Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/P2tNfxoRCHz3AYYTkJr11c4Z0wU.roa
File:                     P2tNfxoRCHz3AYYTkJr11c4Z0wU.roa (raw, json)
Hash identifier:          RSnAYaQ/+VXcv5cK5puSblC3YUa7gXY8uqQTq8Z88c4=
Subject key identifier:   3F:6B:4D:7F:1A:11:08:7C:F7:01:86:13:90:9A:F5:D5:CE:19:D3:05
Certificate issuer:       /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial:       0185C52080DAD75C0E61CEED25A8E9449359
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/P2tNfxoRCHz3AYYTkJr11c4Z0wU.roa
Signing time:             Wed 18 Jan 2023 13:45:19 +0000
ROA not before:           Wed 18 Jan 2023 13:45:19 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     44477
IP address blocks:        94.131.96.0/24 maxlen: 24
                          94.131.98.0/24 maxlen: 24
                          94.131.99.0/24 maxlen: 24
                          94.131.102.0/24 maxlen: 24
                          94.131.100.0/24 maxlen: 24
                          94.131.105.0/24 maxlen: 24
                          94.131.106.0/24 maxlen: 24
                          94.131.108.0/24 maxlen: 24
                          94.131.107.0/24 maxlen: 24
                          94.131.2.0/24 maxlen: 24
                          94.131.3.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 15 Feb 2023 12:35:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:c5:20:80:da:d7:5c:0e:61:ce:ed:25:a8:e9:44:93:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
        Validity
            Not Before: Jan 18 13:45:19 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3f6b4d7f1a11087cf7018613909af5d5ce19d305
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:b6:31:b7:35:7b:05:38:b1:a8:b8:af:f2:28:
                    13:dd:de:91:64:af:7b:8e:43:b9:46:ed:3a:f9:5a:
                    02:7c:89:f7:92:51:09:98:00:f0:6e:4e:49:2e:75:
                    0f:3d:c2:24:54:b5:75:01:04:23:3f:de:0c:8b:ec:
                    8c:b4:6c:96:01:cf:91:8c:d3:7b:04:15:11:4e:92:
                    0e:a5:25:35:e8:14:b8:b7:e2:93:3c:68:bc:e5:d9:
                    87:c7:2c:74:ad:b4:74:7c:78:94:80:9f:ae:bc:e2:
                    68:29:09:a3:d5:4e:24:41:9d:87:b1:26:60:b0:09:
                    ee:95:eb:35:c4:48:53:d0:73:a6:91:68:86:e5:e4:
                    69:5f:2c:3e:ec:20:c8:8d:fc:4c:31:63:32:71:56:
                    12:a0:46:da:f3:42:7c:48:90:9c:27:ba:d1:d4:5e:
                    4e:a0:ff:a1:e2:2e:89:dc:ef:0b:6a:2d:4a:10:4b:
                    48:38:63:0e:4a:3b:19:19:a2:94:ce:fd:59:a8:01:
                    43:c2:00:f7:03:99:92:55:86:03:30:d4:b9:b1:89:
                    89:47:2e:5f:7e:2c:80:f1:c4:17:a3:7b:57:e2:c7:
                    e3:65:99:09:34:27:76:cb:ac:83:33:d0:6d:0e:b3:
                    db:6e:75:15:f0:ba:fe:d6:ea:4a:48:82:b8:a1:05:
                    5d:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:6B:4D:7F:1A:11:08:7C:F7:01:86:13:90:9A:F5:D5:CE:19:D3:05
            X509v3 Authority Key Identifier:
                keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/P2tNfxoRCHz3AYYTkJr11c4Z0wU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.131.2.0/23
                  94.131.96.0/24
                  94.131.98.0-94.131.100.255
                  94.131.102.0/24
                  94.131.105.0-94.131.108.255

    Signature Algorithm: sha256WithRSAEncryption
         9f:46:fc:82:72:ce:f8:6b:16:7c:f4:e8:db:84:f7:dc:ba:b4:
         11:7a:09:c3:a7:36:a2:32:69:d8:76:4d:85:da:15:9c:95:f4:
         99:4a:d1:ba:4b:3a:41:dc:f9:19:c2:7f:79:1c:98:c9:0f:cd:
         6b:a0:33:7e:e3:9e:0a:20:c9:a7:61:3b:af:5b:e0:32:16:fe:
         24:64:2a:fb:a5:fc:67:e0:d8:38:71:54:e7:d0:81:a1:6f:a4:
         7d:27:76:c5:98:2c:39:af:0a:0a:f2:f3:d5:f5:67:5c:dc:f4:
         aa:8c:be:20:b7:e9:0b:29:e4:c1:2f:48:52:a8:f4:83:ac:a3:
         15:94:3e:09:e6:de:b2:49:55:25:3c:23:12:a7:dc:0e:88:e6:
         a9:99:7f:f3:c4:48:a2:7f:53:a3:dd:5a:bc:a4:4b:73:9d:0f:
         87:3c:76:39:ef:f0:5f:a9:02:39:7d:5a:88:4a:c1:df:a1:7c:
         60:74:57:e9:80:c1:e7:bc:0a:76:1e:25:8c:12:29:2d:52:47:
         9e:e0:6b:51:45:3d:64:72:2b:bd:8e:1e:10:1c:98:1b:92:f9:
         4b:c6:e3:c8:f4:07:03:c1:24:27:ed:50:8b:bf:0e:ef:a4:5b:
         2a:55:27:3d:81:be:56:97:ff:30:2a:de:71:d8:a6:d3:a7:f1:
         60:49:60:53
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAYXFIIDa11wOYc7tJajpRJNZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjMwMTE4MTM0NTE5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjZiNGQ3ZjFhMTEwODdjZjcwMTg2MTM5MDlhZjVkNWNlMTlkMzA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhrYxtzV7BTixqLiv8igT3d6RZK97
jkO5Ru06+VoCfIn3klEJmADwbk5JLnUPPcIkVLV1AQQjP94Mi+yMtGyWAc+RjNN7
BBURTpIOpSU16BS4t+KTPGi85dmHxyx0rbR0fHiUgJ+uvOJoKQmj1U4kQZ2HsSZg
sAnules1xEhT0HOmkWiG5eRpXyw+7CDIjfxMMWMycVYSoEba80J8SJCcJ7rR1F5O
oP+h4i6J3O8Lai1KEEtIOGMOSjsZGaKUzv1ZqAFDwgD3A5mSVYYDMNS5sYmJRy5f
fiyA8cQXo3tX4sfjZZkJNCd2y6yDM9BtDrPbbnUV8Lr+1upKSIK4oQVdAwIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFD9rTX8aEQh89wGGE5Ca9dXOGdMFMB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvUDJ0TmZ4b1JDSHozQVlZVGtKcjExYzRaMHdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAATAuAwQBXoMCAwQA
XoNgMAwDBAFeg2IDBABeg2QDBABeg2YwDAMEAF6DaQMEAF6DbDANBgkqhkiG9w0B
AQsFAAOCAQEAn0b8gnLO+GsWfPTo24T33Lq0EXoJw6c2ojJp2HZNhdoVnJX0mUrR
uks6Qdz5GcJ/eRyYyQ/Na6AzfuOeCiDJp2E7r1vgMhb+JGQq+6X8Z+DYOHFU59CB
oW+kfSd2xZgsOa8KCvLz1fVnXNz0qoy+ILfpCynkwS9IUqj0g6yjFZQ+CebesklV
JTwjEqfcDojmqZl/88RIon9To91avKRLc50Phzx2Oe/wX6kCOX1aiErB36F8YHRX
6YDB57wKdh4ljBIpLVJHnuBrUUU9ZHIrvY4eEByYG5L5S8bjyPQHA8EkJ+1Qi78O
76RbKlUnPYG+Vpf/MCrecdim06fxYElgUw==
-----END CERTIFICATE-----