Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/xPcrNZI_Q1xGhXMa-dLMe3QgW0o.roa
File:                     xPcrNZI_Q1xGhXMa-dLMe3QgW0o.roa (raw, json)
Hash identifier:          GW4iqME3ksaMrir+wr65fenwcq6Xrlo+STTwMdjEtrc=
Subject key identifier:   C4:F7:2B:35:92:3F:43:5C:46:85:73:1A:F9:D2:CC:7B:74:20:5B:4A
Certificate issuer:       /CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Certificate serial:       01867F8C29505E7002B033A3B6B5228D7BE1
Authority key identifier: 34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/xPcrNZI_Q1xGhXMa-dLMe3QgW0o.roa
Signing time:             Thu 23 Feb 2023 18:32:17 +0000
ROA not before:           Thu 23 Feb 2023 18:32:17 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     3561
IP address blocks:        77.36.112.0/21 maxlen: 24
                          93.120.96.0/22 maxlen: 22
                          46.151.36.0/22 maxlen: 24
                          188.191.252.0/22 maxlen: 24
                          77.36.68.0/22 maxlen: 24
                          93.120.24.0/23 maxlen: 24
                          91.237.44.0/22 maxlen: 24
                          194.33.102.0/23 maxlen: 24
                          194.33.100.0/23 maxlen: 24
                          194.33.100.0/22 maxlen: 24
                          81.161.4.0/22 maxlen: 24

Validation:               Failed, certificate revoked on Tue 04 Apr 2023 17:35:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:7f:8c:29:50:5e:70:02:b0:33:a3:b6:b5:22:8d:7b:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
        Validity
            Not Before: Feb 23 18:32:17 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c4f72b35923f435c4685731af9d2cc7b74205b4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:29:37:9e:dd:0c:e7:9c:47:16:cf:8b:1f:73:
                    a4:c7:5e:d4:d4:0f:4b:75:9c:8c:09:99:10:94:f7:
                    c2:27:4b:9e:71:36:01:12:c9:87:b9:5e:7a:f6:e4:
                    de:c6:fd:b1:5f:09:13:45:74:57:ec:21:d7:dd:48:
                    b3:fc:fb:c6:fb:bb:4e:b7:ae:9f:8d:5d:1c:12:1f:
                    28:83:20:73:68:34:56:24:72:68:5e:6e:c6:1b:9d:
                    58:e3:36:2e:b8:ff:d1:8d:44:8a:4a:d5:b7:82:c5:
                    d1:ab:88:14:b3:c1:69:6a:fe:ce:e0:87:c2:5f:96:
                    20:69:7d:e0:de:50:e9:25:1f:19:60:f2:2b:bb:2f:
                    48:98:cf:d8:74:88:61:74:0c:c7:4f:f9:70:18:57:
                    2f:63:56:09:cf:04:96:04:a2:1d:28:d0:5f:45:cb:
                    67:1f:07:1b:36:3f:f9:de:27:aa:23:ca:c3:c8:c2:
                    02:67:2d:e1:80:0a:54:9c:b3:f3:f0:11:8b:34:c7:
                    e1:38:1f:50:d4:ac:d6:f1:7c:fb:99:bf:94:96:18:
                    ce:59:2b:0d:62:37:81:ab:a3:a8:8c:2a:00:69:af:
                    75:07:0a:32:3f:61:ae:97:b2:5f:af:c1:0d:be:e9:
                    50:18:28:35:86:a2:85:a7:e5:de:ff:5b:ab:ab:50:
                    9a:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:F7:2B:35:92:3F:43:5C:46:85:73:1A:F9:D2:CC:7B:74:20:5B:4A
