.174.0/24 maxlen: 24
                          104.247.173.0/24 maxlen: 24
                          104.247.179.0/24 maxlen: 24
                          104.247.178.0/24 maxlen: 24
                          104.247.177.0/24 maxlen: 24
                          104.247.176.0/24 maxlen: 24
                          104.247.182.0/24 maxlen: 24
                          104.247.180.0/24 maxlen: 24
                          185.137.215.0/24 maxlen: 24
                          2a03:a5a0:1::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 27 Feb 2023 04:26:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:82:d3:a7:20:68:8f:37:c1:09:ad:2e:fa:fd:d8:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eea02b197dbaf7deb74e0a27d9d4ecd3fae1e8ed
        Validity
            Not Before: Jan  2 03:24:59 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5a0f445306313c33b79f673524046bb4126c0b60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:24:09:ac:87:24:dd:2b:24:f3:bd:23:bf:da:
                    18:f0:b6:ba:16:53:24:0a:8a:41:41:19:f8:8f:f3:
                    37:ba:9c:1f:40:2c:4f:93:a6:42:21:9f:c5:32:dd:
                    e6:7e:b0:ed:af:55:50:10:e1:91:cf:99:a3:1c:93:
                    35:7d:e6:4d:67:7c:66:b0:c0:39:a8:d3:0e:e4:37:
                    eb:f6:63:51:3d:12:c5:67:ce:11:37:33:2b:7d:32:
                    fb:14:8e:88:80:4b:03:b8:12:91:7b:30:38:d8:9a:
                    6a:60:ee:98:10:22:f8:1e:39:b1:96:eb:00:a3:09:
                    fe:8f:eb:21:2a:e0:ef:67:e3:03:ae:76:28:0b:f2:
                    6f:c1:fb:b5:2a:38:e3:af:3c:f7:e0:e0:62:6b:5e:
                    01:28:49:89:07:4a:4e:5a:06:d7:7b:ec:77:bc:29:
                    34:e5:69:6b:d5:5c:2c:e0:12:d6:56:f3:44:2e:b6:
                    d7:bb:e6:f5:10:71:f9:87:33:a1:91:64:33:41:55:
                    c4:80:c5:cd:8f:c9:c2:da:3a:2e:d9:b7:fd:cc:3a:
                    28:72:5f:18:92:ad:ce:a4:29:b0:c4:83:c6:13:7d:
                    09:c4:4c:b7:50:29:e5:95:dd:9b:bd:a6:1c:39:70:
                    6e:ca:e5:b1:98:69:e7:f6:e9:48:d5:0e:42:cd:06:
                    ba:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:0F:44:53:06:31:3C:33:B7:9F:67:35:24:04:6B:B4:12:6C:0B:60
            X509v3 Authority Key Identifier:
                keyid:EE:A0:2B:19:7D:BA:F7:DE:B7:4E:0A:27:D9:D4:EC:D3:FA:E1:E8:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7qArGX269963Tgon2dTs0_rh6O0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/Wg9EUwYxPDO3n2c1JARrtBJsC2A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/7qArGX269963Tgon2dTs0_rh6O0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.247.170.0-104.247.180.255
                  104.247.182.0/24
                  185.73.128.0/22
                  185.137.215.0/24
