Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9e6c48-4bdd-4e60-910a-54b41e4fc63b/1/9wvkAF4DR-pRilIoC0m9Yzqk2rg.roa
File:                     9wvkAF4DR-pRilIoC0m9Yzqk2rg.roa (raw, json)
Hash identifier:          uX/WcsT3HkbaFt5b0Eo6cU3JPLBt6x3p+NH/lc1vygw=
Subject key identifier:   F7:0B:E4:00:5E:03:47:EA:51:8A:52:28:0B:49:BD:63:3A:A4:DA:B8
Certificate issuer:       /CN=77dbfb3d64eb10c782562a37855b0732bd18eb3f
Certificate serial:       01856B00BD18F70F2112924530C62746248E
Authority key identifier: 77:DB:FB:3D:64:EB:10:C7:82:56:2A:37:85:5B:07:32:BD:18:EB:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d9v7PWTrEMeCVio3hVsHMr0Y6z8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9e6c48-4bdd-4e60-910a-54b41e4fc63b/1/9wvkAF4DR-pRilIoC0m9Yzqk2rg.roa
Signing time:             Sun 01 Jan 2023 01:44:48 +0000
ROA not before:           Sun 01 Jan 2023 01:44:48 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43323
IP address blocks:        194.107.16.0/24 maxlen: 24
                          95.87.96.0/21 maxlen: 21
                          95.87.97.0/24 maxlen: 24
                          95.87.98.0/24 maxlen: 24
                          95.87.96.0/24 maxlen: 24
                          95.87.100.0/24 maxlen: 24
                          95.87.101.0/24 maxlen: 24
                          95.87.99.0/24 maxlen: 24
                          95.87.102.0/24 maxlen: 24
                          95.87.103.0/24 maxlen: 24
                          193.53.165.0/24 maxlen: 24
                          193.53.166.0/24 maxlen: 24
                          193.53.164.0/24 maxlen: 24
                          193.53.164.0/22 maxlen: 22
                          193.53.167.0/24 maxlen: 24
                          2a03:4d80::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 08:30:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6b:00:bd:18:f7:0f:21:12:92:45:30:c6:27:46:24:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77dbfb3d64eb10c782562a37855b0732bd18eb3f
        Validity
            Not Before: Jan  1 01:44:48 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f70be4005e0347ea518a52280b49bd633aa4dab8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:cb:42:a3:7e:25:17:b5:49:2a:fe:07:1b:f2:
                    53:cb:eb:73:2a:61:81:e9:b7:37:17:70:5a:55:cf:
                    e3:d1:bd:83:d0:cd:ca:24:bf:39:58:ab:13:0b:1b:
                    32:0b:f9:af:b0:00:ae:9f:e0:32:21:c9:7a:72:8e:
                    c2:a4:dc:ab:d8:29:d6:9b:9f:2e:c8:42:6d:ed:c9:
                    8e:ee:6b:25:8f:b0:9f:1d:96:63:86:f7:1a:02:61:
                    9c:b2:11:65:99:ef:d0:17:f9:c2:3d:d6:cf:1c:68:
                    98:12:4b:60:a4:f3:c2:8e:d7:6c:62:12:b9:8f:29:
                    2d:a8:af:87:fe:9c:af:4e:f9:8b:f6:e1:66:be:7b:
                    c7:e7:75:56:66:ea:16:5f:ce:c9:93:3b:a7:4c:15:
                    4e:a0:62:5f:9d:8f:66:88:7f:d7:90:b5:a0:70:c4:
                    3c:77:6d:25:0f:75:28:f5:d2:6e:3a:7f:81:e5:a7:
                    a6:a7:4b:d9:97:95:56:1f:1f:f5:51:ea:d3:dc:70:
                    75:7b:88:77:56:8e:b6:48:c0:9b:fd:1e:d6:73:4e:
                    ad:e4:71:96:b6:3c:95:0d:78:7a:67:c6:e1:d9:cc:
                    57:d9:1c:73:d0:0f:17:5b:74:4c:ce:e4:24:a3:2b:
                    89:58:25:e4:ae:7f:31:6b:68:94:fc:d3:5d:32:94:
                    be:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:0B:E4:00:5E:03:47:EA:51:8A:52:28:0B:49:BD:63:3A:A4:DA:B8
            X509v3 Authority Key Identifier:
                keyid:77:DB:FB:3D:64:EB:10:C7:82:56:2A:37:85:5B:07:32:BD:18:EB:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9v7PWTrEMeCVio3hVsHMr0Y6z8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9e6c48-4bdd-4e60-910a-54b41e4fc63b/1/9wvkAF4DR-pRilIoC0m9Yzqk2rg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9e6c48-4bdd-4e60-910a-54b41e4fc63b/1/d9v7PWTrEMeCVio3hVsHMr0Y6z8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.87.96.0/21
                  193.53.164.0/22
                  194.107.16.0/24
                IPv6:
                  2a03:4d80::/32

    Signature Algorithm: sha256WithRSAEncryption
         86:63:e9:73:60:dd:91:8c:8a:ce:e5:78:eb:cd:e9:58:dc:bb:
         20:5d:83:2d:91:c0:56:6d:a4:65:9f:66:20:a6:23:71:ab:2d:
         22:19:b5:ad:89:b6:68:68:3d:8d:d2:45:a0:db:51:20:a3:c8:
         bf:62:2c:24:29:26:22:bb:da:e3:f5:21:a5:de:31:e0:e8:89:
         a6:4f:aa:cb:8a:fe:89:4a:e9:f2:72:29:c1:dc:19:40:c4:eb:
         6c:38:72:a6:bf:b7:52:f3:68:7b:93:dc:83:b0:9f:b0:f5:ab:
         c1:bc:01:12:66:ed:da:45:e1:ff:b9:59:4f:07:66:57:7f:72:
         d0:12:d3:ee:fb:e7:cc:1b:7a:ed:b8:b7:c5:12:6e:3c:5e:e9:
         6b:7d:d9:0b:d5:ba:ae:14:c8:3e:ea:a1:75:ca:93:f4:fc:4c:
         13:ea:46:e7:db:48:20:49:4e:f3:28:6b:21:36:e5:d8:eb:d9:
         b7:97:69:8e:74:3c:7e:c7:fb:52:cb:f9:af:52:4a:16:69:ff:
         12:5b:85:1b:26:49:9c:34:ff:23:50:04:29:3c:b8:ae:64:00:
         87:82:75:52:30:1e:fd:59:38:d0:b1:50:fc:b5:c0:35:a3:a3:
         2f:d3:23:32:68:76:3c:b1:4a:66:d5:51:01:a4:1d:20:fb:32:
         ae:93:cd:01
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYVrAL0Y9w8hEpJFMMYnRiSOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3ZGJmYjNkNjRlYjEwYzc4MjU2MmEzNzg1NWIwNzMyYmQx
OGViM2YwHhcNMjMwMTAxMDE0NDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzBiZTQwMDVlMDM0N2VhNTE4YTUyMjgwYjQ5YmQ2MzNhYTRkYWI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApctCo34lF7VJKv4HG/JTy+tzKmGB
6bc3F3BaVc/j0b2D0M3KJL85WKsTCxsyC/mvsACun+AyIcl6co7CpNyr2CnWm58u
yEJt7cmO7mslj7CfHZZjhvcaAmGcshFlme/QF/nCPdbPHGiYEktgpPPCjtdsYhK5
jyktqK+H/pyvTvmL9uFmvnvH53VWZuoWX87JkzunTBVOoGJfnY9miH/XkLWgcMQ8
d20lD3Uo9dJuOn+B5aemp0vZl5VWHx/1UerT3HB1e4h3Vo62SMCb/R7Wc06t5HGW
tjyVDXh6Z8bh2cxX2Rxz0A8XW3RMzuQkoyuJWCXkrn8xa2iU/NNdMpS+tQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFPcL5ABeA0fqUYpSKAtJvWM6pNq4MB8GA1UdIwQY
MBaAFHfb+z1k6xDHglYqN4VbBzK9GOs/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZDl2N1BXVHJFTWVDVmlvM2hWc0hNcjBZNno4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZTZjNDgtNGJkZC00ZTYwLTkxMGEt
NTRiNDFlNGZjNjNiLzEvOXd2a0FGNERSLXBSaWxJb0MwbTlZenFrMnJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZTZjNDgtNGJkZC00ZTYwLTkxMGEtNTRiNDFlNGZjNjNi
LzEvZDl2N1BXVHJFTWVDVmlvM2hWc0hNcjBZNno4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDX1dgAwQC
wTWkAwQAwmsQMA0EAgACMAcDBQAqA02AMA0GCSqGSIb3DQEBCwUAA4IBAQCGY+lz
YN2RjIrO5XjrzelY3LsgXYMtkcBWbaRln2YgpiNxqy0iGbWtibZoaD2N0kWg21Eg
o8i/YiwkKSYiu9rj9SGl3jHg6ImmT6rLiv6JSunycinB3BlAxOtsOHKmv7dS82h7
k9yDsJ+w9avBvAESZu3aReH/uVlPB2ZXf3LQEtPu++fMG3rtuLfFEm48XulrfdkL
1bquFMg+6qF1ypP0/EwT6kbn20ggSU7zKGshNuXY69m3l2mOdDx+x/tSy/mvUkoW
af8SW4UbJkmcNP8jUAQpPLiuZACHgnVSMB79WTjQsVD8tcA1o6Mv0yMyaHY8sUpm
1VEBpB0g+zKuk80B
-----END CERTIFICATE-----