Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/fe9d1d-4ade-4630-8aba-f8f0c7d662e7/1/gyPGN1CfK0SKCXthTQ83wL4TVGY.roa
File:                     gyPGN1CfK0SKCXthTQ83wL4TVGY.roa (raw, json)
Hash identifier:          E3dDx80dEx+ReDqxEv/BJ+i3uIKhHwCIymxoYz4Rk24=
Subject key identifier:   83:23:C6:37:50:9F:2B:44:8A:09:7B:61:4D:0F:37:C0:BE:13:54:66
Certificate issuer:       /CN=3edf7b2d68ba76a0bd1ba7e9d29fac5852316b9c
Certificate serial:       01856E2FA73C200337D0FEA168C70644FBC2
Authority key identifier: 3E:DF:7B:2D:68:BA:76:A0:BD:1B:A7:E9:D2:9F:AC:58:52:31:6B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Pt97LWi6dqC9G6fp0p-sWFIxa5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/fe9d1d-4ade-4630-8aba-f8f0c7d662e7/1/gyPGN1CfK0SKCXthTQ83wL4TVGY.roa
Signing time:             Sun 01 Jan 2023 16:34:54 +0000
ROA not before:           Sun 01 Jan 2023 16:34:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     44489
IP address blocks:        45.92.236.0/22 maxlen: 22
                          178.217.144.0/21 maxlen: 21
                          185.15.144.0/22 maxlen: 22
                          89.31.40.0/21 maxlen: 21
                          91.235.200.0/23 maxlen: 23
                          178.255.168.0/21 maxlen: 21
                          185.173.248.0/22 maxlen: 22
                          92.62.224.0/20 maxlen: 20
                          2a0b:7f00::/29 maxlen: 29
                          2a02:768::/32 maxlen: 32

Validation:               Failed, certificate revoked on Sun 09 Apr 2023 06:49:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:2f:a7:3c:20:03:37:d0:fe:a1:68:c7:06:44:fb:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3edf7b2d68ba76a0bd1ba7e9d29fac5852316b9c
        Validity
            Not Before: Jan  1 16:34:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8323c637509f2b448a097b614d0f37c0be135466
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:59:d7:d5:ef:f1:c0:a8:18:49:48:c3:64:5a:
                    d2:74:46:41:dc:a7:c9:98:d0:f4:45:a2:67:e3:d6:
                    4f:b5:34:85:2e:75:9d:ca:3a:f1:b0:12:17:cf:16:
                    6b:85:d9:22:54:72:78:bd:c9:c3:a7:b3:d1:02:05:
                    9b:32:bd:85:9e:89:fc:3a:dd:05:d6:ea:50:ef:f1:
                    c7:24:63:81:89:70:47:a8:89:49:a4:79:82:33:c2:
                    e8:66:f0:e0:a5:af:56:39:3e:3f:f3:6d:d3:69:39:
                    82:f4:1d:bc:88:cd:01:3c:72:97:01:91:87:a2:f3:
                    2b:28:a0:f4:5f:88:30:e6:54:d4:e6:f4:54:6b:d1:
                    e6:97:d2:7c:55:d6:e8:eb:25:d6:8d:c6:b7:7a:4b:
                    df:62:78:51:bf:5d:0b:8f:3a:83:26:b7:80:4f:84:
                    d5:85:64:b4:c4:e7:7c:b6:cc:04:86:e2:46:45:0e:
                    8a:37:4e:4b:a9:0a:8d:d9:39:c4:f6:93:c0:5d:72:
                    54:23:84:04:0e:20:04:9a:89:77:59:bb:39:3d:88:
                    2f:dd:31:f9:1d:1f:3c:d6:99:cf:5f:ad:a5:eb:97:
                    8c:b5:10:5a:af:25:72:d4:8d:ff:84:21:4f:77:24:
                    3b:43:64:d4:23:39:b0:0c:62:ee:10:b5:2c:02:db:
                    bd:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:23:C6:37:50:9F:2B:44:8A:09:7B:61:4D:0F:37:C0:BE:13:54:66
            X509v3 Authority Key Identifier:
                keyid:3E:DF:7B:2D:68:BA:76:A0:BD:1B:A7:E9:D2:9F:AC:58:52:31:6B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Pt97LWi6dqC9G6fp0p-sWFIxa5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/fe9d1d-4ade-4630-8aba-f8f0c7d662e7/1/gyPGN1CfK0SKCXthTQ83wL4TVGY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/fe9d1d-4ade-4630-8aba-f8f0c7d662e7/1/Pt97LWi6dqC9G6fp0p-sWFIxa5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.92.236.0/22
                  89.31.40.0/21
                  91.235.200.0/23
                  92.62.224.0/20
                  178.217.144.0/21
                  178.255.168.0/21
                  185.15.144.0/22
                  185.173.248.0/22
                IPv6:
                  2a02:768::/32
                  2a0b:7f00::/29

    Signature Algorithm: sha256WithRSAEncryption
         50:6a:a6:41:93:93:92:71:1b:f1:77:8e:59:30:2d:82:5a:06:
         b5:56:41:7e:f1:d6:4c:9a:79:b0:77:c7:49:47:43:71:bd:dd:
         0f:26:20:9c:a8:bc:06:e9:de:90:2a:57:12:64:b1:e6:20:04:
         f1:54:e4:ce:78:43:1c:39:0a:e3:27:64:43:eb:46:a6:45:95:
         db:58:70:0e:f2:29:61:a0:fa:9b:b0:54:f4:bb:0f:d3:c5:02:
         8c:a7:50:16:6e:b4:b0:a3:39:5c:d3:57:22:b6:d4:57:da:86:
         9c:0e:a8:02:36:5a:46:dc:68:3b:1b:dd:04:b5:03:6c:10:8d:
         5b:2a:60:18:3a:85:57:8a:90:db:a2:a7:6a:91:ce:74:9f:28:
         b1:d8:25:e4:b1:a2:fe:dc:f3:ff:42:f6:5b:37:af:b5:56:4a:
         66:d1:98:fd:b8:cb:bf:50:75:81:c3:aa:c8:da:ec:f4:ca:fe:
         6b:10:ef:4e:be:eb:b9:0c:f0:cd:30:38:f6:ff:68:7c:27:67:
         2b:52:4d:6c:fe:67:85:17:e5:2e:bc:6b:e4:64:5a:0e:88:27:
         39:89:e8:3f:29:b0:00:cb:f7:24:24:c0:15:0b:29:1c:6d:b8:
         2a:1e:c8:37:28:a8:1a:39:54:02:80:ef:5a:c6:99:61:8b:34:
         94:c7:37:25
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYVuL6c8IAM30P6haMcGRPvCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlZGY3YjJkNjhiYTc2YTBiZDFiYTdlOWQyOWZhYzU4NTIz
MTZiOWMwHhcNMjMwMTAxMTYzNDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzIzYzYzNzUwOWYyYjQ0OGEwOTdiNjE0ZDBmMzdjMGJlMTM1NDY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj1nX1e/xwKgYSUjDZFrSdEZB3KfJ
mND0RaJn49ZPtTSFLnWdyjrxsBIXzxZrhdkiVHJ4vcnDp7PRAgWbMr2Fnon8Ot0F
1upQ7/HHJGOBiXBHqIlJpHmCM8LoZvDgpa9WOT4/823TaTmC9B28iM0BPHKXAZGH
ovMrKKD0X4gw5lTU5vRUa9Hml9J8Vdbo6yXWjca3ekvfYnhRv10LjzqDJreAT4TV
hWS0xOd8tswEhuJGRQ6KN05LqQqN2TnE9pPAXXJUI4QEDiAEmol3Wbs5PYgv3TH5
HR881pnPX62l65eMtRBaryVy1I3/hCFPdyQ7Q2TUIzmwDGLuELUsAtu92wIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFIMjxjdQnytEigl7YU0PN8C+E1RmMB8GA1UdIwQY
MBaAFD7fey1ounagvRun6dKfrFhSMWucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHQ5N0xXaTZkcUM5RzZmcDBwLXNXRkl4YTV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi9mZTlkMWQtNGFkZS00NjMwLThhYmEt
ZjhmMGM3ZDY2MmU3LzEvZ3lQR04xQ2ZLMFNLQ1h0aFRRODN3TDRUVkdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi9mZTlkMWQtNGFkZS00NjMwLThhYmEtZjhmMGM3ZDY2MmU3
LzEvUHQ5N0xXaTZkcUM5RzZmcDBwLXNXRkl4YTV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjA2BAIAATAwAwQCLVzsAwQD
WR8oAwQBW+vIAwQEXD7gAwQDstmQAwQDsv+oAwQCuQ+QAwQCua34MBQEAgACMA4D
BQAqAgdoAwUDKgt/ADANBgkqhkiG9w0BAQsFAAOCAQEAUGqmQZOTknEb8XeOWTAt
gloGtVZBfvHWTJp5sHfHSUdDcb3dDyYgnKi8BunekCpXEmSx5iAE8VTkznhDHDkK
4ydkQ+tGpkWV21hwDvIpYaD6m7BU9LsP08UCjKdQFm60sKM5XNNXIrbUV9qGnA6o
AjZaRtxoOxvdBLUDbBCNWypgGDqFV4qQ26KnapHOdJ8osdgl5LGi/tzz/0L2Wzev
tVZKZtGY/bjLv1B1gcOqyNrs9Mr+axDvTr7ruQzwzTA49v9ofCdnK1JNbP5nhRfl
Lrxr5GRaDognOYnoPymwAMv3JCTAFQspHG24Kh7INyioGjlUAoDvWsaZYYs0lMc3
JQ==
-----END CERTIFICATE-----