Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/HSA__TA5OhCiUKjj1SHiwKBcQs8.roa
File:                     HSA__TA5OhCiUKjj1SHiwKBcQs8.roa (raw, json)
Hash identifier:          +7JfXlmTeg70cyYT/YPniCc1aX4jnfeXo5mAMrCyZV0=
Subject key identifier:   1D:20:3F:FD:30:39:3A:10:A2:50:A8:E3:D5:21:E2:C0:A0:5C:42:CF
Certificate issuer:       /CN=4f9509b33da55f3e5d5283eb621d0d35d7aeed5c
Certificate serial:       018B57B7F81147314D3EEDF773D45CCC9B31
Authority key identifier: 4F:95:09:B3:3D:A5:5F:3E:5D:52:83:EB:62:1D:0D:35:D7:AE:ED:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/HSA__TA5OhCiUKjj1SHiwKBcQs8.roa
Signing time:             Sun 22 Oct 2023 14:09:16 +0000
ROA not before:           Sun 22 Oct 2023 14:09:16 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     22773
IP address blocks:        85.8.160.0/23 maxlen: 23
                          85.8.162.0/23 maxlen: 23
                          185.231.224.0/22 maxlen: 22
                          217.18.208.0/22 maxlen: 22
                          193.187.108.0/22 maxlen: 22
                          213.139.224.0/22 maxlen: 22
                          84.54.0.0/23 maxlen: 23
                          84.54.2.0/23 maxlen: 23
                          85.8.144.0/23 maxlen: 23
                          85.8.146.0/23 maxlen: 23
                          176.53.168.0/22 maxlen: 22
                          85.8.156.0/22 maxlen: 22

Validation:               Failed, certificate revoked on Thu 21 Dec 2023 14:13:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:57:b7:f8:11:47:31:4d:3e:ed:f7:73:d4:5c:cc:9b:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f9509b33da55f3e5d5283eb621d0d35d7aeed5c
        Validity
            Not Before: Oct 22 14:09:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1d203ffd30393a10a250a8e3d521e2c0a05c42cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:e1:09:1f:01:26:11:5e:26:71:bb:7b:69:50:
                    8d:d5:20:2f:69:79:fc:ad:70:de:3e:91:d1:b9:d8:
                    7e:82:99:c3:ed:93:fd:44:c8:f4:90:76:fa:1d:68:
                    34:c1:7b:d3:e6:e9:98:ad:bc:3c:4c:5c:fd:d3:29:
                    14:b1:b8:6e:f1:1b:4d:48:de:08:f2:86:46:47:10:
                    38:94:bb:ff:d3:7f:39:f8:36:5b:bd:6a:38:bc:36:
                    83:3a:03:17:1f:57:e2:5c:f3:4a:64:7a:10:50:3d:
                    41:b6:82:8b:1d:0c:9b:ca:7b:6e:16:34:56:b1:b2:
                    90:19:cb:53:4c:c3:c1:01:12:a2:14:75:e4:a4:31:
                    8a:5a:b5:9c:be:18:8b:a9:9b:81:4d:16:f4:61:d8:
                    77:c0:40:e9:27:ab:6f:c1:e5:e1:79:0b:33:07:62:
                    9c:1d:7d:b6:2c:43:b7:a0:6f:6c:66:15:5c:d4:8f:
                    30:3f:85:c7:dd:80:25:2f:de:4c:d6:05:f2:f8:2f:
                    9f:25:3b:14:2c:3a:c8:d0:b7:ee:91:7c:56:84:0c:
                    9d:67:a9:43:bd:3d:72:39:b0:af:f0:ad:16:95:17:
                    73:25:46:2b:bb:88:3d:26:42:30:3f:82:36:d9:7c:
                    1b:2c:f5:c8:9c:56:93:40:7f:a4:3c:99:56:be:e8:
                    f3:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:20:3F:FD:30:39:3A:10:A2:50:A8:E3:D5:21:E2:C0:A0:5C:42:CF
            X509v3 Authority Key Identifier:
                keyid:4F:95:09:B3:3D:A5:5F:3E:5D:52:83:EB:62:1D:0D:35:D7:AE:ED:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/HSA__TA5OhCiUKjj1SHiwKBcQs8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.54.0.0/22
                  85.8.144.0/22
                  85.8.156.0-85.8.163.255
                  176.53.168.0/22
                  185.231.224.0/22
                  193.187.108.0/22
                  213.139.224.0/22
                  217.18.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         be:9a:ad:6d:f7:c2:d0:b9:08:fa:b0:6f:fa:04:db:59:3e:b2:
         b8:d2:ac:02:67:ba:5a:95:44:b8:d1:1d:01:ff:38:aa:a7:b2:
         40:62:59:51:89:3d:e3:e7:fd:a7:cb:ac:05:27:f9:74:86:33:
         e0:6c:85:3a:0b:3c:c6:c2:ea:bd:54:b5:56:09:35:1a:4e:85:
         35:b1:9d:7e:17:3f:cd:e9:a7:58:10:cb:3f:9e:0f:a6:da:e9:
         e8:f5:63:8a:ba:a6:39:59:2b:0d:94:9d:0a:b4:cb:50:ac:f8:
         3e:03:87:75:79:cd:44:34:d8:0d:71:20:84:5b:3e:0e:20:b3:
         79:cf:38:24:09:7a:41:6b:3e:e4:65:35:32:e5:2d:c3:c0:7c:
         4e:cf:85:80:6d:3e:85:c2:e5:0b:60:7c:1d:76:43:fd:58:92:
         fb:ef:25:ad:6b:e0:67:62:9d:a1:18:f6:ce:61:93:04:f5:2d:
         a7:f4:14:6e:ae:2f:4d:10:29:82:7d:5d:85:63:bf:de:e2:d6:
         51:46:08:2f:e1:55:7e:03:32:61:9f:ac:56:7a:05:5d:d4:11:
         23:5d:5b:11:7f:49:7d:63:9c:ed:41:3c:b5:1c:20:e7:55:1a:
         1f:a3:86:3a:22:b6:ae:4c:c3:12:3a:ee:7d:c4:3f:65:75:f9:
         ea:8e:7c:63
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYtXt/gRRzFNPu33c9RczJsxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOTUwOWIzM2RhNTVmM2U1ZDUyODNlYjYyMWQwZDM1ZDdh
ZWVkNWMwHhcNMjMxMDIyMTQwOTE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDIwM2ZmZDMwMzkzYTEwYTI1MGE4ZTNkNTIxZTJjMGEwNWM0MmNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4+EJHwEmEV4mcbt7aVCN1SAvaXn8
rXDePpHRudh+gpnD7ZP9RMj0kHb6HWg0wXvT5umYrbw8TFz90ykUsbhu8RtNSN4I
8oZGRxA4lLv/0385+DZbvWo4vDaDOgMXH1fiXPNKZHoQUD1BtoKLHQybyntuFjRW
sbKQGctTTMPBARKiFHXkpDGKWrWcvhiLqZuBTRb0Ydh3wEDpJ6tvweXheQszB2Kc
HX22LEO3oG9sZhVc1I8wP4XH3YAlL95M1gXy+C+fJTsULDrI0LfukXxWhAydZ6lD
vT1yObCv8K0WlRdzJUYru4g9JkIwP4I22XwbLPXInFaTQH+kPJlWvujzvwIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFB0gP/0wOToQolCo49Uh4sCgXELPMB8GA1UdIwQY
MBaAFE+VCbM9pV8+XVKD62IdDTXXru1cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDVVSnN6MmxYejVkVW9QclloME5OZGV1N1Z3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi82ZmMxYmMtYTVmOC00MmE4LTk1ZTQt
NjAxMDdlMmI1MTA5LzEvSFNBX19UQTVPaENpVUtqajFTSGl3S0JjUXM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi82ZmMxYmMtYTVmOC00MmE4LTk1ZTQtNjAxMDdlMmI1MTA5
LzEvVDVVSnN6MmxYejVkVW9QclloME5OZGV1N1Z3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQCVDYAAwQC
VQiQMAwDBAJVCJwDBAJVCKADBAKwNagDBAK55+ADBALBu2wDBALVi+ADBALZEtAw
DQYJKoZIhvcNAQELBQADggEBAL6arW33wtC5CPqwb/oE21k+srjSrAJnulqVRLjR
HQH/OKqnskBiWVGJPePn/afLrAUn+XSGM+BshToLPMbC6r1UtVYJNRpOhTWxnX4X
P83pp1gQyz+eD6ba6ej1Y4q6pjlZKw2UnQq0y1Cs+D4Dh3V5zUQ02A1xIIRbPg4g
s3nPOCQJekFrPuRlNTLlLcPAfE7PhYBtPoXC5QtgfB12Q/1YkvvvJa1r4GdinaEY
9s5hkwT1Laf0FG6uL00QKYJ9XYVjv97i1lFGCC/hVX4DMmGfrFZ6BV3UESNdWxF/
SX1jnO1BPLUcIOdVGh+jhjoitq5MwxI67n3EP2V1+eqOfGM=
-----END CERTIFICATE-----