            X509v3 Authority Key Identifier:
                keyid:34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/xPcrNZI_Q1xGhXMa-dLMe3QgW0o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.151.36.0/22
                  77.36.68.0/22
                  77.36.112.0/21
                  81.161.4.0/22
                  91.237.44.0/22
                  93.120.24.0/23
                  93.120.96.0/22
                  188.191.252.0/22
                  194.33.100.0/22

    Signature Algorithm: sha256WithRSAEncryption
         91:8e:22:fc:06:25:79:0b:b3:ba:95:55:e9:d7:c8:9c:74:af:
         38:7d:22:ce:80:cb:ca:bb:e4:69:a3:06:0b:24:99:b7:09:3f:
         80:05:4d:51:c8:be:6e:8a:a7:4e:c5:38:72:31:b5:fc:39:43:
         45:14:ce:32:e6:ce:d7:a1:59:fa:85:7f:a3:ce:d4:0c:6b:44:
         1e:41:be:b1:0e:84:6c:db:0c:bc:08:ec:a1:1e:26:01:db:d7:
         a0:e8:cd:96:9b:89:27:2d:35:21:a2:72:40:13:1f:03:5e:59:
         ae:a2:10:70:ee:f5:07:16:60:ad:65:fa:51:11:79:ce:84:9d:
         f1:b4:5b:92:c2:04:fe:3a:87:a5:45:c9:17:b0:75:25:be:59:
         ce:4f:df:2f:b5:93:37:ea:66:61:e2:a4:01:03:82:3d:97:1c:
         c1:c6:4c:aa:c3:1e:4c:1d:7a:b0:7e:c1:0e:b2:96:2e:44:c0:
         34:83:92:39:1b:f1:3d:73:11:e4:29:ad:13:85:34:97:2b:fb:
         1f:fb:18:4d:9d:31:63:f3:71:5d:98:08:21:40:e3:e1:bc:5e:
         54:23:11:12:72:2d:7f:9c:1a:89:e6:84:5c:47:03:30:29:9f:
         33:b1:a5:61:02:fd:6f:20:6e:91:1c:a7:85:9b:7b:03:98:1b:
         d7:0a:fd:7b
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYZ/jClQXnACsDOjtrUijXvhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0OWNiYmQ1YzJjZjQxOTVjYzZlYzdmMjFmNjA3NTgxYTAy
MjRkYWEwHhcNMjMwMjIzMTgzMjE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGY3MmIzNTkyM2Y0MzVjNDY4NTczMWFmOWQyY2M3Yjc0MjA1YjRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmSk3nt0M55xHFs+LH3Okx17U1A9L
dZyMCZkQlPfCJ0uecTYBEsmHuV569uTexv2xXwkTRXRX7CHX3Uiz/PvG+7tOt66f
jV0cEh8ogyBzaDRWJHJoXm7GG51Y4zYuuP/RjUSKStW3gsXRq4gUs8Fpav7O4IfC
X5YgaX3g3lDpJR8ZYPIruy9ImM/YdIhhdAzHT/lwGFcvY1YJzwSWBKIdKNBfRctn
HwcbNj/53ieqI8rDyMICZy3hgApUnLPz8BGLNMfhOB9Q1KzW8Xz7mb+UlhjOWSsN
YjeBq6OojCoAaa91BwoyP2Gul7Jfr8ENvulQGCg1hqKFp+Xe/1urq1CaawIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFMT3KzWSP0NcRoVzGvnSzHt0IFtKMB8GA1UdIwQY
MBaAFDScu9XCz0GVzG7H8h9gdYGgIk2qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUt
ZGMwNmRkODA1OTYwLzEveFBjck5aSV9RMXhHaFhNYS1kTE1lM1FnVzBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUtZGMwNmRkODA1OTYw
LzEvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQCLpckAwQC
TSREAwQDTSRwAwQCUaEEAwQCW+0sAwQBXXgYAwQCXXhgAwQCvL/8AwQCwiFkMA0G
CSqGSIb3DQEBCwUAA4IBAQCRjiL8BiV5C7O6lVXp18icdK84fSLOgMvKu+RpowYL
JJm3CT+ABU1RyL5uiqdOxThyMbX8OUNFFM4y5s7XoVn6hX+jztQMa0QeQb6xDoRs
2wy8COyhHiYB29eg6M2Wm4knLTUhonJAEx8DXlmuohBw7vUHFmCtZfpREXnOhJ3x
tFuSwgT+OoelRckXsHUlvlnOT98vtZM36mZh4qQBA4I9lxzBxkyqwx5MHXqwfsEO
spYuRMA0g5I5G/E9cxHkKa0ThTSXK/sf+xhNnTFj83FdmAghQOPhvF5UIxESci1/
nBqJ5oRcRwMwKZ8zsaVhAv1vIG6RHKeFm3sDmBvXCv17
-----END CERTIFICATE-----