Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/c1765b-e3a5-410c-9cd3-6ca340fa7493/1/MngLfbBcAGDtRc8x18VQn5jHtNk.roa
File:                     MngLfbBcAGDtRc8x18VQn5jHtNk.roa (raw, json)
Hash identifier:          ifXiAD8wKf2/gy6Y3+Y5wmXzAHG4JQk5/g8C3u5YXcc=
Subject key identifier:   32:78:0B:7D:B0:5C:00:60:ED:45:CF:31:D7:C5:50:9F:98:C7:B4:D9
Certificate issuer:       /CN=7445ddeedfbd72d313e9ee8cceeae8403cc34146
Certificate serial:       01857CA8980A7643F58BD3F6D07448A7F5FD
Authority key identifier: 74:45:DD:EE:DF:BD:72:D3:13:E9:EE:8C:CE:EA:E8:40:3C:C3:41:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dEXd7t-9ctMT6e6MzuroQDzDQUY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/c1765b-e3a5-410c-9cd3-6ca340fa7493/1/MngLfbBcAGDtRc8x18VQn5jHtNk.roa
Signing time:             Wed 04 Jan 2023 12:01:41 +0000
ROA not before:           Wed 04 Jan 2023 12:01:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     14618
IP address blocks:        88.212.157.0/24 maxlen: 24
                          88.212.156.0/24 maxlen: 24
                          88.212.158.0/24 maxlen: 24
                          88.212.159.0/24 maxlen: 24
                          185.8.135.0/24 maxlen: 24
                          185.8.133.0/24 maxlen: 24
                          83.151.192.0/24 maxlen: 24
                          83.151.195.0/24 maxlen: 24
                          83.151.193.0/24 maxlen: 24
                          83.151.194.0/24 maxlen: 24
                          88.202.210.0/24 maxlen: 24
                          88.202.208.0/24 maxlen: 24
                          88.202.208.0/23 maxlen: 23

Validation:               Failed, certificate revoked on Thu 06 Apr 2023 08:57:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:7c:a8:98:0a:76:43:f5:8b:d3:f6:d0:74:48:a7:f5:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7445ddeedfbd72d313e9ee8cceeae8403cc34146
        Validity
            Not Before: Jan  4 12:01:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=32780b7db05c0060ed45cf31d7c5509f98c7b4d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:d8:ea:2f:dc:94:f9:0c:07:6a:4b:c0:b9:9f:
                    56:f2:5e:e2:b2:6e:ab:d1:39:23:da:d6:19:c3:c0:
                    d9:cd:71:69:45:41:a7:55:15:0e:14:20:32:f5:fb:
                    ff:6f:48:41:e1:a5:46:9f:0b:ed:e7:fb:c7:5e:63:
                    2a:a9:7d:a1:ba:ad:6b:13:10:f6:63:76:3f:65:fe:
                    ff:c6:06:71:db:36:59:46:b4:60:35:5f:2f:c8:8c:
                    e4:2c:23:5a:53:bf:23:ec:9c:d4:2c:a4:92:7d:f1:
                    8c:d9:2b:78:fc:0e:d1:9e:de:40:17:57:02:21:2f:
                    90:98:1a:03:ab:b6:61:26:c3:18:94:e0:09:4d:54:
                    9a:6a:29:0c:ca:b0:aa:b4:03:a3:86:56:d3:76:61:
                    95:83:ad:3a:11:d0:38:33:6e:e6:5c:cc:9c:45:3e:
                    8a:f6:be:91:c4:09:9a:50:1d:f5:d5:3d:7d:94:e6:
                    12:51:fa:57:2f:58:ed:06:38:86:5e:2e:01:78:97:
                    fc:c7:50:99:00:95:7f:82:24:e6:a4:a2:4e:c1:5c:
                    b1:47:33:19:d4:ad:8a:e2:11:6d:52:28:b9:ca:8e:
                    64:22:4c:2d:5d:54:a6:af:7d:17:c3:c4:7d:22:b2:
                    58:e7:9e:ea:11:c7:2c:b5:a7:26:7c:da:6e:4b:83:
                    53:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:78:0B:7D:B0:5C:00:60:ED:45:CF:31:D7:C5:50:9F:98:C7:B4:D9
