Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/6db797-a3d3-4241-903a-0c66840198d0/1/cV5yt5Fco9QhF86lCp0XqDDYIuY.roa
File:                     cV5yt5Fco9QhF86lCp0XqDDYIuY.roa (raw, json)
Hash identifier:          1CUVIHr+df1jcIbW82iUFTf++qGnpafapZ1kVgMDXmQ=
Subject key identifier:   71:5E:72:B7:91:5C:A3:D4:21:17:CE:A5:0A:9D:17:A8:30:D8:22:E6
Certificate issuer:       /CN=6a8edda2f21c885fbe67286218b8318d6ad23896
Certificate serial:       018851D74DD858119D214396086D896FEB6B
Authority key identifier: 6A:8E:DD:A2:F2:1C:88:5F:BE:67:28:62:18:B8:31:8D:6A:D2:38:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ao7dovIciF--ZyhiGLgxjWrSOJY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/6db797-a3d3-4241-903a-0c66840198d0/1/cV5yt5Fco9QhF86lCp0XqDDYIuY.roa
Signing time:             Thu 25 May 2023 07:37:24 +0000
ROA not before:           Thu 25 May 2023 07:37:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     198193
IP address blocks:        185.28.216.0/22 maxlen: 24
                          185.104.164.0/22 maxlen: 24
                          91.216.73.0/24 maxlen: 24
                          91.216.77.0/24 maxlen: 24
                          37.10.108.0/24 maxlen: 24
                          185.91.192.0/22 maxlen: 24
                          91.216.100.0/24 maxlen: 24
                          185.42.20.0/22 maxlen: 24
                          91.216.122.0/24 maxlen: 24
                          185.217.112.0/22 maxlen: 24
                          37.10.70.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 12:32:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:51:d7:4d:d8:58:11:9d:21:43:96:08:6d:89:6f:eb:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a8edda2f21c885fbe67286218b8318d6ad23896
        Validity
            Not Before: May 25 07:37:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=715e72b7915ca3d42117cea50a9d17a830d822e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:e6:ba:10:b7:4b:34:84:b0:c8:b4:7d:01:ac:
                    a1:5c:23:4c:67:8c:7a:fd:52:a2:b1:c6:bd:b7:e7:
                    65:ec:03:39:56:3d:b2:f9:35:56:a1:02:45:e4:70:
                    14:9c:30:c4:c0:a1:da:d3:8d:49:73:83:8b:29:02:
                    43:bb:8d:4c:01:8c:a6:b4:0a:6b:b4:03:57:b0:6d:
                    8c:0b:50:69:ba:33:83:b9:b8:d1:a3:ef:7b:18:8f:
                    14:c6:a7:cf:80:6b:7e:01:b8:1c:dd:b0:4c:97:c5:
                    b2:4c:3f:b5:70:e5:03:62:5b:2f:39:fe:3f:5c:59:
                    89:3b:4a:97:5d:7e:7a:fd:47:23:82:14:6b:05:78:
                    d0:3f:f0:d4:36:7c:88:24:fe:95:44:07:da:9b:95:
                    0d:c6:21:66:db:4c:0d:61:dc:da:e4:bc:0d:ec:95:
                    a9:de:aa:00:e4:ef:e7:c5:62:97:58:0e:3b:ef:f1:
                    21:06:bf:c4:85:6d:ba:05:80:c2:3b:c2:3a:b6:5f:
                    47:94:8f:f6:7c:8a:9a:41:ca:7c:e1:f4:a2:12:49:
                    ad:c2:42:06:c1:fa:f1:9f:8b:bd:29:a6:af:d6:70:
                    7a:3a:99:34:34:c1:1e:54:6d:3e:d1:69:56:52:a4:
                    07:00:c9:f3:90:e3:d5:b1:d7:2d:12:6c:f2:6c:d3:
                    b2:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:5E:72:B7:91:5C:A3:D4:21:17:CE:A5:0A:9D:17:A8:30:D8:22:E6
            X509v3 Authority Key Identifier:
                keyid:6A:8E:DD:A2:F2:1C:88:5F:BE:67:28:62:18:B8:31:8D:6A:D2:38:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ao7dovIciF--ZyhiGLgxjWrSOJY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/6db797-a3d3-4241-903a-0c66840198d0/1/cV5yt5Fco9QhF86lCp0XqDDYIuY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/6db797-a3d3-4241-903a-0c66840198d0/1/ao7dovIciF--ZyhiGLgxjWrSOJY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.10.70.0/24
                  37.10.108.0/24
                  91.216.73.0/24
                  91.216.77.0/24
                  91.216.100.0/24
                  91.216.122.0/24
                  185.28.216.0/22
                  185.42.20.0/22
                  185.91.192.0/22
                  185.104.164.0/22
                  185.217.112.0/22

    Signature Algorithm: sha256WithRSAEncryption
         53:0b:5a:05:08:d6:68:5a:e1:e9:82:ad:d0:a0:fd:b8:bc:f6:
         a2:d4:1e:ab:7d:0e:24:26:91:f4:18:90:b5:11:95:61:6a:7f:
         71:aa:da:7c:48:b8:e4:87:40:33:aa:b3:22:5c:16:21:c1:bf:
         c6:68:43:04:f5:96:67:2c:f5:72:42:61:b2:be:c5:84:cd:11:
         d2:ac:ad:18:6c:21:38:ee:8e:c6:8b:be:99:8d:06:72:b5:8a:
         58:32:d7:bf:c7:1a:d6:80:f1:43:76:7f:92:4f:21:22:67:3a:
         e6:7d:0f:f4:2d:41:44:ed:8d:91:dd:1e:37:69:3c:3f:48:4e:
         5c:ce:82:8c:84:3c:3d:cb:e6:00:b6:39:eb:c6:62:91:31:c1:
         bd:75:eb:b9:05:ec:62:20:6b:be:bb:28:b5:3f:92:87:da:78:
         50:f4:06:3d:84:82:89:1f:63:20:21:88:d6:3d:5a:84:04:0a:
         7c:0c:e6:d7:b4:92:47:bc:97:9e:75:17:51:46:ae:e1:61:d2:
         06:87:77:8c:22:30:34:7f:b3:81:b9:82:0f:c7:49:27:d0:03:
         83:83:4d:45:15:15:7f:b9:30:48:66:00:e3:5d:11:62:47:e1:
         0a:60:d8:45:34:c8:0c:47:aa:f6:05:7b:1c:b6:de:f8:56:bd:
         7e:83:44:b6
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYhR103YWBGdIUOWCG2Jb+trMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhOGVkZGEyZjIxYzg4NWZiZTY3Mjg2MjE4YjgzMThkNmFk
MjM4OTYwHhcNMjMwNTI1MDczNzI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTVlNzJiNzkxNWNhM2Q0MjExN2NlYTUwYTlkMTdhODMwZDgyMmU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm+a6ELdLNISwyLR9AayhXCNMZ4x6
/VKisca9t+dl7AM5Vj2y+TVWoQJF5HAUnDDEwKHa041Jc4OLKQJDu41MAYymtApr
tANXsG2MC1BpujODubjRo+97GI8UxqfPgGt+Abgc3bBMl8WyTD+1cOUDYlsvOf4/
XFmJO0qXXX56/UcjghRrBXjQP/DUNnyIJP6VRAfam5UNxiFm20wNYdza5LwN7JWp
3qoA5O/nxWKXWA477/EhBr/EhW26BYDCO8I6tl9HlI/2fIqaQcp84fSiEkmtwkIG
wfrxn4u9Kaav1nB6Opk0NMEeVG0+0WlWUqQHAMnzkOPVsdctEmzybNOyBwIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFHFecreRXKPUIRfOpQqdF6gw2CLmMB8GA1UdIwQY
MBaAFGqO3aLyHIhfvmcoYhi4MY1q0jiWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYW83ZG92SWNpRi0tWnloaUdMZ3hqV3JTT0pZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS82ZGI3OTctYTNkMy00MjQxLTkwM2Et
MGM2Njg0MDE5OGQwLzEvY1Y1eXQ1RmNvOVFoRjg2bENwMFhxRERZSXVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS82ZGI3OTctYTNkMy00MjQxLTkwM2EtMGM2Njg0MDE5OGQw
LzEvYW83ZG92SWNpRi0tWnloaUdMZ3hqV3JTT0pZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQAJQpGAwQA
JQpsAwQAW9hJAwQAW9hNAwQAW9hkAwQAW9h6AwQCuRzYAwQCuSoUAwQCuVvAAwQC
uWikAwQCudlwMA0GCSqGSIb3DQEBCwUAA4IBAQBTC1oFCNZoWuHpgq3QoP24vPai
1B6rfQ4kJpH0GJC1EZVhan9xqtp8SLjkh0AzqrMiXBYhwb/GaEME9ZZnLPVyQmGy
vsWEzRHSrK0YbCE47o7Gi76ZjQZytYpYMte/xxrWgPFDdn+STyEiZzrmfQ/0LUFE
7Y2R3R43aTw/SE5czoKMhDw9y+YAtjnrxmKRMcG9deu5BexiIGu+uyi1P5KH2nhQ
9AY9hIKJH2MgIYjWPVqEBAp8DObXtJJHvJeedRdRRq7hYdIGh3eMIjA0f7OBuYIP
x0kn0AODg01FFRV/uTBIZgDjXRFiR+EKYNhFNMgMR6r2BXsctt74Vr1+g0S2
-----END CERTIFICATE-----