Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/2f98cb-6d94-48a1-8dba-d646767c5f13/1/bu6XD75Vh1B9KIfIvpD1I9Q3v7k.roa
File:                     bu6XD75Vh1B9KIfIvpD1I9Q3v7k.roa (raw, json)
Hash identifier:          zrYYUhSHNPoxdHHh6tQL1fc3l6/mlBh00J7It1+oEsA=
Subject key identifier:   6E:EE:97:0F:BE:55:87:50:7D:28:87:C8:BE:90:F5:23:D4:37:BF:B9
Certificate issuer:       /CN=6dfc1438ee0815a9bf8b73f9a7ced094f21ac79e
Certificate serial:       0186B742E8A54E1CCA81F73495212034583B
Authority key identifier: 6D:FC:14:38:EE:08:15:A9:BF:8B:73:F9:A7:CE:D0:94:F2:1A:C7:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bfwUOO4IFam_i3P5p87QlPIax54.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/2f98cb-6d94-48a1-8dba-d646767c5f13/1/bu6XD75Vh1B9KIfIvpD1I9Q3v7k.roa
Signing time:             Mon 06 Mar 2023 14:11:00 +0000
ROA not before:           Mon 06 Mar 2023 14:11:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43256
IP address blocks:        217.171.91.0/24 maxlen: 24
                          217.171.90.0/24 maxlen: 24
                          217.171.89.0/24 maxlen: 24
                          217.171.88.0/24 maxlen: 24
                          31.209.130.0/24 maxlen: 24
                          31.209.129.0/24 maxlen: 24
                          31.209.133.0/24 maxlen: 24
                          31.209.135.0/24 maxlen: 24
                          31.209.134.0/24 maxlen: 24
                          217.171.93.0/24 maxlen: 24
                          217.171.92.0/24 maxlen: 24
                          217.171.94.0/24 maxlen: 24
                          217.171.95.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 07 Mar 2023 20:11:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:b7:42:e8:a5:4e:1c:ca:81:f7:34:95:21:20:34:58:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6dfc1438ee0815a9bf8b73f9a7ced094f21ac79e
        Validity
            Not Before: Mar  6 14:11:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6eee970fbe5587507d2887c8be90f523d437bfb9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:9e:54:e0:e8:59:60:53:f4:d6:3a:a1:dd:8e:
                    a6:fe:a7:85:d8:bd:64:b0:4a:85:07:b9:22:f5:c7:
                    2a:4f:88:1b:90:1d:12:eb:bf:85:8a:cf:e6:ec:69:
                    02:49:22:66:d6:0f:4e:f7:89:17:2c:50:7f:15:aa:
                    4d:41:8e:09:d4:d7:f4:c2:49:a3:bb:18:cb:3d:ea:
                    b6:cf:40:55:4c:9a:dc:24:85:12:05:b2:ed:07:23:
                    17:e7:4b:6d:4f:3c:0d:b8:87:91:95:01:8b:95:52:
                    8b:7d:6c:e3:91:96:44:96:f3:1a:8f:17:34:f6:b6:
                    fe:d0:0b:16:9e:ff:53:66:07:e6:1d:29:f4:78:59:
                    ca:45:26:11:6f:5e:61:b2:51:c6:a1:c7:d8:84:c8:
                    e2:45:b3:db:22:a7:2d:4d:4d:2c:70:18:bd:8f:d5:
                    b9:32:7d:95:61:8b:4d:35:cd:f7:93:ab:79:53:a0:
                    c1:98:b3:8c:dc:74:9f:e5:40:b8:a2:d7:1b:b7:c9:
                    82:51:8b:88:05:08:a2:13:2e:49:94:cc:91:96:ab:
                    b9:81:90:63:b4:00:ee:75:15:e9:21:62:92:43:1a:
                    59:50:df:ad:da:72:a3:87:58:db:04:fe:4d:0f:32:
                    29:3b:31:af:58:83:4b:50:bc:cc:06:ce:e0:93:7f:
                    ad:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:EE:97:0F:BE:55:87:50:7D:28:87:C8:BE:90:F5:23:D4:37:BF:B9
