Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/EgumW0uaWqnI5uBxAJy7VpMxni0.roa
File:                     EgumW0uaWqnI5uBxAJy7VpMxni0.roa (raw, json)
Hash identifier:          M7uI5T0swDYOOWhQvGGPa+oSbPCKdi6XMk5BfvViUp8=
Subject key identifier:   12:0B:A6:5B:4B:9A:5A:A9:C8:E6:E0:71:00:9C:BB:56:93:31:9E:2D
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       018590E4A53EC8A8062BB79B20DED1B1B82A
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/EgumW0uaWqnI5uBxAJy7VpMxni0.roa
Signing time:             Sun 08 Jan 2023 10:19:41 +0000
ROA not before:           Sun 08 Jan 2023 10:19:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     7018
IP address blocks:        185.86.142.0/23 maxlen: 24
                          185.86.140.0/23 maxlen: 24
                          37.218.208.0/21 maxlen: 24
                          37.218.216.0/21 maxlen: 24
                          188.215.120.0/22 maxlen: 24
                          89.46.180.0/22 maxlen: 24
                          149.126.88.0/22 maxlen: 24
                          130.255.64.0/22 maxlen: 24
                          130.255.68.0/22 maxlen: 24
                          31.186.180.0/22 maxlen: 24
                          46.20.210.0/23 maxlen: 24

Validation:               Failed, certificate revoked on Sat 21 Jan 2023 07:38:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:90:e4:a5:3e:c8:a8:06:2b:b7:9b:20:de:d1:b1:b8:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: Jan  8 10:19:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=120ba65b4b9a5aa9c8e6e071009cbb5693319e2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:c3:30:11:69:ff:6e:5d:9c:b3:10:6d:6b:de:
                    d8:ab:50:79:81:31:cd:e3:54:65:ce:3f:36:88:da:
                    7b:37:57:b9:fa:69:d7:a4:7b:b3:e5:b3:57:91:ff:
                    15:92:6e:0d:31:6d:0e:2d:d9:0f:40:73:92:48:ad:
                    55:dc:33:9e:50:24:21:52:06:0c:d9:55:b1:0f:bd:
                    f5:f0:89:47:86:56:72:78:82:f6:c9:2c:e2:cc:ff:
                    ca:b9:27:2e:f2:6b:70:1a:62:50:1b:99:05:be:3b:
                    d1:2a:a7:c3:f6:51:07:50:f1:d8:5c:e0:91:a0:15:
                    d3:86:5a:8f:64:d8:11:51:19:fb:e7:8a:0c:02:75:
                    b2:1d:c8:2a:2d:6d:f8:c9:3d:a5:6b:00:1e:6a:a1:
                    f1:29:90:c7:c3:d4:27:7c:63:cb:df:fa:40:5a:60:
                    97:f5:0d:c9:b7:75:d9:c4:06:e7:a0:bb:a5:bc:73:
                    c7:18:de:ca:46:52:91:1d:09:e8:3b:b6:fe:c7:d3:
                    59:41:9a:30:fe:c1:19:f5:6c:86:6a:a1:f1:9c:ab:
                    17:42:34:cb:46:fe:01:ef:91:2a:d9:e6:47:87:5e:
                    4d:fd:dd:76:37:c8:43:d0:19:29:e1:c9:94:72:06:
                    a7:46:85:8b:87:1e:7f:57:5a:c6:d2:ff:f4:94:31:
