Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/ZKSR30GLhj4rQjDDtdZLs8lnXkg.roa
File:                     ZKSR30GLhj4rQjDDtdZLs8lnXkg.roa (raw, json)
Hash identifier:          ud6Jp4xMOil3WK31eg/0dFtZN+ixt6470sVxCHOH3gM=
Subject key identifier:   64:A4:91:DF:41:8B:86:3E:2B:42:30:C3:B5:D6:4B:B3:C9:67:5E:48
Certificate issuer:       /CN=fe58952d393935f0d3bce814fd9178d04693aeb9
Certificate serial:       01856EA6B2C2FD186E8A404C33A193BF32BF
Authority key identifier: FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/ZKSR30GLhj4rQjDDtdZLs8lnXkg.roa
Signing time:             Sun 01 Jan 2023 18:44:56 +0000
ROA not before:           Sun 01 Jan 2023 18:44:56 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     6762
IP address blocks:        85.204.125.0/24 maxlen: 24
                          85.204.127.0/24 maxlen: 24
                          86.106.104.0/24 maxlen: 24
                          93.113.158.0/24 maxlen: 24
                          89.43.73.0/24 maxlen: 24
                          89.33.163.0/24 maxlen: 24
                          89.39.252.0/24 maxlen: 24
                          188.240.14.0/24 maxlen: 24
                          188.215.72.0/24 maxlen: 24
                          93.114.171.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 20 Jan 2023 11:37:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:a6:b2:c2:fd:18:6e:8a:40:4c:33:a1:93:bf:32:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe58952d393935f0d3bce814fd9178d04693aeb9
        Validity
            Not Before: Jan  1 18:44:56 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=64a491df418b863e2b4230c3b5d64bb3c9675e48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:00:b2:24:02:42:3a:91:3d:0c:c7:b9:04:19:
                    ec:71:3b:3d:76:11:86:03:ab:68:77:f1:60:78:f9:
                    4b:93:8a:d8:02:cd:25:15:a4:6a:27:9e:1b:24:0a:
                    6f:ad:30:65:01:78:6e:61:44:63:56:f0:33:f5:93:
                    fe:82:22:c5:47:9c:75:6c:21:86:2c:9a:1d:a1:69:
                    f9:41:93:2d:9a:f5:a0:7a:6b:3b:9f:bd:4e:90:d7:
                    d6:09:47:b2:96:05:5b:db:92:4a:a8:b7:ac:3e:69:
                    f1:59:82:16:6b:5f:47:22:81:08:68:47:db:7f:4f:
                    12:d3:a5:c4:38:a0:f3:4c:34:21:d1:4f:d7:31:ca:
                    54:14:68:fd:ff:be:d1:1d:03:ab:c6:5e:a0:17:b0:
                    13:0b:4e:b8:af:cb:4c:0a:ec:38:9f:e4:b3:78:09:
                    f7:87:9d:d6:e8:69:0f:3d:11:05:e9:cf:79:33:08:
                    54:9a:5b:db:c7:d1:60:4f:6e:0d:67:18:a4:8f:50:
                    cb:03:85:f7:48:51:80:85:1e:0f:a0:40:de:aa:36:
                    f6:95:82:aa:56:30:e6:f0:91:f3:9b:aa:3f:92:cc:
                    e2:02:4b:cf:ad:da:c8:9a:ec:20:13:d0:56:82:92:
                    ee:3a:1c:66:24:a0:4a:a1:e6:c4:b9:f4:40:0c:8c:
                    1e:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:A4:91:DF:41:8B:86:3E:2B:42:30:C3:B5:D6:4B:B3:C9:67:5E:48
            X509v3 Authority Key Identifier:
                keyid:FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/ZKSR30GLhj4rQjDDtdZLs8lnXkg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.204.125.0/24
                  85.204.127.0/24
                  86.106.104.0/24
                  89.33.163.0/24
                  89.39.252.0/24
                  89.43.73.0/24
                  93.113.158.0/24
                  93.114.171.0/24
                  188.215.72.0/24
                  188.240.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:19:ec:da:a0:41:c3:d3:6b:62:25:a6:5d:3f:95:a7:cb:11:
         f8:04:1b:3c:f2:f1:25:f6:d8:e9:94:74:a7:59:c6:82:27:85:
         2d:9d:59:16:a2:d8:da:48:6e:70:1e:24:45:22:92:bf:b2:ec:
         54:37:e8:be:16:59:2c:dc:27:7a:96:99:47:e9:b8:7c:65:3e:
         f8:bb:ca:e4:cf:21:c3:76:09:f6:ee:b3:7d:fa:cc:83:da:b9:
         2a:f9:61:08:58:5a:16:e9:fc:63:f5:15:54:f0:30:41:23:fe:
         e2:0f:ba:66:12:1c:79:07:8f:98:8b:93:13:61:7f:5a:64:ac:
         58:31:73:7b:11:ec:c2:ea:29:3b:48:2a:7f:3f:1e:e6:a4:c9:
         2a:3a:9f:8b:9f:b6:5e:38:83:18:e8:d8:92:8a:64:fc:b0:66:
         dc:fd:ba:80:72:80:e7:6d:2d:1b:a6:e4:1a:20:21:0e:8f:fa:
         cd:7d:72:6a:0d:67:ff:ec:70:af:07:4d:94:ab:e1:8e:7f:33:
         fd:c1:cd:8c:f2:06:cf:27:de:f5:41:60:45:6a:4b:b7:89:e7:
         38:6a:e3:44:f3:fb:5f:e1:41:d8:d3:dd:c6:42:85:e2:47:32:
         c3:58:7e:d4:34:a5:f5:db:f7:5d:ee:30:90:af:b6:2f:c8:c9:
         70:25:25:f3
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYVuprLC/RhuikBMM6GTvzK/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNTg5NTJkMzkzOTM1ZjBkM2JjZTgxNGZkOTE3OGQwNDY5
M2FlYjkwHhcNMjMwMTAxMTg0NDU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGE0OTFkZjQxOGI4NjNlMmI0MjMwYzNiNWQ2NGJiM2M5Njc1ZTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAugCyJAJCOpE9DMe5BBnscTs9dhGG
A6tod/FgePlLk4rYAs0lFaRqJ54bJApvrTBlAXhuYURjVvAz9ZP+giLFR5x1bCGG
LJodoWn5QZMtmvWgems7n71OkNfWCUeylgVb25JKqLesPmnxWYIWa19HIoEIaEfb
f08S06XEOKDzTDQh0U/XMcpUFGj9/77RHQOrxl6gF7ATC064r8tMCuw4n+SzeAn3
h53W6GkPPREF6c95MwhUmlvbx9FgT24NZxikj1DLA4X3SFGAhR4PoEDeqjb2lYKq
VjDm8JHzm6o/ksziAkvPrdrImuwgE9BWgpLuOhxmJKBKoebEufRADIwePwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFGSkkd9Bi4Y+K0Iww7XWS7PJZ15IMB8GA1UdIwQY
MBaAFP5YlS05OTXw07zoFP2ReNBGk665MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUt
NWQ0OGI2NWNlNTczLzEvWktTUjMwR0xoajRyUWpERHRkWkxzOGxuWGtnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUtNWQ0OGI2NWNlNTcz
LzEvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQAVcx9AwQA
Vcx/AwQAVmpoAwQAWSGjAwQAWSf8AwQAWStJAwQAXXGeAwQAXXKrAwQAvNdIAwQA
vPAOMA0GCSqGSIb3DQEBCwUAA4IBAQAvGezaoEHD02tiJaZdP5WnyxH4BBs88vEl
9tjplHSnWcaCJ4UtnVkWotjaSG5wHiRFIpK/suxUN+i+Flks3Cd6lplH6bh8ZT74
u8rkzyHDdgn27rN9+syD2rkq+WEIWFoW6fxj9RVU8DBBI/7iD7pmEhx5B4+Yi5MT
YX9aZKxYMXN7EezC6ik7SCp/Px7mpMkqOp+Ln7ZeOIMY6NiSimT8sGbc/bqAcoDn
bS0bpuQaICEOj/rNfXJqDWf/7HCvB02Uq+GOfzP9wc2M8gbPJ971QWBFaku3iec4
auNE8/tf4UHY093GQoXiRzLDWH7UNKX12/dd7jCQr7YvyMlwJSXz
-----END CERTIFICATE-----