Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/c244b3-8fc1-4685-8fb2-46a8b191a374/1/ovOeTEge2PYTKz-hqqsbK-r_L9A.roa
File:                     ovOeTEge2PYTKz-hqqsbK-r_L9A.roa (raw, json)
Hash identifier:          m6oFJIU5ZtrlDhTZqFfnsEFKXQtxR89xsbwqosLM9ks=
Subject key identifier:   A2:F3:9E:4C:48:1E:D8:F6:13:2B:3F:A1:AA:AB:1B:2B:EA:FF:2F:D0
Certificate issuer:       /CN=704ab9688427073ff7e179de5af002e09f236013
Certificate serial:       018582642EFDD5FBD9CED9AA0C6B8E6142E0
Authority key identifier: 70:4A:B9:68:84:27:07:3F:F7:E1:79:DE:5A:F0:02:E0:9F:23:60:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cEq5aIQnBz_34XneWvAC4J8jYBM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/c244b3-8fc1-4685-8fb2-46a8b191a374/1/ovOeTEge2PYTKz-hqqsbK-r_L9A.roa
Signing time:             Thu 05 Jan 2023 14:44:41 +0000
ROA not before:           Thu 05 Jan 2023 14:44:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     52102
IP address blocks:        5.102.136.0/24 maxlen: 24
                          5.102.136.0/23 maxlen: 23
                          5.102.138.0/23 maxlen: 23
                          5.102.138.0/24 maxlen: 24
                          5.102.137.0/24 maxlen: 24
                          5.102.139.0/24 maxlen: 24
                          5.102.143.0/24 maxlen: 24
                          5.102.142.0/24 maxlen: 24
                          5.102.142.0/23 maxlen: 23
                          5.102.140.0/24 maxlen: 24
                          5.102.140.0/23 maxlen: 23
                          5.102.141.0/24 maxlen: 24
                          91.221.230.0/23 maxlen: 24
                          2a04:8880::/32 maxlen: 32
                          2a04:8881::/32 maxlen: 32

Validation:               Failed, certificate revoked on Fri 06 Jan 2023 16:29:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:82:64:2e:fd:d5:fb:d9:ce:d9:aa:0c:6b:8e:61:42:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=704ab9688427073ff7e179de5af002e09f236013
        Validity
            Not Before: Jan  5 14:44:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a2f39e4c481ed8f6132b3fa1aaab1b2beaff2fd0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:36:b7:be:31:c0:68:d1:7b:34:4e:31:90:3e:
                    df:1b:92:49:27:5d:3c:9b:9e:37:f5:dd:14:f7:f7:
                    89:92:87:25:e6:e9:54:24:79:70:ce:65:47:0b:c2:
                    dc:d0:84:89:1f:c8:9b:72:18:b6:b1:cf:46:87:73:
                    e1:61:c6:c9:bd:54:20:63:ac:d5:4e:a0:e7:dc:82:
                    72:83:ec:0f:e5:bf:13:0a:53:d3:80:fb:7a:0c:55:
                    93:9b:a6:e8:19:d1:96:50:3b:de:fc:7e:ba:ac:d0:
                    26:7b:9e:f1:a7:d3:20:3a:9b:f1:a2:e6:b7:60:c4:
                    7e:94:95:f9:19:92:b1:47:a9:37:c2:4a:39:da:1a:
                    ee:2e:33:05:2d:7f:fd:ea:20:78:50:f5:f2:62:fd:
                    2f:f1:9f:54:f7:5b:89:b0:c3:2b:29:84:a8:2f:0f:
                    95:33:c4:ec:7f:0e:99:e9:0d:da:5a:32:2d:80:ec:
                    e7:2d:fe:2f:5b:c4:3e:2a:74:64:e5:a4:fc:97:36:
                    ee:a7:f2:9b:56:39:54:01:f4:ea:3f:3c:1e:85:65:
                    50:92:54:c0:57:ec:d2:e4:52:c0:2a:36:ac:36:02:
                    36:db:c8:6c:11:ef:ce:f8:f3:c4:df:a4:a3:81:4f:
                    65:82:e1:5a:71:75:a0:03:b4:b7:1b:4e:3f:9a:8c:
                    b3:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:F3:9E:4C:48:1E:D8:F6:13:2B:3F:A1:AA:AB:1B:2B:EA:FF:2F:D0
            X509v3 Authority Key Identifier:
                keyid:70:4A:B9:68:84:27:07:3F:F7:E1:79:DE:5A:F0:02:E0:9F:23:60:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cEq5aIQnBz_34XneWvAC4J8jYBM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/c244b3-8fc1-4685-8fb2-46a8b191a374/1/ovOeTEge2PYTKz-hqqsbK-r_L9A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/c244b3-8fc1-4685-8fb2-46a8b191a374/1/cEq5aIQnBz_34XneWvAC4J8jYBM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.102.136.0/21
                  91.221.230.0/23
                IPv6:
                  2a04:8880::/31

    Signature Algorithm: sha256WithRSAEncryption
         4a:30:d0:d5:bb:0f:50:54:9e:77:3d:a4:5e:5f:80:0d:80:f4:
         23:aa:3a:87:b7:9a:56:58:ad:be:fa:2f:5a:61:88:44:8c:ea:
         a8:69:d0:30:25:b2:41:c8:9c:4b:d2:14:b6:41:69:c8:e8:61:
         0f:20:0a:20:05:ad:a5:d4:d8:95:37:14:22:78:3f:23:e5:0d:
         2b:91:59:1b:0e:12:38:29:88:57:84:78:27:2c:22:00:a7:44:
         3e:10:a2:4b:2e:e5:12:b0:41:e0:c2:2f:4b:32:3e:39:22:47:
         2f:9c:45:78:39:10:e4:35:82:79:35:3d:f5:e4:8e:0e:41:44:
         70:a8:ad:a3:5b:0b:e8:48:5e:ab:7e:8d:a4:5e:fa:f7:f7:90:
         04:10:bd:c6:36:04:4a:7d:fb:3b:20:fc:17:25:eb:af:60:74:
         a3:53:50:35:03:00:6e:51:2f:f0:81:37:02:51:a8:e1:d4:b8:
         e2:64:69:51:04:4d:75:31:fe:c0:7a:80:c2:43:cf:8c:3f:c6:
         5c:32:56:f4:ca:12:e4:6b:d4:4c:72:bd:43:a0:b8:fc:c9:4d:
         3f:b9:15:d9:f5:ca:c5:df:c2:76:5b:d5:1f:47:13:bf:34:be:
         97:10:83:e5:18:31:5e:fc:1d:ad:6c:18:7a:4f:02:1d:ea:28:
         d1:d0:5d:c8
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYWCZC791fvZztmqDGuOYULgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwNGFiOTY4ODQyNzA3M2ZmN2UxNzlkZTVhZjAwMmUwOWYy
MzYwMTMwHhcNMjMwMTA1MTQ0NDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmYzOWU0YzQ4MWVkOGY2MTMyYjNmYTFhYWFiMWIyYmVhZmYyZmQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjja3vjHAaNF7NE4xkD7fG5JJJ108
m5439d0U9/eJkocl5ulUJHlwzmVHC8Lc0ISJH8ibchi2sc9Gh3PhYcbJvVQgY6zV
TqDn3IJyg+wP5b8TClPTgPt6DFWTm6boGdGWUDve/H66rNAme57xp9MgOpvxoua3
YMR+lJX5GZKxR6k3wko52hruLjMFLX/96iB4UPXyYv0v8Z9U91uJsMMrKYSoLw+V
M8Tsfw6Z6Q3aWjItgOznLf4vW8Q+KnRk5aT8lzbup/KbVjlUAfTqPzwehWVQklTA
V+zS5FLAKjasNgI228hsEe/O+PPE36SjgU9lguFacXWgA7S3G04/moyzlQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFKLznkxIHtj2Eys/oaqrGyvq/y/QMB8GA1UdIwQY
MBaAFHBKuWiEJwc/9+F53lrwAuCfI2ATMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0VxNWFJUW5Cel8zNFhuZVd2QUM0SjhqWUJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS9jMjQ0YjMtOGZjMS00Njg1LThmYjIt
NDZhOGIxOTFhMzc0LzEvb3ZPZVRFZ2UyUFlUS3otaHFxc2JLLXJfTDlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS9jMjQ0YjMtOGZjMS00Njg1LThmYjItNDZhOGIxOTFhMzc0
LzEvY0VxNWFJUW5Cel8zNFhuZVd2QUM0SjhqWUJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDBWaIAwQB
W93mMA0EAgACMAcDBQEqBIiAMA0GCSqGSIb3DQEBCwUAA4IBAQBKMNDVuw9QVJ53
PaReX4ANgPQjqjqHt5pWWK2++i9aYYhEjOqoadAwJbJByJxL0hS2QWnI6GEPIAog
Ba2l1NiVNxQieD8j5Q0rkVkbDhI4KYhXhHgnLCIAp0Q+EKJLLuUSsEHgwi9LMj45
IkcvnEV4ORDkNYJ5NT315I4OQURwqK2jWwvoSF6rfo2kXvr395AEEL3GNgRKffs7
IPwXJeuvYHSjU1A1AwBuUS/wgTcCUajh1LjiZGlRBE11Mf7AeoDCQ8+MP8ZcMlb0
yhLka9RMcr1DoLj8yU0/uRXZ9crF38J2W9UfRxO/NL6XEIPlGDFe/B2tbBh6TwId
6ijR0F3I
-----END CERTIFICATE-----