Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/gQDtrfhvA6ewXbh2Zi39_Z7TzYw.roa
File:                     gQDtrfhvA6ewXbh2Zi39_Z7TzYw.roa (raw, json)
Hash identifier:          Zwx9Oua1OCBlXTr5fC1Cll3/y5rT71bhLK4zafloUA0=
Subject key identifier:   81:00:ED:AD:F8:6F:03:A7:B0:5D:B8:76:66:2D:FD:FD:9E:D3:CD:8C
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       0187218046A4B84555A10FFD2DA96E7CCB28
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/gQDtrfhvA6ewXbh2Zi39_Z7TzYw.roa
Signing time:             Mon 27 Mar 2023 05:17:47 +0000
ROA not before:           Mon 27 Mar 2023 05:17:47 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     60721
IP address blocks:        84.32.66.0/24 maxlen: 24
                          84.32.178.0/24 maxlen: 24
                          84.32.68.0/24 maxlen: 24
                          84.32.90.0/24 maxlen: 24
                          88.216.95.0/24 maxlen: 24
                          88.216.103.0/24 maxlen: 24
                          84.32.225.0/24 maxlen: 24
                          88.216.220.0/24 maxlen: 24
                          84.32.44.0/24 maxlen: 24
                          84.32.47.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 03 Apr 2023 06:51:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:21:80:46:a4:b8:45:55:a1:0f:fd:2d:a9:6e:7c:cb:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Mar 27 05:17:47 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8100edadf86f03a7b05db876662dfdfd9ed3cd8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:ab:99:bb:96:c6:ef:8c:13:9d:fa:60:94:48:
                    e4:ef:62:12:33:b2:e7:a3:f5:83:4d:37:e8:a7:30:
                    45:ff:be:7a:dc:d5:aa:7d:67:41:3a:e8:d9:47:8d:
                    9e:79:73:3b:77:7e:39:44:a8:5f:1d:8d:d1:d9:80:
                    06:8f:ed:1a:51:e7:95:cb:0a:f8:4b:31:80:bd:57:
                    9c:75:bf:4a:d1:8f:5d:b6:e6:19:25:b1:19:03:3f:
                    0b:54:e8:6a:fb:8d:e3:f9:47:79:79:b5:98:60:76:
                    e3:9e:08:d9:2d:9a:f5:68:4b:9a:f3:b1:dc:5a:0a:
                    ae:cb:51:6f:73:38:d6:45:1d:aa:be:45:b2:43:30:
                    82:86:49:57:15:54:0f:c9:53:6c:c6:99:93:47:c9:
                    af:d5:95:90:9e:ba:b2:e8:20:98:a1:9e:ab:02:6b:
                    59:48:1d:94:79:cd:7a:bc:87:ae:59:6c:c5:7e:30:
                    23:f6:2a:00:f1:e3:17:d0:e8:5d:ee:78:29:6a:3a:
                    16:ad:dc:b5:bd:9f:28:20:28:52:7f:0e:63:74:ff:
                    b9:d0:09:15:78:04:40:57:0c:38:37:f5:1e:86:9d:
                    b3:38:cf:98:a9:3a:1c:23:37:dc:ad:bf:7f:5a:bf:
                    35:49:8c:8e:04:1e:02:b2:a8:7a:f3:74:70:58:a8:
                    c0:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:00:ED:AD:F8:6F:03:A7:B0:5D:B8:76:66:2D:FD:FD:9E:D3:CD:8C
