Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/885457-70f2-4410-be7c-81476dbab144/1/KAStQol3_8gG4-iVUknC9xTCZ3w.roa
File:                     KAStQol3_8gG4-iVUknC9xTCZ3w.roa (raw, json)
Hash identifier:          MaRO/f3bxy1wLhIEZbqnrW9BNG59vdrqJz0vFug+8Nc=
Subject key identifier:   28:04:AD:42:89:77:FF:C8:06:E3:E8:95:52:49:C2:F7:14:C2:67:7C
Certificate issuer:       /CN=77dda2ad098c6a7814fb258b469b0d84ce24c4a7
Certificate serial:       018571F9F3CD79ABAFBB42AD689CDDA54BAE
Authority key identifier: 77:DD:A2:AD:09:8C:6A:78:14:FB:25:8B:46:9B:0D:84:CE:24:C4:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d92irQmMangU-yWLRpsNhM4kxKc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/885457-70f2-4410-be7c-81476dbab144/1/KAStQol3_8gG4-iVUknC9xTCZ3w.roa
Signing time:             Mon 02 Jan 2023 10:14:44 +0000
ROA not before:           Mon 02 Jan 2023 10:14:44 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     197648
IP address blocks:        185.205.184.0/24 maxlen: 24
                          185.205.184.0/22 maxlen: 22
                          185.205.186.0/24 maxlen: 24
                          185.205.185.0/24 maxlen: 24
                          185.205.187.0/24 maxlen: 24
                          185.106.103.0/24 maxlen: 24
                          185.106.102.0/24 maxlen: 24
                          185.106.101.0/24 maxlen: 24
                          185.106.100.0/24 maxlen: 24
                          185.106.100.0/22 maxlen: 22
                          91.217.246.0/24 maxlen: 24
                          2a0c:5cc0::/29 maxlen: 29
                          2a06:3c80::/29 maxlen: 29

Validation:               Failed, certificate revoked on Thu 12 Oct 2023 09:25:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:f9:f3:cd:79:ab:af:bb:42:ad:68:9c:dd:a5:4b:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77dda2ad098c6a7814fb258b469b0d84ce24c4a7
        Validity
            Not Before: Jan  2 10:14:44 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2804ad428977ffc806e3e8955249c2f714c2677c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:55:ca:62:a4:d9:4c:cb:6f:47:06:67:9e:4d:
                    81:fc:50:c3:50:16:68:10:33:28:81:6f:84:7a:be:
                    d3:fd:d7:04:49:bc:26:32:83:ca:15:38:7f:3f:bd:
                    e0:3e:b3:de:64:f2:c3:80:74:8a:19:48:e8:f4:2e:
                    0c:bc:ab:89:09:d2:2f:ce:7a:68:22:d9:15:d5:62:
                    31:c4:ca:3e:40:41:b9:d1:75:b3:77:06:14:78:da:
                    8e:82:9e:65:1b:1f:00:ba:bf:1b:9d:2e:24:f8:63:
                    9a:81:6c:b1:b5:b1:bc:7a:40:03:f2:20:b8:88:ba:
                    06:6a:35:9b:b2:97:2b:0a:28:88:13:37:07:1b:de:
                    7f:52:46:74:22:c2:de:b4:93:77:c2:97:4e:04:28:
                    7f:88:dc:33:65:09:3d:fc:c9:14:6d:73:3c:c3:e9:
                    61:84:47:20:e9:14:39:cc:57:fe:91:48:c6:ee:8b:
                    ac:a3:ce:5c:a2:9f:b1:a2:f4:4d:06:f9:28:45:7e:
                    aa:6a:42:b5:06:fa:5f:a3:c2:2d:78:2b:22:c2:bb:
                    d0:dc:77:86:f3:8d:5a:68:81:b3:d4:64:71:a4:4d:
                    e6:9e:01:df:b7:fa:6e:66:75:27:3a:97:24:97:c8:
                    ea:11:99:ad:99:82:33:7d:ae:27:7f:16:dd:19:cd:
                    c0:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:04:AD:42:89:77:FF:C8:06:E3:E8:95:52:49:C2:F7:14:C2:67:7C