            X509v3 Authority Key Identifier:
                keyid:74:45:DD:EE:DF:BD:72:D3:13:E9:EE:8C:CE:EA:E8:40:3C:C3:41:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dEXd7t-9ctMT6e6MzuroQDzDQUY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/c1765b-e3a5-410c-9cd3-6ca340fa7493/1/MngLfbBcAGDtRc8x18VQn5jHtNk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/c1765b-e3a5-410c-9cd3-6ca340fa7493/1/dEXd7t-9ctMT6e6MzuroQDzDQUY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.151.192.0/22
                  88.202.208.0-88.202.210.255
                  88.212.156.0/22
                  185.8.133.0/24
                  185.8.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:f8:28:19:2a:59:48:2a:5a:80:51:1b:61:bc:c7:55:ae:7d:
         00:2b:b3:78:82:ab:99:b0:62:e6:d9:96:d5:12:a9:2f:7b:aa:
         0b:ea:42:22:97:43:5b:f3:d4:45:f6:f7:2b:8a:4f:49:e0:70:
         25:c0:69:a4:1b:48:58:16:a5:51:d9:7c:e9:b5:3f:e1:6b:ef:
         8e:f1:34:72:52:31:e2:ac:e8:83:4f:42:a5:f8:00:a7:26:17:
         b6:26:cf:4c:2b:e3:04:b5:ec:3b:4c:a2:9a:e8:31:25:e4:63:
         34:90:37:c6:45:7e:ac:a6:70:67:ab:df:bf:7d:fe:bc:9a:e6:
         b4:53:40:46:cb:d2:98:07:1e:f9:db:e4:8b:86:51:8b:5b:05:
         b7:d5:31:96:34:5b:d9:56:74:3c:b3:74:04:2e:8c:3a:71:ee:
         c4:bd:3b:22:b8:af:65:2a:ce:52:1c:ba:ed:ee:73:d0:41:72:
         ff:56:fd:3c:e8:44:bc:76:cd:b2:5b:4d:0f:77:c6:8e:f7:fd:
         4f:af:a2:24:20:25:24:4c:f0:12:80:8e:f2:f1:6f:09:c0:36:
         f0:db:2b:29:d8:73:52:4e:04:f1:2f:ff:b0:cb:3f:f7:3a:61:
         1d:a1:fd:bc:61:ed:a3:ec:89:4a:0f:8d:2b:70:2a:e8:64:99:
         f6:59:92:d1
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAYV8qJgKdkP1i9P20HRIp/X9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NDVkZGVlZGZiZDcyZDMxM2U5ZWU4Y2NlZWFlODQwM2Nj
MzQxNDYwHhcNMjMwMTA0MTIwMTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjc4MGI3ZGIwNWMwMDYwZWQ0NWNmMzFkN2M1NTA5Zjk4YzdiNGQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAktjqL9yU+QwHakvAuZ9W8l7ism6r
0Tkj2tYZw8DZzXFpRUGnVRUOFCAy9fv/b0hB4aVGnwvt5/vHXmMqqX2huq1rExD2
Y3Y/Zf7/xgZx2zZZRrRgNV8vyIzkLCNaU78j7JzULKSSffGM2St4/A7Rnt5AF1cC
IS+QmBoDq7ZhJsMYlOAJTVSaaikMyrCqtAOjhlbTdmGVg606EdA4M27mXMycRT6K
9r6RxAmaUB311T19lOYSUfpXL1jtBjiGXi4BeJf8x1CZAJV/giTmpKJOwVyxRzMZ
1K2K4hFtUii5yo5kIkwtXVSmr30Xw8R9IrJY557qEccstacmfNpuS4NTQwIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFDJ4C32wXABg7UXPMdfFUJ+Yx7TZMB8GA1UdIwQY
MBaAFHRF3e7fvXLTE+nujM7q6EA8w0FGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEVYZDd0LTljdE1UNmU2TXp1cm9RRHpEUVVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi9jMTc2NWItZTNhNS00MTBjLTljZDMt
NmNhMzQwZmE3NDkzLzEvTW5nTGZiQmNBR0R0UmM4eDE4VlFuNWpIdE5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi9jMTc2NWItZTNhNS00MTBjLTljZDMtNmNhMzQwZmE3NDkz
LzEvZEVYZDd0LTljdE1UNmU2TXp1cm9RRHpEUVVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwQCU5fAMAwD
BARYytADBABYytIDBAJY1JwDBAC5CIUDBAC5CIcwDQYJKoZIhvcNAQELBQADggEB
AIz4KBkqWUgqWoBRG2G8x1WufQArs3iCq5mwYubZltUSqS97qgvqQiKXQ1vz1EX2
9yuKT0ngcCXAaaQbSFgWpVHZfOm1P+Fr747xNHJSMeKs6INPQqX4AKcmF7Ymz0wr
4wS17DtMoproMSXkYzSQN8ZFfqymcGer3799/rya5rRTQEbL0pgHHvnb5IuGUYtb
BbfVMZY0W9lWdDyzdAQujDpx7sS9OyK4r2UqzlIcuu3uc9BBcv9W/TzoRLx2zbJb
TQ93xo73/U+voiQgJSRM8BKAjvLxbwnANvDbKynYc1JOBPEv/7DLP/c6YR2h/bxh
7aPsiUoPjStwKuhkmfZZktE=
-----END CERTIFICATE-----