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/gQDtrfhvA6ewXbh2Zi39_Z7TzYw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.44.0/24
                  84.32.47.0/24
                  84.32.66.0/24
                  84.32.68.0/24
                  84.32.90.0/24
                  84.32.178.0/24
                  84.32.225.0/24
                  88.216.95.0/24
                  88.216.103.0/24
                  88.216.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:14:ab:e4:f4:b3:eb:76:62:60:3e:87:2a:9c:ca:0e:d6:9d:
         a4:bf:0b:78:02:d6:28:2c:78:7d:b0:56:fb:51:e5:05:1c:6e:
         cd:7d:e8:14:8a:6b:05:f8:22:ef:6b:37:8a:6d:dd:5a:aa:71:
         ff:3b:0f:67:42:e4:34:d6:66:f1:0a:26:14:60:7c:29:29:2c:
         da:32:10:28:fa:6d:7a:54:c3:47:c5:d3:54:28:9a:7e:b6:5d:
         23:0f:94:33:a7:06:a6:d3:cd:38:e0:59:ac:e5:e3:52:20:e0:
         93:0a:0c:25:97:8e:33:2d:42:7b:1e:57:54:59:08:74:50:20:
         e7:3d:f4:00:4a:a0:3b:7a:d4:a4:71:86:01:9a:af:c8:47:b0:
         33:f9:9c:bf:9c:91:68:79:83:a3:8c:fb:43:0a:6a:99:a2:18:
         0b:25:cf:0c:4f:90:5c:61:7e:03:6f:b5:37:6a:59:aa:9b:a2:
         15:c2:0c:8c:25:71:c8:b0:d7:d4:de:ca:cd:12:45:41:06:08:
         3a:0a:97:ea:5d:5f:4c:6b:bb:60:87:ba:f7:31:72:3d:c7:d4:
         d4:0b:de:b4:f0:36:5e:44:52:7c:29:21:82:b3:ea:2b:16:b7:
         77:74:c1:d6:f3:db:e8:bb:a9:28:11:77:e8:69:11:6b:77:e2:
         ed:8d:8c:ad
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYchgEakuEVVoQ/9LalufMsoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjMwMzI3MDUxNzQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTAwZWRhZGY4NmYwM2E3YjA1ZGI4NzY2NjJkZmRmZDllZDNjZDhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp6uZu5bG74wTnfpglEjk72ISM7Ln
o/WDTTfopzBF/7563NWqfWdBOujZR42eeXM7d345RKhfHY3R2YAGj+0aUeeVywr4
SzGAvVecdb9K0Y9dtuYZJbEZAz8LVOhq+43j+Ud5ebWYYHbjngjZLZr1aEua87Hc
Wgquy1FvczjWRR2qvkWyQzCChklXFVQPyVNsxpmTR8mv1ZWQnrqy6CCYoZ6rAmtZ
SB2Uec16vIeuWWzFfjAj9ioA8eMX0Ohd7ngpajoWrdy1vZ8oIChSfw5jdP+50AkV
eARAVww4N/Uehp2zOM+YqTocIzfcrb9/Wr81SYyOBB4Csqh683RwWKjAfwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFIEA7a34bwOnsF24dmYt/f2e082MMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvZ1FEdHJmaHZBNmV3WGJoMlppMzlfWjdUell3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQAVCAsAwQA
VCAvAwQAVCBCAwQAVCBEAwQAVCBaAwQAVCCyAwQAVCDhAwQAWNhfAwQAWNhnAwQA
WNjcMA0GCSqGSIb3DQEBCwUAA4IBAQBEFKvk9LPrdmJgPocqnMoO1p2kvwt4AtYo
LHh9sFb7UeUFHG7NfegUimsF+CLvazeKbd1aqnH/Ow9nQuQ01mbxCiYUYHwpKSza
MhAo+m16VMNHxdNUKJp+tl0jD5Qzpwam08044Fms5eNSIOCTCgwll44zLUJ7HldU
WQh0UCDnPfQASqA7etSkcYYBmq/IR7Az+Zy/nJFoeYOjjPtDCmqZohgLJc8MT5Bc
YX4Db7U3almqm6IVwgyMJXHIsNfU3srNEkVBBgg6CpfqXV9Ma7tgh7r3MXI9x9TU
C9608DZeRFJ8KSGCs+orFrd3dMHW89vou6koEXfoaRFrd+LtjYyt
-----END CERTIFICATE-----