Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/34649e-9bc4-4018-b3a0-756f3cc3ec33/1/kDp7X6YrGz6yhUOoYRWvVMdjvBs.roa
File:                     kDp7X6YrGz6yhUOoYRWvVMdjvBs.roa (raw, json)
Hash identifier:          BhZ7xln4GfJM/2KfOCrVVhCgtbtvzXwNYHnrTNA6bxc=
Subject key identifier:   90:3A:7B:5F:A6:2B:1B:3E:B2:85:43:A8:61:15:AF:54:C7:63:BC:1B
Certificate issuer:       /CN=6daacc448c4a23afc94a45a79b76dfbe830b2598
Certificate serial:       018570707430882513C883E1BF3B0884A722
Authority key identifier: 6D:AA:CC:44:8C:4A:23:AF:C9:4A:45:A7:9B:76:DF:BE:83:0B:25:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/barMRIxKI6_JSkWnm3bfvoMLJZg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/34649e-9bc4-4018-b3a0-756f3cc3ec33/1/kDp7X6YrGz6yhUOoYRWvVMdjvBs.roa
Signing time:             Mon 02 Jan 2023 03:04:55 +0000
ROA not before:           Mon 02 Jan 2023 03:04:55 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     57704
IP address blocks:        193.7.223.0/24 maxlen: 24
                          193.7.222.0/24 maxlen: 24
                          193.7.220.0/24 maxlen: 32
                          193.7.221.0/24 maxlen: 24
                          45.146.15.0/24 maxlen: 24
                          45.146.12.0/24 maxlen: 24
                          45.146.14.0/24 maxlen: 24
                          45.146.13.0/24 maxlen: 24
                          5.133.24.0/21 maxlen: 24
                          5.253.71.0/24 maxlen: 24
                          5.253.68.0/22 maxlen: 22
                          5.253.68.0/24 maxlen: 24
                          5.253.70.0/24 maxlen: 24
                          5.253.69.0/24 maxlen: 24
                          185.132.248.0/22 maxlen: 24
                          2a09:9900::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 22:31:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:70:74:30:88:25:13:c8:83:e1:bf:3b:08:84:a7:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6daacc448c4a23afc94a45a79b76dfbe830b2598
        Validity
            Not Before: Jan  2 03:04:55 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=903a7b5fa62b1b3eb28543a86115af54c763bc1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:33:65:f8:7f:2c:6c:2c:ae:0b:1d:d9:a0:26:
                    b5:ac:3f:07:bc:c8:c7:81:24:f8:ac:ea:52:72:b7:
                    9b:59:1d:ce:35:f0:f7:f5:b3:22:82:41:2f:38:09:
                    cc:8b:cf:5b:47:0a:21:0b:81:d4:12:f1:d9:0b:bd:
                    2c:96:e3:fe:a3:09:c3:a9:45:6e:17:b0:7e:7b:fb:
                    87:a8:9a:18:95:38:6e:af:d1:5d:25:77:33:26:91:
                    d2:a9:c3:16:1f:13:33:b8:ca:a0:a2:d8:cf:bb:14:
                    dc:5e:87:5f:09:bb:03:ec:e9:92:8f:87:da:0a:50:
                    78:ed:68:7a:90:25:10:49:58:00:eb:65:e8:54:c7:
                    78:72:04:a9:40:2d:18:76:42:7e:2c:5e:60:d4:f0:
                    3b:2f:91:6b:c1:d9:65:20:20:c6:f2:9b:48:20:54:
                    3e:4c:45:90:46:61:09:58:2f:5a:0f:2c:a8:f8:b6:
                    4f:64:6c:48:0e:9d:bf:28:89:3f:2d:b8:27:30:1e:
                    0a:f5:fd:00:12:fa:9f:36:f6:6a:86:5e:95:01:ea:
                    1a:02:0c:6d:24:f9:95:c9:b0:77:92:64:b3:b1:4d:
                    bb:bf:c8:9b:b2:55:95:48:ee:a0:8c:ce:63:cc:0c:
                    46:40:e3:2c:66:81:2d:b0:dd:a6:c1:3a:fd:ab:0a:
                    47:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:3A:7B:5F:A6:2B:1B:3E:B2:85:43:A8:61:15:AF:54:C7:63:BC:1B
