Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/ERktDHwreS1fB789KJBuYB39kxE.roa
File:                     ERktDHwreS1fB789KJBuYB39kxE.roa (raw, json)
Hash identifier:          +qHsqmyAjOHNDrjU9LDMVnb/NHXVCvduj3wlLJQRJ4M=
Subject key identifier:   11:19:2D:0C:7C:2B:79:2D:5F:07:BF:3D:28:90:6E:60:1D:FD:93:11
Certificate issuer:       /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial:       0186E6348B6E938C3B413B67707EF6C49D78
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/ERktDHwreS1fB789KJBuYB39kxE.roa
Signing time:             Wed 15 Mar 2023 16:57:28 +0000
ROA not before:           Wed 15 Mar 2023 16:57:28 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     44477
IP address blocks:        94.131.96.0/24 maxlen: 24
                          94.131.98.0/24 maxlen: 24
                          94.131.97.0/24 maxlen: 24
                          94.131.99.0/24 maxlen: 24
                          94.131.102.0/24 maxlen: 24
                          94.131.100.0/24 maxlen: 24
                          94.131.105.0/24 maxlen: 24
                          94.131.106.0/24 maxlen: 24
                          94.131.108.0/24 maxlen: 24
                          94.131.107.0/24 maxlen: 24
                          94.131.116.0/24 maxlen: 24
                          94.131.114.0/24 maxlen: 24
                          94.131.2.0/24 maxlen: 24
                          94.131.3.0/24 maxlen: 24
                          94.131.8.0/21 maxlen: 24

Validation:               Failed, certificate revoked on Wed 22 Mar 2023 17:04:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:e6:34:8b:6e:93:8c:3b:41:3b:67:70:7e:f6:c4:9d:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
        Validity
            Not Before: Mar 15 16:57:28 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=11192d0c7c2b792d5f07bf3d28906e601dfd9311
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:d6:f5:37:07:2f:69:3d:5a:55:79:45:62:24:
                    6c:2f:9c:97:42:15:f2:0d:34:b3:ae:07:2b:a4:5b:
                    6c:5b:e6:46:21:98:bb:97:e0:12:63:eb:62:01:eb:
                    60:4f:8a:c8:b0:c0:b7:38:28:a5:c3:9d:b8:17:78:
                    02:aa:14:4f:88:f3:2f:38:4b:70:5f:e8:05:64:6d:
                    df:0b:36:08:76:da:fb:81:21:26:7d:24:82:1b:4b:
                    01:b3:77:59:8c:fb:e4:c3:16:4d:73:f7:1f:97:48:
                    eb:5e:d2:45:6a:b3:63:d6:35:83:35:2e:f9:14:7b:
                    54:c9:f7:fc:dd:89:81:b2:2c:ec:58:7a:8d:c7:22:
                    d6:98:22:05:75:3c:75:55:54:b9:87:86:38:57:dd:
                    4a:df:6d:5e:cc:44:c3:9e:4c:aa:44:17:1b:9a:ee:
                    7d:6a:d1:cc:b6:12:20:f8:72:e2:78:e0:4d:c8:f7:
                    40:49:99:dc:5a:cb:e5:16:9c:4d:6c:87:35:06:ef:
                    21:3d:c8:be:75:86:b1:77:c1:a7:7d:9c:3f:fe:be:
                    09:7a:98:6d:f3:16:4b:0a:1f:47:6e:fc:32:7c:a0:
                    a8:96:56:a9:09:2f:c9:d6:69:4d:5f:7e:64:d6:a3:
                    7d:63:6d:d8:08:d8:be:00:cf:9a:1f:9e:a1:67:75:
                    2b:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:19:2D:0C:7C:2B:79:2D:5F:07:BF:3D:28:90:6E:60:1D:FD:93:11
            X509v3 Authority Key Identifier:
                keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/ERktDHwreS1fB789KJBuYB39kxE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.131.2.0/23
                  94.131.8.0/21
                  94.131.96.0-94.131.100.255
                  94.131.102.0/24
                  94.131.105.0-94.131.108.255
                  94.131.114.0/24
                  94.131.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:a7:fe:0b:ee:6a:b5:4c:a1:9d:ff:c3:ed:d7:90:08:28:a3:
         5c:16:c7:b3:0e:1f:85:96:42:c4:6a:df:a9:23:37:bd:a6:bb:
         c2:f3:1d:57:e4:dd:c5:c1:54:19:4f:3c:ce:cc:27:5d:82:f3:
         b6:6c:6c:42:d4:d7:d2:7d:4b:1a:d9:4c:d2:fa:d0:64:1e:2b:
         0f:82:6c:23:f0:0e:08:95:3a:74:a2:83:bf:32:f2:38:bd:6d:
         de:da:1c:83:21:49:e9:ec:a1:20:fc:1f:b3:56:72:eb:4f:32:
         ba:ac:e2:93:2e:52:92:73:94:0b:d6:e2:79:aa:1f:0d:37:55:
         ab:a7:15:3c:f9:ed:d8:e9:4d:c3:04:8e:b3:f3:eb:80:f2:83:
         9f:0c:03:14:42:4c:c3:88:58:9c:41:19:d6:3d:35:c8:85:41:
         15:be:6c:d3:a7:09:ff:6e:aa:89:17:3c:bf:a3:86:06:b0:7a:
         84:37:d0:d0:d4:15:34:7c:51:1c:69:70:40:aa:02:e3:9f:73:
         4c:6f:e5:f7:71:56:a9:6f:70:a4:8d:3c:bd:01:fe:30:c3:a1:
         c2:0e:bf:fa:20:33:01:3e:81:d7:50:2e:a8:aa:c1:97:1d:76:
         4c:58:8d:2f:ce:c1:b5:2f:a1:36:7a:4c:06:cb:95:0c:7d:16:
         be:49:8d:28
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAYbmNItuk4w7QTtncH72xJ14MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjMwMzE1MTY1NzI4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTE5MmQwYzdjMmI3OTJkNWYwN2JmM2QyODkwNmU2MDFkZmQ5MzExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm9b1NwcvaT1aVXlFYiRsL5yXQhXy
DTSzrgcrpFtsW+ZGIZi7l+ASY+tiAetgT4rIsMC3OCilw524F3gCqhRPiPMvOEtw
X+gFZG3fCzYIdtr7gSEmfSSCG0sBs3dZjPvkwxZNc/cfl0jrXtJFarNj1jWDNS75
FHtUyff83YmBsizsWHqNxyLWmCIFdTx1VVS5h4Y4V91K321ezETDnkyqRBcbmu59
atHMthIg+HLieOBNyPdASZncWsvlFpxNbIc1Bu8hPci+dYaxd8GnfZw//r4Jepht
8xZLCh9HbvwyfKCollapCS/J1mlNX35k1qN9Y23YCNi+AM+aH56hZ3UryQIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFBEZLQx8K3ktXwe/PSiQbmAd/ZMRMB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvRVJrdERId3JlUzFmQjc4OUtKQnVZQjM5a3hFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjBABAIAATA6AwQBXoMCAwQD
XoMIMAwDBAVeg2ADBABeg2QDBABeg2YwDAMEAF6DaQMEAF6DbAMEAF6DcgMEAF6D
dDANBgkqhkiG9w0BAQsFAAOCAQEAAKf+C+5qtUyhnf/D7deQCCijXBbHsw4fhZZC
xGrfqSM3vaa7wvMdV+TdxcFUGU88zswnXYLztmxsQtTX0n1LGtlM0vrQZB4rD4Js
I/AOCJU6dKKDvzLyOL1t3tocgyFJ6eyhIPwfs1Zy608yuqziky5SknOUC9bieaof
DTdVq6cVPPnt2OlNwwSOs/PrgPKDnwwDFEJMw4hYnEEZ1j01yIVBFb5s06cJ/26q
iRc8v6OGBrB6hDfQ0NQVNHxRHGlwQKoC459zTG/l93FWqW9wpI08vQH+MMOhwg6/
+iAzAT6B11AuqKrBlx12TFiNL87BtS+hNnpMBsuVDH0WvkmNKA==
-----END CERTIFICATE-----