            X509v3 Authority Key Identifier:
                keyid:6D:FC:14:38:EE:08:15:A9:BF:8B:73:F9:A7:CE:D0:94:F2:1A:C7:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bfwUOO4IFam_i3P5p87QlPIax54.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/2f98cb-6d94-48a1-8dba-d646767c5f13/1/bu6XD75Vh1B9KIfIvpD1I9Q3v7k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/2f98cb-6d94-48a1-8dba-d646767c5f13/1/bfwUOO4IFam_i3P5p87QlPIax54.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.209.129.0-31.209.130.255
                  31.209.133.0-31.209.135.255
                  217.171.88.0/21

    Signature Algorithm: sha256WithRSAEncryption
         8b:29:64:a8:6d:dd:ab:3e:56:44:fb:59:00:e5:69:48:8e:1f:
         12:cc:ac:48:c7:69:1b:d3:72:b0:77:79:f1:49:e0:33:55:97:
         cf:7d:9c:b6:70:44:1a:16:93:0c:17:3e:29:cb:76:b0:d2:f1:
         78:9f:19:04:42:24:92:e5:af:93:ca:44:5e:52:f7:64:7f:57:
         51:84:59:05:ef:93:cb:eb:f6:ee:2e:67:4f:e2:8a:06:7c:d8:
         46:6b:30:12:73:a2:9f:05:82:ca:5e:6a:74:bb:d8:d8:b2:0b:
         3a:7c:f4:e1:97:52:1d:0b:66:eb:8a:cb:06:f6:a1:5b:60:c8:
         c2:78:cd:2e:f9:7e:0e:06:73:11:63:af:35:0e:c8:b1:59:02:
         b9:a4:1c:9f:31:5d:e3:94:d0:ee:69:d3:67:b3:f0:23:d1:dd:
         99:b0:4c:a6:4a:1d:6c:12:fd:a5:7a:27:d5:7f:d5:50:e0:01:
         4f:59:a0:17:31:a4:d5:d4:c4:99:98:be:87:eb:f7:37:db:07:
         07:73:a3:ca:28:e7:74:32:f2:f0:59:7c:b6:57:74:03:10:dc:
         35:dc:4e:6b:20:02:43:3f:64:12:de:e4:22:5f:13:b8:40:1b:
         39:b6:b9:68:dc:0a:c7:06:44:de:05:77:45:ea:5f:37:90:8d:
         10:82:2e:70
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAYa3QuilThzKgfc0lSEgNFg7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZmMxNDM4ZWUwODE1YTliZjhiNzNmOWE3Y2VkMDk0ZjIx
YWM3OWUwHhcNMjMwMzA2MTQxMTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWVlOTcwZmJlNTU4NzUwN2QyODg3YzhiZTkwZjUyM2Q0MzdiZmI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiJ5U4OhZYFP01jqh3Y6m/qeF2L1k
sEqFB7ki9ccqT4gbkB0S67+Fis/m7GkCSSJm1g9O94kXLFB/FapNQY4J1Nf0wkmj
uxjLPeq2z0BVTJrcJIUSBbLtByMX50ttTzwNuIeRlQGLlVKLfWzjkZZElvMajxc0
9rb+0AsWnv9TZgfmHSn0eFnKRSYRb15hslHGocfYhMjiRbPbIqctTU0scBi9j9W5
Mn2VYYtNNc33k6t5U6DBmLOM3HSf5UC4otcbt8mCUYuIBQiiEy5JlMyRlqu5gZBj
tADudRXpIWKSQxpZUN+t2nKjh1jbBP5NDzIpOzGvWINLULzMBs7gk3+tIQIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFG7ulw++VYdQfSiHyL6Q9SPUN7+5MB8GA1UdIwQY
MBaAFG38FDjuCBWpv4tz+afO0JTyGseeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmZ3VU9PNElGYW1faTNQNXA4N1FsUElheDU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC8yZjk4Y2ItNmQ5NC00OGExLThkYmEt
ZDY0Njc2N2M1ZjEzLzEvYnU2WEQ3NVZoMUI5S0lmSXZwRDFJOVEzdjdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC8yZjk4Y2ItNmQ5NC00OGExLThkYmEtZDY0Njc2N2M1ZjEz
LzEvYmZ3VU9PNElGYW1faTNQNXA4N1FsUElheDU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAoBAIAATAiMAwDBAAf0YED
BAAf0YIwDAMEAB/RhQMEAx/RgAMEA9mrWDANBgkqhkiG9w0BAQsFAAOCAQEAiylk
qG3dqz5WRPtZAOVpSI4fEsysSMdpG9NysHd58UngM1WXz32ctnBEGhaTDBc+Kct2
sNLxeJ8ZBEIkkuWvk8pEXlL3ZH9XUYRZBe+Ty+v27i5nT+KKBnzYRmswEnOinwWC
yl5qdLvY2LILOnz04ZdSHQtm64rLBvahW2DIwnjNLvl+DgZzEWOvNQ7IsVkCuaQc
nzFd45TQ7mnTZ7PwI9HdmbBMpkodbBL9pXon1X/VUOABT1mgFzGk1dTEmZi+h+v3
N9sHB3OjyijndDLy8Fl8tld0AxDcNdxOayACQz9kEt7kIl8TuEAbOba5aNwKxwZE
3gV3RepfN5CNEIIucA==
-----END CERTIFICATE-----