Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/aa7b33-deeb-4abd-b8d2-5697249f5124/1/JA_NdYzlEuXM1aIbzx9akjS1CAQ.roa
File:                     JA_NdYzlEuXM1aIbzx9akjS1CAQ.roa (raw, json)
Hash identifier:          7EjpzM+NEabENj6en3wMIdo1hByBG0T1QXiAPHjBTe0=
Subject key identifier:   24:0F:CD:75:8C:E5:12:E5:CC:D5:A2:1B:CF:1F:5A:92:34:B5:08:04
Certificate issuer:       /CN=9bff15278f53f7761c2f3d33dd9be77a8a4fbd94
Certificate serial:       0185C9EA2978C20C9CC6B92949F2B9D81D85
Authority key identifier: 9B:FF:15:27:8F:53:F7:76:1C:2F:3D:33:DD:9B:E7:7A:8A:4F:BD:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m_8VJ49T93YcLz0z3ZvneopPvZQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/aa7b33-deeb-4abd-b8d2-5697249f5124/1/JA_NdYzlEuXM1aIbzx9akjS1CAQ.roa
Signing time:             Thu 19 Jan 2023 12:04:04 +0000
ROA not before:           Thu 19 Jan 2023 12:04:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     12297
IP address blocks:        178.160.245.0/24 maxlen: 24
                          178.160.248.0/22 maxlen: 22
                          178.160.252.0/22 maxlen: 22
                          178.160.251.0/24 maxlen: 24
                          46.70.0.0/15 maxlen: 24
                          87.241.128.0/18 maxlen: 24
                          178.160.192.0/18 maxlen: 18
                          212.73.64.0/19 maxlen: 24
                          2a00:f38:0:111e::/64 maxlen: 64
                          2a00:f38:0:111c::/64 maxlen: 64
                          2a00:f38:0:111d::/64 maxlen: 64
                          2a00:f38::/29 maxlen: 29
                          2a00:f38:0:101d::/64 maxlen: 64
                          2a00:f38::/32 maxlen: 32
                          2a00:f38:0:111f::/64 maxlen: 64

Validation:               Failed, certificate revoked on Mon 23 Jan 2023 08:03:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:c9:ea:29:78:c2:0c:9c:c6:b9:29:49:f2:b9:d8:1d:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bff15278f53f7761c2f3d33dd9be77a8a4fbd94
        Validity
            Not Before: Jan 19 12:04:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=240fcd758ce512e5ccd5a21bcf1f5a9234b50804
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:60:bd:25:07:cc:b0:d6:3a:37:71:93:c0:50:
                    6f:86:1b:1d:07:c2:d5:8e:31:c1:f8:d0:09:76:15:
                    15:2d:e8:52:86:7a:a4:ed:d6:e3:ca:d0:2c:4f:b8:
                    8e:90:11:8e:26:31:00:f0:b3:f6:ea:67:ee:9b:9d:
                    ef:e0:54:58:5f:cc:e9:24:8e:cc:08:5c:33:fa:d4:
                    3d:57:92:a2:8c:01:a5:43:f5:c8:f8:88:43:10:56:
                    d5:bc:e2:ea:37:21:84:7f:b2:7e:c2:30:cf:54:97:
                    d6:26:19:2e:0d:e5:a9:1c:09:b5:04:cd:60:38:0b:
                    dc:b0:c9:03:92:0d:b9:9f:02:5b:d4:2b:90:ec:64:
                    e1:9c:2f:7e:26:a6:6e:93:72:2c:5c:96:86:63:f2:
                    a9:b6:70:78:3c:c1:29:29:3c:1e:c2:cc:bb:ab:18:
                    c2:10:d3:51:e1:b1:e3:0a:7f:34:30:b0:75:95:74:
                    4e:36:c3:80:d7:23:80:33:59:1a:83:e6:2c:d1:2e:
                    e8:65:7c:d1:50:c2:cb:9b:4d:14:67:43:18:8d:6a:
                    53:85:d8:1f:6a:d0:b1:14:11:64:c5:2f:ef:2f:d7:
                    20:fe:bc:cf:4d:5f:4c:ae:0e:ba:b3:c7:1d:87:a8:
                    9c:e4:65:73:db:39:73:68:cc:7b:ba:b2:23:b4:88:
                    02:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:0F:CD:75:8C:E5:12:E5:CC:D5:A2:1B:CF:1F:5A:92:34:B5:08:04
