Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gXBPEgRmp-ox9LpC3cAEhsU2jW4.roa
File:                     gXBPEgRmp-ox9LpC3cAEhsU2jW4.roa (raw, json)
Hash identifier:          tDPB6Dgx07lsg3zEsup6mWoW0tuVdo+Qy87v7dH8xGw=
Subject key identifier:   81:70:4F:12:04:66:A7:EA:31:F4:BA:42:DD:C0:04:86:C5:36:8D:6E
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       01856ED4D99343DDF68CB2F11256C29BAF92
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gXBPEgRmp-ox9LpC3cAEhsU2jW4.roa
Signing time:             Sun 01 Jan 2023 19:35:21 +0000
ROA not before:           Sun 01 Jan 2023 19:35:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        109.122.43.0/24 maxlen: 24
                          109.122.40.0/24 maxlen: 24
                          109.122.41.0/24 maxlen: 24
                          109.122.47.0/24 maxlen: 24
                          109.122.45.0/24 maxlen: 24
                          109.122.46.0/24 maxlen: 24
                          91.226.57.0/24 maxlen: 24
                          193.93.54.0/23 maxlen: 24
                          193.93.52.0/24 maxlen: 24
                          193.93.53.0/24 maxlen: 24
                          87.237.167.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 16 Jan 2023 10:14:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:d4:d9:93:43:dd:f6:8c:b2:f1:12:56:c2:9b:af:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Jan  1 19:35:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=81704f120466a7ea31f4ba42ddc00486c5368d6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:8e:61:a0:e1:f5:ea:c0:77:a6:e6:b2:79:46:
                    67:c4:af:15:61:ae:d3:fa:56:35:b9:fe:f3:85:9a:
                    0b:b9:cd:0a:4b:6f:3f:78:a2:5a:a5:2a:0f:78:69:
                    79:05:c6:d9:44:69:0f:60:c5:f2:d4:b9:c3:71:ce:
                    43:bf:68:9f:03:fa:5d:9b:8d:8a:04:e9:38:15:59:
                    06:a8:0e:03:a3:fa:19:6b:cd:91:c4:e4:0b:d8:f8:
                    81:23:7e:54:03:0d:cf:0c:4d:cb:fa:8f:3d:71:18:
                    81:78:ef:b1:df:59:6b:8e:5e:07:ec:1c:81:ad:c7:
                    d2:15:9f:f6:5d:89:b7:ca:52:f7:f4:82:53:a2:77:
                    6c:c9:c9:a5:a8:f0:aa:22:c2:84:fb:08:2b:2d:5b:
                    3e:53:54:a6:1f:fb:6a:9e:0a:97:f8:db:68:17:3a:
                    49:33:6d:6b:c8:2b:4d:13:d4:a2:a6:cc:3a:a2:fd:
                    03:62:00:03:06:f1:20:c1:d6:8d:a0:ac:6d:a2:ae:
                    a0:23:a5:27:07:bc:ef:57:1d:18:93:23:7f:12:50:
                    43:80:42:7c:cc:5d:27:02:6b:67:20:5f:19:88:94:
                    c5:fd:8b:bf:5b:7c:5e:38:05:5b:00:bc:c7:83:95:
                    6e:26:ba:5d:c0:ab:fe:92:77:1e:69:3e:f0:2d:18:
                    17:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:70:4F:12:04:66:A7:EA:31:F4:BA:42:DD:C0:04:86:C5:36:8D:6E
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gXBPEgRmp-ox9LpC3cAEhsU2jW4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.237.167.0/24
                  91.226.57.0/24
                  109.122.40.0/23
                  109.122.43.0/24
                  109.122.45.0-109.122.47.255
                  193.93.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         87:ce:59:7d:0e:3d:c9:fb:00:1d:82:df:8f:a2:8c:7c:d3:ab:
         ab:40:97:14:8b:ca:32:08:e0:4e:19:a9:24:25:da:40:d5:c1:
         45:3e:70:92:e7:85:5c:ca:39:f0:db:53:e0:37:a0:ef:70:6d:
         79:b1:dd:51:9a:69:32:15:ac:13:81:49:f7:4b:80:bc:8f:2f:
         4d:24:54:a7:98:81:e8:2f:e0:95:e3:b8:5b:e7:02:cc:e1:fe:
         3f:18:2d:73:28:62:de:2f:dc:2d:55:72:36:b2:e4:55:6c:5e:
         e6:49:c4:9e:0e:11:e1:51:3e:3d:99:fc:0b:a8:cf:db:cd:1c:
         ac:38:f8:84:c7:22:cd:33:98:fd:a4:19:9d:ea:fc:e3:fb:aa:
         5c:cb:4e:fa:3a:f1:da:fd:82:e1:08:61:6c:2d:11:24:b0:c4:
         aa:a1:e1:ae:0b:77:2f:b1:10:ea:a8:d7:ea:17:f1:b6:98:e4:
         86:2f:54:9b:75:9a:c1:d4:4c:e2:55:f9:ce:c9:6d:04:6b:d4:
         27:a3:23:c5:0c:4f:e7:b1:37:f0:99:5b:4c:22:48:0e:0d:07:
         35:78:69:f4:4b:5b:75:d4:74:b1:bd:19:02:99:7a:7e:a9:58:
         de:ff:68:90:f9:fd:29:83:14:4e:1e:0c:ed:eb:a2:44:9e:91:
         5a:ed:8f:0e
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAYVu1NmTQ932jLLxElbCm6+SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjMwMTAxMTkzNTIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTcwNGYxMjA0NjZhN2VhMzFmNGJhNDJkZGMwMDQ4NmM1MzY4ZDZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApY5hoOH16sB3puayeUZnxK8VYa7T
+lY1uf7zhZoLuc0KS28/eKJapSoPeGl5BcbZRGkPYMXy1LnDcc5Dv2ifA/pdm42K
BOk4FVkGqA4Do/oZa82RxOQL2PiBI35UAw3PDE3L+o89cRiBeO+x31lrjl4H7ByB
rcfSFZ/2XYm3ylL39IJTondsycmlqPCqIsKE+wgrLVs+U1SmH/tqngqX+NtoFzpJ
M21ryCtNE9Sipsw6ov0DYgADBvEgwdaNoKxtoq6gI6UnB7zvVx0YkyN/ElBDgEJ8
zF0nAmtnIF8ZiJTF/Yu/W3xeOAVbALzHg5VuJrpdwKv+knceaT7wLRgX5wIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFIFwTxIEZqfqMfS6Qt3ABIbFNo1uMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvZ1hCUEVnUm1wLW94OUxwQzNjQUVoc1Uyalc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQAV+2nAwQA
W+I5AwQBbXooAwQAbXorMAwDBABtei0DBARteiADBALBXTQwDQYJKoZIhvcNAQEL
BQADggEBAIfOWX0OPcn7AB2C34+ijHzTq6tAlxSLyjII4E4ZqSQl2kDVwUU+cJLn
hVzKOfDbU+A3oO9wbXmx3VGaaTIVrBOBSfdLgLyPL00kVKeYgegv4JXjuFvnAszh
/j8YLXMoYt4v3C1Vcjay5FVsXuZJxJ4OEeFRPj2Z/Auoz9vNHKw4+ITHIs0zmP2k
GZ3q/OP7qlzLTvo68dr9guEIYWwtESSwxKqh4a4Ldy+xEOqo1+oX8baY5IYvVJt1
msHUTOJV+c7JbQRr1CejI8UMT+exN/CZW0wiSA4NBzV4afRLW3XUdLG9GQKZen6p
WN7/aJD5/SmDFE4eDO3rokSekVrtjw4=
-----END CERTIFICATE-----