Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/PKEXkb-Y3czWzD-rn3zpZoaZ7HI.roa
File:                     PKEXkb-Y3czWzD-rn3zpZoaZ7HI.roa (raw, json)
Hash identifier:          P5LF1VqroMkpkQWZ1O4DjMbkjiw8EqZ3u8XJVwnIEFE=
Subject key identifier:   3C:A1:17:91:BF:98:DD:CC:D6:CC:3F:AB:9F:7C:E9:66:86:99:EC:72
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       0185D343A97DB04F0CCC060657ADDB564F26
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/PKEXkb-Y3czWzD-rn3zpZoaZ7HI.roa
Signing time:             Sat 21 Jan 2023 07:38:24 +0000
ROA not before:           Sat 21 Jan 2023 07:38:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     7018
IP address blocks:        185.86.142.0/23 maxlen: 24
                          185.86.140.0/23 maxlen: 24
                          37.218.208.0/21 maxlen: 24
                          37.218.216.0/21 maxlen: 24
                          188.215.120.0/22 maxlen: 24
                          188.215.124.0/22 maxlen: 24
                          89.46.180.0/22 maxlen: 24
                          149.126.88.0/22 maxlen: 24
                          130.255.64.0/22 maxlen: 24
                          130.255.68.0/22 maxlen: 24
                          31.186.180.0/22 maxlen: 24
                          46.20.210.0/23 maxlen: 24

Validation:               Failed, certificate revoked on Sun 05 Mar 2023 07:34:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:d3:43:a9:7d:b0:4f:0c:cc:06:06:57:ad:db:56:4f:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: Jan 21 07:38:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3ca11791bf98ddccd6cc3fab9f7ce9668699ec72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:52:09:48:a2:05:22:8e:f1:05:1a:93:83:32:
                    a8:35:d5:06:c3:bd:a2:4c:df:8a:1a:da:40:05:bb:
                    3c:dc:cb:57:50:53:c2:50:f5:bd:ee:94:0b:98:69:
                    37:63:cf:5d:e4:81:a6:b4:e5:65:9e:10:50:4c:1c:
                    f4:9f:c4:1a:f0:8f:01:5f:6d:15:26:8c:28:46:d5:
                    b8:9c:a3:0f:32:87:b0:6d:ef:0d:e0:75:a9:0c:be:
                    d7:f4:9c:5d:c4:c4:7d:f1:42:7c:b2:34:b2:3e:5e:
                    08:9b:c3:09:a5:c8:32:7a:28:1e:3d:35:9d:24:1f:
                    24:98:5b:0f:b4:f8:6f:f0:3d:6f:f3:67:00:de:16:
                    5c:cf:ce:01:ce:75:ee:8d:99:c4:d8:a6:8d:0c:e0:
                    4a:79:ae:da:51:97:38:ad:d4:32:99:2d:e6:57:19:
                    51:cd:6c:87:f9:c4:06:43:87:60:5e:60:da:ef:5f:
                    0e:33:ab:3e:20:c8:e2:73:e6:35:62:28:f8:f0:fc:
                    e6:69:e9:ba:35:bb:ce:95:8a:b3:a9:37:b3:85:df:
                    a6:23:89:f5:ae:8e:2e:25:ed:4a:e4:52:b7:d9:7d:
                    07:f7:eb:a3:ef:1d:a5:60:be:1d:50:9c:40:c4:81:
                    0e:fc:9d:3e:90:d0:a0:7b:a1:7e:6a:6e:a2:2e:a5:
                    28:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:A1:17:91:BF:98:DD:CC:D6:CC:3F:AB:9F:7C:E9:66:86:99:EC:72
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/PKEXkb-Y3czWzD-rn3zpZoaZ7HI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.186.180.0/22
                  37.218.208.0/20
                  46.20.210.0/23
                  89.46.180.0/22
                  130.255.64.0/21
                  149.126.88.0/22
                  185.86.140.0/22
                  188.215.120.0/21

    Signature Algorithm: sha256WithRSAEncryption
         77:27:c2:da:cd:b4:2a:fe:1d:3f:c0:03:1a:df:30:e2:f0:e6:
         a2:ed:eb:a5:84:01:d6:90:dd:dc:be:05:ef:aa:89:78:bf:16:
         20:ae:96:22:35:b1:e1:aa:53:2a:25:24:8f:c7:26:51:ad:25:
         19:73:29:09:65:a7:96:5d:ee:88:f0:5a:fb:99:49:50:01:a9:
         45:50:df:54:91:f3:33:cc:c1:a3:44:54:9b:9e:ac:96:28:e3:
         52:92:00:ca:83:ca:a9:47:e8:23:65:40:3f:39:6f:7a:f2:f1:
         d8:be:5b:80:c1:bc:cd:51:17:9a:a0:bf:70:2d:6e:22:14:df:
         c0:81:7b:d4:3d:aa:fb:98:24:c3:40:17:9d:b5:a5:f1:2f:44:
         df:f8:05:20:8a:f5:1e:95:b1:e3:0d:03:eb:d3:0b:44:af:38:
         be:a4:e0:2f:cb:06:14:60:05:8b:c0:1f:82:d7:c7:27:70:fb:
         07:8c:14:ca:70:79:82:04:b4:6a:b7:4c:40:1f:12:26:e3:80:
         f1:f0:3d:b0:fb:1d:bc:cf:0b:3d:a0:da:3e:a6:42:e6:08:1f:
         7f:3e:d6:19:ed:13:4f:4b:55:dd:cb:45:f9:c0:7f:f1:29:2c:
         de:44:c1:36:73:98:b4:c2:44:8c:7c:87:49:46:88:ff:3c:bf:
         e1:ee:01:ad
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYXTQ6l9sE8MzAYGV63bVk8mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjMwMTIxMDczODI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2ExMTc5MWJmOThkZGNjZDZjYzNmYWI5ZjdjZTk2Njg2OTllYzcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjlIJSKIFIo7xBRqTgzKoNdUGw72i
TN+KGtpABbs83MtXUFPCUPW97pQLmGk3Y89d5IGmtOVlnhBQTBz0n8Qa8I8BX20V
JowoRtW4nKMPMoewbe8N4HWpDL7X9JxdxMR98UJ8sjSyPl4Im8MJpcgyeigePTWd
JB8kmFsPtPhv8D1v82cA3hZcz84BznXujZnE2KaNDOBKea7aUZc4rdQymS3mVxlR
zWyH+cQGQ4dgXmDa718OM6s+IMjic+Y1Yij48Pzmaem6NbvOlYqzqTezhd+mI4n1
ro4uJe1K5FK32X0H9+uj7x2lYL4dUJxAxIEO/J0+kNCge6F+am6iLqUofQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFDyhF5G/mN3M1sw/q5986WaGmexyMB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEvUEtFWGtiLVkzY3pXekQtcm4zenBab2FaN0hJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQCH7q0AwQE
JdrQAwQBLhTSAwQCWS60AwQDgv9AAwQClX5YAwQCuVaMAwQDvNd4MA0GCSqGSIb3
DQEBCwUAA4IBAQB3J8LazbQq/h0/wAMa3zDi8Oai7eulhAHWkN3cvgXvqol4vxYg
rpYiNbHhqlMqJSSPxyZRrSUZcykJZaeWXe6I8Fr7mUlQAalFUN9UkfMzzMGjRFSb
nqyWKONSkgDKg8qpR+gjZUA/OW968vHYvluAwbzNUReaoL9wLW4iFN/AgXvUPar7
mCTDQBedtaXxL0Tf+AUgivUelbHjDQPr0wtErzi+pOAvywYUYAWLwB+C18cncPsH
jBTKcHmCBLRqt0xAHxIm44Dx8D2w+x28zws9oNo+pkLmCB9/PtYZ7RNPS1Xdy0X5
wH/xKSzeRME2c5i0wkSMfIdJRoj/PL/h7gGt
-----END CERTIFICATE-----