Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/dded95-cb8c-4335-aed0-64838df3977a/1/pSb5OVi6iK3JCSin7GdVq4-u2bI.roa
File:                     pSb5OVi6iK3JCSin7GdVq4-u2bI.roa (raw, json)
Hash identifier:          vp1/tk11+oPaSFOfv6IFjci0Llwfs5wVvAPkty3OzT4=
Subject key identifier:   A5:26:F9:39:58:BA:88:AD:C9:09:28:A7:EC:67:55:AB:8F:AE:D9:B2
Certificate issuer:       /CN=0195727f07b758f9868476c13cf977654bf380ee
Certificate serial:       018721A6B9854BF7CBB1B72FF2B2E3873B66
Authority key identifier: 01:95:72:7F:07:B7:58:F9:86:84:76:C1:3C:F9:77:65:4B:F3:80:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AZVyfwe3WPmGhHbBPPl3ZUvzgO4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/dded95-cb8c-4335-aed0-64838df3977a/1/pSb5OVi6iK3JCSin7GdVq4-u2bI.roa
Signing time:             Mon 27 Mar 2023 05:59:46 +0000
ROA not before:           Mon 27 Mar 2023 05:59:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     44267
IP address blocks:        77.243.112.0/24 maxlen: 24
                          77.243.118.0/24 maxlen: 24
                          77.243.116.0/24 maxlen: 24
                          77.243.117.0/24 maxlen: 24
                          77.243.115.0/24 maxlen: 24
                          77.243.113.0/24 maxlen: 24
                          77.243.114.0/24 maxlen: 24
                          77.243.119.0/24 maxlen: 24
                          46.254.246.0/23 maxlen: 23
                          185.14.68.0/24 maxlen: 24
                          185.14.69.0/24 maxlen: 24
                          185.14.70.0/24 maxlen: 24
                          2a02:f560::/40 maxlen: 40

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 20:30:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:21:a6:b9:85:4b:f7:cb:b1:b7:2f:f2:b2:e3:87:3b:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0195727f07b758f9868476c13cf977654bf380ee
        Validity
            Not Before: Mar 27 05:59:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a526f93958ba88adc90928a7ec6755ab8faed9b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:03:a9:37:f2:94:f1:6a:8e:62:a2:84:8f:bb:
                    aa:06:45:1d:7d:50:66:71:b0:cd:b4:61:f8:1c:b6:
                    71:70:56:a3:90:4f:41:0c:88:15:13:33:fe:9a:37:
                    a0:d1:28:44:e1:63:31:6f:03:08:cc:2b:26:85:cf:
                    6c:bd:a2:46:39:9e:12:de:5a:c2:0a:fd:7e:11:06:
                    57:18:58:d0:00:7e:ef:6e:c0:6a:fa:78:5d:36:d7:
                    52:43:df:a2:34:4b:44:e8:af:a0:40:a1:49:71:78:
                    3d:50:ee:69:6e:18:c4:de:54:c9:8b:21:46:39:39:
                    80:87:ca:18:61:c2:e6:ea:93:0f:8a:21:1f:cd:e0:
                    1f:9a:7d:8f:85:2b:76:71:66:f5:64:ce:09:e5:e7:
                    e8:8b:56:40:51:df:6c:52:ad:fe:65:c9:1c:bf:15:
                    28:35:a8:df:a1:a0:87:09:38:db:f1:bc:83:75:94:
                    99:cf:7a:66:db:0c:93:ec:07:45:ed:cc:74:f3:3b:
                    b7:04:4a:0f:b9:b9:a6:fc:8a:93:a5:00:3a:7a:1a:
                    73:37:7a:53:5e:f6:29:22:5d:08:2f:54:8d:6e:97:
                    b8:37:71:8f:15:9b:20:9c:58:ed:f4:4c:16:29:75:
                    1b:2b:7d:71:1c:4c:68:ac:1c:67:07:60:9a:99:9f:
                    a9:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:26:F9:39:58:BA:88:AD:C9:09:28:A7:EC:67:55:AB:8F:AE:D9:B2
