Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/bf2d8c-e38b-463a-b26b-ecf2217f9867/1/l2utdRfTSozjlS9WE6_B8bBFjNA.roa
File:                     l2utdRfTSozjlS9WE6_B8bBFjNA.roa (raw, json)
Hash identifier:          FWlheN5/vgxFSXNiX/Ba0e9IMyUzKjBrczOZK8HIDwI=
Subject key identifier:   97:6B:AD:75:17:D3:4A:8C:E3:95:2F:56:13:AF:C1:F1:B0:45:8C:D0
Certificate issuer:       /CN=c4fbe8422432727d3874b1564baeac8a80557b2d
Certificate serial:       018572FA84F575ED5123C4CE4CE658BDC043
Authority key identifier: C4:FB:E8:42:24:32:72:7D:38:74:B1:56:4B:AE:AC:8A:80:55:7B:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xPvoQiQycn04dLFWS66sioBVey0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/bf2d8c-e38b-463a-b26b-ecf2217f9867/1/l2utdRfTSozjlS9WE6_B8bBFjNA.roa
Signing time:             Mon 02 Jan 2023 14:54:58 +0000
ROA not before:           Mon 02 Jan 2023 14:54:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     42201
IP address blocks:        91.240.64.0/24 maxlen: 24
                          91.240.65.0/24 maxlen: 24
                          45.130.84.0/24 maxlen: 24
                          45.130.85.0/24 maxlen: 24
                          45.130.87.0/24 maxlen: 24
                          45.148.7.0/24 maxlen: 24
                          45.148.5.0/24 maxlen: 24
                          45.130.86.0/24 maxlen: 24
                          2a10:a000:4::/48 maxlen: 48
                          2a10:a000:5::/48 maxlen: 48
                          2a10:a000:3::/48 maxlen: 48
                          2a10:a000:2::/48 maxlen: 48
                          2a10:a000::/48 maxlen: 48
                          2a10:a000:1::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 18:31:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:fa:84:f5:75:ed:51:23:c4:ce:4c:e6:58:bd:c0:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4fbe8422432727d3874b1564baeac8a80557b2d
        Validity
            Not Before: Jan  2 14:54:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=976bad7517d34a8ce3952f5613afc1f1b0458cd0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:fb:ab:53:cf:9c:d6:fe:58:f4:e3:3e:71:8e:
                    8f:de:9c:1f:38:3e:45:99:80:61:83:8e:b7:9c:67:
                    b2:5f:4b:96:48:e4:1d:66:25:12:d4:c1:6e:a5:8c:
                    f1:99:0e:23:6b:84:5d:b0:a2:50:5e:37:b6:df:4f:
                    cd:a7:7b:d8:5a:88:40:0f:67:06:76:1a:ec:16:d6:
                    2f:15:f6:1f:c4:f7:b7:35:ae:d9:42:24:16:da:00:
                    1f:ef:ea:d1:8a:37:10:46:3e:20:d8:ed:00:a9:13:
                    05:36:e3:8b:a6:5c:87:61:d3:a1:40:9a:1d:fc:a5:
                    21:c5:2c:b5:c4:ca:ab:db:48:08:bd:fa:88:3a:a6:
                    d9:0c:fd:04:5a:ad:43:81:7d:87:ac:1a:fd:00:af:
                    f0:21:73:bd:bf:a6:2d:55:2e:d9:30:7d:3d:a9:a8:
                    dd:0e:e6:2b:fa:12:97:39:4b:bf:3e:6a:a4:c1:e7:
                    c2:94:60:72:5f:c8:d6:98:84:4a:25:52:1e:e7:03:
                    59:12:2d:13:5a:c9:81:bf:8a:72:64:b8:d5:25:0d:
                    68:46:d7:c1:63:87:bf:5b:75:92:a3:c3:40:6a:fc:
                    af:93:8d:58:d3:05:10:1f:7e:63:26:07:bb:ec:b7:
                    5e:5c:ef:7e:5e:3a:23:7c:9f:77:b4:f2:e3:19:6f:
                    1b:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:6B:AD:75:17:D3:4A:8C:E3:95:2F:56:13:AF:C1:F1:B0:45:8C:D0
