Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/7e4f08-6730-4051-9792-494f4c4da426/1/rTY7m6jnHkFXS_quSjLj3C22BYQ.roa
File:                     rTY7m6jnHkFXS_quSjLj3C22BYQ.roa (raw, json)
Hash identifier:          4DzWBpjD7/CEPLmFh1DatHfizPH1e0IocO3vO2v1CHk=
Subject key identifier:   AD:36:3B:9B:A8:E7:1E:41:57:4B:FA:AE:4A:32:E3:DC:2D:B6:05:84
Certificate issuer:       /CN=1d0672c99f87f05cd83f0b627d31871fe80be01f
Certificate serial:       018679F09CB1FDFD218C77AD472C971E7D9D
Authority key identifier: 1D:06:72:C9:9F:87:F0:5C:D8:3F:0B:62:7D:31:87:1F:E8:0B:E0:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HQZyyZ-H8FzYPwtifTGHH-gL4B8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/7e4f08-6730-4051-9792-494f4c4da426/1/rTY7m6jnHkFXS_quSjLj3C22BYQ.roa
Signing time:             Wed 22 Feb 2023 16:24:17 +0000
ROA not before:           Wed 22 Feb 2023 16:24:17 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     28919
IP address blocks:        94.24.56.0/21 maxlen: 24
                          185.164.112.0/22 maxlen: 24
                          89.41.128.0/21 maxlen: 24
                          77.223.0.0/22 maxlen: 24
                          86.111.56.0/22 maxlen: 24
                          185.66.48.0/22 maxlen: 24
                          80.93.32.0/20 maxlen: 24
                          213.182.224.0/19 maxlen: 24
                          185.163.144.0/22 maxlen: 24
                          2a03:c680::/29 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 20:31:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:79:f0:9c:b1:fd:fd:21:8c:77:ad:47:2c:97:1e:7d:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d0672c99f87f05cd83f0b627d31871fe80be01f
        Validity
            Not Before: Feb 22 16:24:17 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ad363b9ba8e71e41574bfaae4a32e3dc2db60584
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:81:be:fe:21:5f:f4:15:5c:dd:69:10:32:60:
                    02:47:af:80:f1:3c:cf:e1:4f:1a:e4:15:81:f0:89:
                    be:83:96:18:24:f8:18:7b:7c:09:8b:f0:c1:64:6c:
                    5d:32:d5:43:cf:f1:2f:78:62:8e:c6:d2:de:e4:84:
                    b4:b8:2d:5a:a5:79:14:33:bf:21:35:96:dc:1e:8b:
                    57:60:3c:79:fd:9c:3c:0b:15:ca:9a:67:84:62:25:
                    85:ea:35:4c:53:07:0e:6f:5f:fc:d8:d0:49:64:24:
                    92:db:45:68:78:84:da:5e:9c:fd:5e:27:11:59:ce:
                    5b:c0:e3:68:0e:bc:32:74:5f:8b:1f:d5:11:ef:6d:
                    5c:10:20:af:24:96:ee:65:ae:a6:e0:be:ee:38:fc:
                    0c:21:07:51:50:1b:e1:b7:b8:40:78:7d:07:90:dc:
                    e3:2a:3e:fc:95:e2:9b:e5:5c:00:6b:6e:87:0e:bb:
                    f4:de:c1:12:01:92:42:f6:99:92:54:d4:1a:47:31:
                    25:b1:43:b3:5a:9f:5a:35:ee:17:af:1a:6c:4f:ad:
                    8a:83:c0:92:fe:32:fd:bf:90:5d:fc:d9:e3:32:fe:
                    4b:98:d1:cd:6e:7b:f1:a1:99:ea:d7:5c:c7:21:ba:
                    2f:d0:94:33:e5:58:a3:7b:90:d1:47:a3:5c:00:99:
                    46:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:36:3B:9B:A8:E7:1E:41:57:4B:FA:AE:4A:32:E3:DC:2D:B6:05:84
            X509v3 Authority Key Identifier:
                keyid:1D:06:72:C9:9F:87:F0:5C:D8:3F:0B:62:7D:31:87:1F:E8:0B:E0:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HQZyyZ-H8FzYPwtifTGHH-gL4B8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/7e4f08-6730-4051-9792-494f4c4da426/1/rTY7m6jnHkFXS_quSjLj3C22BYQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/7e4f08-6730-4051-9792-494f4c4da426/1/HQZyyZ-H8FzYPwtifTGHH-gL4B8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.223.0.0/22
                  80.93.32.0/20
                  86.111.56.0/22
                  89.41.128.0/21
                  94.24.56.0/21
                  185.66.48.0/22
                  185.163.144.0/22
                  185.164.112.0/22
                  213.182.224.0/19
                IPv6:
                  2a03:c680::/29

    Signature Algorithm: sha256WithRSAEncryption
         2d:f9:58:d8:b5:b9:f8:b6:5d:d1:0b:30:6f:a7:41:8a:2f:e1:
         94:70:50:9a:0a:1d:be:01:e2:aa:75:2c:91:f5:a0:62:04:69:
         51:48:89:4b:5b:04:ab:6d:83:90:4f:e4:78:4d:50:8c:7c:f7:
         79:cb:43:12:96:ff:02:8f:0a:20:dd:7b:d7:f3:1b:6b:40:15:
         3a:49:d9:65:84:98:34:bc:73:fa:e7:fc:17:a8:76:5d:bd:e5:
         a8:ec:3b:06:65:f2:ca:6b:17:af:ee:3f:62:73:34:48:fc:5b:
         11:98:5f:6d:28:1e:29:b9:a8:d6:5a:6f:fa:f3:d8:75:3a:af:
         7c:cb:fd:54:3d:c5:b1:f8:eb:4d:de:35:92:80:0f:83:c1:cf:
         a2:d9:70:40:f0:fd:f9:55:bb:7d:f2:e3:e8:4a:55:7f:3f:40:
         36:09:94:c4:4b:8e:8d:6b:69:9f:6f:fd:0c:39:cd:8f:3e:ad:
         48:9a:7c:2c:ea:d0:d3:a7:57:ad:28:13:37:7b:d7:88:e4:f3:
         f7:21:ff:b2:dc:cc:46:ac:2b:c8:6f:67:18:b4:9f:23:9d:fc:
         0c:b4:eb:9e:87:8a:bb:90:f0:12:cc:80:47:c6:80:b1:11:d6:
         9c:56:c7:80:10:cc:79:0a:56:33:d2:47:b3:f9:ce:3d:d6:83:
         0d:f9:ac:9d
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAYZ58Jyx/f0hjHetRyyXHn2dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMDY3MmM5OWY4N2YwNWNkODNmMGI2MjdkMzE4NzFmZTgw
YmUwMWYwHhcNMjMwMjIyMTYyNDE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDM2M2I5YmE4ZTcxZTQxNTc0YmZhYWU0YTMyZTNkYzJkYjYwNTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp4G+/iFf9BVc3WkQMmACR6+A8TzP
4U8a5BWB8Im+g5YYJPgYe3wJi/DBZGxdMtVDz/EveGKOxtLe5IS0uC1apXkUM78h
NZbcHotXYDx5/Zw8CxXKmmeEYiWF6jVMUwcOb1/82NBJZCSS20VoeITaXpz9XicR
Wc5bwONoDrwydF+LH9UR721cECCvJJbuZa6m4L7uOPwMIQdRUBvht7hAeH0HkNzj
Kj78leKb5VwAa26HDrv03sESAZJC9pmSVNQaRzElsUOzWp9aNe4XrxpsT62Kg8CS
/jL9v5Bd/NnjMv5LmNHNbnvxoZnq11zHIbov0JQz5Vije5DRR6NcAJlG8wIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFK02O5uo5x5BV0v6rkoy49wttgWEMB8GA1UdIwQY
MBaAFB0Gcsmfh/Bc2D8LYn0xhx/oC+AfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFFaeXlaLUg4RnpZUHd0aWZUR0hILWdMNEI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi83ZTRmMDgtNjczMC00MDUxLTk3OTIt
NDk0ZjRjNGRhNDI2LzEvclRZN202am5Ia0ZYU19xdVNqTGozQzIyQllRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi83ZTRmMDgtNjczMC00MDUxLTk3OTItNDk0ZjRjNGRhNDI2
LzEvSFFaeXlaLUg4RnpZUHd0aWZUR0hILWdMNEI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQCTd8AAwQE
UF0gAwQCVm84AwQDWSmAAwQDXhg4AwQCuUIwAwQCuaOQAwQCuaRwAwQF1bbgMA0E
AgACMAcDBQMqA8aAMA0GCSqGSIb3DQEBCwUAA4IBAQAt+VjYtbn4tl3RCzBvp0GK
L+GUcFCaCh2+AeKqdSyR9aBiBGlRSIlLWwSrbYOQT+R4TVCMfPd5y0MSlv8Cjwog
3XvX8xtrQBU6SdllhJg0vHP65/wXqHZdveWo7DsGZfLKaxev7j9iczRI/FsRmF9t
KB4puajWWm/689h1Oq98y/1UPcWx+OtN3jWSgA+Dwc+i2XBA8P35Vbt98uPoSlV/
P0A2CZTES46Na2mfb/0MOc2PPq1Imnws6tDTp1etKBM3e9eI5PP3If+y3MxGrCvI
b2cYtJ8jnfwMtOueh4q7kPASzIBHxoCxEdacVseAEMx5ClYz0kez+c491oMN+ayd
-----END CERTIFICATE-----