Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/80c387-b20b-430a-a5e6-6e3074c6c663/1/orBn_9MjsAvIhWqpprHsCAEcE7E.roa
File:                     orBn_9MjsAvIhWqpprHsCAEcE7E.roa (raw, json)
Hash identifier:          /cwaIGriEXSQUdiHytffD1TbQZkQ8Y394/EbqviL4Vs=
Subject key identifier:   A2:B0:67:FF:D3:23:B0:0B:C8:85:6A:A9:A6:B1:EC:08:01:1C:13:B1
Certificate issuer:       /CN=4722aea0ef4c0667db819f5d5a3daea6399f038c
Certificate serial:       0188D2933A7D8A53F407A86FADF4E13483EB
Authority key identifier: 47:22:AE:A0:EF:4C:06:67:DB:81:9F:5D:5A:3D:AE:A6:39:9F:03:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RyKuoO9MBmfbgZ9dWj2upjmfA4w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/80c387-b20b-430a-a5e6-6e3074c6c663/1/orBn_9MjsAvIhWqpprHsCAEcE7E.roa
Signing time:             Mon 19 Jun 2023 07:34:04 +0000
ROA not before:           Mon 19 Jun 2023 07:34:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     206892
IP address blocks:        95.140.32.0/24 maxlen: 24
                          185.199.28.0/22 maxlen: 24
                          95.140.38.0/23 maxlen: 24
                          45.95.44.0/22 maxlen: 24
                          194.39.44.0/22 maxlen: 24
                          185.161.72.0/22 maxlen: 24
                          94.199.179.0/24 maxlen: 24
                          185.234.183.0/24 maxlen: 24
                          185.234.181.0/24 maxlen: 24
                          2a07:c280::/32 maxlen: 33

Validation:               Failed, certificate revoked on Tue 07 Nov 2023 19:43:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:d2:93:3a:7d:8a:53:f4:07:a8:6f:ad:f4:e1:34:83:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4722aea0ef4c0667db819f5d5a3daea6399f038c
        Validity
            Not Before: Jun 19 07:34:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a2b067ffd323b00bc8856aa9a6b1ec08011c13b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:e1:4c:7a:66:d1:36:22:48:bf:72:5c:0e:6e:
                    75:73:17:ac:ac:4a:76:ea:87:5f:b0:ad:1f:c1:2e:
                    d6:5e:f6:72:ee:5d:b2:0c:2f:16:2d:8b:da:37:f9:
                    2e:99:e5:2b:a0:62:bd:49:11:a0:ec:7b:14:2a:34:
                    d0:71:f1:b0:26:44:8e:c3:56:0a:17:d9:3f:4a:68:
                    40:95:3b:65:19:9d:64:4d:f4:74:46:9d:a3:af:54:
                    c5:1b:e0:94:77:36:d2:ae:02:58:3a:e3:d8:ce:4f:
                    19:09:ba:9b:a3:d9:0e:e8:ad:83:cf:59:39:87:80:
                    85:0f:73:4d:95:3e:77:f6:32:21:08:e6:e8:43:10:
                    fd:2e:5b:88:c8:70:d1:1e:b4:cd:d9:d7:df:bd:0c:
                    69:59:04:a7:77:f5:00:50:4a:db:86:04:1e:01:a4:
                    31:72:00:9c:e9:9e:86:bd:dd:8e:57:f6:2a:2e:24:
                    12:a5:39:70:39:fc:57:d3:e2:eb:10:0f:63:c5:f8:
                    60:63:14:89:0d:79:7b:fe:17:83:d9:38:4a:20:27:
                    1d:c3:f6:16:fe:68:9c:94:28:dd:fc:4f:b1:b3:fc:
                    3b:a6:ba:bc:a2:1c:eb:70:c2:86:63:ed:6f:54:c8:
                    70:01:21:55:d7:5a:d1:d4:db:3c:99:fe:23:74:8d:
                    c2:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:B0:67:FF:D3:23:B0:0B:C8:85:6A:A9:A6:B1:EC:08:01:1C:13:B1
            X509v3 Authority Key Identifier:
                keyid:47:22:AE:A0:EF:4C:06:67:DB:81:9F:5D:5A:3D:AE:A6:39:9F:03:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RyKuoO9MBmfbgZ9dWj2upjmfA4w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/80c387-b20b-430a-a5e6-6e3074c6c663/1/orBn_9MjsAvIhWqpprHsCAEcE7E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/80c387-b20b-430a-a5e6-6e3074c6c663/1/RyKuoO9MBmfbgZ9dWj2upjmfA4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.44.0/22
                  94.199.179.0/24
                  95.140.32.0/24
                  95.140.38.0/23
                  185.161.72.0/22
                  185.199.28.0/22
                  185.234.181.0/24
                  185.234.183.0/24
                  194.39.44.0/22
                IPv6:
                  2a07:c280::/32

    Signature Algorithm: sha256WithRSAEncryption
         79:af:ec:d4:75:99:be:80:2d:32:cd:3b:a0:c1:82:bb:0f:22:
         9b:69:4f:f6:a4:f3:e7:91:c3:40:25:90:b8:e9:07:f8:8e:cb:
         aa:c4:a2:03:99:75:d6:16:e3:47:40:d4:c9:70:34:9c:1b:67:
         a3:dc:5e:ee:b6:5b:d9:aa:19:2d:2c:3c:5e:72:df:e6:ad:04:
         68:94:e7:62:d2:9a:88:be:87:13:1b:08:e7:bc:f9:75:22:61:
         e1:ab:27:62:bb:b6:0a:2d:87:64:2c:32:68:6e:47:d7:c4:e8:
         33:25:3d:1a:4a:4b:97:ca:e3:32:bf:26:26:33:f8:cc:bd:7e:
         00:d7:3d:c8:7b:c6:ff:09:87:52:50:51:d2:12:d4:ce:82:dc:
         6a:d5:02:25:79:67:ac:02:e6:5f:36:8b:ae:1a:0c:90:28:42:
         c1:86:cf:27:ad:12:1d:29:20:2f:9e:2e:56:75:37:ff:47:54:
         aa:ab:a1:0b:b8:bb:f1:05:c3:9c:0c:3e:fc:25:1e:29:00:4e:
         a0:96:57:c7:71:29:88:40:d7:3c:a3:e2:62:b7:df:62:bc:a6:
         8d:11:a3:c2:90:47:0d:76:5f:61:03:d3:cc:c8:0e:f0:3b:b6:
         e1:3f:48:4b:ac:6e:1f:7b:c3:88:77:00:ff:65:3f:f6:36:22:
         53:f1:d8:9f
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAYjSkzp9ilP0B6hvrfThNIPrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3MjJhZWEwZWY0YzA2NjdkYjgxOWY1ZDVhM2RhZWE2Mzk5
ZjAzOGMwHhcNMjMwNjE5MDczNDA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmIwNjdmZmQzMjNiMDBiYzg4NTZhYTlhNmIxZWMwODAxMWMxM2IxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiuFMembRNiJIv3JcDm51cxesrEp2
6odfsK0fwS7WXvZy7l2yDC8WLYvaN/kumeUroGK9SRGg7HsUKjTQcfGwJkSOw1YK
F9k/SmhAlTtlGZ1kTfR0Rp2jr1TFG+CUdzbSrgJYOuPYzk8ZCbqbo9kO6K2Dz1k5
h4CFD3NNlT539jIhCOboQxD9LluIyHDRHrTN2dffvQxpWQSnd/UAUErbhgQeAaQx
cgCc6Z6Gvd2OV/YqLiQSpTlwOfxX0+LrEA9jxfhgYxSJDXl7/heD2ThKICcdw/YW
/miclCjd/E+xs/w7prq8ohzrcMKGY+1vVMhwASFV11rR1Ns8mf4jdI3CUQIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFKKwZ//TI7ALyIVqqaax7AgBHBOxMB8GA1UdIwQY
MBaAFEcirqDvTAZn24GfXVo9rqY5nwOMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnlLdW9POU1CbWZiZ1o5ZFdqMnVwam1mQTR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi84MGMzODctYjIwYi00MzBhLWE1ZTYt
NmUzMDc0YzZjNjYzLzEvb3JCbl85TWpzQXZJaFdxcHBySHNDQUVjRTdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi84MGMzODctYjIwYi00MzBhLWE1ZTYtNmUzMDc0YzZjNjYz
LzEvUnlLdW9POU1CbWZiZ1o5ZFdqMnVwam1mQTR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQCLV8sAwQA
XsezAwQAX4wgAwQBX4wmAwQCuaFIAwQCucccAwQAueq1AwQAueq3AwQCwicsMA0E
AgACMAcDBQAqB8KAMA0GCSqGSIb3DQEBCwUAA4IBAQB5r+zUdZm+gC0yzTugwYK7
DyKbaU/2pPPnkcNAJZC46Qf4jsuqxKIDmXXWFuNHQNTJcDScG2ej3F7utlvZqhkt
LDxect/mrQRolOdi0pqIvocTGwjnvPl1ImHhqydiu7YKLYdkLDJobkfXxOgzJT0a
SkuXyuMyvyYmM/jMvX4A1z3Ie8b/CYdSUFHSEtTOgtxq1QIleWesAuZfNouuGgyQ
KELBhs8nrRIdKSAvni5WdTf/R1Sqq6ELuLvxBcOcDD78JR4pAE6gllfHcSmIQNc8
o+Jit99ivKaNEaPCkEcNdl9hA9PMyA7wO7bhP0hLrG4fe8OIdwD/ZT/2NiJT8dif
-----END CERTIFICATE-----