Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/Q1YwiljtnFdsUf8n6Tgz4hZoii4.roa
File:                     Q1YwiljtnFdsUf8n6Tgz4hZoii4.roa (raw, json)
Hash identifier:          at3QBnZ87F34fbtBRbUQIC3869UFpNq02KNEn4zlZ/8=
Subject key identifier:   43:56:30:8A:58:ED:9C:57:6C:51:FF:27:E9:38:33:E2:16:68:8A:2E
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       01856C53D13C23A38A887FC75EE73C5573DB
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/Q1YwiljtnFdsUf8n6Tgz4hZoii4.roa
Signing time:             Sun 01 Jan 2023 07:55:10 +0000
ROA not before:           Sun 01 Jan 2023 07:55:10 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     209371
IP address blocks:        193.35.152.0/24 maxlen: 24
                          193.35.155.0/24 maxlen: 24
                          185.88.175.0/24 maxlen: 24
                          193.223.106.0/24 maxlen: 24
                          185.243.181.0/24 maxlen: 24
                          185.243.180.0/24 maxlen: 24
                          185.184.24.0/24 maxlen: 24
                          185.249.200.0/24 maxlen: 24
                          185.249.203.0/24 maxlen: 24
                          185.249.201.0/24 maxlen: 24
                          185.249.202.0/24 maxlen: 24
                          193.160.140.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 01 Mar 2023 20:38:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:53:d1:3c:23:a3:8a:88:7f:c7:5e:e7:3c:55:73:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: Jan  1 07:55:10 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4356308a58ed9c576c51ff27e93833e216688a2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:0e:3d:72:93:65:46:e3:7b:15:95:3e:73:4f:
                    eb:54:e8:6c:b6:3a:da:46:e1:ec:d8:52:4f:bf:6d:
                    31:b6:10:ae:64:b2:0f:e7:49:6a:aa:e0:28:b8:74:
                    ff:f3:f8:91:2c:4e:25:c7:ec:e5:b1:12:df:24:cc:
                    27:6f:02:c9:e1:22:14:07:df:7c:19:1a:54:88:b7:
                    da:2b:85:56:06:ba:0e:36:ca:f0:18:56:48:e2:53:
                    71:f5:3e:06:72:1d:5a:f9:e2:af:7d:b6:46:96:a3:
                    11:32:5a:27:7e:79:32:56:16:b0:08:9f:c4:15:0e:
                    75:ea:74:4e:f7:16:ef:c3:5f:83:62:ba:df:9f:8f:
                    f3:be:56:77:b5:e2:79:f0:95:02:b3:67:91:e3:ac:
                    27:70:c2:9c:ec:87:73:e3:01:6f:54:ea:05:b3:92:
                    98:8d:5d:a2:b4:1d:bb:de:84:0a:70:8c:01:88:70:
                    e2:2a:80:ee:63:04:9c:6b:80:9e:ef:12:75:d0:00:
                    54:e5:9b:1a:b7:b0:33:46:70:bf:16:4e:7d:44:0e:
                    2d:a9:fc:d8:c0:d5:a8:f8:54:46:2f:95:5c:3d:0c:
                    22:eb:b2:b1:14:b4:6e:7e:56:c1:98:e7:37:00:34:
                    7a:69:3a:a7:53:0d:b5:20:33:e5:a5:48:60:3c:94:
                    94:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:56:30:8A:58:ED:9C:57:6C:51:FF:27:E9:38:33:E2:16:68:8A:2E
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/Q1YwiljtnFdsUf8n6Tgz4hZoii4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.88.175.0/24
                  185.184.24.0/24
                  185.243.180.0/23
                  185.249.200.0/22
                  193.35.152.0/24
                  193.35.155.0/24
                  193.160.140.0/24
                  193.223.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:08:39:c6:ee:47:06:89:35:1f:0f:f2:24:31:ec:c3:24:e2:
         37:9b:8e:bc:db:76:0c:dc:c6:25:87:9e:ae:19:ef:71:4a:bd:
         ed:9e:ce:d2:79:de:e9:19:0d:35:36:68:2c:5a:45:ce:c8:7e:
         22:a5:0a:be:df:53:7f:f4:66:3d:8f:73:9b:77:6c:4a:1e:6f:
         e8:84:77:53:bd:e8:93:99:c7:cb:eb:53:24:25:8b:ef:2e:31:
         ab:85:96:82:31:a0:33:bc:99:39:7d:88:c1:6d:85:a4:ae:b9:
         fd:83:30:be:62:f0:89:8c:4e:bf:54:1a:e9:df:27:fa:25:1c:
         de:0f:2b:ac:7f:2a:33:7a:a9:5a:a0:92:a8:f7:30:38:8b:94:
         f8:2b:12:d8:20:4b:9d:8c:b1:bc:96:13:bf:86:29:94:67:7c:
         d0:41:0e:70:ee:84:c9:62:65:72:0f:a8:06:1b:6d:e6:33:52:
         71:90:6d:33:30:b3:c2:ce:9e:f2:ee:70:a0:5c:59:7e:23:f4:
         6e:ab:79:3a:64:92:21:a3:52:30:db:37:bb:bd:fc:85:3c:21:
         f0:d8:e0:97:51:5d:a7:10:49:d7:ba:22:a6:28:9e:2a:9c:75:
         d9:e6:a3:25:ce:dc:2d:d3:f2:20:9d:19:40:3d:d6:1f:92:d7:
         47:3a:2a:f9
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYVsU9E8I6OKiH/HXuc8VXPbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjMwMTAxMDc1NTEwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzU2MzA4YTU4ZWQ5YzU3NmM1MWZmMjdlOTM4MzNlMjE2Njg4YTJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiw49cpNlRuN7FZU+c0/rVOhstjra
RuHs2FJPv20xthCuZLIP50lqquAouHT/8/iRLE4lx+zlsRLfJMwnbwLJ4SIUB998
GRpUiLfaK4VWBroONsrwGFZI4lNx9T4Gch1a+eKvfbZGlqMRMlonfnkyVhawCJ/E
FQ516nRO9xbvw1+DYrrfn4/zvlZ3teJ58JUCs2eR46wncMKc7Idz4wFvVOoFs5KY
jV2itB273oQKcIwBiHDiKoDuYwSca4Ce7xJ10ABU5Zsat7AzRnC/Fk59RA4tqfzY
wNWo+FRGL5VcPQwi67KxFLRuflbBmOc3ADR6aTqnUw21IDPlpUhgPJSUVwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFENWMIpY7ZxXbFH/J+k4M+IWaIouMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvUTFZd2lsanRuRmRzVWY4bjZUZ3o0aFpvaWk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAuVivAwQA
ubgYAwQBufO0AwQCufnIAwQAwSOYAwQAwSObAwQAwaCMAwQAwd9qMA0GCSqGSIb3
DQEBCwUAA4IBAQBICDnG7kcGiTUfD/IkMezDJOI3m46823YM3MYlh56uGe9xSr3t
ns7Sed7pGQ01NmgsWkXOyH4ipQq+31N/9GY9j3Obd2xKHm/ohHdTveiTmcfL61Mk
JYvvLjGrhZaCMaAzvJk5fYjBbYWkrrn9gzC+YvCJjE6/VBrp3yf6JRzeDyusfyoz
eqlaoJKo9zA4i5T4KxLYIEudjLG8lhO/himUZ3zQQQ5w7oTJYmVyD6gGG23mM1Jx
kG0zMLPCzp7y7nCgXFl+I/Ruq3k6ZJIho1Iw2ze7vfyFPCHw2OCXUV2nEEnXuiKm
KJ4qnHXZ5qMlztwt0/IgnRlAPdYfktdHOir5
-----END CERTIFICATE-----