Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/Ga7e0d-CwO-w2oF-gZCZ9GXB80A.roa
File:                     Ga7e0d-CwO-w2oF-gZCZ9GXB80A.roa (raw, json)
Hash identifier:          Yh/4gwalo2e99CXlObuCq9u+2q0JqgB0X+cU4/ZjlEA=
Subject key identifier:   19:AE:DE:D1:DF:82:C0:EF:B0:DA:81:7E:81:90:99:F4:65:C1:F3:40
Certificate issuer:       /CN=b72588c00eef715809eb5fdd6d6717cc28c0dfac
Certificate serial:       01857246F8A03F8F34D5B0D12C45CC57579B
Authority key identifier: B7:25:88:C0:0E:EF:71:58:09:EB:5F:DD:6D:67:17:CC:28:C0:DF:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tyWIwA7vcVgJ61_dbWcXzCjA36w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/Ga7e0d-CwO-w2oF-gZCZ9GXB80A.roa
Signing time:             Mon 02 Jan 2023 11:38:51 +0000
ROA not before:           Mon 02 Jan 2023 11:38:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     44843
IP address blocks:        192.145.19.0/24 maxlen: 24
                          152.89.135.0/24 maxlen: 24
                          152.89.134.0/24 maxlen: 24
                          31.207.64.0/20 maxlen: 20
                          178.236.132.0/24 maxlen: 24
                          178.236.130.0/24 maxlen: 24
                          178.236.128.0/21 maxlen: 21
                          178.236.131.0/24 maxlen: 24
                          178.236.128.0/24 maxlen: 24
                          178.236.129.0/24 maxlen: 24
                          178.236.133.0/24 maxlen: 24
                          178.236.134.0/24 maxlen: 24
                          178.236.135.0/24 maxlen: 24
                          2a02:1710:4::/48 maxlen: 48

Validation:               Failed, certificate revoked on Fri 31 Mar 2023 07:11:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:46:f8:a0:3f:8f:34:d5:b0:d1:2c:45:cc:57:57:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72588c00eef715809eb5fdd6d6717cc28c0dfac
        Validity
            Not Before: Jan  2 11:38:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=19aeded1df82c0efb0da817e819099f465c1f340
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:de:2e:04:bb:32:87:aa:dc:b3:77:d7:b3:da:
                    cd:66:b1:c6:ed:95:35:9c:98:61:19:81:76:39:36:
                    07:49:d4:70:72:af:99:df:ca:76:f3:04:50:0a:01:
                    e0:e3:2a:52:98:8a:4d:ac:86:e8:2e:b2:81:3b:c8:
                    7c:2f:9b:a9:70:47:89:51:af:47:ca:c5:56:89:81:
                    35:16:67:2f:bf:a3:1e:81:0c:fe:59:14:27:2a:8c:
                    29:63:ed:09:97:16:ef:db:fc:26:d4:6a:2c:8a:da:
                    66:c3:49:14:c7:c6:f3:16:07:d2:2d:88:d1:23:45:
                    93:fc:8b:fb:c6:0b:b2:a6:47:4f:d5:81:2d:25:9d:
                    86:80:e7:60:79:d8:0b:a6:c5:95:1c:f7:1a:01:1c:
                    ae:d8:0a:05:8d:4f:56:81:fa:75:69:09:56:9a:4f:
                    84:73:1b:5a:1f:2b:28:34:3b:5c:c7:d5:03:b8:6b:
                    7e:3c:a5:6e:27:35:19:39:a4:ce:f5:2b:2f:ab:0c:
                    b1:5b:25:71:0e:3d:d7:8c:21:3d:eb:06:9e:63:24:
                    03:d7:48:20:16:2c:cd:2d:0a:9d:55:25:c6:98:39:
                    2f:cb:1b:b9:bb:ee:d4:11:25:7b:2b:a5:f0:8c:57:
                    27:13:81:70:46:71:f8:d4:f3:d1:54:a1:d4:a2:77:
                    d9:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:AE:DE:D1:DF:82:C0:EF:B0:DA:81:7E:81:90:99:F4:65:C1:F3:40