                    22:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:0B:A6:5B:4B:9A:5A:A9:C8:E6:E0:71:00:9C:BB:56:93:31:9E:2D
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/EgumW0uaWqnI5uBxAJy7VpMxni0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.186.180.0/22
                  37.218.208.0/20
                  46.20.210.0/23
                  89.46.180.0/22
                  130.255.64.0/21
                  149.126.88.0/22
                  185.86.140.0/22
                  188.215.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9b:57:da:f0:da:c5:e5:69:06:8f:62:f9:38:4d:5d:89:4d:ce:
         e7:a1:58:c1:e2:17:02:ee:cd:f0:8c:77:be:ec:e8:2d:16:90:
         87:7b:53:b1:c8:03:29:7b:b8:61:7e:ab:7f:25:91:57:ec:dc:
         27:a2:2c:cd:c4:8f:da:36:54:da:f8:ad:16:d0:92:fb:89:ff:
         4f:ac:50:01:59:ef:1e:20:2f:d4:19:6d:08:c3:33:64:c3:16:
         b3:a6:0d:1f:b4:3a:e9:eb:d3:f3:52:a2:01:09:3f:46:ec:c2:
         51:cc:16:19:21:5e:6d:90:09:93:58:1e:eb:16:d9:af:98:86:
         47:52:91:9e:c1:93:90:ec:87:d0:34:9b:87:34:5e:0a:02:db:
         47:d6:51:77:5f:f6:62:e5:72:30:4a:b5:23:14:95:18:6e:26:
         85:f5:6f:ea:f1:7e:24:08:6a:30:8f:2e:a0:4e:58:27:67:23:
         d9:c9:58:b4:7e:15:57:e1:a5:e2:61:d6:43:c6:d5:01:09:d6:
         b6:f8:9d:7a:e0:cb:e9:1c:16:fc:95:16:5e:ec:02:28:17:da:
         ba:6b:90:0d:ed:af:de:e4:4b:8b:b7:5a:93:8d:19:c3:ab:55:
         13:4e:a0:e7:53:91:94:52:1f:8a:64:04:ba:2b:2a:50:7a:0a:
         0f:29:bf:e8
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYWQ5KU+yKgGK7ebIN7RsbgqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjMwMTA4MTAxOTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjBiYTY1YjRiOWE1YWE5YzhlNmUwNzEwMDljYmI1NjkzMzE5ZTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt8MwEWn/bl2csxBta97Yq1B5gTHN
41Rlzj82iNp7N1e5+mnXpHuz5bNXkf8Vkm4NMW0OLdkPQHOSSK1V3DOeUCQhUgYM
2VWxD7318IlHhlZyeIL2ySzizP/KuScu8mtwGmJQG5kFvjvRKqfD9lEHUPHYXOCR
oBXThlqPZNgRURn754oMAnWyHcgqLW34yT2lawAeaqHxKZDHw9QnfGPL3/pAWmCX
9Q3Jt3XZxAbnoLulvHPHGN7KRlKRHQnoO7b+x9NZQZow/sEZ9WyGaqHxnKsXQjTL
Rv4B75Eq2eZHh15N/d12N8hD0Bkp4cmUcganRoWLhx5/V1rG0v/0lDEiJQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFBILpltLmlqpyObgcQCcu1aTMZ4tMB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEvRWd1bVcwdWFXcW5JNXVCeEFKeTdWcE14bmkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQCH7q0AwQE
JdrQAwQBLhTSAwQCWS60AwQDgv9AAwQClX5YAwQCuVaMAwQCvNd4MA0GCSqGSIb3
DQEBCwUAA4IBAQCbV9rw2sXlaQaPYvk4TV2JTc7noVjB4hcC7s3wjHe+7OgtFpCH
e1OxyAMpe7hhfqt/JZFX7NwnoizNxI/aNlTa+K0W0JL7if9PrFABWe8eIC/UGW0I
wzNkwxazpg0ftDrp69PzUqIBCT9G7MJRzBYZIV5tkAmTWB7rFtmvmIZHUpGewZOQ
7IfQNJuHNF4KAttH1lF3X/Zi5XIwSrUjFJUYbiaF9W/q8X4kCGowjy6gTlgnZyPZ
yVi0fhVX4aXiYdZDxtUBCda2+J164MvpHBb8lRZe7AIoF9q6a5AN7a/e5EuLt1qT
jRnDq1UTTqDnU5GUUh+KZAS6KypQegoPKb/o
-----END CERTIFICATE-----