Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/cl-3-OYjU7nH4UaW3vS-ggZfHPI.roa
File:                     cl-3-OYjU7nH4UaW3vS-ggZfHPI.roa (raw, json)
Hash identifier:          2Hg+MpTn/eKPK2ZLypYnegfcB7EUlzLoiRLZPGXaKNw=
Subject key identifier:   72:5F:B7:F8:E6:23:53:B9:C7:E1:46:96:DE:F4:BE:82:06:5F:1C:F2
Certificate issuer:       /CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Certificate serial:       0188962D031A452564AF5337D17698C5DA01
Authority key identifier: 6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/cl-3-OYjU7nH4UaW3vS-ggZfHPI.roa
Signing time:             Wed 07 Jun 2023 14:05:12 +0000
ROA not before:           Wed 07 Jun 2023 14:05:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     198357
IP address blocks:        5.159.48.0/24 maxlen: 24
                          5.159.50.0/24 maxlen: 24
                          5.159.51.0/24 maxlen: 24
                          5.159.52.0/24 maxlen: 24
                          5.159.53.0/24 maxlen: 24
                          5.159.55.0/24 maxlen: 24
                          185.3.202.0/24 maxlen: 24
                          185.3.201.0/24 maxlen: 24
                          185.3.203.0/24 maxlen: 24
                          89.46.216.0/24 maxlen: 24
                          89.46.216.0/22 maxlen: 22
                          89.46.218.0/24 maxlen: 24
                          89.46.219.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 02 Oct 2023 08:52:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:96:2d:03:1a:45:25:64:af:53:37:d1:76:98:c5:da:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ddb38b343da2d119309edaa19c7a78870327ebe
        Validity
            Not Before: Jun  7 14:05:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=725fb7f8e62353b9c7e14696def4be82065f1cf2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:a2:bb:20:66:15:79:9c:c1:84:0e:c5:d8:6e:
                    71:ee:3b:4b:a8:7a:22:bf:f0:10:50:08:cb:65:cd:
                    a8:cc:0f:79:c4:cd:9a:45:2f:85:57:5e:49:d0:e8:
                    f7:3a:d3:64:b3:39:d7:cc:e7:4b:1d:83:3d:f1:b9:
                    65:e8:73:11:0f:89:c6:50:a5:ae:c8:53:4b:dd:de:
                    df:27:5d:61:fd:34:1d:33:a2:66:9c:61:ef:b5:1a:
                    9a:71:d8:a4:57:fe:b0:42:4a:fa:0d:68:4e:df:bf:
                    d1:54:3c:2c:53:1d:47:c2:7a:61:e0:77:2a:04:3d:
                    ae:aa:76:93:16:45:b2:c2:43:35:0b:77:74:5a:b5:
                    af:8c:01:d4:54:a0:d5:01:54:e6:04:6b:f4:a3:d6:
                    3b:01:6b:08:fc:9d:1e:84:6a:a7:a4:0b:bd:02:eb:
                    84:ce:3e:87:e0:25:e5:d6:2d:71:b1:55:ed:55:8d:
                    79:2c:fd:23:7b:bf:c8:3c:82:ad:1a:a6:a0:f9:e5:
                    df:49:33:2f:80:2e:aa:e3:eb:25:7c:59:50:18:a9:
                    cb:72:63:7a:31:e1:e8:7e:c0:df:15:b3:5a:14:ef:
                    9f:12:29:76:79:c3:8d:f8:41:b7:fc:b0:41:c2:fd:
                    02:48:08:e5:b5:3f:6a:8a:a2:65:b2:45:28:a9:81:
                    46:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:5F:B7:F8:E6:23:53:B9:C7:E1:46:96:DE:F4:BE:82:06:5F:1C:F2
            X509v3 Authority Key Identifier:
                keyid:6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/cl-3-OYjU7nH4UaW3vS-ggZfHPI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.159.48.0/24
                  5.159.50.0-5.159.53.255
                  5.159.55.0/24
                  89.46.216.0/22
                  185.3.201.0-185.3.203.255

    Signature Algorithm: sha256WithRSAEncryption
         0d:76:d1:ab:0e:62:a9:16:5e:9c:cb:68:9b:6f:6b:6c:fa:20:
         4c:a2:f3:b5:c8:e9:91:75:60:7f:e7:6c:66:6f:99:32:f9:e6:
         60:29:16:dd:f0:05:ab:26:b3:3e:a0:74:ca:78:f5:50:56:77:
         c9:cf:8b:17:19:e9:a7:8f:94:67:f8:28:1e:6d:96:3b:75:f5:
         ff:97:dd:7b:13:da:c4:1e:53:5d:4f:d0:6a:c1:0b:a5:a7:b8:
         bb:2e:b0:ab:6b:d5:6e:60:81:dd:72:be:e8:79:7f:6c:17:fe:
         0a:3c:6c:8f:54:d2:65:e1:66:ee:19:5e:22:49:26:fd:1e:8e:
         b1:a1:93:b9:82:ab:fc:60:2c:6e:db:73:3c:3a:ac:29:36:4d:
         91:93:aa:46:84:03:8e:55:85:af:93:b4:45:61:01:f4:fc:4f:
         70:f6:ca:72:59:b6:97:42:eb:b3:3a:3b:3c:60:0a:6b:0c:3b:
         83:ae:f8:e8:89:26:0b:9d:0a:b4:1f:5d:83:2c:7e:a1:34:01:
         d2:72:2d:b7:55:80:d7:9d:35:9f:e0:3a:85:e0:eb:15:45:e4:
         07:02:bb:c8:fa:8a:cd:f1:a0:0d:e4:65:f2:55:64:84:ed:e5:
         71:92:bc:37:0d:38:4f:d9:a7:bf:10:a7:ae:0e:f8:2c:6e:31:
         bc:b4:73:84
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAYiWLQMaRSVkr1M30XaYxdoBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZGIzOGIzNDNkYTJkMTE5MzA5ZWRhYTE5YzdhNzg4NzAz
MjdlYmUwHhcNMjMwNjA3MTQwNTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjVmYjdmOGU2MjM1M2I5YzdlMTQ2OTZkZWY0YmU4MjA2NWYxY2YyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxqK7IGYVeZzBhA7F2G5x7jtLqHoi
v/AQUAjLZc2ozA95xM2aRS+FV15J0Oj3OtNksznXzOdLHYM98bll6HMRD4nGUKWu
yFNL3d7fJ11h/TQdM6JmnGHvtRqacdikV/6wQkr6DWhO37/RVDwsUx1Hwnph4Hcq
BD2uqnaTFkWywkM1C3d0WrWvjAHUVKDVAVTmBGv0o9Y7AWsI/J0ehGqnpAu9AuuE
zj6H4CXl1i1xsVXtVY15LP0je7/IPIKtGqag+eXfSTMvgC6q4+slfFlQGKnLcmN6
MeHofsDfFbNaFO+fEil2ecON+EG3/LBBwv0CSAjltT9qiqJlskUoqYFGeQIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFHJft/jmI1O5x+FGlt70voIGXxzyMB8GA1UdIwQY
MBaAFG3bOLND2i0RkwntqhnHp4hwMn6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQt
M2RmYTUxMGQ2YjE2LzEvY2wtMy1PWWpVN25INFVhVzN2Uy1nZ1pmSFBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQtM2RmYTUxMGQ2YjE2
LzEvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAATAuAwQABZ8wMAwD
BAEFnzIDBAEFnzQDBAAFnzcDBAJZLtgwDAMEALkDyQMEArkDyDANBgkqhkiG9w0B
AQsFAAOCAQEADXbRqw5iqRZenMtom29rbPogTKLztcjpkXVgf+dsZm+ZMvnmYCkW
3fAFqyazPqB0ynj1UFZ3yc+LFxnpp4+UZ/goHm2WO3X1/5fdexPaxB5TXU/QasEL
pae4uy6wq2vVbmCB3XK+6Hl/bBf+Cjxsj1TSZeFm7hleIkkm/R6OsaGTuYKr/GAs
bttzPDqsKTZNkZOqRoQDjlWFr5O0RWEB9PxPcPbKclm2l0Lrszo7PGAKaww7g674
6IkmC50KtB9dgyx+oTQB0nItt1WA1501n+A6heDrFUXkBwK7yPqKzfGgDeRl8lVk
hO3lcZK8Nw04T9mnvxCnrg74LG4xvLRzhA==
-----END CERTIFICATE-----