Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/cl3EDdRwG20WcTT-Y--MWLbc-e8.roa
File:                     cl3EDdRwG20WcTT-Y--MWLbc-e8.roa (raw, json)
Hash identifier:          tY3UT55t1HDLTnok77Tm7WSn6K9dO72vp+jc1Jk8c0g=
Subject key identifier:   72:5D:C4:0D:D4:70:1B:6D:16:71:34:FE:63:EF:8C:58:B6:DC:F9:EF
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       0189D8DCD46459CFF111F949BADD97189D54
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/cl3EDdRwG20WcTT-Y--MWLbc-e8.roa
Signing time:             Wed 09 Aug 2023 05:54:58 +0000
ROA not before:           Wed 09 Aug 2023 05:54:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     15731
IP address blocks:        89.34.106.0/24 maxlen: 24
                          89.47.36.0/24 maxlen: 24
                          92.114.32.0/24 maxlen: 24
                          86.107.100.0/24 maxlen: 24
                          45.88.13.0/24 maxlen: 24
                          45.88.14.0/23 maxlen: 23
                          89.47.55.0/24 maxlen: 24
                          188.214.107.0/24 maxlen: 24
                          89.35.130.0/23 maxlen: 23
                          89.35.131.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 09 Aug 2023 07:07:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:d8:dc:d4:64:59:cf:f1:11:f9:49:ba:dd:97:18:9d:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Aug  9 05:54:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=725dc40dd4701b6d167134fe63ef8c58b6dcf9ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:f0:72:52:10:2e:03:0b:76:e9:ab:7e:45:20:
                    c8:da:06:2e:f8:0a:38:54:91:8a:1d:1b:ce:da:40:
                    1e:99:68:01:fa:7b:30:73:e3:f7:f9:64:78:e8:0a:
                    34:f9:ca:7b:98:14:0c:ef:fe:29:51:98:01:96:3e:
                    79:73:27:04:66:c6:f7:d5:07:42:5b:09:cd:73:92:
                    2c:85:cd:89:4e:a6:8b:f5:f5:65:4d:be:fe:87:23:
                    d6:83:5e:84:4f:1c:9c:3e:30:aa:47:a7:50:3e:cb:
                    7a:0d:e4:1c:e9:3a:77:1e:44:3c:86:79:c0:54:6f:
                    64:36:91:c4:31:61:5c:33:7f:74:e9:71:e5:5e:3f:
                    f6:f1:ab:ca:46:e4:43:60:cb:e0:5f:10:5a:24:be:
                    8b:e6:c6:34:3b:fc:1a:72:d5:0b:e0:f5:73:c2:54:
                    65:81:a9:f1:af:d6:c1:c8:c8:fa:55:f8:62:6f:f3:
                    5c:c9:cf:cf:f1:e7:a3:36:89:39:4d:48:1f:c1:cb:
                    81:7b:4d:05:85:6b:06:7a:cb:c5:95:a1:64:b1:21:
                    bb:97:ca:f1:aa:20:df:41:a8:09:91:e3:79:72:8b:
                    ce:49:ed:38:25:1d:f7:74:ce:3e:52:98:b7:b6:63:
                    19:1f:41:89:a1:87:19:2b:e6:0b:79:77:53:f2:a4:
                    08:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:5D:C4:0D:D4:70:1B:6D:16:71:34:FE:63:EF:8C:58:B6:DC:F9:EF
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/cl3EDdRwG20WcTT-Y--MWLbc-e8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.13.0-45.88.15.255
                  86.107.100.0/24
                  89.34.106.0/24
                  89.35.130.0/23
                  89.47.36.0/24
                  89.47.55.0/24
                  92.114.32.0/24
                  188.214.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:bc:b5:24:af:e5:4d:e4:46:f4:91:36:b4:13:36:c8:f6:03:
         64:43:6c:4b:9f:1f:9a:33:24:d3:97:30:78:35:d5:35:79:a9:
         79:c8:97:76:21:7b:65:6b:cb:b2:2e:9d:f9:c9:93:e4:ea:76:
         8e:46:a2:22:ad:ce:25:5f:2b:79:e0:c8:34:b9:eb:07:09:43:
         8a:37:7e:16:dc:63:22:69:f9:59:04:0e:cb:df:1c:6d:80:86:
         f9:97:8e:9c:5c:89:d6:4b:10:f1:16:7d:61:e0:f8:eb:51:30:
         32:38:d4:d3:ad:58:95:a1:a7:f0:0b:85:1d:c6:02:d1:b4:c5:
         5f:c6:cb:f8:32:d4:a0:da:49:a4:df:8e:2f:32:c9:da:dd:b7:
         1e:10:c2:82:0b:75:72:8c:09:7c:77:bd:36:af:91:ae:ec:a0:
         36:da:e4:c6:86:61:6a:8f:1d:78:e9:d0:77:fa:ee:6c:db:2c:
         0c:e0:a7:6a:78:f9:0d:ab:3c:30:b0:d9:2e:03:50:ec:08:d8:
         e5:c2:92:2f:cf:39:cd:72:be:78:61:8a:f8:8b:69:e7:82:2c:
         30:9a:3d:30:01:4a:42:93:35:97:ee:61:c9:ce:12:fe:3f:c1:
         bf:c2:a6:20:bb:de:08:b0:01:c6:2e:a7:24:c0:80:07:62:d9:
         4c:6b:01:b4
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYnY3NRkWc/xEflJut2XGJ1UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjMwODA5MDU1NDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjVkYzQwZGQ0NzAxYjZkMTY3MTM0ZmU2M2VmOGM1OGI2ZGNmOWVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt/ByUhAuAwt26at+RSDI2gYu+Ao4
VJGKHRvO2kAemWgB+nswc+P3+WR46Ao0+cp7mBQM7/4pUZgBlj55cycEZsb31QdC
WwnNc5Ishc2JTqaL9fVlTb7+hyPWg16ETxycPjCqR6dQPst6DeQc6Tp3HkQ8hnnA
VG9kNpHEMWFcM3906XHlXj/28avKRuRDYMvgXxBaJL6L5sY0O/wactUL4PVzwlRl
ganxr9bByMj6Vfhib/Ncyc/P8eejNok5TUgfwcuBe00FhWsGesvFlaFksSG7l8rx
qiDfQagJkeN5covOSe04JR33dM4+Upi3tmMZH0GJoYcZK+YLeXdT8qQIYQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFHJdxA3UcBttFnE0/mPvjFi23PnvMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvY2wzRURkUndHMjBXY1RULVktLU1XTGJjLWU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4MAwDBAAtWA0D
BAQtWAADBABWa2QDBABZImoDBAFZI4IDBABZLyQDBABZLzcDBABcciADBAC81msw
DQYJKoZIhvcNAQELBQADggEBAES8tSSv5U3kRvSRNrQTNsj2A2RDbEufH5ozJNOX
MHg11TV5qXnIl3Yhe2Vry7IunfnJk+Tqdo5GoiKtziVfK3ngyDS56wcJQ4o3fhbc
YyJp+VkEDsvfHG2AhvmXjpxcidZLEPEWfWHg+OtRMDI41NOtWJWhp/ALhR3GAtG0
xV/Gy/gy1KDaSaTfji8yydrdtx4QwoILdXKMCXx3vTavka7soDba5MaGYWqPHXjp
0Hf67mzbLAzgp2p4+Q2rPDCw2S4DUOwI2OXCki/POc1yvnhhiviLaeeCLDCaPTAB
SkKTNZfuYcnOEv4/wb/CpiC73giwAcYupyTAgAdi2UxrAbQ=
-----END CERTIFICATE-----