Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/c244b3-8fc1-4685-8fb2-46a8b191a374/1/xunCiMT2g0rZewUzGkwcpFgfjOI.roa
File:                     xunCiMT2g0rZewUzGkwcpFgfjOI.roa (raw, json)
Hash identifier:          h2WSDk0Bg05zoGJHjgnxR0SEpbAbPFicrfTu8PDhldg=
Subject key identifier:   C6:E9:C2:88:C4:F6:83:4A:D9:7B:05:33:1A:4C:1C:A4:58:1F:8C:E2
Certificate issuer:       /CN=704ab9688427073ff7e179de5af002e09f236013
Certificate serial:       01856F548A84E294B1B477539935B46A3A4F
Authority key identifier: 70:4A:B9:68:84:27:07:3F:F7:E1:79:DE:5A:F0:02:E0:9F:23:60:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cEq5aIQnBz_34XneWvAC4J8jYBM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/c244b3-8fc1-4685-8fb2-46a8b191a374/1/xunCiMT2g0rZewUzGkwcpFgfjOI.roa
Signing time:             Sun 01 Jan 2023 21:54:49 +0000
ROA not before:           Sun 01 Jan 2023 21:54:49 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     52102
IP address blocks:        5.102.136.0/24 maxlen: 24
                          5.102.136.0/23 maxlen: 23
                          5.102.138.0/23 maxlen: 23
                          5.102.138.0/24 maxlen: 24
                          5.102.137.0/24 maxlen: 24
                          5.102.139.0/24 maxlen: 24
                          5.102.143.0/24 maxlen: 24
                          5.102.142.0/24 maxlen: 24
                          5.102.142.0/23 maxlen: 23
                          5.102.140.0/24 maxlen: 24
                          5.102.140.0/23 maxlen: 23
                          5.102.141.0/24 maxlen: 24
                          91.221.230.0/23 maxlen: 23
                          91.221.230.0/24 maxlen: 24
                          91.221.231.0/24 maxlen: 24
                          2a04:8880::/32 maxlen: 32
                          2a04:8881::/32 maxlen: 32

Validation:               Failed, certificate revoked on Thu 05 Jan 2023 08:31:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:54:8a:84:e2:94:b1:b4:77:53:99:35:b4:6a:3a:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=704ab9688427073ff7e179de5af002e09f236013
        Validity
            Not Before: Jan  1 21:54:49 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c6e9c288c4f6834ad97b05331a4c1ca4581f8ce2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:97:14:09:48:aa:db:ff:9c:af:93:75:e1:30:
                    84:5f:9b:af:24:bf:60:ec:a4:14:38:b6:a5:48:de:
                    90:7a:88:0f:04:88:de:d3:fd:5a:cf:59:5f:12:0f:
                    3f:3e:d6:00:b4:24:fb:00:0a:5f:d5:93:f9:82:8a:
                    e4:53:31:94:e7:1c:97:c3:9e:c0:a3:47:20:06:68:
                    ba:b9:7e:b1:c1:2b:d7:a7:e0:9c:0b:53:37:a8:33:
                    ee:33:58:72:64:49:eb:d9:25:4b:fb:e8:1e:7e:96:
                    4c:30:57:91:71:85:f7:8c:15:5a:4c:e7:fa:e6:08:
                    1f:1c:3c:e4:89:fb:3b:7b:92:dd:dd:3f:56:7f:de:
                    a5:58:1c:0d:48:83:6d:79:68:5d:49:1d:54:1c:0d:
                    b2:fb:c4:a9:93:de:98:ad:e2:07:a7:30:32:75:29:
                    1b:75:0e:4f:2e:24:7a:2b:d8:14:a0:42:14:04:c3:
                    eb:58:c3:35:09:5a:f2:9a:91:e2:c6:1d:99:d2:0c:
                    54:c8:ce:09:55:9e:a8:94:a8:61:12:d7:d5:09:28:
                    ae:58:55:7c:bf:f6:b8:7d:b4:7f:e9:f0:e3:3b:3f:
                    a1:46:d2:88:55:41:ba:9f:f7:e1:3d:6f:a2:b2:f2:
                    c1:17:b6:76:b1:9e:c1:a2:14:f0:c5:84:ac:51:01:
                    0b:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:E9:C2:88:C4:F6:83:4A:D9:7B:05:33:1A:4C:1C:A4:58:1F:8C:E2
            X509v3 Authority Key Identifier:
                keyid:70:4A:B9:68:84:27:07:3F:F7:E1:79:DE:5A:F0:02:E0:9F:23:60:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cEq5aIQnBz_34XneWvAC4J8jYBM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/c244b3-8fc1-4685-8fb2-46a8b191a374/1/xunCiMT2g0rZewUzGkwcpFgfjOI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/c244b3-8fc1-4685-8fb2-46a8b191a374/1/cEq5aIQnBz_34XneWvAC4J8jYBM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.102.136.0/21
                  91.221.230.0/23
                IPv6:
                  2a04:8880::/31

    Signature Algorithm: sha256WithRSAEncryption
         10:8a:0e:1e:d1:e3:c7:0e:07:16:3e:64:20:f1:95:0f:29:2e:
         af:11:57:66:00:7a:93:2d:0b:11:c4:b6:a1:04:65:0b:72:5d:
         7f:e7:cc:a6:7b:82:0e:c3:2f:5d:5b:1c:ce:8f:c7:7c:48:74:
         ef:9c:5e:e5:03:b3:aa:4a:0e:bc:3e:72:fe:c7:fe:d0:85:96:
         96:a0:80:5f:0d:d3:c3:11:92:2a:55:d0:79:0e:cc:1a:8f:b7:
         b5:84:7d:06:89:ee:7e:9b:fb:01:f1:be:22:72:0a:a5:96:01:
         c4:d5:8e:8f:58:f9:e9:b7:67:6f:f0:e5:14:8e:5b:da:74:57:
         38:dc:9b:7f:b9:6d:82:a5:13:f0:81:59:27:8a:d0:8e:36:ae:
         26:82:92:0f:ee:58:98:aa:d5:00:83:19:c8:b7:58:8b:7a:e7:
         a0:dc:89:53:b1:8f:bb:bf:e7:4a:22:35:6f:71:0e:70:d9:41:
         9a:fe:7c:5d:73:c7:40:b7:39:90:0e:17:02:04:d7:2d:60:3b:
         bc:8b:61:fe:2d:26:e9:9d:69:2b:90:05:7a:d7:4d:50:2c:c0:
         ae:b3:85:70:d4:45:6b:22:4e:d9:d5:81:8a:a0:88:a1:e2:89:
         f0:aa:2c:61:98:d1:61:8b:76:8a:4e:18:05:ec:ef:c7:49:d0:
         ee:61:a2:79
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVvVIqE4pSxtHdTmTW0ajpPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwNGFiOTY4ODQyNzA3M2ZmN2UxNzlkZTVhZjAwMmUwOWYy
MzYwMTMwHhcNMjMwMTAxMjE1NDQ5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmU5YzI4OGM0ZjY4MzRhZDk3YjA1MzMxYTRjMWNhNDU4MWY4Y2UyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq5cUCUiq2/+cr5N14TCEX5uvJL9g
7KQUOLalSN6QeogPBIje0/1az1lfEg8/PtYAtCT7AApf1ZP5gorkUzGU5xyXw57A
o0cgBmi6uX6xwSvXp+CcC1M3qDPuM1hyZEnr2SVL++gefpZMMFeRcYX3jBVaTOf6
5ggfHDzkifs7e5Ld3T9Wf96lWBwNSINteWhdSR1UHA2y+8Spk96YreIHpzAydSkb
dQ5PLiR6K9gUoEIUBMPrWMM1CVrympHixh2Z0gxUyM4JVZ6olKhhEtfVCSiuWFV8
v/a4fbR/6fDjOz+hRtKIVUG6n/fhPW+isvLBF7Z2sZ7BohTwxYSsUQELfQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFMbpwojE9oNK2XsFMxpMHKRYH4ziMB8GA1UdIwQY
MBaAFHBKuWiEJwc/9+F53lrwAuCfI2ATMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0VxNWFJUW5Cel8zNFhuZVd2QUM0SjhqWUJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS9jMjQ0YjMtOGZjMS00Njg1LThmYjIt
NDZhOGIxOTFhMzc0LzEveHVuQ2lNVDJnMHJaZXdVekdrd2NwRmdmak9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS9jMjQ0YjMtOGZjMS00Njg1LThmYjItNDZhOGIxOTFhMzc0
LzEvY0VxNWFJUW5Cel8zNFhuZVd2QUM0SjhqWUJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDBWaIAwQB
W93mMA0EAgACMAcDBQEqBIiAMA0GCSqGSIb3DQEBCwUAA4IBAQAQig4e0ePHDgcW
PmQg8ZUPKS6vEVdmAHqTLQsRxLahBGULcl1/58yme4IOwy9dWxzOj8d8SHTvnF7l
A7OqSg68PnL+x/7QhZaWoIBfDdPDEZIqVdB5Dswaj7e1hH0Gie5+m/sB8b4icgql
lgHE1Y6PWPnpt2dv8OUUjlvadFc43Jt/uW2CpRPwgVknitCONq4mgpIP7liYqtUA
gxnIt1iLeueg3IlTsY+7v+dKIjVvcQ5w2UGa/nxdc8dAtzmQDhcCBNctYDu8i2H+
LSbpnWkrkAV6101QLMCus4Vw1EVrIk7Z1YGKoIih4onwqixhmNFhi3aKThgF7O/H
SdDuYaJ5
-----END CERTIFICATE-----