            X509v3 Authority Key Identifier:
                keyid:9B:FF:15:27:8F:53:F7:76:1C:2F:3D:33:DD:9B:E7:7A:8A:4F:BD:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m_8VJ49T93YcLz0z3ZvneopPvZQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/aa7b33-deeb-4abd-b8d2-5697249f5124/1/JA_NdYzlEuXM1aIbzx9akjS1CAQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/aa7b33-deeb-4abd-b8d2-5697249f5124/1/m_8VJ49T93YcLz0z3ZvneopPvZQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.70.0.0/15
                  87.241.128.0/18
                  178.160.192.0/18
                  212.73.64.0/19
                IPv6:
                  2a00:f38::/29

    Signature Algorithm: sha256WithRSAEncryption
         20:67:a1:62:89:89:90:97:29:fd:52:94:0c:50:41:18:84:7f:
         09:52:bc:48:24:7a:d2:41:38:6f:82:fe:84:9c:2f:fa:9d:09:
         84:c0:29:67:ee:b1:b0:61:81:8e:9d:cc:f9:c2:5f:2d:96:23:
         aa:f0:c1:f5:95:20:23:e7:08:34:ac:ec:c7:1c:11:c6:4d:5e:
         d2:0e:89:88:17:6b:59:9f:e7:77:87:83:32:ab:c7:36:3a:c4:
         44:b8:02:e3:65:af:82:28:10:6f:dc:33:55:9b:20:27:54:af:
         7e:7b:49:b7:ed:27:c6:cb:af:10:5d:22:b0:c8:19:32:0f:65:
         48:19:4c:05:7a:dd:dc:b0:7b:0e:c3:39:20:ef:b7:cd:dc:83:
         89:86:62:7f:ac:3b:98:57:bc:83:c6:c1:fe:7a:49:74:9e:0c:
         e8:2c:ad:75:c5:7b:bc:d5:8c:a2:1f:32:34:0c:0c:a1:c4:9e:
         c0:1b:5c:75:d7:04:a4:76:ed:e6:44:1d:f3:d9:d9:e1:08:db:
         0b:e4:aa:60:e2:b4:04:0e:cd:0e:d1:cd:aa:48:9c:96:9b:8c:
         d4:67:c3:88:75:dd:4c:1c:d7:64:c0:09:dc:dc:fc:c0:c5:4e:
         51:e0:51:71:82:75:34:36:c4:11:e1:3e:af:47:bd:6a:14:ea:
         0e:73:e8:4f
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAYXJ6il4wgycxrkpSfK52B2FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliZmYxNTI3OGY1M2Y3NzYxYzJmM2QzM2RkOWJlNzdhOGE0
ZmJkOTQwHhcNMjMwMTE5MTIwNDA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDBmY2Q3NThjZTUxMmU1Y2NkNWEyMWJjZjFmNWE5MjM0YjUwODA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArWC9JQfMsNY6N3GTwFBvhhsdB8LV
jjHB+NAJdhUVLehShnqk7dbjytAsT7iOkBGOJjEA8LP26mfum53v4FRYX8zpJI7M
CFwz+tQ9V5KijAGlQ/XI+IhDEFbVvOLqNyGEf7J+wjDPVJfWJhkuDeWpHAm1BM1g
OAvcsMkDkg25nwJb1CuQ7GThnC9+JqZuk3IsXJaGY/KptnB4PMEpKTwewsy7qxjC
ENNR4bHjCn80MLB1lXRONsOA1yOAM1kag+Ys0S7oZXzRUMLLm00UZ0MYjWpThdgf
atCxFBFkxS/vL9cg/rzPTV9Mrg66s8cdh6ic5GVz2zlzaMx7urIjtIgC0wIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFCQPzXWM5RLlzNWiG88fWpI0tQgEMB8GA1UdIwQY
MBaAFJv/FSePU/d2HC89M92b53qKT72UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbV84Vko0OVQ5M1ljTHowejNadm5lb3BQdlpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy9hYTdiMzMtZGVlYi00YWJkLWI4ZDIt
NTY5NzI0OWY1MTI0LzEvSkFfTmRZemxFdVhNMWFJYnp4OWFralMxQ0FRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy9hYTdiMzMtZGVlYi00YWJkLWI4ZDItNTY5NzI0OWY1MTI0
LzEvbV84Vko0OVQ5M1ljTHowejNadm5lb3BQdlpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAdBAIAATAXAwMBLkYDBAZX
8YADBAayoMADBAXUSUAwDQQCAAIwBwMFAyoADzgwDQYJKoZIhvcNAQELBQADggEB
ACBnoWKJiZCXKf1SlAxQQRiEfwlSvEgketJBOG+C/oScL/qdCYTAKWfusbBhgY6d
zPnCXy2WI6rwwfWVICPnCDSs7MccEcZNXtIOiYgXa1mf53eHgzKrxzY6xES4AuNl
r4IoEG/cM1WbICdUr357SbftJ8bLrxBdIrDIGTIPZUgZTAV63dywew7DOSDvt83c
g4mGYn+sO5hXvIPGwf56SXSeDOgsrXXFe7zVjKIfMjQMDKHEnsAbXHXXBKR27eZE
HfPZ2eEI2wvkqmDitAQOzQ7RzapInJabjNRnw4h13Uwc12TACdzc/MDFTlHgUXGC
dTQ2xBHhPq9HvWoU6g5z6E8=
-----END CERTIFICATE-----