                IPv6:
                  2a03:a5a0:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         6e:b0:b7:a2:3b:fc:c2:54:c3:fa:96:54:75:f5:aa:19:07:5f:
         c9:d0:2f:bb:aa:0c:a7:71:9e:49:32:16:5e:dd:11:5b:fa:77:
         36:13:c1:4b:fe:05:93:91:dd:25:81:a9:19:2c:53:fa:8c:47:
         06:ba:93:a4:00:4b:52:df:bb:ba:50:b6:3c:9d:67:51:ab:e3:
         f2:46:a0:d6:8a:70:01:1e:45:89:ef:cd:2a:dc:f7:45:01:29:
         b9:53:db:a8:4c:45:d5:45:1a:98:99:f7:df:8f:f7:36:c5:c2:
         c2:ec:1b:1a:ce:f0:6a:58:d6:d0:32:c0:de:b7:bb:0e:44:be:
         98:cd:f9:1d:0d:27:1a:76:1c:94:d0:1c:fc:29:56:34:cd:fa:
         01:f3:bf:d4:5e:fb:51:14:e7:ed:82:78:ed:7d:b6:6b:05:85:
         db:92:34:b6:39:1f:16:bf:62:8c:2d:96:68:0b:5f:4c:24:39:
         f6:58:14:cb:ed:85:0f:93:cd:f9:8f:ff:3b:0d:e0:59:c0:47:
         49:ab:1f:bc:38:b2:b1:19:1c:67:26:00:0e:74:50:43:aa:4f:
         77:2b:85:06:9d:6b:36:56:3c:bc:6e:13:48:cf:24:6f:b3:52:
         48:56:a7:bc:fb:55:8b:cc:7f:af:86:61:de:ed:15:19:71:a8:
         d2:c3:6e:88
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgISAYVwgtOnIGiPN8EJrS76/diJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYTAyYjE5N2RiYWY3ZGViNzRlMGEyN2Q5ZDRlY2QzZmFl
MWU4ZWQwHhcNMjMwMTAyMDMyNDU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTBmNDQ1MzA2MzEzYzMzYjc5ZjY3MzUyNDA0NmJiNDEyNmMwYjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4CQJrIck3Ssk870jv9oY8La6FlMk
CopBQRn4j/M3upwfQCxPk6ZCIZ/FMt3mfrDtr1VQEOGRz5mjHJM1feZNZ3xmsMA5
qNMO5Dfr9mNRPRLFZ84RNzMrfTL7FI6IgEsDuBKRezA42JpqYO6YECL4HjmxlusA
own+j+shKuDvZ+MDrnYoC/Jvwfu1Kjjjrzz34OBia14BKEmJB0pOWgbXe+x3vCk0
5Wlr1Vws4BLWVvNELrbXu+b1EHH5hzOhkWQzQVXEgMXNj8nC2jou2bf9zDoocl8Y
kq3OpCmwxIPGE30JxEy3UCnlld2bvaYcOXBuyuWxmGnn9ulI1Q5CzQa6wQIDAQAB
o4ICNDCCAjAwHQYDVR0OBBYEFFoPRFMGMTwzt59nNSQEa7QSbAtgMB8GA1UdIwQY
MBaAFO6gKxl9uvfet04KJ9nU7NP64ejtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3FBckdYMjY5OTYzVGdvbjJkVHMwX3JoNk8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS85NzFiMTEtMjgwZS00Y2VkLWI5OWMt
YmJjY2FiOTEzYjVkLzEvV2c5RVV3WXhQRE8zbjJjMUpBUnJ0QkpzQzJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS85NzFiMTEtMjgwZS00Y2VkLWI5OWMtYmJjY2FiOTEzYjVk
LzEvN3FBckdYMjY5OTYzVGdvbjJkVHMwX3JoNk8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEoGCCsGAQUFBwEHAQH/BDswOTAmBAIAATAgMAwDBAFo96oD
BABo97QDBABo97YDBAK5SYADBAC5idcwDwQCAAIwCQMHACoDpaAAATANBgkqhkiG
9w0BAQsFAAOCAQEAbrC3ojv8wlTD+pZUdfWqGQdfydAvu6oMp3GeSTIWXt0RW/p3
NhPBS/4Fk5HdJYGpGSxT+oxHBrqTpABLUt+7ulC2PJ1nUavj8kag1opwAR5Fie/N
Ktz3RQEpuVPbqExF1UUamJn334/3NsXCwuwbGs7waljW0DLA3re7DkS+mM35HQ0n
GnYclNAc/ClWNM36AfO/1F77URTn7YJ47X22awWF25I0tjkfFr9ijC2WaAtfTCQ5
9lgUy+2FD5PN+Y//Ow3gWcBHSasfvDiysRkcZyYADnRQQ6pPdyuFBp1rNlY8vG4T
SM8kb7NSSFanvPtVi8x/r4Zh3u0VGXGo0sNuiA==
-----END CERTIFICATE-----