Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/Lts3fRQ9VmcDCW-o-jKLeI8_fCA.roa
File:                     Lts3fRQ9VmcDCW-o-jKLeI8_fCA.roa (raw, json)
Hash identifier:          q4GJ63N7wa1ulViFZbtyA4tGOgMacCvxh92FbxDSruM=
Subject key identifier:   2E:DB:37:7D:14:3D:56:67:03:09:6F:A8:FA:32:8B:78:8F:3F:7C:20
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       0188C47FB6BDB496995CF7BDE555F6D863F8
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/Lts3fRQ9VmcDCW-o-jKLeI8_fCA.roa
Signing time:             Fri 16 Jun 2023 13:58:04 +0000
ROA not before:           Fri 16 Jun 2023 13:58:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     15731
IP address blocks:        86.107.51.0/24 maxlen: 24
                          188.241.137.0/24 maxlen: 24
                          94.198.171.0/24 maxlen: 24
                          92.114.32.0/24 maxlen: 24
                          77.81.88.0/24 maxlen: 24
                          89.45.35.0/24 maxlen: 24
                          188.214.107.0/24 maxlen: 24
                          89.35.130.0/23 maxlen: 23
                          89.35.131.0/24 maxlen: 24
                          176.223.188.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 16 Jun 2023 17:27:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:c4:7f:b6:bd:b4:96:99:5c:f7:bd:e5:55:f6:d8:63:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jun 16 13:58:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2edb377d143d566703096fa8fa328b788f3f7c20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:75:fb:97:ff:51:06:0a:20:e9:2e:c1:81:f3:
                    f8:b2:b8:f6:df:9e:05:07:e0:17:fc:91:8f:2c:05:
                    06:fc:47:0f:bd:94:9f:32:c6:5e:35:08:13:48:e2:
                    3b:02:0a:f1:27:bb:e3:ae:33:3b:97:62:63:bc:91:
                    6e:83:2b:fc:a7:5e:dc:3f:5c:cd:e8:08:62:f4:ca:
                    a2:f1:83:22:43:9a:22:a9:e6:dd:e8:09:d5:e5:1e:
                    5a:d3:2e:3c:f1:2e:c4:41:74:59:c0:ac:1a:70:bb:
                    97:a7:0d:5f:39:6f:40:e9:46:a7:91:16:c1:d0:1f:
                    9f:09:b1:e5:11:53:04:46:bf:48:34:4c:4b:ca:5b:
                    38:70:e7:b4:1a:f2:4b:d8:d7:b4:ec:db:ba:d8:1d:
                    35:95:71:ee:40:9c:50:4a:3f:74:18:b5:4b:f7:7c:
                    d8:80:65:d0:68:c8:8b:df:8d:9b:8a:87:3c:34:ec:
                    e9:41:bb:a4:18:69:2f:23:8f:c4:a7:03:02:60:40:
                    e9:07:53:e3:a9:d2:92:7a:7d:c9:54:49:2d:81:7e:
                    83:88:66:be:e8:5b:fe:60:2b:38:d4:df:ce:b4:79:
                    c8:ee:01:90:f0:7e:99:74:1c:14:c0:4d:15:b6:a0:
                    47:7a:74:c6:cf:dd:a4:ca:d7:82:b8:b8:3b:1f:62:
                    04:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:DB:37:7D:14:3D:56:67:03:09:6F:A8:FA:32:8B:78:8F:3F:7C:20