            X509v3 Authority Key Identifier:
                keyid:6D:AA:CC:44:8C:4A:23:AF:C9:4A:45:A7:9B:76:DF:BE:83:0B:25:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/barMRIxKI6_JSkWnm3bfvoMLJZg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/34649e-9bc4-4018-b3a0-756f3cc3ec33/1/kDp7X6YrGz6yhUOoYRWvVMdjvBs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/34649e-9bc4-4018-b3a0-756f3cc3ec33/1/barMRIxKI6_JSkWnm3bfvoMLJZg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.133.24.0/21
                  5.253.68.0/22
                  45.146.12.0/22
                  185.132.248.0/22
                  193.7.220.0/22
                IPv6:
                  2a09:9900::/32

    Signature Algorithm: sha256WithRSAEncryption
         13:bf:78:cb:c1:04:09:56:14:32:58:20:03:0e:81:bb:50:71:
         6a:c1:98:de:b5:ed:d1:1c:09:0b:34:94:b7:bd:c0:fd:83:53:
         b1:54:a2:0c:40:c5:cb:4e:88:bb:fb:a8:88:e7:c9:a3:39:bb:
         9b:51:c3:0d:85:36:a0:63:d9:2c:df:ad:17:e2:17:33:46:ee:
         d7:25:ef:de:2a:2d:60:3c:1f:27:85:56:5f:3a:e3:ae:fe:77:
         17:01:cb:ef:31:ec:6c:08:48:11:f6:92:3d:94:cc:b6:4d:20:
         56:1f:5b:c1:01:60:a5:f9:a9:2c:f6:9c:3f:34:6e:cc:31:ce:
         2c:40:1e:66:12:d7:e9:8b:be:82:ee:c6:ad:89:89:e3:f8:8e:
         b8:9a:75:27:74:35:f9:e5:c5:51:5c:71:5b:98:fb:72:5d:e7:
         e0:4b:3b:47:06:04:ad:b5:c4:c8:f7:1b:eb:d4:61:0f:d9:a9:
         c6:72:1f:53:63:c4:15:c0:1b:fc:4e:72:bf:a2:11:46:77:45:
         f6:43:15:03:61:e8:ab:67:07:b7:3e:f4:12:1c:2b:ee:69:88:
         d2:bb:e0:6f:57:3f:aa:57:be:56:0a:d1:07:1b:47:46:ea:e7:
         19:4c:b4:43:b9:6d:fb:38:39:05:ab:bb:39:ce:17:07:0c:0b:
         d5:34:41:5c
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYVwcHQwiCUTyIPhvzsIhKciMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkYWFjYzQ0OGM0YTIzYWZjOTRhNDVhNzliNzZkZmJlODMw
YjI1OTgwHhcNMjMwMTAyMDMwNDU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDNhN2I1ZmE2MmIxYjNlYjI4NTQzYTg2MTE1YWY1NGM3NjNiYzFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyTNl+H8sbCyuCx3ZoCa1rD8HvMjH
gST4rOpScrebWR3ONfD39bMigkEvOAnMi89bRwohC4HUEvHZC70sluP+ownDqUVu
F7B+e/uHqJoYlThur9FdJXczJpHSqcMWHxMzuMqgotjPuxTcXodfCbsD7OmSj4fa
ClB47Wh6kCUQSVgA62XoVMd4cgSpQC0YdkJ+LF5g1PA7L5FrwdllICDG8ptIIFQ+
TEWQRmEJWC9aDyyo+LZPZGxIDp2/KIk/LbgnMB4K9f0AEvqfNvZqhl6VAeoaAgxt
JPmVybB3kmSzsU27v8ibslWVSO6gjM5jzAxGQOMsZoEtsN2mwTr9qwpH+wIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFJA6e1+mKxs+soVDqGEVr1THY7wbMB8GA1UdIwQY
MBaAFG2qzESMSiOvyUpFp5t2376DCyWYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmFyTVJJeEtJNl9KU2tXbm0zYmZ2b01MSlpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8zNDY0OWUtOWJjNC00MDE4LWIzYTAt
NzU2ZjNjYzNlYzMzLzEva0RwN1g2WXJHejZ5aFVPb1lSV3ZWTWRqdkJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8zNDY0OWUtOWJjNC00MDE4LWIzYTAtNzU2ZjNjYzNlYzMz
LzEvYmFyTVJJeEtJNl9KU2tXbm0zYmZ2b01MSlpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQDBYUYAwQC
Bf1EAwQCLZIMAwQCuYT4AwQCwQfcMA0EAgACMAcDBQAqCZkAMA0GCSqGSIb3DQEB
CwUAA4IBAQATv3jLwQQJVhQyWCADDoG7UHFqwZjete3RHAkLNJS3vcD9g1OxVKIM
QMXLToi7+6iI58mjObubUcMNhTagY9ks360X4hczRu7XJe/eKi1gPB8nhVZfOuOu
/ncXAcvvMexsCEgR9pI9lMy2TSBWH1vBAWCl+aks9pw/NG7MMc4sQB5mEtfpi76C
7satiYnj+I64mnUndDX55cVRXHFbmPtyXefgSztHBgSttcTI9xvr1GEP2anGch9T
Y8QVwBv8TnK/ohFGd0X2QxUDYeirZwe3PvQSHCvuaYjSu+BvVz+qV75WCtEHG0dG
6ucZTLRDuW37ODkFq7s5zhcHDAvVNEFc
-----END CERTIFICATE-----