Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/1x9mSbMTJreDbTY9k4oCwwF0l0U.roa
File:                     1x9mSbMTJreDbTY9k4oCwwF0l0U.roa (raw, json)
Hash identifier:          gxym0FwEj7NHHJoEA+U+q4HJk0gpdrNfwzL4mJG6RB0=
Subject key identifier:   D7:1F:66:49:B3:13:26:B7:83:6D:36:3D:93:8A:02:C3:01:74:97:45
Certificate issuer:       /CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Certificate serial:       01856BDCB5E2D8D0B6976EA6FCD0DB17F9DB
Authority key identifier: 34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/1x9mSbMTJreDbTY9k4oCwwF0l0U.roa
Signing time:             Sun 01 Jan 2023 05:45:04 +0000
ROA not before:           Sun 01 Jan 2023 05:45:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     211306
IP address blocks:        77.36.2.0/23 maxlen: 23
                          77.36.4.0/24 maxlen: 24
                          77.36.6.0/24 maxlen: 24
                          77.36.7.0/24 maxlen: 24
                          77.36.5.0/24 maxlen: 24
                          77.36.56.0/24 maxlen: 24
                          77.232.216.0/23 maxlen: 23
                          77.36.54.0/23 maxlen: 23
                          77.232.218.0/24 maxlen: 24
                          77.36.88.0/24 maxlen: 24
                          91.237.49.0/24 maxlen: 24
                          93.120.44.0/23 maxlen: 23

Validation:               Failed, certificate revoked on Wed 07 Jun 2023 12:39:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6b:dc:b5:e2:d8:d0:b6:97:6e:a6:fc:d0:db:17:f9:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
        Validity
            Not Before: Jan  1 05:45:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d71f6649b31326b7836d363d938a02c301749745
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:e8:66:4a:c1:98:7d:03:c0:81:cd:e1:e3:18:
                    59:46:c2:93:f4:62:a4:06:30:0b:69:1a:1f:67:6d:
                    91:cd:20:1a:21:48:22:f9:73:e7:6d:ff:ef:cb:60:
                    c1:ff:55:76:36:8d:b1:b9:22:9b:a0:43:ea:36:ef:
                    22:cb:73:91:0b:0d:11:ed:47:c1:af:28:81:91:0f:
                    9a:1c:f8:70:53:ed:f0:1e:e8:5c:87:76:f2:4e:2a:
                    f4:4e:73:64:9b:55:3d:c2:c4:16:1e:89:f3:9d:e3:
                    40:ad:bb:7d:7b:5a:0a:a7:78:4a:43:85:07:ea:eb:
                    9a:c0:a1:14:eb:37:39:f9:92:50:01:5f:d5:2a:cd:
                    4e:87:26:91:47:9c:56:73:b4:e0:b6:88:ed:b3:88:
                    66:6f:71:5d:85:e2:bb:94:83:71:58:87:d3:bf:2a:
                    94:0d:7c:8b:c0:57:d6:5b:18:5a:63:df:a1:41:a2:
                    9c:e3:b9:ea:f0:00:6a:34:d7:b7:58:9f:70:96:d8:
                    56:fe:6b:11:73:ba:7e:5d:55:a5:15:bb:30:c5:67:
                    3e:f9:eb:20:b5:53:f1:4f:d2:f6:ca:7b:75:fd:2c:
                    50:30:ce:14:dc:c2:6b:2e:d0:e0:c3:ca:5f:4a:7e:
                    cd:21:11:15:68:14:9f:f8:0f:ce:78:10:1c:6d:7e:
                    4d:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:1F:66:49:B3:13:26:B7:83:6D:36:3D:93:8A:02:C3:01:74:97:45