            X509v3 Authority Key Identifier:
                keyid:B7:25:88:C0:0E:EF:71:58:09:EB:5F:DD:6D:67:17:CC:28:C0:DF:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tyWIwA7vcVgJ61_dbWcXzCjA36w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/Ga7e0d-CwO-w2oF-gZCZ9GXB80A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/tyWIwA7vcVgJ61_dbWcXzCjA36w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.207.64.0/20
                  152.89.134.0/23
                  178.236.128.0/21
                  192.145.19.0/24
                IPv6:
                  2a02:1710:4::/48

    Signature Algorithm: sha256WithRSAEncryption
         5e:21:cc:68:89:3e:66:2b:cd:a4:7d:0e:83:38:d5:1e:72:fa:
         3e:96:15:5b:d5:82:01:71:88:8d:01:39:e2:59:4d:65:19:7a:
         cb:af:ce:a0:c3:a4:9d:49:28:ae:56:6a:7a:de:b7:76:4e:dc:
         2a:c6:fd:c1:34:b7:ec:6e:3c:cc:39:4f:3e:c3:2d:49:f9:9b:
         8c:22:40:8a:12:99:4f:4c:83:49:35:a1:fc:58:ae:5b:56:73:
         b3:d9:5d:cf:7d:23:13:e8:4f:8b:55:5a:6e:cf:98:70:27:fd:
         ff:b5:e7:8e:69:18:99:74:4c:40:18:8a:7a:49:0e:50:b1:23:
         9b:8c:ed:ad:93:1c:41:e3:09:36:f2:88:9d:a8:6c:7d:c3:68:
         6e:da:2e:36:20:38:fd:7a:7b:be:a0:a3:58:99:b3:c1:e8:84:
         cd:fe:41:d8:ec:9f:46:f2:61:ad:84:75:6c:e9:5c:b6:ee:91:
         70:dc:18:92:fb:9f:70:55:94:b1:27:30:0f:45:de:e2:b3:ee:
         37:42:b6:0d:43:da:f1:1e:1f:ed:e4:4c:b4:64:70:03:7e:fb:
         7c:8e:9b:23:fc:3f:08:88:8d:41:9b:5b:b7:4a:65:ad:21:c5:
         76:ed:66:bc:27:34:69:c1:39:b1:1a:e9:b8:ac:46:2e:91:3f:
         fb:cc:74:73
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISAYVyRvigP4801bDRLEXMV1ebMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3MjU4OGMwMGVlZjcxNTgwOWViNWZkZDZkNjcxN2NjMjhj
MGRmYWMwHhcNMjMwMTAyMTEzODUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWFlZGVkMWRmODJjMGVmYjBkYTgxN2U4MTkwOTlmNDY1YzFmMzQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApt4uBLsyh6rcs3fXs9rNZrHG7ZU1
nJhhGYF2OTYHSdRwcq+Z38p28wRQCgHg4ypSmIpNrIboLrKBO8h8L5upcEeJUa9H
ysVWiYE1Fmcvv6MegQz+WRQnKowpY+0Jlxbv2/wm1Gositpmw0kUx8bzFgfSLYjR
I0WT/Iv7xguypkdP1YEtJZ2GgOdgedgLpsWVHPcaARyu2AoFjU9Wgfp1aQlWmk+E
cxtaHysoNDtcx9UDuGt+PKVuJzUZOaTO9SsvqwyxWyVxDj3XjCE96waeYyQD10gg
FizNLQqdVSXGmDkvyxu5u+7UESV7K6XwjFcnE4FwRnH41PPRVKHUonfZIQIDAQAB
o4ICLDCCAigwHQYDVR0OBBYEFBmu3tHfgsDvsNqBfoGQmfRlwfNAMB8GA1UdIwQY
MBaAFLcliMAO73FYCetf3W1nF8wowN+sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlXSXdBN3ZjVmdKNjFfZGJXY1h6Q2pBMzZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9lYmJhYzktZmVlNy00ZjNiLThjZDUt
N2E0MTI1NGVhYWNhLzEvR2E3ZTBkLUN3Ty13Mm9GLWdaQ1o5R1hCODBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9lYmJhYzktZmVlNy00ZjNiLThjZDUtN2E0MTI1NGVhYWNh
LzEvdHlXSXdBN3ZjVmdKNjFfZGJXY1h6Q2pBMzZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEIGCCsGAQUFBwEHAQH/BDMwMTAeBAIAATAYAwQEH89AAwQB
mFmGAwQDsuyAAwQAwJETMA8EAgACMAkDBwAqAhcQAAQwDQYJKoZIhvcNAQELBQAD
ggEBAF4hzGiJPmYrzaR9DoM41R5y+j6WFVvVggFxiI0BOeJZTWUZesuvzqDDpJ1J
KK5Wanret3ZO3CrG/cE0t+xuPMw5Tz7DLUn5m4wiQIoSmU9Mg0k1ofxYrltWc7PZ
Xc99IxPoT4tVWm7PmHAn/f+1545pGJl0TEAYinpJDlCxI5uM7a2THEHjCTbyiJ2o
bH3DaG7aLjYgOP16e76go1iZs8HohM3+Qdjsn0byYa2EdWzpXLbukXDcGJL7n3BV
lLEnMA9F3uKz7jdCtg1D2vEeH+3kTLRkcAN++3yOmyP8PwiIjUGbW7dKZa0hxXbt
ZrwnNGnBObEa6bisRi6RP/vMdHM=
-----END CERTIFICATE-----