            X509v3 Authority Key Identifier:
                keyid:77:DD:A2:AD:09:8C:6A:78:14:FB:25:8B:46:9B:0D:84:CE:24:C4:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d92irQmMangU-yWLRpsNhM4kxKc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/885457-70f2-4410-be7c-81476dbab144/1/KAStQol3_8gG4-iVUknC9xTCZ3w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/885457-70f2-4410-be7c-81476dbab144/1/d92irQmMangU-yWLRpsNhM4kxKc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.246.0/24
                  185.106.100.0/22
                  185.205.184.0/22
                IPv6:
                  2a06:3c80::/29
                  2a0c:5cc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         08:e3:d6:ab:ab:8d:98:ad:6a:b9:58:3a:b3:af:fb:59:08:eb:
         9c:6a:fc:9c:da:b5:6a:cf:93:b6:1e:12:d1:31:62:08:70:d9:
         84:d0:89:dd:85:e8:7e:9b:67:2f:1d:28:d2:b5:c5:ac:de:59:
         33:7f:14:f7:77:dd:f8:f0:b7:65:10:fe:33:df:9c:3e:b3:80:
         e3:29:2c:45:9f:36:16:3b:f0:06:75:7d:b6:a6:de:b3:04:f7:
         6f:df:02:c0:9b:79:dc:02:5c:15:2d:6b:41:a3:34:12:45:ee:
         fb:25:c6:46:09:31:4e:49:23:48:dd:3a:6f:e5:e9:8e:31:ba:
         54:d9:78:85:24:4f:a2:cd:95:13:58:fd:ee:20:4a:1e:e8:b7:
         e3:ed:29:e3:14:48:15:e7:22:7f:e8:12:0b:86:94:8c:b8:52:
         be:d2:9b:f8:d4:68:2f:33:76:9f:c8:9c:ae:ec:86:27:3a:52:
         a9:a1:38:69:6a:ba:43:c5:10:6d:49:95:dc:d8:0c:37:03:ac:
         9a:a3:c1:4d:ca:0d:0d:6e:49:71:ea:53:db:82:0a:e6:bf:e1:
         99:f4:89:ba:8a:19:e1:c7:16:6d:c7:d6:59:31:1a:81:47:2e:
         a9:24:5b:c9:55:46:9f:b6:6f:c1:7b:18:f8:1d:f3:b2:cb:6d:
         05:9f:92:fc
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAYVx+fPNeauvu0KtaJzdpUuuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3ZGRhMmFkMDk4YzZhNzgxNGZiMjU4YjQ2OWIwZDg0Y2Uy
NGM0YTcwHhcNMjMwMTAyMTAxNDQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODA0YWQ0Mjg5NzdmZmM4MDZlM2U4OTU1MjQ5YzJmNzE0YzI2NzdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhFXKYqTZTMtvRwZnnk2B/FDDUBZo
EDMogW+Eer7T/dcESbwmMoPKFTh/P73gPrPeZPLDgHSKGUjo9C4MvKuJCdIvznpo
ItkV1WIxxMo+QEG50XWzdwYUeNqOgp5lGx8Aur8bnS4k+GOagWyxtbG8ekAD8iC4
iLoGajWbspcrCiiIEzcHG95/UkZ0IsLetJN3wpdOBCh/iNwzZQk9/MkUbXM8w+lh
hEcg6RQ5zFf+kUjG7ouso85cop+xovRNBvkoRX6qakK1Bvpfo8IteCsiwrvQ3HeG
841aaIGz1GRxpE3mngHft/puZnUnOpckl8jqEZmtmYIzfa4nfxbdGc3AeQIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFCgErUKJd//IBuPolVJJwvcUwmd8MB8GA1UdIwQY
MBaAFHfdoq0JjGp4FPsli0abDYTOJMSnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZDkyaXJRbU1hbmdVLXlXTFJwc05oTTRreEtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC84ODU0NTctNzBmMi00NDEwLWJlN2Mt
ODE0NzZkYmFiMTQ0LzEvS0FTdFFvbDNfOGdHNC1pVlVrbkM5eFRDWjN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC84ODU0NTctNzBmMi00NDEwLWJlN2MtODE0NzZkYmFiMTQ0
LzEvZDkyaXJRbU1hbmdVLXlXTFJwc05oTTRreEtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAYBAIAATASAwQAW9n2AwQC
uWpkAwQCuc24MBQEAgACMA4DBQMqBjyAAwUDKgxcwDANBgkqhkiG9w0BAQsFAAOC
AQEACOPWq6uNmK1quVg6s6/7WQjrnGr8nNq1as+Tth4S0TFiCHDZhNCJ3YXofptn
Lx0o0rXFrN5ZM38U93fd+PC3ZRD+M9+cPrOA4yksRZ82FjvwBnV9tqbeswT3b98C
wJt53AJcFS1rQaM0EkXu+yXGRgkxTkkjSN06b+XpjjG6VNl4hSRPos2VE1j97iBK
Hui34+0p4xRIFecif+gSC4aUjLhSvtKb+NRoLzN2n8icruyGJzpSqaE4aWq6Q8UQ
bUmV3NgMNwOsmqPBTcoNDW5JcepT24IK5r/hmfSJuooZ4ccWbcfWWTEagUcuqSRb
yVVGn7ZvwXsY+B3zssttBZ+S/A==
-----END CERTIFICATE-----