Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/_pgfjT_FtNT_tG5CM4UsQX5GYRk.roa
File:                     _pgfjT_FtNT_tG5CM4UsQX5GYRk.roa (raw, json)
Hash identifier:          GMd1Spx0PrvQiaObMJ9J/j/HS7UezxD8TTaQMcFfMEw=
Subject key identifier:   FE:98:1F:8D:3F:C5:B4:D4:FF:B4:6E:42:33:85:2C:41:7E:46:61:19
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       018B4E7116853AC4CCA5F4964DE12E12E327
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/_pgfjT_FtNT_tG5CM4UsQX5GYRk.roa
Signing time:             Fri 20 Oct 2023 18:55:15 +0000
ROA not before:           Fri 20 Oct 2023 18:55:15 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61317
IP address blocks:        109.122.44.0/24 maxlen: 24
                          109.122.43.0/24 maxlen: 24
                          91.226.59.0/24 maxlen: 24
                          89.251.18.0/24 maxlen: 24
                          89.251.23.0/24 maxlen: 24
                          89.251.22.0/24 maxlen: 24
                          89.251.24.0/24 maxlen: 24
                          89.251.20.0/24 maxlen: 24
                          89.251.29.0/24 maxlen: 24
                          89.251.31.0/24 maxlen: 24
                          89.251.25.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 23 Oct 2023 21:14:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:4e:71:16:85:3a:c4:cc:a5:f4:96:4d:e1:2e:12:e3:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Oct 20 18:55:15 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=fe981f8d3fc5b4d4ffb46e4233852c417e466119
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:79:fa:50:49:50:bb:3b:00:a3:f1:d0:c0:7b:
                    a3:2a:c5:74:6d:86:f5:98:fc:f8:4d:f4:19:31:ca:
                    50:6b:31:9d:6b:17:fb:f0:1d:05:e4:f6:e6:00:ac:
                    fb:e0:a1:7c:fc:0b:e8:b1:68:40:ec:f1:4e:b2:89:
                    4b:39:db:13:80:e2:9c:a6:af:fa:c5:8d:03:ef:f8:
                    a7:df:45:a7:b7:a6:d3:66:31:58:a6:8e:8d:ca:e3:
                    45:2a:d8:ee:66:d9:24:97:42:47:94:a2:e8:d4:fd:
                    f3:23:75:ce:02:5a:50:a7:97:4a:ec:47:b0:4b:b3:
                    f5:42:e3:2e:91:b0:d6:38:6f:b1:00:97:6e:22:86:
                    a3:d6:6d:d4:08:0d:41:f9:b1:db:31:7b:71:b4:9a:
                    01:fd:3c:f3:e6:61:d0:e9:eb:bb:8f:a0:49:2e:6a:
                    cc:68:c1:cd:c9:df:3f:f0:eb:e4:af:76:28:3e:ce:
                    db:51:71:13:97:8e:1a:b3:e0:ef:c8:c1:de:42:b5:
                    6e:0b:86:d9:97:04:9d:18:88:48:46:14:a2:a7:db:
                    01:a7:65:1a:33:c6:dd:5c:a2:e9:b2:70:ab:08:ed:
                    ae:16:04:89:a5:5b:06:52:37:b7:86:37:6c:1d:86:
                    16:c0:87:33:d2:5e:45:93:c4:13:67:6b:28:fd:08:
                    cb:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:98:1F:8D:3F:C5:B4:D4:FF:B4:6E:42:33:85:2C:41:7E:46:61:19
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/_pgfjT_FtNT_tG5CM4UsQX5GYRk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.251.18.0/24
                  89.251.20.0/24
                  89.251.22.0-89.251.25.255
                  89.251.29.0/24
                  89.251.31.0/24
                  91.226.59.0/24
                  109.122.43.0-109.122.44.255

    Signature Algorithm: sha256WithRSAEncryption
         83:e9:2a:b6:2f:4f:2e:5b:2c:9e:c0:5f:92:c0:5b:e8:f0:59:
         c1:12:88:d5:58:69:29:39:e0:57:05:50:06:ed:de:15:99:d0:
         75:2e:68:b1:28:5d:24:ee:df:f4:6b:37:d8:ab:3b:7f:bd:a1:
         f7:1b:96:59:ca:2d:f2:e2:ef:b4:56:a9:d8:45:0e:38:dd:a6:
         9b:61:a4:5c:4c:43:63:e2:19:5e:a8:6b:d9:60:bd:a5:df:52:
         ee:98:f5:1e:cf:a3:9a:8e:ed:d0:10:1f:93:b8:a9:38:2f:d1:
         5b:5e:ac:bb:da:9d:ef:af:3e:75:bf:20:28:c5:42:31:17:2c:
         51:c1:64:59:0a:13:b8:51:fd:ef:1a:af:89:e2:a1:06:bd:e9:
         6e:3a:0b:5b:4c:13:ce:1c:71:1f:54:30:31:75:0d:e7:93:ab:
         2a:f0:08:e2:17:35:38:6d:b7:10:c8:47:6c:07:5a:8c:3f:30:
         16:46:f7:1b:aa:d7:f7:41:11:f9:a0:18:29:26:52:b5:ee:6b:
         24:54:15:2f:26:0c:51:fe:e6:69:67:ca:06:fd:20:ec:7b:f0:
         2a:bb:1e:d4:e3:48:b8:e8:0a:83:b9:c9:fe:58:ee:f8:e4:ec:
         a8:da:cb:3d:bb:b3:6f:8c:8f:7d:0e:bb:8c:5e:a5:a0:47:c5:
         d3:d1:b9:6a
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAYtOcRaFOsTMpfSWTeEuEuMnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjMxMDIwMTg1NTE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTk4MWY4ZDNmYzViNGQ0ZmZiNDZlNDIzMzg1MmM0MTdlNDY2MTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnHn6UElQuzsAo/HQwHujKsV0bYb1
mPz4TfQZMcpQazGdaxf78B0F5PbmAKz74KF8/AvosWhA7PFOsolLOdsTgOKcpq/6
xY0D7/in30Wnt6bTZjFYpo6NyuNFKtjuZtkkl0JHlKLo1P3zI3XOAlpQp5dK7Eew
S7P1QuMukbDWOG+xAJduIoaj1m3UCA1B+bHbMXtxtJoB/Tzz5mHQ6eu7j6BJLmrM
aMHNyd8/8Ovkr3YoPs7bUXETl44as+DvyMHeQrVuC4bZlwSdGIhIRhSip9sBp2Ua
M8bdXKLpsnCrCO2uFgSJpVsGUje3hjdsHYYWwIcz0l5Fk8QTZ2so/QjLUQIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFP6YH40/xbTU/7RuQjOFLEF+RmEZMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvX3BnZmpUX0Z0TlRfdEc1Q000VXNRWDVHWVJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjBABAIAATA6AwQAWfsSAwQA
WfsUMAwDBAFZ+xYDBAFZ+xgDBABZ+x0DBABZ+x8DBABb4jswDAMEAG16KwMEAG16
LDANBgkqhkiG9w0BAQsFAAOCAQEAg+kqti9PLlssnsBfksBb6PBZwRKI1VhpKTng
VwVQBu3eFZnQdS5osShdJO7f9Gs32Ks7f72h9xuWWcot8uLvtFap2EUOON2mm2Gk
XExDY+IZXqhr2WC9pd9S7pj1Hs+jmo7t0BAfk7ipOC/RW16su9qd768+db8gKMVC
MRcsUcFkWQoTuFH97xqvieKhBr3pbjoLW0wTzhxxH1QwMXUN55OrKvAI4hc1OG23
EMhHbAdajD8wFkb3G6rX90ER+aAYKSZSte5rJFQVLyYMUf7maWfKBv0g7HvwKrse
1ONIuOgKg7nJ/lju+OTsqNrLPbuzb4yPfQ67jF6loEfF09G5ag==
-----END CERTIFICATE-----