Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/30112f-0e9d-4fc8-b854-b1565b255854/1/g8ksC6pjRrJkFOJgW9v95PslYIU.roa
File:                     g8ksC6pjRrJkFOJgW9v95PslYIU.roa (raw, json)
Hash identifier:          XhY1rbeE3gwTHIXIubmqYmx+vmNcuoMdM+JFEhgsKQ0=
Subject key identifier:   83:C9:2C:0B:AA:63:46:B2:64:14:E2:60:5B:DB:FD:E4:FB:25:60:85
Certificate issuer:       /CN=a5472b1473bc781b70440315c83d119c8abc86fc
Certificate serial:       01856C412B287DC40E3121E234AFB5E2BFED
Authority key identifier: A5:47:2B:14:73:BC:78:1B:70:44:03:15:C8:3D:11:9C:8A:BC:86:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pUcrFHO8eBtwRAMVyD0RnIq8hvw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/30112f-0e9d-4fc8-b854-b1565b255854/1/g8ksC6pjRrJkFOJgW9v95PslYIU.roa
Signing time:             Sun 01 Jan 2023 07:34:48 +0000
ROA not before:           Sun 01 Jan 2023 07:34:48 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2860
IP address blocks:        89.109.64.0/18 maxlen: 18
                          188.125.192.0/19 maxlen: 19
                          185.80.76.0/22 maxlen: 22
                          213.138.224.0/19 maxlen: 19
                          95.172.160.0/19 maxlen: 19
                          213.190.192.0/19 maxlen: 19
                          159.255.48.0/20 maxlen: 20
                          83.223.160.0/19 maxlen: 19
                          84.23.192.0/19 maxlen: 19
                          2a00:d180::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 18:31:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:41:2b:28:7d:c4:0e:31:21:e2:34:af:b5:e2:bf:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5472b1473bc781b70440315c83d119c8abc86fc
        Validity
            Not Before: Jan  1 07:34:48 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=83c92c0baa6346b26414e2605bdbfde4fb256085
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:df:0d:fa:7a:6c:64:3a:e1:d6:05:3a:99:11:
                    28:97:77:6e:55:af:22:da:8f:4b:04:e4:50:68:47:
                    28:c7:ef:ce:b0:ad:35:52:81:ca:0d:50:2c:e8:1d:
                    41:ed:5f:4f:ee:70:6f:b8:a5:5d:9e:bc:cd:ec:35:
                    ec:c9:d7:d0:51:43:44:60:87:1f:4f:7f:e2:f2:e5:
                    d3:53:b3:17:75:36:00:28:50:32:55:de:1b:a9:25:
                    2f:5d:af:39:b0:69:ad:2d:66:94:81:98:ec:32:8b:
                    ed:7b:a5:b9:5c:99:3c:f9:18:ce:a3:24:de:ca:39:
                    0b:f1:ca:f9:b2:6f:b1:bd:2b:80:61:6b:7e:f8:e6:
                    2e:b8:82:8f:10:67:2d:91:ca:3b:8a:a8:23:bd:7d:
                    47:b8:d3:68:8b:4a:e8:af:98:22:03:93:cc:1d:74:
                    c4:6c:e3:4f:ee:e5:5d:c4:08:3e:a4:1a:f4:39:f0:
                    ef:c0:f6:af:0a:dd:b3:e5:88:49:e4:bf:0f:55:45:
                    e7:97:35:e6:c5:94:e7:8e:f0:c8:eb:ec:9f:cc:30:
                    8a:e9:22:b2:80:f1:68:44:c4:55:df:8f:0a:6e:16:
                    ee:f9:f6:d0:e0:35:99:4c:6f:54:5c:84:22:5f:f8:
                    ae:84:5b:7d:25:64:4a:bd:f5:7f:21:04:10:9a:0b:
                    9f:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:C9:2C:0B:AA:63:46:B2:64:14:E2:60:5B:DB:FD:E4:FB:25:60:85
            X509v3 Authority Key Identifier:
                keyid:A5:47:2B:14:73:BC:78:1B:70:44:03:15:C8:3D:11:9C:8A:BC:86:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pUcrFHO8eBtwRAMVyD0RnIq8hvw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/30112f-0e9d-4fc8-b854-b1565b255854/1/g8ksC6pjRrJkFOJgW9v95PslYIU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/30112f-0e9d-4fc8-b854-b1565b255854/1/pUcrFHO8eBtwRAMVyD0RnIq8hvw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.223.160.0/19
                  84.23.192.0/19
                  89.109.64.0/18
                  95.172.160.0/19
                  159.255.48.0/20
                  185.80.76.0/22
                  188.125.192.0/19
                  213.138.224.0/19
                  213.190.192.0/19
                IPv6:
                  2a00:d180::/32

    Signature Algorithm: sha256WithRSAEncryption
         36:bc:cf:48:c2:d2:58:e6:eb:da:3d:8e:3f:1e:cc:c9:a1:89:
         f9:08:12:ac:0c:24:aa:fc:34:30:60:eb:7e:4e:94:d4:66:c4:
         b1:09:e8:c7:1d:cd:cc:e2:ff:f7:0b:1e:75:c1:fc:2d:ab:a4:
         f7:fd:a7:89:b8:01:9e:2a:81:f6:1e:e4:3f:f3:9f:04:65:39:
         91:7e:3a:25:cc:68:e1:ec:87:95:3d:65:16:23:6d:5b:23:bb:
         4b:99:c4:00:b7:4b:36:73:b2:16:49:bb:3b:66:55:e5:8d:b9:
         ca:b7:eb:34:42:a5:c7:d2:aa:81:1f:e0:f5:a0:77:bb:d1:34:
         06:35:38:5e:1c:95:43:19:a8:e6:79:97:b7:52:fb:0e:e0:03:
         96:ef:34:ad:4c:b4:15:bd:58:76:b4:37:1e:d7:fb:fc:93:fb:
         11:b6:91:55:55:8b:58:91:cf:17:7a:55:22:84:f6:6e:52:d0:
         7e:80:89:b8:c4:c8:4f:32:bf:91:8e:38:5a:b0:26:98:9f:7e:
         75:b4:f1:5b:b1:75:81:6a:60:ae:d6:54:e3:f1:bb:cc:dd:6f:
         82:b3:54:d4:ba:24:bd:72:04:24:46:ec:9c:85:60:eb:69:3e:
         1b:57:cc:52:90:a2:7e:fb:cd:27:53:a5:44:b0:7f:e9:f5:76:
         d4:af:03:23
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAYVsQSsofcQOMSHiNK+14r/tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NDcyYjE0NzNiYzc4MWI3MDQ0MDMxNWM4M2QxMTljOGFi
Yzg2ZmMwHhcNMjMwMTAxMDczNDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2M5MmMwYmFhNjM0NmIyNjQxNGUyNjA1YmRiZmRlNGZiMjU2MDg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm98N+npsZDrh1gU6mREol3duVa8i
2o9LBORQaEcox+/OsK01UoHKDVAs6B1B7V9P7nBvuKVdnrzN7DXsydfQUUNEYIcf
T3/i8uXTU7MXdTYAKFAyVd4bqSUvXa85sGmtLWaUgZjsMovte6W5XJk8+RjOoyTe
yjkL8cr5sm+xvSuAYWt++OYuuIKPEGctkco7iqgjvX1HuNNoi0ror5giA5PMHXTE
bONP7uVdxAg+pBr0OfDvwPavCt2z5YhJ5L8PVUXnlzXmxZTnjvDI6+yfzDCK6SKy
gPFoRMRV348Kbhbu+fbQ4DWZTG9UXIQiX/iuhFt9JWRKvfV/IQQQmgufPwIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFIPJLAuqY0ayZBTiYFvb/eT7JWCFMB8GA1UdIwQY
MBaAFKVHKxRzvHgbcEQDFcg9EZyKvIb8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFVjckZITzhlQnR3UkFNVnlEMFJuSXE4aHZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8zMDExMmYtMGU5ZC00ZmM4LWI4NTQt
YjE1NjViMjU1ODU0LzEvZzhrc0M2cGpSckprRk9KZ1c5djk1UHNsWUlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8zMDExMmYtMGU5ZC00ZmM4LWI4NTQtYjE1NjViMjU1ODU0
LzEvcFVjckZITzhlQnR3UkFNVnlEMFJuSXE4aHZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQFU9+gAwQF
VBfAAwQGWW1AAwQFX6ygAwQEn/8wAwQCuVBMAwQFvH3AAwQF1YrgAwQF1b7AMA0E
AgACMAcDBQAqANGAMA0GCSqGSIb3DQEBCwUAA4IBAQA2vM9IwtJY5uvaPY4/HszJ
oYn5CBKsDCSq/DQwYOt+TpTUZsSxCejHHc3M4v/3Cx51wfwtq6T3/aeJuAGeKoH2
HuQ/858EZTmRfjolzGjh7IeVPWUWI21bI7tLmcQAt0s2c7IWSbs7ZlXljbnKt+s0
QqXH0qqBH+D1oHe70TQGNTheHJVDGajmeZe3UvsO4AOW7zStTLQVvVh2tDce1/v8
k/sRtpFVVYtYkc8XelUihPZuUtB+gIm4xMhPMr+RjjhasCaYn351tPFbsXWBamCu
1lTj8bvM3W+Cs1TUuiS9cgQkRuychWDraT4bV8xSkKJ++80nU6VEsH/p9XbUrwMj
-----END CERTIFICATE-----