            X509v3 Authority Key Identifier:
                keyid:C4:FB:E8:42:24:32:72:7D:38:74:B1:56:4B:AE:AC:8A:80:55:7B:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xPvoQiQycn04dLFWS66sioBVey0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/bf2d8c-e38b-463a-b26b-ecf2217f9867/1/l2utdRfTSozjlS9WE6_B8bBFjNA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/bf2d8c-e38b-463a-b26b-ecf2217f9867/1/xPvoQiQycn04dLFWS66sioBVey0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.130.84.0/22
                  45.148.5.0/24
                  45.148.7.0/24
                  91.240.64.0/23
                IPv6:
                  2a10:a000::-2a10:a000:5:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         43:e6:bb:f4:5a:a2:ab:23:4b:c6:29:a8:bc:fe:53:87:c9:d8:
         0d:da:99:86:21:75:84:a8:3e:06:ea:c5:2a:d5:51:92:89:43:
         34:65:55:2e:16:c3:97:15:c5:3f:8a:7f:ed:78:80:90:0e:6f:
         17:01:11:67:d9:eb:3f:90:90:fc:ac:08:77:3f:fc:d6:da:a8:
         eb:b7:a4:4e:d8:c4:83:80:8a:44:44:2c:77:9e:80:95:86:c8:
         f2:d0:9a:87:f2:6f:05:f0:86:15:d3:ea:00:81:ef:1c:09:51:
         0e:e7:b7:71:46:af:fc:3a:3b:ea:f8:d5:ea:2d:f5:0a:a0:41:
         92:23:c5:9f:bd:28:e5:96:51:55:7b:94:99:1e:58:48:be:ad:
         88:1e:a2:73:0f:3c:30:90:f6:7b:1f:8b:84:03:b2:29:30:24:
         1a:04:01:97:f9:12:9e:95:ad:96:7f:6d:2b:cd:d9:eb:92:31:
         05:e3:14:2c:a0:9d:5e:df:29:7f:ae:10:f5:f3:97:d6:75:ef:
         a5:d7:59:12:8d:45:e2:fc:ba:c0:34:87:a2:6d:f9:88:07:28:
         22:db:6f:12:c9:67:fa:24:23:e8:a1:68:21:3c:71:54:90:57:
         be:76:0f:44:a7:3f:0c:43:dd:f3:00:5d:99:b2:e0:d6:ca:02:
         3e:4b:ed:eb
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgISAYVy+oT1de1RI8TOTOZYvcBDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0ZmJlODQyMjQzMjcyN2QzODc0YjE1NjRiYWVhYzhhODA1
NTdiMmQwHhcNMjMwMTAyMTQ1NDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzZiYWQ3NTE3ZDM0YThjZTM5NTJmNTYxM2FmYzFmMWIwNDU4Y2QwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAivurU8+c1v5Y9OM+cY6P3pwfOD5F
mYBhg463nGeyX0uWSOQdZiUS1MFupYzxmQ4ja4RdsKJQXje230/Np3vYWohAD2cG
dhrsFtYvFfYfxPe3Na7ZQiQW2gAf7+rRijcQRj4g2O0AqRMFNuOLplyHYdOhQJod
/KUhxSy1xMqr20gIvfqIOqbZDP0EWq1DgX2HrBr9AK/wIXO9v6YtVS7ZMH09qajd
DuYr+hKXOUu/PmqkwefClGByX8jWmIRKJVIe5wNZEi0TWsmBv4pyZLjVJQ1oRtfB
Y4e/W3WSo8NAavyvk41Y0wUQH35jJge77LdeXO9+XjojfJ93tPLjGW8bDQIDAQAB
o4ICNDCCAjAwHQYDVR0OBBYEFJdrrXUX00qM45UvVhOvwfGwRYzQMB8GA1UdIwQY
MBaAFMT76EIkMnJ9OHSxVkuurIqAVXstMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFB2b1FpUXljbjA0ZExGV1M2NnNpb0JWZXkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My9iZjJkOGMtZTM4Yi00NjNhLWIyNmIt
ZWNmMjIxN2Y5ODY3LzEvbDJ1dGRSZlRTb3pqbFM5V0U2X0I4YkJGak5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My9iZjJkOGMtZTM4Yi00NjNhLWIyNmItZWNmMjIxN2Y5ODY3
LzEveFB2b1FpUXljbjA0ZExGV1M2NnNpb0JWZXkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEoGCCsGAQUFBwEHAQH/BDswOTAeBAIAATAYAwQCLYJUAwQA
LZQFAwQALZQHAwQBW/BAMBcEAgACMBEwDwMEBSoQoAMHASoQoAAABDANBgkqhkiG
9w0BAQsFAAOCAQEAQ+a79FqiqyNLximovP5Th8nYDdqZhiF1hKg+BurFKtVRkolD
NGVVLhbDlxXFP4p/7XiAkA5vFwERZ9nrP5CQ/KwIdz/81tqo67ekTtjEg4CKREQs
d56AlYbI8tCah/JvBfCGFdPqAIHvHAlRDue3cUav/Do76vjV6i31CqBBkiPFn70o
5ZZRVXuUmR5YSL6tiB6icw88MJD2ex+LhAOyKTAkGgQBl/kSnpWtln9tK83Z65Ix
BeMULKCdXt8pf64Q9fOX1nXvpddZEo1F4vy6wDSHom35iAcoIttvEsln+iQj6KFo
ITxxVJBXvnYPRKc/DEPd8wBdmbLg1soCPkvt6w==
-----END CERTIFICATE-----