Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/f90d83-02be-4e5f-bd0f-929f106630f1/1/_puZWipaQF3a0dL71vKfIC4hDn0.roa
File:                     _puZWipaQF3a0dL71vKfIC4hDn0.roa (raw, json)
Hash identifier:          1UFUUqZtgVTQyPe+F2ENS5n+S3/lYIzN+hTJ+jtzg58=
Subject key identifier:   FE:9B:99:5A:2A:5A:40:5D:DA:D1:D2:FB:D6:F2:9F:20:2E:21:0E:7D
Certificate issuer:       /CN=2f3136ed10998580a517d9598abca33d9ba66599
Certificate serial:       01870079118F0852E9F915C856255CBA3CC0
Authority key identifier: 2F:31:36:ED:10:99:85:80:A5:17:D9:59:8A:BC:A3:3D:9B:A6:65:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LzE27RCZhYClF9lZiryjPZumZZk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/f90d83-02be-4e5f-bd0f-929f106630f1/1/_puZWipaQF3a0dL71vKfIC4hDn0.roa
Signing time:             Mon 20 Mar 2023 19:22:27 +0000
ROA not before:           Mon 20 Mar 2023 19:22:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     14340
IP address blocks:        194.145.16.0/21 maxlen: 24
                          159.92.0.0/16 maxlen: 24
                          161.71.0.0/17 maxlen: 24
                          163.79.128.0/17 maxlen: 24
                          151.106.128.0/20 maxlen: 24
                          185.79.140.0/22 maxlen: 24
                          194.145.0.0/20 maxlen: 24
                          85.222.128.0/19 maxlen: 24
                          163.76.128.0/17 maxlen: 24
                          151.106.216.0/22 maxlen: 24
                          161.71.128.0/17 maxlen: 24
                          151.106.220.0/22 maxlen: 24
                          151.106.144.0/20 maxlen: 24
                          160.8.0.0/16 maxlen: 24

Validation:               Failed, certificate revoked on Tue 28 Mar 2023 15:26:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:00:79:11:8f:08:52:e9:f9:15:c8:56:25:5c:ba:3c:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f3136ed10998580a517d9598abca33d9ba66599
        Validity
            Not Before: Mar 20 19:22:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=fe9b995a2a5a405ddad1d2fbd6f29f202e210e7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:04:73:fb:3f:aa:8a:3b:79:bf:3e:1f:2d:9d:
                    6d:c4:45:d3:ad:19:77:2f:74:b0:4a:6b:98:03:8c:
                    fc:22:82:62:50:34:4c:30:83:91:9e:e1:bd:76:2e:
                    16:e5:12:6a:70:07:5a:74:11:1a:fa:cf:5d:62:57:
                    7f:12:e0:6c:17:34:46:a3:20:22:1a:94:f5:57:8a:
                    03:13:0f:85:28:f0:46:e3:ee:78:f3:2a:41:4d:98:
                    d1:71:d5:97:ad:14:0e:a4:20:75:cf:7a:96:04:92:
                    2b:18:6a:d7:4d:ae:d2:ff:c8:89:e3:38:87:c8:37:
                    45:33:0d:01:10:b4:de:36:9c:36:b8:74:0e:b6:48:
                    a3:d9:97:7b:b9:48:41:ff:c4:56:df:8d:2f:39:ac:
                    f4:97:d0:3c:6e:9e:44:a1:85:12:a3:0d:04:da:6c:
                    a5:04:6c:09:24:76:66:4a:8a:44:b7:81:04:15:cd:
                    0c:de:29:f6:a2:ed:ef:29:64:60:5b:77:be:12:52:
                    31:67:a9:6f:0a:83:0b:4b:3a:49:60:65:c1:f8:10:
                    64:79:31:2a:67:75:b2:75:e6:ba:de:b9:7b:07:2e:
                    61:e9:a7:72:b0:15:00:4d:dd:99:38:66:bc:7e:01:
                    d4:9d:dd:94:68:aa:32:1f:b0:0f:93:22:88:f6:6b:
                    22:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:9B:99:5A:2A:5A:40:5D:DA:D1:D2:FB:D6:F2:9F:20:2E:21:0E:7D
            X509v3 Authority Key Identifier:
                keyid:2F:31:36:ED:10:99:85:80:A5:17:D9:59:8A:BC:A3:3D:9B:A6:65:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LzE27RCZhYClF9lZiryjPZumZZk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f90d83-02be-4e5f-bd0f-929f106630f1/1/_puZWipaQF3a0dL71vKfIC4hDn0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f90d83-02be-4e5f-bd0f-929f106630f1/1/LzE27RCZhYClF9lZiryjPZumZZk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.222.128.0/19
                  151.106.128.0/19
                  151.106.216.0/21
                  159.92.0.0/16
                  160.8.0.0/16
                  161.71.0.0/16
                  163.76.128.0/17
                  163.79.128.0/17
                  185.79.140.0/22
                  194.145.0.0-194.145.23.255

    Signature Algorithm: sha256WithRSAEncryption
         1d:fb:e2:7e:77:cc:7b:05:dc:53:67:31:2d:93:29:a6:59:c1:
         22:92:9d:db:d4:08:ea:0f:05:90:0a:cd:7d:99:ba:07:1e:fe:
         6f:ec:32:5c:8c:5c:7d:fe:77:9f:92:6f:d9:63:34:dd:15:03:
         36:f5:91:4d:65:4f:89:77:32:83:03:41:5c:3d:30:ae:7a:9a:
         fe:bc:18:4b:96:2a:b8:c9:71:18:d9:97:ea:9b:81:d8:04:f4:
         5b:2b:0b:66:92:7e:18:ca:f4:b5:68:3d:1e:e2:04:f2:16:72:
         b3:c5:5c:44:9e:0b:9b:a8:9c:c2:15:43:07:01:9b:20:06:a3:
         f8:17:5c:55:2b:e7:ab:29:83:c8:2d:be:18:97:0a:61:7b:ec:
         61:cb:29:a1:b2:a9:dc:9a:87:bd:4d:e5:2b:47:8e:8e:a9:89:
         19:ec:68:5f:28:f9:f1:23:4f:65:fe:39:22:49:25:53:63:23:
         83:32:99:8c:0f:4b:45:87:01:60:78:da:c6:a0:1a:8e:d7:99:
         70:07:b0:94:5c:8a:4f:97:d1:87:ff:3e:05:96:67:45:65:f5:
         ff:d4:97:08:b1:4a:7f:31:da:fd:7c:f9:d3:d4:91:75:99:32:
         fe:76:27:2f:61:4a:f8:b2:6e:40:b8:93:55:94:5d:a4:bb:b2:
         41:4c:73:85
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAYcAeRGPCFLp+RXIViVcujzAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmMzEzNmVkMTA5OTg1ODBhNTE3ZDk1OThhYmNhMzNkOWJh
NjY1OTkwHhcNMjMwMzIwMTkyMjI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTliOTk1YTJhNWE0MDVkZGFkMWQyZmJkNmYyOWYyMDJlMjEwZTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgARz+z+qijt5vz4fLZ1txEXTrRl3
L3SwSmuYA4z8IoJiUDRMMIORnuG9di4W5RJqcAdadBEa+s9dYld/EuBsFzRGoyAi
GpT1V4oDEw+FKPBG4+548ypBTZjRcdWXrRQOpCB1z3qWBJIrGGrXTa7S/8iJ4ziH
yDdFMw0BELTeNpw2uHQOtkij2Zd7uUhB/8RW340vOaz0l9A8bp5EoYUSow0E2myl
BGwJJHZmSopEt4EEFc0M3in2ou3vKWRgW3e+ElIxZ6lvCoMLSzpJYGXB+BBkeTEq
Z3Wydea63rl7By5h6adysBUATd2ZOGa8fgHUnd2UaKoyH7APkyKI9msi3wIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFP6bmVoqWkBd2tHS+9bynyAuIQ59MB8GA1UdIwQY
MBaAFC8xNu0QmYWApRfZWYq8oz2bpmWZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHpFMjdSQ1poWUNsRjlsWmlyeWpQWnVtWlprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9mOTBkODMtMDJiZS00ZTVmLWJkMGYt
OTI5ZjEwNjYzMGYxLzEvX3B1WldpcGFRRjNhMGRMNzF2S2ZJQzRoRG4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9mOTBkODMtMDJiZS00ZTVmLWJkMGYtOTI5ZjEwNjYzMGYx
LzEvTHpFMjdSQ1poWUNsRjlsWmlyeWpQWnVtWlprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDBGBAIAATBAAwQFVd6AAwQF
l2qAAwQDl2rYAwMAn1wDAwCgCAMDAKFHAwQHo0yAAwQHo0+AAwQCuU+MMAsDAwDC
kQMEA8KREDANBgkqhkiG9w0BAQsFAAOCAQEAHfvifnfMewXcU2cxLZMpplnBIpKd
29QI6g8FkArNfZm6Bx7+b+wyXIxcff53n5Jv2WM03RUDNvWRTWVPiXcygwNBXD0w
rnqa/rwYS5YquMlxGNmX6puB2AT0WysLZpJ+GMr0tWg9HuIE8hZys8VcRJ4Lm6ic
whVDBwGbIAaj+BdcVSvnqymDyC2+GJcKYXvsYcspobKp3JqHvU3lK0eOjqmJGexo
Xyj58SNPZf45IkklU2MjgzKZjA9LRYcBYHjaxqAajteZcAewlFyKT5fRh/8+BZZn
RWX1/9SXCLFKfzHa/Xz509SRdZky/nYnL2FK+LJuQLiTVZRdpLuyQUxzhQ==
-----END CERTIFICATE-----