            X509v3 Authority Key Identifier:
                keyid:01:95:72:7F:07:B7:58:F9:86:84:76:C1:3C:F9:77:65:4B:F3:80:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AZVyfwe3WPmGhHbBPPl3ZUvzgO4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/dded95-cb8c-4335-aed0-64838df3977a/1/pSb5OVi6iK3JCSin7GdVq4-u2bI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/dded95-cb8c-4335-aed0-64838df3977a/1/AZVyfwe3WPmGhHbBPPl3ZUvzgO4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.254.246.0/23
                  77.243.112.0/21
                  185.14.68.0-185.14.70.255
                IPv6:
                  2a02:f560::/40

    Signature Algorithm: sha256WithRSAEncryption
         77:fb:ee:a9:88:31:6a:ce:c8:e3:ef:98:26:b3:39:7c:78:00:
         e6:bf:e1:dc:cd:01:40:83:2b:ca:0f:a1:72:04:63:4f:f1:e4:
         f6:60:0d:d3:77:d4:66:26:03:85:9c:31:e8:13:2d:39:32:48:
         77:a5:7c:02:bb:6c:c9:f0:04:c3:9f:64:37:d4:50:13:2f:3f:
         d5:85:f2:41:6c:9e:7f:05:9c:7d:9a:eb:2f:09:a0:71:a6:6f:
         d1:4c:ad:b7:fa:77:26:bc:aa:ca:ad:a6:2f:cc:16:86:14:6c:
         01:12:30:9e:4f:76:ce:e5:f2:3a:a7:7a:53:2e:b5:d7:34:cb:
         85:ae:6a:97:be:8e:62:0d:94:a8:79:1a:c7:c6:97:c4:52:fd:
         1c:00:bc:56:a0:ca:82:b3:87:26:8b:ea:97:dd:fd:78:cc:a3:
         f7:4e:7c:5b:91:8e:d7:8d:c2:c4:df:a1:1a:5f:7c:d6:96:2c:
         48:08:b9:60:6e:1f:1b:99:5e:32:d4:8b:88:48:43:cc:73:96:
         cb:ed:ae:08:0d:f9:47:75:f9:26:2d:8e:cc:0e:90:ed:44:5b:
         d8:4b:68:92:19:27:c5:d3:e4:cd:93:b3:5b:91:2a:90:21:51:
         b4:29:ac:d9:ba:45:7c:4c:5d:5f:71:43:b1:b9:55:7a:51:ed:
         d2:fd:0b:1a
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYchprmFS/fLsbcv8rLjhztmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxOTU3MjdmMDdiNzU4Zjk4Njg0NzZjMTNjZjk3NzY1NGJm
MzgwZWUwHhcNMjMwMzI3MDU1OTQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTI2ZjkzOTU4YmE4OGFkYzkwOTI4YTdlYzY3NTVhYjhmYWVkOWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwwOpN/KU8WqOYqKEj7uqBkUdfVBm
cbDNtGH4HLZxcFajkE9BDIgVEzP+mjeg0ShE4WMxbwMIzCsmhc9svaJGOZ4S3lrC
Cv1+EQZXGFjQAH7vbsBq+nhdNtdSQ9+iNEtE6K+gQKFJcXg9UO5pbhjE3lTJiyFG
OTmAh8oYYcLm6pMPiiEfzeAfmn2PhSt2cWb1ZM4J5efoi1ZAUd9sUq3+ZckcvxUo
NajfoaCHCTjb8byDdZSZz3pm2wyT7AdF7cx08zu3BEoPubmm/IqTpQA6ehpzN3pT
XvYpIl0IL1SNbpe4N3GPFZsgnFjt9EwWKXUbK31xHExorBxnB2CamZ+ptwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFKUm+TlYuoityQkop+xnVauPrtmyMB8GA1UdIwQY
MBaAFAGVcn8Ht1j5hoR2wTz5d2VL84DuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVpWeWZ3ZTNXUG1HaEhiQlBQbDNaVXZ6Z080LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9kZGVkOTUtY2I4Yy00MzM1LWFlZDAt
NjQ4MzhkZjM5NzdhLzEvcFNiNU9WaTZpSzNKQ1NpbjdHZFZxNC11MmJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9kZGVkOTUtY2I4Yy00MzM1LWFlZDAtNjQ4MzhkZjM5Nzdh
LzEvQVpWeWZ3ZTNXUG1HaEhiQlBQbDNaVXZ6Z080LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAgBAIAATAaAwQBLv72AwQD
TfNwMAwDBAK5DkQDBAC5DkYwDgQCAAIwCAMGACoC9WAAMA0GCSqGSIb3DQEBCwUA
A4IBAQB3++6piDFqzsjj75gmszl8eADmv+HczQFAgyvKD6FyBGNP8eT2YA3Td9Rm
JgOFnDHoEy05Mkh3pXwCu2zJ8ATDn2Q31FATLz/VhfJBbJ5/BZx9musvCaBxpm/R
TK23+ncmvKrKraYvzBaGFGwBEjCeT3bO5fI6p3pTLrXXNMuFrmqXvo5iDZSoeRrH
xpfEUv0cALxWoMqCs4cmi+qX3f14zKP3TnxbkY7XjcLE36EaX3zWlixICLlgbh8b
mV4y1IuISEPMc5bL7a4IDflHdfkmLY7MDpDtRFvYS2iSGSfF0+TNk7NbkSqQIVG0
KazZukV8TF1fcUOxuVV6Ue3S/Qsa
-----END CERTIFICATE-----