            X509v3 Authority Key Identifier:
                keyid:34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/1x9mSbMTJreDbTY9k4oCwwF0l0U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.36.2.0-77.36.7.255
                  77.36.54.0-77.36.56.255
                  77.36.88.0/24
                  77.232.216.0-77.232.218.255
                  91.237.49.0/24
                  93.120.44.0/23

    Signature Algorithm: sha256WithRSAEncryption
         19:45:2c:60:2e:f7:7d:28:7a:6f:b1:21:07:d8:2c:b7:1a:4a:
         4a:74:0a:20:f3:98:33:d8:8d:4c:75:c2:b4:ca:9b:d0:ab:e2:
         21:54:07:ba:58:ea:e7:c8:47:64:28:f9:2e:08:01:14:61:1f:
         3d:bd:8a:df:5a:b1:cd:cc:a4:90:3a:12:1b:15:41:74:8c:50:
         c5:a7:cf:3e:a1:2b:24:a7:2f:a2:89:04:cb:35:1a:04:d4:2a:
         65:c0:71:70:4c:0a:12:2e:b3:b4:09:d7:31:82:04:a0:58:c4:
         86:f4:e3:a4:5f:d4:0e:10:7d:08:0b:f9:fc:8a:96:74:36:31:
         cf:7f:6f:7b:a5:87:fe:56:e7:57:5a:41:d2:c9:8d:a7:63:e3:
         86:11:43:79:42:83:cd:73:0a:96:4f:a0:16:65:0a:f3:a6:5b:
         56:75:72:40:bb:2c:3b:da:03:49:bf:3e:f0:68:70:13:f8:33:
         77:36:fb:8a:e8:e0:98:23:ef:39:13:75:da:c6:c3:3e:c4:db:
         1f:4b:5f:17:96:22:f4:be:10:0b:5c:f4:cf:41:53:77:fe:1b:
         6e:ec:87:bd:79:b5:10:e2:55:ea:e5:76:64:63:8f:6d:f8:8c:
         ce:e3:54:7b:d1:4e:ff:a8:bd:fc:f4:14:e7:68:87:75:01:12:
         86:5f:f8:4a
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYVr3LXi2NC2l26m/NDbF/nbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0OWNiYmQ1YzJjZjQxOTVjYzZlYzdmMjFmNjA3NTgxYTAy
MjRkYWEwHhcNMjMwMTAxMDU0NTA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzFmNjY0OWIzMTMyNmI3ODM2ZDM2M2Q5MzhhMDJjMzAxNzQ5NzQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx+hmSsGYfQPAgc3h4xhZRsKT9GKk
BjALaRofZ22RzSAaIUgi+XPnbf/vy2DB/1V2No2xuSKboEPqNu8iy3ORCw0R7UfB
ryiBkQ+aHPhwU+3wHuhch3byTir0TnNkm1U9wsQWHonzneNArbt9e1oKp3hKQ4UH
6uuawKEU6zc5+ZJQAV/VKs1OhyaRR5xWc7Tgtojts4hmb3FdheK7lINxWIfTvyqU
DXyLwFfWWxhaY9+hQaKc47nq8ABqNNe3WJ9wlthW/msRc7p+XVWlFbswxWc++esg
tVPxT9L2ynt1/SxQMM4U3MJrLtDgw8pfSn7NIREVaBSf+A/OeBAcbX5NYQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFNcfZkmzEya3g202PZOKAsMBdJdFMB8GA1UdIwQY
MBaAFDScu9XCz0GVzG7H8h9gdYGgIk2qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUt
ZGMwNmRkODA1OTYwLzEvMXg5bVNiTVRKcmVEYlRZOWs0b0N3d0YwbDBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUtZGMwNmRkODA1OTYw
LzEvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8MAwDBAFNJAID
BANNJAAwDAMEAU0kNgMEAE0kOAMEAE0kWDAMAwQDTejYAwQATejaAwQAW+0xAwQB
XXgsMA0GCSqGSIb3DQEBCwUAA4IBAQAZRSxgLvd9KHpvsSEH2Cy3GkpKdAog85gz
2I1MdcK0ypvQq+IhVAe6WOrnyEdkKPkuCAEUYR89vYrfWrHNzKSQOhIbFUF0jFDF
p88+oSskpy+iiQTLNRoE1CplwHFwTAoSLrO0CdcxggSgWMSG9OOkX9QOEH0IC/n8
ipZ0NjHPf297pYf+VudXWkHSyY2nY+OGEUN5QoPNcwqWT6AWZQrzpltWdXJAuyw7
2gNJvz7waHAT+DN3NvuK6OCYI+85E3XaxsM+xNsfS18XliL0vhALXPTPQVN3/htu
7Ie9ebUQ4lXq5XZkY49t+IzO41R70U7/qL389BTnaId1ARKGX/hK
-----END CERTIFICATE-----