Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/19OcalQ0H_MNnt1KADsv53gpFo8.roa
File:                     19OcalQ0H_MNnt1KADsv53gpFo8.roa (raw, json)
Hash identifier:          O3V1E82VCF5UEeIVZCO7XlUiqOGnhyH86h0u/JO5RCw=
Subject key identifier:   D7:D3:9C:6A:54:34:1F:F3:0D:9E:DD:4A:00:3B:2F:E7:78:29:16:8F
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       0189D00C1141E5D73837FB4047E69E2928FB
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/19OcalQ0H_MNnt1KADsv53gpFo8.roa
Signing time:             Mon 07 Aug 2023 12:49:59 +0000
ROA not before:           Mon 07 Aug 2023 12:49:59 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     15731
IP address blocks:        89.34.106.0/24 maxlen: 24
                          89.47.36.0/24 maxlen: 24
                          77.81.65.0/24 maxlen: 24
                          92.114.32.0/24 maxlen: 24
                          86.107.100.0/24 maxlen: 24
                          45.88.13.0/24 maxlen: 24
                          45.88.14.0/23 maxlen: 23
                          89.47.55.0/24 maxlen: 24
                          188.214.107.0/24 maxlen: 24
                          89.35.130.0/23 maxlen: 23
                          89.35.131.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 09 Aug 2023 05:54:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:d0:0c:11:41:e5:d7:38:37:fb:40:47:e6:9e:29:28:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Aug  7 12:49:59 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d7d39c6a54341ff30d9edd4a003b2fe77829168f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:fb:bc:67:4b:80:a3:2b:75:45:e8:03:43:a9:
                    ee:fa:76:30:6d:34:53:8d:90:35:37:70:99:55:b3:
                    70:d7:6f:09:c0:1d:56:6a:59:b1:52:59:98:f7:2e:
                    10:08:61:b8:c2:ee:46:d9:f6:e9:9b:fa:c3:33:78:
                    9d:26:d5:d2:4a:ca:58:6b:07:57:42:83:b4:4e:87:
                    2c:bc:59:bb:6e:32:9c:a5:f4:eb:f9:62:a4:63:11:
                    da:6f:b4:76:e1:3f:70:68:c0:07:74:a9:4c:f2:04:
                    84:2a:30:23:11:ea:27:18:a7:7c:df:66:b7:ea:f1:
                    c5:ee:2e:78:9b:d9:f1:cd:78:0b:86:ae:fe:35:6a:
                    df:6c:42:3d:f6:d7:51:11:c3:49:d0:6f:52:70:26:
                    48:17:48:59:ba:83:36:5e:b2:0f:31:bd:71:71:66:
                    be:b9:c2:f3:fc:5b:fc:56:0c:64:df:da:0e:3e:05:
                    59:ca:dc:9e:56:d8:df:03:4a:56:65:e2:e1:b2:44:
                    f0:0e:c1:09:0d:dd:9b:61:17:e1:17:34:e9:38:72:
                    e8:25:d3:09:1a:71:05:60:80:3c:8c:0f:c2:fd:7d:
                    79:d1:6f:b0:04:ae:48:e7:92:65:aa:f6:f9:24:ce:
                    4e:2d:a3:5d:96:1d:0b:97:88:10:f4:5c:fd:56:2e:
                    f3:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:D3:9C:6A:54:34:1F:F3:0D:9E:DD:4A:00:3B:2F:E7:78:29:16:8F
