Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/2959fb-88f6-49b5-bb00-83a0d9efec2d/1/DnHyUdf_6v1kJi-gun3GiO3BzNk.roa
File:                     DnHyUdf_6v1kJi-gun3GiO3BzNk.roa (raw, json)
Hash identifier:          KjuAgdSq13obK0VfEyuQuaIlfXAIrH7EMTocFOETdRs=
Subject key identifier:   0E:71:F2:51:D7:FF:EA:FD:64:26:2F:A0:BA:7D:C6:88:ED:C1:CC:D9
Certificate issuer:       /CN=f818dec325784010774820090e8e0a083ddddbdc
Certificate serial:       018854FCF842F9650CA920796B6EFCD5DBF0
Authority key identifier: F8:18:DE:C3:25:78:40:10:77:48:20:09:0E:8E:0A:08:3D:DD:DB:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-BjewyV4QBB3SCAJDo4KCD3d29w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/2959fb-88f6-49b5-bb00-83a0d9efec2d/1/DnHyUdf_6v1kJi-gun3GiO3BzNk.roa
Signing time:             Thu 25 May 2023 22:17:24 +0000
ROA not before:           Thu 25 May 2023 22:17:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     5618
IP address blocks:        62.193.16.0/24 maxlen: 24
                          62.193.17.0/24 maxlen: 24
                          62.193.12.0/23 maxlen: 23
                          62.193.13.0/24 maxlen: 24
                          62.193.14.0/23 maxlen: 23
                          62.193.14.0/24 maxlen: 24
                          62.193.15.0/24 maxlen: 24
                          62.193.18.0/24 maxlen: 24
                          62.193.20.0/24 maxlen: 24
                          62.193.21.0/24 maxlen: 24
                          62.193.3.0/24 maxlen: 24
                          62.193.4.0/24 maxlen: 24
                          62.193.5.0/24 maxlen: 24
                          62.193.6.0/24 maxlen: 24
                          62.193.7.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 20:30:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:54:fc:f8:42:f9:65:0c:a9:20:79:6b:6e:fc:d5:db:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f818dec325784010774820090e8e0a083ddddbdc
        Validity
            Not Before: May 25 22:17:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0e71f251d7ffeafd64262fa0ba7dc688edc1ccd9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:48:02:24:3b:de:bc:bf:51:20:b1:fe:0c:db:
                    c7:77:19:ef:0d:72:ac:be:88:76:49:c3:cd:03:6f:
                    32:4c:10:32:9a:c3:45:5c:01:50:20:2b:85:f0:4a:
                    42:42:32:34:b3:55:46:2a:66:ff:7e:f3:0c:e1:58:
                    7f:72:87:26:95:75:0b:49:20:a8:ea:48:68:65:de:
                    31:c9:f1:98:f6:a0:b0:3b:7c:1e:4f:7e:18:5c:73:
                    dc:b7:0c:1a:b3:46:27:6a:f1:27:d6:99:67:f2:a9:
                    cb:cc:ae:ca:79:c5:bf:b0:49:b7:74:27:25:c7:c5:
                    58:32:bf:48:1f:28:57:7d:17:22:1c:6c:8d:85:a6:
                    7b:30:20:32:10:15:a6:cc:05:56:5b:ed:f0:93:47:
                    0d:8f:10:2b:e2:b5:43:b6:68:2d:62:e5:d2:4e:47:
                    8f:14:00:a6:e8:ee:7c:05:c0:cc:61:96:aa:73:2f:
                    fd:e3:31:58:75:01:8e:5d:f1:e2:ab:0f:01:9d:28:
                    f5:bc:6d:22:75:8a:d6:26:2b:a0:a1:d4:07:a0:02:
                    33:a3:9f:c9:dc:bf:8b:3a:4e:0a:a2:cc:aa:12:aa:
                    f1:74:51:42:5c:bb:4b:07:bf:de:aa:7d:69:9c:aa:
                    41:af:e0:37:51:e4:9f:8c:85:8b:2d:36:f4:ee:ae:
                    0d:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:71:F2:51:D7:FF:EA:FD:64:26:2F:A0:BA:7D:C6:88:ED:C1:CC:D9
