Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/2f98cb-6d94-48a1-8dba-d646767c5f13/1/8h690yMofzTGpjgde9GS25c-pKQ.roa
File:                     8h690yMofzTGpjgde9GS25c-pKQ.roa (raw, json)
Hash identifier:          oCUp1yUNsMvScFlPn38XI+z/ExjS59gL4Sp08S0xSrs=
Subject key identifier:   F2:1E:BD:D3:23:28:7F:34:C6:A6:38:1D:7B:D1:92:DB:97:3E:A4:A4
Certificate issuer:       /CN=6dfc1438ee0815a9bf8b73f9a7ced094f21ac79e
Certificate serial:       0186BDB2DB2BC43CB42DC2B200587D56B99A
Authority key identifier: 6D:FC:14:38:EE:08:15:A9:BF:8B:73:F9:A7:CE:D0:94:F2:1A:C7:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bfwUOO4IFam_i3P5p87QlPIax54.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/2f98cb-6d94-48a1-8dba-d646767c5f13/1/8h690yMofzTGpjgde9GS25c-pKQ.roa
Signing time:             Tue 07 Mar 2023 20:11:00 +0000
ROA not before:           Tue 07 Mar 2023 20:11:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43256
IP address blocks:        31.209.130.0/24 maxlen: 24
                          31.209.129.0/24 maxlen: 24
                          31.209.133.0/24 maxlen: 24
                          31.209.135.0/24 maxlen: 24
                          31.209.134.0/24 maxlen: 24
                          217.171.90.0/24 maxlen: 24
                          217.171.89.0/24 maxlen: 24
                          217.171.88.0/24 maxlen: 24
                          217.171.94.0/24 maxlen: 24
                          217.171.93.0/24 maxlen: 24
                          217.171.92.0/24 maxlen: 24
                          217.171.95.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 08 Mar 2023 11:54:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:bd:b2:db:2b:c4:3c:b4:2d:c2:b2:00:58:7d:56:b9:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6dfc1438ee0815a9bf8b73f9a7ced094f21ac79e
        Validity
            Not Before: Mar  7 20:11:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f21ebdd323287f34c6a6381d7bd192db973ea4a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:c6:b8:4b:9e:0e:83:ea:49:ae:51:c2:1e:62:
                    80:b1:7a:cb:24:38:01:3c:0e:7d:fa:d8:42:f2:4e:
                    8f:a5:63:72:31:29:87:1b:98:8c:77:91:37:90:a7:
                    0d:d0:39:b7:68:3f:f5:2a:9f:26:17:3d:ca:90:6f:
                    16:7c:44:04:bb:ae:f8:cf:c6:68:cd:a5:ff:f5:6b:
                    03:9b:9e:5e:2f:64:f6:4d:15:a8:4f:25:0f:fc:3e:
                    4d:a1:0b:d2:6c:73:7e:eb:76:79:62:81:73:53:16:
                    38:d7:66:01:ca:6b:c1:c3:57:c7:65:a8:71:fc:b8:
                    55:88:52:c0:f1:b8:b1:01:8c:28:a8:85:c5:4f:1f:
                    0c:dd:04:63:ae:8b:44:c1:dd:1b:ea:7b:55:ac:ae:
                    5a:28:c1:b6:52:21:2b:70:a8:f1:8b:0b:65:93:10:
                    2e:f0:5c:38:90:f8:19:d3:6e:12:05:e8:a5:64:81:
                    86:94:9d:48:37:47:50:54:68:08:45:fa:e7:22:3e:
                    67:bf:8c:21:0e:5a:e6:37:cc:fa:bb:b5:7a:02:c3:
                    46:4e:51:65:7a:a4:ee:e2:79:91:2a:ff:45:24:80:
                    dc:32:80:1e:cb:d6:52:1c:e8:58:39:d3:b8:a4:5d:
                    4c:8f:f5:51:b7:1a:58:23:33:c8:ed:90:1c:ed:45:
                    72:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:1E:BD:D3:23:28:7F:34:C6:A6:38:1D:7B:D1:92:DB:97:3E:A4:A4
            X509v3 Authority Key Identifier:
                keyid:6D:FC:14:38:EE:08:15:A9:BF:8B:73:F9:A7:CE:D0:94:F2:1A:C7:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bfwUOO4IFam_i3P5p87QlPIax54.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/2f98cb-6d94-48a1-8dba-d646767c5f13/1/8h690yMofzTGpjgde9GS25c-pKQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/2f98cb-6d94-48a1-8dba-d646767c5f13/1/bfwUOO4IFam_i3P5p87QlPIax54.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.209.129.0-31.209.130.255
                  31.209.133.0-31.209.135.255
                  217.171.88.0-217.171.90.255
                  217.171.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         45:a2:72:35:bc:3c:83:a0:b5:f9:e1:1c:3e:56:cd:53:47:28:
         82:27:70:e4:cf:46:32:eb:8e:58:73:13:68:62:fe:97:d5:55:
         70:22:66:35:5c:1f:c3:e8:8a:f3:5e:fb:9a:3f:d2:28:8d:fa:
         f4:0e:e2:d7:d2:84:ce:04:90:77:42:3a:e6:b0:21:d2:11:f0:
         16:3a:09:b9:3c:92:01:89:a8:b5:50:d9:c2:e9:40:fb:08:07:
         c9:5e:01:09:f8:b2:20:18:8c:d0:d2:a9:6d:05:29:68:39:ad:
         1e:8b:55:78:c1:8a:bd:29:18:7a:fb:b9:60:a1:2c:47:d7:48:
         dc:0d:0f:96:8e:5f:b9:f7:92:f8:6f:f9:b6:94:3d:71:e1:7a:
         0f:2c:36:a8:69:18:80:7f:31:d4:cb:9f:42:b9:58:16:e1:96:
         87:84:05:6f:4c:2a:62:75:41:1b:8c:ff:23:e6:41:94:c5:0b:
         2c:ad:91:08:1e:f9:ab:7c:4e:f2:c3:96:de:1b:f9:92:6c:34:
         87:da:dc:b5:80:5a:86:4d:c7:a0:46:f1:6d:2f:f2:f5:40:72:
         0f:ba:af:f5:e4:ea:e3:db:5e:ae:73:08:f2:da:f4:16:68:1e:
         b4:37:b6:c2:b9:ec:8c:e3:87:11:f1:43:e9:8a:78:4e:e6:3a:
         2a:12:8d:0b
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYa9stsrxDy0LcKyAFh9VrmaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZmMxNDM4ZWUwODE1YTliZjhiNzNmOWE3Y2VkMDk0ZjIx
YWM3OWUwHhcNMjMwMzA3MjAxMTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjFlYmRkMzIzMjg3ZjM0YzZhNjM4MWQ3YmQxOTJkYjk3M2VhNGE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAosa4S54Og+pJrlHCHmKAsXrLJDgB
PA59+thC8k6PpWNyMSmHG5iMd5E3kKcN0Dm3aD/1Kp8mFz3KkG8WfEQEu674z8Zo
zaX/9WsDm55eL2T2TRWoTyUP/D5NoQvSbHN+63Z5YoFzUxY412YBymvBw1fHZahx
/LhViFLA8bixAYwoqIXFTx8M3QRjrotEwd0b6ntVrK5aKMG2UiErcKjxiwtlkxAu
8Fw4kPgZ024SBeilZIGGlJ1IN0dQVGgIRfrnIj5nv4whDlrmN8z6u7V6AsNGTlFl
eqTu4nmRKv9FJIDcMoAey9ZSHOhYOdO4pF1Mj/VRtxpYIzPI7ZAc7UVyUwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFPIevdMjKH80xqY4HXvRktuXPqSkMB8GA1UdIwQY
MBaAFG38FDjuCBWpv4tz+afO0JTyGseeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmZ3VU9PNElGYW1faTNQNXA4N1FsUElheDU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC8yZjk4Y2ItNmQ5NC00OGExLThkYmEt
ZDY0Njc2N2M1ZjEzLzEvOGg2OTB5TW9melRHcGpnZGU5R1MyNWMtcEtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC8yZjk4Y2ItNmQ5NC00OGExLThkYmEtZDY0Njc2N2M1ZjEz
LzEvYmZ3VU9PNElGYW1faTNQNXA4N1FsUElheDU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwMAwDBAAf0YED
BAAf0YIwDAMEAB/RhQMEAx/RgDAMAwQD2atYAwQA2ataAwQC2atcMA0GCSqGSIb3
DQEBCwUAA4IBAQBFonI1vDyDoLX54Rw+Vs1TRyiCJ3Dkz0Yy645YcxNoYv6X1VVw
ImY1XB/D6IrzXvuaP9Iojfr0DuLX0oTOBJB3QjrmsCHSEfAWOgm5PJIBiai1UNnC
6UD7CAfJXgEJ+LIgGIzQ0qltBSloOa0ei1V4wYq9KRh6+7lgoSxH10jcDQ+Wjl+5
95L4b/m2lD1x4XoPLDaoaRiAfzHUy59CuVgW4ZaHhAVvTCpidUEbjP8j5kGUxQss
rZEIHvmrfE7yw5beG/mSbDSH2ty1gFqGTcegRvFtL/L1QHIPuq/15Orj216ucwjy
2vQWaB60N7bCueyM44cR8UPpinhO5joqEo0L
-----END CERTIFICATE-----