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/Lts3fRQ9VmcDCW-o-jKLeI8_fCA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.81.88.0/24
                  86.107.51.0/24
                  89.35.130.0/23
                  89.45.35.0/24
                  92.114.32.0/24
                  94.198.171.0/24
                  176.223.188.0/24
                  188.214.107.0/24
                  188.241.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:09:9e:60:6e:ce:fc:07:d4:ce:54:3e:04:1e:9d:88:7e:38:
         5c:f9:94:e8:be:30:fb:4b:87:fc:5e:c9:a2:00:41:18:6a:3b:
         1c:1b:e4:b7:40:bc:20:02:b8:9e:82:0e:35:4c:9f:92:00:fd:
         50:4b:28:3a:b6:e4:98:dc:2a:a1:6b:94:20:a2:c3:b3:2b:03:
         2d:57:13:03:52:49:6a:b2:21:41:76:c0:b7:ce:e1:d1:ff:ce:
         2c:c2:54:13:1c:1c:6b:b9:63:a4:27:43:04:60:c4:2b:95:47:
         1e:9f:73:25:03:0a:e6:42:ad:ae:ca:57:8c:2c:3d:cb:8f:ae:
         87:5e:b5:c0:10:4d:50:af:63:c1:1c:62:d6:cc:39:45:64:59:
         9f:79:bc:e7:9d:c2:a4:b5:ce:88:7a:87:f4:c2:7c:c2:05:44:
         bc:a2:84:43:15:7d:c2:ee:de:0a:b9:75:76:12:44:f4:fe:25:
         6e:09:c1:63:32:4c:19:eb:a5:30:9b:97:02:74:d4:1f:56:5c:
         56:ff:43:76:e9:9b:1b:db:bd:8e:4d:71:ea:a2:35:93:e7:44:
         a5:7a:04:a2:ac:af:23:bd:9f:fb:21:95:35:d0:cd:96:54:c7:
         e0:26:15:b1:13:ef:fe:02:1b:8c:fc:c3:c2:cf:5c:91:59:f4:
         df:42:2f:8d
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYjEf7a9tJaZXPe95VX22GP4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjMwNjE2MTM1ODA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWRiMzc3ZDE0M2Q1NjY3MDMwOTZmYThmYTMyOGI3ODhmM2Y3YzIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhHX7l/9RBgog6S7BgfP4srj2354F
B+AX/JGPLAUG/EcPvZSfMsZeNQgTSOI7AgrxJ7vjrjM7l2JjvJFugyv8p17cP1zN
6Ahi9Mqi8YMiQ5oiqebd6AnV5R5a0y488S7EQXRZwKwacLuXpw1fOW9A6UankRbB
0B+fCbHlEVMERr9INExLyls4cOe0GvJL2Ne07Nu62B01lXHuQJxQSj90GLVL93zY
gGXQaMiL342bioc8NOzpQbukGGkvI4/EpwMCYEDpB1PjqdKSen3JVEktgX6DiGa+
6Fv+YCs41N/OtHnI7gGQ8H6ZdBwUwE0VtqBHenTGz92kyteCuLg7H2IEawIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFC7bN30UPVZnAwlvqPoyi3iPP3wgMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvTHRzM2ZSUTlWbWNEQ1ctby1qS0xlSThfZkNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQATVFYAwQA
VmszAwQBWSOCAwQAWS0jAwQAXHIgAwQAXsarAwQAsN+8AwQAvNZrAwQAvPGJMA0G
CSqGSIb3DQEBCwUAA4IBAQBXCZ5gbs78B9TOVD4EHp2Ifjhc+ZTovjD7S4f8Xsmi
AEEYajscG+S3QLwgAriegg41TJ+SAP1QSyg6tuSY3Cqha5QgosOzKwMtVxMDUklq
siFBdsC3zuHR/84swlQTHBxruWOkJ0MEYMQrlUcen3MlAwrmQq2uyleMLD3Lj66H
XrXAEE1Qr2PBHGLWzDlFZFmfebznncKktc6Ieof0wnzCBUS8ooRDFX3C7t4KuXV2
EkT0/iVuCcFjMkwZ66Uwm5cCdNQfVlxW/0N26Zsb272OTXHqojWT50SlegSirK8j
vZ/7IZU10M2WVMfgJhWxE+/+AhuM/MPCz1yRWfTfQi+N
-----END CERTIFICATE-----