            X509v3 Authority Key Identifier:
                keyid:F8:18:DE:C3:25:78:40:10:77:48:20:09:0E:8E:0A:08:3D:DD:DB:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-BjewyV4QBB3SCAJDo4KCD3d29w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/2959fb-88f6-49b5-bb00-83a0d9efec2d/1/DnHyUdf_6v1kJi-gun3GiO3BzNk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/2959fb-88f6-49b5-bb00-83a0d9efec2d/1/1-BjewyV4QBB3SCAJDo4KCD3d29w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.193.3.0-62.193.7.255
                  62.193.12.0-62.193.18.255
                  62.193.20.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9b:d7:26:45:81:46:e2:e4:0f:01:3f:d8:9a:9a:74:de:5f:86:
         58:e8:d8:c6:df:6c:f4:78:f2:19:33:14:cd:94:72:5f:5b:fa:
         e5:4c:d9:b4:68:d6:cd:03:de:2b:b1:ad:db:05:95:fa:0f:0e:
         4b:f2:6b:05:40:2e:8d:82:8d:a4:78:45:88:29:25:ac:e7:39:
         ea:71:04:ba:9e:9f:66:4e:d0:2c:a9:62:14:98:ca:c6:22:f7:
         05:01:af:89:b1:cf:05:b3:2c:b1:1d:ac:0d:b5:ca:4e:d4:c5:
         82:46:57:f1:51:ea:2a:45:27:e3:53:6a:f5:50:a8:ad:a6:5d:
         ae:1f:14:6f:2a:56:0c:10:a7:85:1d:fd:bb:65:ca:4b:b4:ee:
         fe:ce:d4:0d:d2:d5:7c:b3:0b:59:07:ec:c6:7b:65:bb:16:03:
         74:f2:d7:d2:6c:16:96:d2:23:b2:1e:2f:82:4b:13:fb:41:14:
         b6:08:9c:d3:8e:ce:21:67:96:7f:5d:07:dd:b3:f5:c1:fc:0b:
         2d:44:ce:27:ae:53:4a:66:bc:47:26:1d:c4:f3:83:4f:7e:78:
         21:fe:20:30:47:e3:84:0f:2b:92:c8:06:0b:9c:90:76:a6:09:
         6a:61:bf:a1:ce:d0:88:7c:de:a1:c7:98:7b:a0:de:6a:41:d3:
         06:84:eb:f1
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYhU/PhC+WUMqSB5a2781dvwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4MThkZWMzMjU3ODQwMTA3NzQ4MjAwOTBlOGUwYTA4M2Rk
ZGRiZGMwHhcNMjMwNTI1MjIxNzI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTcxZjI1MWQ3ZmZlYWZkNjQyNjJmYTBiYTdkYzY4OGVkYzFjY2Q5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnEgCJDvevL9RILH+DNvHdxnvDXKs
voh2ScPNA28yTBAymsNFXAFQICuF8EpCQjI0s1VGKmb/fvMM4Vh/cocmlXULSSCo
6khoZd4xyfGY9qCwO3weT34YXHPctwwas0YnavEn1pln8qnLzK7KecW/sEm3dCcl
x8VYMr9IHyhXfRciHGyNhaZ7MCAyEBWmzAVWW+3wk0cNjxAr4rVDtmgtYuXSTkeP
FACm6O58BcDMYZaqcy/94zFYdQGOXfHiqw8BnSj1vG0idYrWJiugodQHoAIzo5/J
3L+LOk4KosyqEqrxdFFCXLtLB7/eqn1pnKpBr+A3UeSfjIWLLTb07q4NxwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFA5x8lHX/+r9ZCYvoLp9xojtwczZMB8GA1UdIwQY
MBaAFPgY3sMleEAQd0ggCQ6OCgg93dvcMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1CamV3eVY0UUJCM1NDQUpEbzRLQ0QzZDI5dy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjkvMjk1OWZiLTg4ZjYtNDliNS1iYjAw
LTgzYTBkOWVmZWMyZC8xL0RuSHlVZGZfNnYxa0ppLWd1bjNHaU8zQnpOay5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNjkvMjk1OWZiLTg4ZjYtNDliNS1iYjAwLTgzYTBkOWVmZWMy
ZC8xLzEtQmpld3lWNFFCQjNTQ0FKRG80S0NEM2QyOXcuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwOwYIKwYBBQUHAQcBAf8ELDAqMCgEAgABMCIwDAMEAD7B
AwMEAz7BADAMAwQCPsEMAwQAPsESAwQBPsEUMA0GCSqGSIb3DQEBCwUAA4IBAQCb
1yZFgUbi5A8BP9iamnTeX4ZY6NjG32z0ePIZMxTNlHJfW/rlTNm0aNbNA94rsa3b
BZX6Dw5L8msFQC6Ngo2keEWIKSWs5znqcQS6np9mTtAsqWIUmMrGIvcFAa+Jsc8F
syyxHawNtcpO1MWCRlfxUeoqRSfjU2r1UKitpl2uHxRvKlYMEKeFHf27ZcpLtO7+
ztQN0tV8swtZB+zGe2W7FgN08tfSbBaW0iOyHi+CSxP7QRS2CJzTjs4hZ5Z/XQfd
s/XB/AstRM4nrlNKZrxHJh3E84NPfngh/iAwR+OEDyuSyAYLnJB2pglqYb+hztCI
fN6hx5h7oN5qQdMGhOvx
-----END CERTIFICATE-----