Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/PhIvp6eUHSNEsAgVezqbIQd1NDM.roa
File:                     PhIvp6eUHSNEsAgVezqbIQd1NDM.roa (raw, json)
Hash identifier:          aUspeoZMcXpCq8Ywm5Z4Lm9cAsEPkH2VLrYpfEBv24M=
Subject key identifier:   3E:12:2F:A7:A7:94:1D:23:44:B0:08:15:7B:3A:9B:21:07:75:34:33
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       018585E9FA25BF406D41BE0337304ABDECF2
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/PhIvp6eUHSNEsAgVezqbIQd1NDM.roa
Signing time:             Fri 06 Jan 2023 07:09:41 +0000
ROA not before:           Fri 06 Jan 2023 07:09:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     7018
IP address blocks:        185.86.142.0/23 maxlen: 24
                          185.86.140.0/23 maxlen: 24
                          37.218.208.0/21 maxlen: 24
                          37.218.216.0/21 maxlen: 24
                          188.215.120.0/22 maxlen: 24
                          89.46.180.0/22 maxlen: 24
                          149.126.88.0/22 maxlen: 24
                          130.255.64.0/22 maxlen: 24
                          130.255.68.0/22 maxlen: 24
                          31.186.180.0/22 maxlen: 24
                          46.20.210.0/23 maxlen: 24

Validation:               Failed, certificate revoked on Fri 06 Jan 2023 20:15:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:85:e9:fa:25:bf:40:6d:41:be:03:37:30:4a:bd:ec:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: Jan  6 07:09:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3e122fa7a7941d2344b008157b3a9b2107753433
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:27:e5:f6:e5:4f:e9:77:35:b0:ee:88:29:92:
                    5e:98:c9:6a:f2:16:d1:9d:6f:51:9a:0f:e5:02:f2:
                    8c:89:a4:9d:52:93:f9:c0:9a:cc:23:f6:82:88:f5:
                    b9:14:3f:50:38:2b:70:0e:0e:1d:f5:67:51:54:c6:
                    45:a3:14:16:b3:d3:11:df:70:e4:cd:6c:18:0c:9f:
                    49:65:af:e5:74:ab:f8:55:8a:42:11:f4:ce:18:01:
                    90:f1:b9:c5:6f:a2:0b:33:96:ad:24:07:44:2c:db:
                    0d:30:12:7d:af:aa:ba:d3:03:20:95:4d:f2:91:c7:
                    94:88:65:6d:cb:aa:c0:9a:ff:2b:33:d4:34:87:a3:
                    ba:14:f6:20:81:3b:ba:8f:09:a0:c2:07:9d:a6:11:
                    c0:0f:88:eb:be:28:84:34:73:23:b1:7b:9c:3e:2f:
                    6e:c6:d2:63:a7:c3:6a:5e:4e:99:7a:1b:e6:d5:7f:
                    60:de:6c:90:f8:6e:0c:b1:ff:1d:d7:5a:d4:07:9b:
                    09:77:8b:db:54:56:34:ee:bf:d1:c4:0e:c4:4d:aa:
                    ae:ee:cc:fa:ab:a9:3d:db:fc:01:2d:71:90:1d:3e:
                    4c:28:10:88:69:97:95:37:24:c9:82:98:e2:25:67:
                    d0:f0:66:f9:f0:71:69:22:27:0d:b9:31:89:89:a6:
                    85:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:12:2F:A7:A7:94:1D:23:44:B0:08:15:7B:3A:9B:21:07:75:34:33
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/PhIvp6eUHSNEsAgVezqbIQd1NDM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.186.180.0/22
                  37.218.208.0/20
                  46.20.210.0/23
                  89.46.180.0/22
                  130.255.64.0/21
                  149.126.88.0/22
                  185.86.140.0/22
                  188.215.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         85:d4:e6:8f:e1:da:72:24:83:6a:f5:5e:7d:ba:bc:eb:76:44:
         eb:c2:2f:7b:e0:ed:6c:ce:ca:d1:57:60:5b:0e:b9:23:60:73:
         d0:64:54:f4:1a:4e:28:32:65:27:a1:b1:28:59:70:8e:c3:61:
         36:d0:fc:b0:d8:0d:45:3c:09:c7:f2:b2:59:b5:56:1d:af:29:
         85:29:cd:fd:e6:86:60:78:80:35:a9:b6:86:1f:54:87:93:cc:
         88:ea:0b:0a:0f:1d:c6:c4:95:df:df:cc:74:9a:26:3c:ec:b7:
         57:91:1c:9a:79:fe:5e:a1:89:97:28:7b:df:c5:b0:64:00:d0:
         2f:2f:4d:b2:09:42:9d:07:5c:2b:8a:30:f4:4b:f1:5b:2b:66:
         f8:a0:83:8f:29:f2:11:3d:10:f0:c8:92:b4:2e:af:23:45:a1:
         6a:81:7d:f3:f0:84:f3:25:33:ce:18:71:d8:85:8a:71:ae:19:
         d0:ee:08:39:7b:47:05:1f:54:b3:51:f1:5a:25:a0:20:15:d3:
         cf:04:e0:d5:9c:64:bf:ac:39:3a:31:2d:e5:31:f0:86:52:35:
         a2:46:aa:72:8a:30:cf:01:34:88:0a:27:66:f0:8b:fb:46:09:
         12:fa:fe:9f:8c:41:10:3b:78:88:25:ae:d8:f5:56:76:bc:9b:
         63:ac:55:e3
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYWF6folv0BtQb4DNzBKvezyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjMwMTA2MDcwOTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTEyMmZhN2E3OTQxZDIzNDRiMDA4MTU3YjNhOWIyMTA3NzUzNDMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhSfl9uVP6Xc1sO6IKZJemMlq8hbR
nW9Rmg/lAvKMiaSdUpP5wJrMI/aCiPW5FD9QOCtwDg4d9WdRVMZFoxQWs9MR33Dk
zWwYDJ9JZa/ldKv4VYpCEfTOGAGQ8bnFb6ILM5atJAdELNsNMBJ9r6q60wMglU3y
kceUiGVty6rAmv8rM9Q0h6O6FPYggTu6jwmgwgedphHAD4jrviiENHMjsXucPi9u
xtJjp8NqXk6Zehvm1X9g3myQ+G4Msf8d11rUB5sJd4vbVFY07r/RxA7ETaqu7sz6
q6k92/wBLXGQHT5MKBCIaZeVNyTJgpjiJWfQ8Gb58HFpIicNuTGJiaaFeQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFD4SL6enlB0jRLAIFXs6myEHdTQzMB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEvUGhJdnA2ZVVIU05Fc0FnVmV6cWJJUWQxTkRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQCH7q0AwQE
JdrQAwQBLhTSAwQCWS60AwQDgv9AAwQClX5YAwQCuVaMAwQCvNd4MA0GCSqGSIb3
DQEBCwUAA4IBAQCF1OaP4dpyJINq9V59urzrdkTrwi974O1szsrRV2BbDrkjYHPQ
ZFT0Gk4oMmUnobEoWXCOw2E20Pyw2A1FPAnH8rJZtVYdrymFKc395oZgeIA1qbaG
H1SHk8yI6gsKDx3GxJXf38x0miY87LdXkRyaef5eoYmXKHvfxbBkANAvL02yCUKd
B1wrijD0S/FbK2b4oIOPKfIRPRDwyJK0Lq8jRaFqgX3z8ITzJTPOGHHYhYpxrhnQ
7gg5e0cFH1SzUfFaJaAgFdPPBODVnGS/rDk6MS3lMfCGUjWiRqpyijDPATSICidm
8Iv7RgkS+v6fjEEQO3iIJa7Y9VZ2vJtjrFXj
-----END CERTIFICATE-----