Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/136492-21de-4ab2-a436-88c2cd00848d/1/yn6Cv2np06CkhyDbKdr5PVitDKQ.roa
File:                     yn6Cv2np06CkhyDbKdr5PVitDKQ.roa (raw, json)
Hash identifier:          OyJnp4tmULGg1QOJmpe1W10pu75jEqVxoiOX5rT6CTM=
Subject key identifier:   CA:7E:82:BF:69:E9:D3:A0:A4:87:20:DB:29:DA:F9:3D:58:AD:0C:A4
Certificate issuer:       /CN=db0a55a3ed6aaeff9ab02253917ac99d1537026c
Certificate serial:       01856F4B8E48C158AB9D4A67BF98F12000D6
Authority key identifier: DB:0A:55:A3:ED:6A:AE:FF:9A:B0:22:53:91:7A:C9:9D:15:37:02:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2wpVo-1qrv-asCJTkXrJnRU3Amw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/136492-21de-4ab2-a436-88c2cd00848d/1/yn6Cv2np06CkhyDbKdr5PVitDKQ.roa
Signing time:             Sun 01 Jan 2023 21:45:00 +0000
ROA not before:           Sun 01 Jan 2023 21:45:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     34402
IP address blocks:        91.203.52.0/24 maxlen: 24
                          91.203.53.0/24 maxlen: 24
                          91.203.54.0/24 maxlen: 24
                          91.203.55.0/24 maxlen: 24
                          91.203.52.0/22 maxlen: 22
                          91.227.56.0/24 maxlen: 24
                          91.227.57.0/24 maxlen: 24
                          91.227.58.0/24 maxlen: 24
                          91.227.56.0/22 maxlen: 22
                          91.227.59.0/24 maxlen: 24
                          195.225.76.0/24 maxlen: 24
                          195.225.77.0/24 maxlen: 24
                          195.225.76.0/22 maxlen: 22
                          195.225.78.0/24 maxlen: 24
                          195.225.79.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 04:31:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:4b:8e:48:c1:58:ab:9d:4a:67:bf:98:f1:20:00:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=db0a55a3ed6aaeff9ab02253917ac99d1537026c
        Validity
            Not Before: Jan  1 21:45:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ca7e82bf69e9d3a0a48720db29daf93d58ad0ca4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:46:e4:31:07:b2:94:d5:bc:96:e6:a2:38:b3:
                    41:13:40:bb:03:62:c4:32:d7:28:3a:34:be:84:01:
                    49:c8:b3:9a:d5:1f:96:f2:2c:10:ca:fe:d5:1d:82:
                    c7:d6:cb:99:ff:9c:f5:56:16:f6:09:dc:76:89:af:
                    48:5c:79:cd:b9:20:25:2f:d8:fb:47:2d:b3:3d:69:
                    6b:94:05:4d:15:42:30:95:2f:ab:b3:48:dd:06:e7:
                    f2:11:fa:91:cc:70:13:78:9b:79:34:3e:4b:dd:e5:
                    cf:c9:32:b7:69:50:b0:89:73:6b:c9:22:75:14:f5:
                    c1:b3:03:ff:0e:0d:98:d3:23:0b:0a:b4:d0:df:c9:
                    96:d5:e9:0d:87:e1:fc:ef:9b:69:da:9a:2e:c1:b2:
                    f1:f0:81:b4:71:e3:e1:86:37:4c:20:cd:38:eb:98:
                    3d:73:63:c7:fa:9f:6d:86:e4:6b:c5:c1:38:1f:25:
                    9b:49:b9:9f:5c:d3:e6:5f:47:dd:ab:db:22:1c:5e:
                    a6:0f:f8:2b:55:0d:7f:0e:b0:da:be:30:75:27:57:
                    3b:67:50:99:bd:8e:36:99:3f:3b:39:9d:27:14:27:
                    5d:7c:a9:1a:8d:c3:2e:2f:c4:99:f0:20:70:13:54:
                    73:06:df:50:4c:2a:21:13:22:9b:64:50:88:88:3f:
                    35:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:7E:82:BF:69:E9:D3:A0:A4:87:20:DB:29:DA:F9:3D:58:AD:0C:A4
            X509v3 Authority Key Identifier:
                keyid:DB:0A:55:A3:ED:6A:AE:FF:9A:B0:22:53:91:7A:C9:9D:15:37:02:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2wpVo-1qrv-asCJTkXrJnRU3Amw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/136492-21de-4ab2-a436-88c2cd00848d/1/yn6Cv2np06CkhyDbKdr5PVitDKQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/136492-21de-4ab2-a436-88c2cd00848d/1/2wpVo-1qrv-asCJTkXrJnRU3Amw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.203.52.0/22
                  91.227.56.0/22
                  195.225.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         01:be:9c:0a:39:80:93:77:6a:7d:58:33:44:d9:58:6c:bd:bc:
         ff:f1:6e:7b:99:66:e3:5f:bc:31:a8:20:3a:78:55:53:7d:11:
         83:0c:8c:b9:8b:19:70:2a:35:61:fc:2c:5f:65:4a:d5:4e:1d:
         35:a7:3d:25:40:1e:e6:81:af:c1:d9:b9:2d:64:e4:53:c9:49:
         e5:d0:90:fc:b8:e7:a0:6c:fe:ec:8e:65:d8:1d:4d:be:0c:52:
         b9:a5:51:7f:e9:a9:c7:b7:29:2a:67:92:20:28:67:fa:ff:f3:
         d2:0d:3d:66:8c:49:40:e0:8b:0d:c6:0e:0c:38:9c:55:17:66:
         6a:44:ad:39:3d:d9:c6:e3:c6:e5:06:68:13:be:9b:a1:16:24:
         b5:0b:ec:cb:9b:b4:be:c2:2a:56:c8:7e:f7:44:a8:2d:ec:19:
         34:e3:a1:56:8d:5d:e2:e2:53:b2:80:e9:06:78:e2:1d:76:a7:
         d6:b8:2a:21:81:f9:04:99:6b:4f:d7:2a:20:31:91:58:31:14:
         b8:14:19:34:bb:40:68:f5:98:c7:22:c8:0b:34:ba:dc:27:3e:
         b4:16:b1:35:96:6f:e3:70:da:99:0e:d0:67:eb:9b:ff:85:c1:
         19:89:a2:17:fb:45:9b:83:23:1e:af:69:ee:62:b5:90:bf:9b:
         c1:25:50:8d
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYVvS45IwVirnUpnv5jxIADWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiMGE1NWEzZWQ2YWFlZmY5YWIwMjI1MzkxN2FjOTlkMTUz
NzAyNmMwHhcNMjMwMTAxMjE0NTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTdlODJiZjY5ZTlkM2EwYTQ4NzIwZGIyOWRhZjkzZDU4YWQwY2E0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqUbkMQeylNW8luaiOLNBE0C7A2LE
MtcoOjS+hAFJyLOa1R+W8iwQyv7VHYLH1suZ/5z1Vhb2Cdx2ia9IXHnNuSAlL9j7
Ry2zPWlrlAVNFUIwlS+rs0jdBufyEfqRzHATeJt5ND5L3eXPyTK3aVCwiXNrySJ1
FPXBswP/Dg2Y0yMLCrTQ38mW1ekNh+H875tp2pouwbLx8IG0cePhhjdMIM0465g9
c2PH+p9thuRrxcE4HyWbSbmfXNPmX0fdq9siHF6mD/grVQ1/DrDavjB1J1c7Z1CZ
vY42mT87OZ0nFCddfKkajcMuL8SZ8CBwE1RzBt9QTCohEyKbZFCIiD81JwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMp+gr9p6dOgpIcg2yna+T1YrQykMB8GA1UdIwQY
MBaAFNsKVaPtaq7/mrAiU5F6yZ0VNwJsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMndwVm8tMXFydi1hc0NKVGtYckpuUlUzQW13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8xMzY0OTItMjFkZS00YWIyLWE0MzYt
ODhjMmNkMDA4NDhkLzEveW42Q3YybnAwNkNraHlEYktkcjVQVml0REtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8xMzY0OTItMjFkZS00YWIyLWE0MzYtODhjMmNkMDA4NDhk
LzEvMndwVm8tMXFydi1hc0NKVGtYckpuUlUzQW13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCW8s0AwQC
W+M4AwQCw+FMMA0GCSqGSIb3DQEBCwUAA4IBAQABvpwKOYCTd2p9WDNE2Vhsvbz/
8W57mWbjX7wxqCA6eFVTfRGDDIy5ixlwKjVh/CxfZUrVTh01pz0lQB7mga/B2bkt
ZORTyUnl0JD8uOegbP7sjmXYHU2+DFK5pVF/6anHtykqZ5IgKGf6//PSDT1mjElA
4IsNxg4MOJxVF2ZqRK05PdnG48blBmgTvpuhFiS1C+zLm7S+wipWyH73RKgt7Bk0
46FWjV3i4lOygOkGeOIddqfWuCohgfkEmWtP1yogMZFYMRS4FBk0u0Bo9ZjHIsgL
NLrcJz60FrE1lm/jcNqZDtBn65v/hcEZiaIX+0WbgyMer2nuYrWQv5vBJVCN
-----END CERTIFICATE-----