Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/unFPyz5-M0isJEDdFTO6kcsyEAU.roa
File:                     unFPyz5-M0isJEDdFTO6kcsyEAU.roa (raw, json)
Hash identifier:          rkHMshWFkZ5vKA3Ug3N9AlH4UqgGsN/p46R0xe6mx2Q=
Subject key identifier:   BA:71:4F:CB:3E:7E:33:48:AC:24:40:DD:15:33:BA:91:CB:32:10:05
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       018B5E636D4325689223EA11CC2F1D90523E
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/unFPyz5-M0isJEDdFTO6kcsyEAU.roa
Signing time:             Mon 23 Oct 2023 21:14:15 +0000
ROA not before:           Mon 23 Oct 2023 21:14:15 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61317
IP address blocks:        91.200.221.0/24 maxlen: 24
                          109.122.44.0/24 maxlen: 24
                          109.122.43.0/24 maxlen: 24
                          91.226.59.0/24 maxlen: 24
                          89.251.18.0/24 maxlen: 24
                          89.251.23.0/24 maxlen: 24
                          89.251.22.0/24 maxlen: 24
                          89.251.24.0/24 maxlen: 24
                          89.251.20.0/24 maxlen: 24
                          89.251.29.0/24 maxlen: 24
                          89.251.31.0/24 maxlen: 24
                          89.251.25.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sat 18 Nov 2023 21:46:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:5e:63:6d:43:25:68:92:23:ea:11:cc:2f:1d:90:52:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Oct 23 21:14:15 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ba714fcb3e7e3348ac2440dd1533ba91cb321005
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:51:84:60:2d:a2:17:a9:ab:c8:f2:5c:89:49:
                    69:4b:a3:50:fd:11:30:46:17:3a:60:cc:ab:65:cb:
                    c6:d6:e6:4d:df:69:ea:15:2a:6a:6a:17:9f:2b:ba:
                    7e:71:96:b6:a5:ce:91:71:0c:a0:41:a2:bb:92:7a:
                    c8:28:43:bc:5d:f0:00:97:a8:87:96:00:0c:d7:43:
                    c6:ce:7f:43:46:3c:b9:d0:55:cf:c2:5e:47:8f:fc:
                    b0:79:17:89:96:c8:a4:9e:f1:f9:2a:83:e1:66:a2:
                    ef:39:ae:55:68:41:a4:03:e4:7f:e0:37:fb:99:6f:
                    70:23:40:ad:bb:f9:35:7d:a8:10:a4:2d:51:9d:40:
                    a6:3f:47:d1:45:da:04:c6:e4:8c:ce:8f:0a:5f:e3:
                    93:c0:18:53:1e:ff:1f:f4:8d:d2:90:28:c8:15:ab:
                    40:25:7c:51:15:4e:ec:26:42:a6:e3:ea:4f:7c:f4:
                    ed:41:93:fc:a2:44:bf:31:31:c7:87:9b:80:7c:e5:
                    e5:ad:e8:6f:d7:30:9c:cc:dd:e3:54:3a:0b:f0:52:
                    78:c5:bd:e2:48:b0:d4:4b:6e:63:97:fd:42:46:b9:
                    bc:51:ee:6b:c6:39:f5:72:93:a9:7a:15:cf:2e:4e:
                    b0:e6:85:78:5c:93:f8:d5:e0:78:d8:0c:9b:3d:59:
                    71:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:71:4F:CB:3E:7E:33:48:AC:24:40:DD:15:33:BA:91:CB:32:10:05
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/unFPyz5-M0isJEDdFTO6kcsyEAU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.251.18.0/24
                  89.251.20.0/24
                  89.251.22.0-89.251.25.255
                  89.251.29.0/24
                  89.251.31.0/24
                  91.200.221.0/24
                  91.226.59.0/24
                  109.122.43.0-109.122.44.255

    Signature Algorithm: sha256WithRSAEncryption
         03:27:5c:7b:4f:40:db:a3:dd:7d:d4:fc:b6:94:b7:76:e7:a7:
         b2:c5:ce:df:1d:95:05:eb:76:8a:81:3a:bc:24:25:9d:09:1c:
         df:e5:e2:2a:84:19:00:48:cb:25:dd:6f:61:c7:d0:b5:8b:8c:
         0c:c6:ea:c9:e2:f5:c1:e6:69:a5:de:63:de:70:ca:26:c9:e8:
         11:dc:d9:10:57:c8:25:4e:d9:0d:c4:e9:36:aa:91:b3:fb:4f:
         a1:13:c0:86:2a:4b:c6:75:b9:2d:dd:31:c3:cf:ef:8f:80:4f:
         1d:e6:c6:de:18:aa:49:a5:fc:a4:34:b0:1d:94:82:9c:cc:b3:
         04:f7:15:53:59:a4:3c:16:bd:cb:67:26:ce:67:93:ba:61:e1:
         14:d1:f7:0c:8d:b8:ba:9a:3c:a2:7b:1a:cf:74:1e:36:4b:dd:
         62:d2:70:fb:1c:5b:27:45:36:1a:5c:9d:3a:0d:f7:6f:f5:6d:
         a5:3d:f3:a4:9f:6a:ee:c1:b9:2a:0a:07:2a:c3:c7:d1:e6:1b:
         1d:a7:f7:c7:1b:45:fd:ef:a0:25:cc:09:89:88:66:1b:03:a7:
         21:c5:c7:6c:e1:37:28:2c:22:f5:13:22:9c:28:eb:75:5f:69:
         c2:1d:fb:34:e9:8f:8c:bd:df:b1:2e:88:88:66:35:9b:21:b6:
         14:02:e4:67
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAYteY21DJWiSI+oRzC8dkFI+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjMxMDIzMjExNDE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTcxNGZjYjNlN2UzMzQ4YWMyNDQwZGQxNTMzYmE5MWNiMzIxMDA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiFGEYC2iF6mryPJciUlpS6NQ/REw
Rhc6YMyrZcvG1uZN32nqFSpqahefK7p+cZa2pc6RcQygQaK7knrIKEO8XfAAl6iH
lgAM10PGzn9DRjy50FXPwl5Hj/yweReJlsiknvH5KoPhZqLvOa5VaEGkA+R/4Df7
mW9wI0Ctu/k1fagQpC1RnUCmP0fRRdoExuSMzo8KX+OTwBhTHv8f9I3SkCjIFatA
JXxRFU7sJkKm4+pPfPTtQZP8okS/MTHHh5uAfOXlrehv1zCczN3jVDoL8FJ4xb3i
SLDUS25jl/1CRrm8Ue5rxjn1cpOpehXPLk6w5oV4XJP41eB42AybPVlx5wIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFLpxT8s+fjNIrCRA3RUzupHLMhAFMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvdW5GUHl6NS1NMGlzSkVEZEZUTzZrY3N5RUFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDBGBAIAATBAAwQAWfsSAwQA
WfsUMAwDBAFZ+xYDBAFZ+xgDBABZ+x0DBABZ+x8DBABbyN0DBABb4jswDAMEAG16
KwMEAG16LDANBgkqhkiG9w0BAQsFAAOCAQEAAydce09A26PdfdT8tpS3duenssXO
3x2VBet2ioE6vCQlnQkc3+XiKoQZAEjLJd1vYcfQtYuMDMbqyeL1weZppd5j3nDK
JsnoEdzZEFfIJU7ZDcTpNqqRs/tPoRPAhipLxnW5Ld0xw8/vj4BPHebG3hiqSaX8
pDSwHZSCnMyzBPcVU1mkPBa9y2cmzmeTumHhFNH3DI24upo8onsaz3QeNkvdYtJw
+xxbJ0U2GlydOg33b/VtpT3zpJ9q7sG5KgoHKsPH0eYbHaf3xxtF/e+gJcwJiYhm
GwOnIcXHbOE3KCwi9RMinCjrdV9pwh37NOmPjL3fsS6IiGY1myG2FALkZw==
-----END CERTIFICATE-----