Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/l0-PqY-pGyl8qOWg2791BW5eSgQ.roa
File:                     l0-PqY-pGyl8qOWg2791BW5eSgQ.roa (raw, json)
Hash identifier:          oSMPnRL2f3TGYE5ODUhQKgQ+i3L9YPFBTiQiGr+gFsE=
Subject key identifier:   97:4F:8F:A9:8F:A9:1B:29:7C:A8:E5:A0:DB:BF:75:05:6E:5E:4A:04
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       0185C0569F5539D271AD293AB88393F51F84
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/l0-PqY-pGyl8qOWg2791BW5eSgQ.roa
Signing time:             Tue 17 Jan 2023 15:26:20 +0000
ROA not before:           Tue 17 Jan 2023 15:26:20 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61138
IP address blocks:        84.32.57.0/24 maxlen: 24
                          84.32.67.0/24 maxlen: 24
                          84.32.91.0/24 maxlen: 24
                          88.216.93.0/24 maxlen: 24
                          88.216.101.0/24 maxlen: 24
                          88.216.104.0/24 maxlen: 24
                          84.32.110.0/24 maxlen: 24
                          84.32.111.0/24 maxlen: 24
                          88.216.130.0/24 maxlen: 24
                          88.216.38.0/24 maxlen: 24
                          88.216.39.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 02 Feb 2023 07:24:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:c0:56:9f:55:39:d2:71:ad:29:3a:b8:83:93:f5:1f:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jan 17 15:26:20 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=974f8fa98fa91b297ca8e5a0dbbf75056e5e4a04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:55:be:6e:6f:17:b8:f2:09:d7:52:9a:ee:68:
                    e6:e7:26:16:cc:9b:63:2b:91:76:53:7b:04:eb:00:
                    62:ee:23:de:38:1c:a8:71:bc:8b:4d:06:e3:59:1f:
                    0f:2f:c1:8e:e1:97:9c:16:ce:7d:09:1d:78:89:e7:
                    fd:70:b8:24:39:bb:99:3c:41:c5:d5:44:1e:24:a4:
                    99:f2:68:0f:5d:ce:b2:b9:6d:1c:a2:86:3c:fe:e7:
                    86:a0:b3:0a:f2:aa:ce:e5:66:20:86:3d:41:41:80:
                    79:34:72:47:58:73:b9:9d:07:25:45:e7:5c:6d:27:
                    0e:ee:fb:e5:b5:c7:84:31:f3:79:7d:72:a7:90:af:
                    50:45:91:ad:24:22:fa:aa:ae:97:47:a5:f3:d5:c3:
                    51:bb:69:83:55:73:cb:87:7f:34:b6:54:4f:fa:eb:
                    ad:fd:ce:48:37:17:ee:9d:10:b4:ae:93:85:30:1e:
                    38:64:fe:ad:04:56:4c:57:4e:ba:68:f0:40:98:28:
                    69:ee:c7:1e:ed:70:34:9e:55:1e:c2:9a:9c:38:0f:
                    65:ec:7e:7c:1e:a2:7b:ba:ea:25:a3:bb:c3:f4:0e:
                    cb:50:a0:30:d8:50:ea:c9:ff:02:0c:87:03:f8:3b:
                    01:55:92:97:f1:a3:77:af:6a:03:cb:40:51:82:cd:
                    61:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:4F:8F:A9:8F:A9:1B:29:7C:A8:E5:A0:DB:BF:75:05:6E:5E:4A:04
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/l0-PqY-pGyl8qOWg2791BW5eSgQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.57.0/24
                  84.32.67.0/24
                  84.32.91.0/24
                  84.32.110.0/23
                  88.216.38.0/23
                  88.216.93.0/24
                  88.216.101.0/24
                  88.216.104.0/24
                  88.216.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:f9:06:b8:30:1e:eb:56:e2:80:b3:09:e2:88:9c:68:f2:17:
         2a:7c:c0:55:d3:03:88:29:77:6a:4f:fc:9e:65:f7:e9:89:3c:
         da:6e:b0:11:ae:da:ee:98:43:28:c9:41:65:48:b5:43:0f:d6:
         e3:9a:3e:14:a1:05:91:f1:dc:e2:bf:be:94:7a:42:50:e8:09:
         b3:89:5c:50:16:74:76:e1:52:ad:e8:a6:73:fb:6f:37:4b:87:
         f9:89:68:14:de:4c:dc:21:29:93:9b:52:49:b8:a8:a9:67:06:
         6c:b2:8e:81:fc:a2:61:d0:b0:68:d4:4a:b5:2f:1c:01:8c:bd:
         bc:2e:ad:30:4a:8c:f4:5a:95:ba:54:74:df:ec:0c:4a:68:a6:
         79:13:2d:99:d6:f3:df:aa:a8:50:97:1d:c4:2b:82:b5:96:46:
         e8:5c:a8:c0:be:f1:d9:7c:98:cb:a1:7d:7d:3e:90:85:00:f9:
         01:80:88:de:f8:09:12:6f:d4:ec:d6:62:ac:62:a7:ef:1c:17:
         77:5e:d1:8c:2a:ab:7a:b4:de:2d:e4:4f:2a:94:88:30:fc:5c:
         74:f9:5a:2a:fc:13:91:2a:57:c3:a6:96:08:d9:41:f7:88:64:
         ab:25:b2:4a:e3:96:c2:c4:2e:91:86:77:92:e4:41:7b:e3:16:
         78:a1:3a:a3
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYXAVp9VOdJxrSk6uIOT9R+EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjMwMTE3MTUyNjIwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzRmOGZhOThmYTkxYjI5N2NhOGU1YTBkYmJmNzUwNTZlNWU0YTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAolW+bm8XuPIJ11Ka7mjm5yYWzJtj
K5F2U3sE6wBi7iPeOByocbyLTQbjWR8PL8GO4ZecFs59CR14ief9cLgkObuZPEHF
1UQeJKSZ8mgPXc6yuW0cooY8/ueGoLMK8qrO5WYghj1BQYB5NHJHWHO5nQclRedc
bScO7vvltceEMfN5fXKnkK9QRZGtJCL6qq6XR6Xz1cNRu2mDVXPLh380tlRP+uut
/c5INxfunRC0rpOFMB44ZP6tBFZMV066aPBAmChp7sce7XA0nlUewpqcOA9l7H58
HqJ7uuolo7vD9A7LUKAw2FDqyf8CDIcD+DsBVZKX8aN3r2oDy0BRgs1hvwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFJdPj6mPqRspfKjloNu/dQVuXkoEMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvbDAtUHFZLXBHeWw4cU9XZzI3OTFCVzVlU2dRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAVCA5AwQA
VCBDAwQAVCBbAwQBVCBuAwQBWNgmAwQAWNhdAwQAWNhlAwQAWNhoAwQAWNiCMA0G
CSqGSIb3DQEBCwUAA4IBAQBy+Qa4MB7rVuKAswniiJxo8hcqfMBV0wOIKXdqT/ye
ZffpiTzabrARrtrumEMoyUFlSLVDD9bjmj4UoQWR8dziv76UekJQ6AmziVxQFnR2
4VKt6KZz+283S4f5iWgU3kzcISmTm1JJuKipZwZsso6B/KJh0LBo1Eq1LxwBjL28
Lq0wSoz0WpW6VHTf7AxKaKZ5Ey2Z1vPfqqhQlx3EK4K1lkboXKjAvvHZfJjLoX19
PpCFAPkBgIje+AkSb9Ts1mKsYqfvHBd3XtGMKqt6tN4t5E8qlIgw/Fx0+Voq/BOR
KlfDppYI2UH3iGSrJbJK45bCxC6RhneS5EF74xZ4oTqj
-----END CERTIFICATE-----