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/19OcalQ0H_MNnt1KADsv53gpFo8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.13.0-45.88.15.255
                  77.81.65.0/24
                  86.107.100.0/24
                  89.34.106.0/24
                  89.35.130.0/23
                  89.47.36.0/24
                  89.47.55.0/24
                  92.114.32.0/24
                  188.214.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:2c:bf:eb:6a:c2:2e:ae:f0:a1:24:58:e8:5f:fc:4b:85:2a:
         02:86:e7:a3:ed:9a:00:d3:f5:07:fd:c7:e7:51:ed:98:da:68:
         76:c8:23:77:be:73:fe:6c:d6:fb:69:38:14:a2:90:2f:37:bc:
         9d:f7:5c:94:ac:b1:d6:9b:4c:ac:14:67:04:61:20:4f:ee:fe:
         ea:cb:fa:c2:90:ef:c4:49:bc:30:7b:1d:c5:0c:e0:16:9d:89:
         3a:9e:ae:87:cb:bf:00:d6:be:0d:0e:25:eb:d7:65:e4:8e:eb:
         54:89:fa:f1:78:19:2e:89:d0:87:c3:b2:0d:3a:b4:2a:ae:8e:
         9e:7f:a1:d6:ba:f4:c0:4a:58:f1:eb:ef:b4:40:b4:48:4b:a7:
         af:5d:90:39:ad:f5:00:7d:76:c9:4f:9a:c7:a8:df:51:dc:75:
         62:f4:d4:77:c4:95:d7:51:0a:5a:95:b0:86:fe:e8:c6:37:b3:
         f9:92:66:f6:65:38:db:ca:cb:c9:75:3b:eb:98:7f:8f:a1:3c:
         7f:e1:62:a7:d1:9b:85:bc:0e:e2:db:fb:99:66:fe:dc:40:de:
         b3:d9:1e:81:52:92:3b:9f:64:cd:7c:95:a7:4b:b9:f7:24:df:
         f2:51:cb:15:dc:b2:68:ba:42:d1:10:ff:99:a1:1b:39:37:3d:
         5c:08:e4:3c
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYnQDBFB5dc4N/tAR+aeKSj7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjMwODA3MTI0OTU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2QzOWM2YTU0MzQxZmYzMGQ5ZWRkNGEwMDNiMmZlNzc4MjkxNjhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmvu8Z0uAoyt1RegDQ6nu+nYwbTRT
jZA1N3CZVbNw128JwB1WalmxUlmY9y4QCGG4wu5G2fbpm/rDM3idJtXSSspYawdX
QoO0TocsvFm7bjKcpfTr+WKkYxHab7R24T9waMAHdKlM8gSEKjAjEeonGKd832a3
6vHF7i54m9nxzXgLhq7+NWrfbEI99tdREcNJ0G9ScCZIF0hZuoM2XrIPMb1xcWa+
ucLz/Fv8Vgxk39oOPgVZytyeVtjfA0pWZeLhskTwDsEJDd2bYRfhFzTpOHLoJdMJ
GnEFYIA8jA/C/X150W+wBK5I55Jlqvb5JM5OLaNdlh0Ll4gQ9Fz9Vi7zawIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFNfTnGpUNB/zDZ7dSgA7L+d4KRaPMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvMTlPY2FsUTBIX01ObnQxS0FEc3Y1M2dwRm84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+MAwDBAAtWA0D
BAQtWAADBABNUUEDBABWa2QDBABZImoDBAFZI4IDBABZLyQDBABZLzcDBABcciAD
BAC81mswDQYJKoZIhvcNAQELBQADggEBAH8sv+tqwi6u8KEkWOhf/EuFKgKG56Pt
mgDT9Qf9x+dR7ZjaaHbII3e+c/5s1vtpOBSikC83vJ33XJSssdabTKwUZwRhIE/u
/urL+sKQ78RJvDB7HcUM4BadiTqerofLvwDWvg0OJevXZeSO61SJ+vF4GS6J0IfD
sg06tCqujp5/oda69MBKWPHr77RAtEhLp69dkDmt9QB9dslPmseo31HcdWL01HfE
lddRClqVsIb+6MY3s/mSZvZlONvKy8l1O+uYf4+hPH/hYqfRm4W8DuLb+5lm/txA
3rPZHoFSkjufZM18ladLufck3/JRyxXcsmi6QtEQ/5mhGzk3PVwI5Dw=
-----END CERTIFICATE-----