Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/602530-6d22-46f1-8e05-02def6e84c91/1/tXgTLa69dpllMx6ouN-w2zw5e2c.roa
File:                     tXgTLa69dpllMx6ouN-w2zw5e2c.roa (raw, json)
Hash identifier:          MNxvqO/xOqKAHGDjrY4uIUZYicPXqilzdmyQ/WY+XkU=
Subject key identifier:   B5:78:13:2D:AE:BD:76:99:65:33:1E:A8:B8:DF:B0:DB:3C:39:7B:67
Certificate issuer:       /CN=22f2c2e7bc1da54d919ca5b5941d378892b2ccb2
Certificate serial:       018B6701D84DD3D851F7DDD810BE1907751F
Authority key identifier: 22:F2:C2:E7:BC:1D:A5:4D:91:9C:A5:B5:94:1D:37:88:92:B2:CC:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IvLC57wdpU2RnKW1lB03iJKyzLI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/602530-6d22-46f1-8e05-02def6e84c91/1/tXgTLa69dpllMx6ouN-w2zw5e2c.roa
Signing time:             Wed 25 Oct 2023 13:24:16 +0000
ROA not before:           Wed 25 Oct 2023 13:24:16 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     212212
IP address blocks:        176.108.224.0/22 maxlen: 22
                          151.248.70.0/23 maxlen: 23
                          195.54.54.0/24 maxlen: 24
                          195.54.55.0/24 maxlen: 24
                          194.213.6.0/24 maxlen: 24
                          185.76.52.0/23 maxlen: 23
                          185.76.54.0/23 maxlen: 23
                          91.239.164.0/23 maxlen: 23
                          91.242.48.0/23 maxlen: 23
                          91.242.50.0/23 maxlen: 23
                          91.239.166.0/23 maxlen: 23
                          194.107.122.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 00:31:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:67:01:d8:4d:d3:d8:51:f7:dd:d8:10:be:19:07:75:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22f2c2e7bc1da54d919ca5b5941d378892b2ccb2
        Validity
            Not Before: Oct 25 13:24:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b578132daebd769965331ea8b8dfb0db3c397b67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:cd:40:a7:5d:74:ef:23:30:db:56:5a:cc:a9:
                    5f:c9:de:4a:e1:5c:dc:49:58:3f:5f:21:36:ae:a2:
                    8b:dd:b1:89:87:49:5b:9f:17:d5:06:d7:4f:26:48:
                    08:db:24:4b:27:e5:55:c5:9a:c3:b3:d6:51:1d:96:
                    f1:75:e4:5b:11:90:d0:ff:9d:4b:60:3c:49:24:91:
                    23:09:ea:ba:d5:77:d2:63:9b:17:e3:4b:f8:5a:e8:
                    c3:10:9b:21:53:77:ff:78:64:f9:1c:e0:07:db:43:
                    fc:6b:78:1a:c0:9e:ee:b8:7b:1d:f7:4d:6e:7a:3c:
                    ae:bc:b6:c5:53:9e:04:19:0f:3a:cb:a1:01:d2:41:
                    79:75:37:85:68:a3:39:d7:28:da:0d:b5:35:1b:98:
                    c1:c5:b7:cb:cb:14:cd:14:2c:4f:aa:e9:40:5d:29:
                    d2:b3:cf:4d:07:e6:28:70:be:83:b5:80:de:77:10:
                    12:cb:a9:28:eb:15:15:e1:a8:0a:87:a4:b6:3b:80:
                    67:4f:21:ab:d4:ba:36:e5:68:cb:06:4d:e8:ad:63:
                    31:37:48:e3:33:75:41:d5:70:0a:d3:c4:70:ac:d4:
                    85:12:97:4e:f5:da:4a:fe:00:fd:f1:2f:53:9b:86:
                    38:6a:8c:4e:d7:32:00:8a:2a:c7:40:a3:02:df:dc:
                    c4:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:78:13:2D:AE:BD:76:99:65:33:1E:A8:B8:DF:B0:DB:3C:39:7B:67
            X509v3 Authority Key Identifier:
                keyid:22:F2:C2:E7:BC:1D:A5:4D:91:9C:A5:B5:94:1D:37:88:92:B2:CC:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IvLC57wdpU2RnKW1lB03iJKyzLI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/602530-6d22-46f1-8e05-02def6e84c91/1/tXgTLa69dpllMx6ouN-w2zw5e2c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/602530-6d22-46f1-8e05-02def6e84c91/1/IvLC57wdpU2RnKW1lB03iJKyzLI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.164.0/22
                  91.242.48.0/22
                  151.248.70.0/23
                  176.108.224.0/22
                  185.76.52.0/22
                  194.107.122.0/24
                  194.213.6.0/24
                  195.54.54.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6b:43:0d:7a:85:66:5c:b6:b5:80:5f:8f:e8:d5:4d:f6:f9:95:
         b1:f9:2e:02:0b:b9:8d:49:27:6c:e2:81:b2:2b:8a:29:3c:d5:
         7e:93:ea:ee:0d:e1:1a:20:db:de:69:54:95:31:79:8a:9e:63:
         67:b7:b4:e4:ef:07:7f:d4:d1:f0:e5:b0:0f:56:43:2d:58:98:
         33:9e:85:cf:97:25:07:72:a1:1b:fc:4d:39:2f:91:56:01:e3:
         c7:5e:1e:37:94:eb:72:74:7a:82:96:f8:9a:46:55:87:93:ee:
         cd:c6:c9:15:2c:ac:09:48:5d:0c:2c:24:d4:40:43:02:2e:b9:
         3e:ed:47:49:f9:b0:6a:0b:46:81:bc:6e:11:27:c7:12:aa:06:
         89:14:1c:66:92:3c:b7:14:69:61:76:42:fa:b0:c2:2f:bd:21:
         07:0c:39:0f:08:96:e8:18:da:e0:d7:66:73:3a:8f:7a:4d:62:
         35:5b:ea:95:c2:e1:2e:5d:5e:37:96:d4:8b:6b:7b:85:d4:bc:
         0c:16:7a:ac:03:ee:70:7c:1a:bb:58:d3:33:3c:62:78:ab:5f:
         c0:f0:11:e1:87:79:f8:c9:37:2a:5b:34:74:e3:38:c8:d7:3b:
         6f:d7:c8:b0:6a:d0:ca:22:5d:0e:63:65:9c:b0:7e:a2:7a:e8:
         ab:66:3a:db
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYtnAdhN09hR993YEL4ZB3UfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyZjJjMmU3YmMxZGE1NGQ5MTljYTViNTk0MWQzNzg4OTJi
MmNjYjIwHhcNMjMxMDI1MTMyNDE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTc4MTMyZGFlYmQ3Njk5NjUzMzFlYThiOGRmYjBkYjNjMzk3YjY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAns1Ap1107yMw21ZazKlfyd5K4Vzc
SVg/XyE2rqKL3bGJh0lbnxfVBtdPJkgI2yRLJ+VVxZrDs9ZRHZbxdeRbEZDQ/51L
YDxJJJEjCeq61XfSY5sX40v4WujDEJshU3f/eGT5HOAH20P8a3gawJ7uuHsd901u
ejyuvLbFU54EGQ86y6EB0kF5dTeFaKM51yjaDbU1G5jBxbfLyxTNFCxPqulAXSnS
s89NB+YocL6DtYDedxASy6ko6xUV4agKh6S2O4BnTyGr1Lo25WjLBk3orWMxN0jj
M3VB1XAK08RwrNSFEpdO9dpK/gD98S9Tm4Y4aoxO1zIAiirHQKMC39zEewIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFLV4Ey2uvXaZZTMeqLjfsNs8OXtnMB8GA1UdIwQY
MBaAFCLywue8HaVNkZyltZQdN4iSssyyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXZMQzU3d2RwVTJSbktXMWxCMDNpSkt5ekxJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi82MDI1MzAtNmQyMi00NmYxLThlMDUt
MDJkZWY2ZTg0YzkxLzEvdFhnVExhNjlkcGxsTXg2b3VOLXcyenc1ZTJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi82MDI1MzAtNmQyMi00NmYxLThlMDUtMDJkZWY2ZTg0Yzkx
LzEvSXZMQzU3d2RwVTJSbktXMWxCMDNpSkt5ekxJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQCW++kAwQC
W/IwAwQBl/hGAwQCsGzgAwQCuUw0AwQAwmt6AwQAwtUGAwQBwzY2MA0GCSqGSIb3
DQEBCwUAA4IBAQBrQw16hWZctrWAX4/o1U32+ZWx+S4CC7mNSSds4oGyK4opPNV+
k+ruDeEaINveaVSVMXmKnmNnt7Tk7wd/1NHw5bAPVkMtWJgznoXPlyUHcqEb/E05
L5FWAePHXh43lOtydHqClviaRlWHk+7NxskVLKwJSF0MLCTUQEMCLrk+7UdJ+bBq
C0aBvG4RJ8cSqgaJFBxmkjy3FGlhdkL6sMIvvSEHDDkPCJboGNrg12ZzOo96TWI1
W+qVwuEuXV43ltSLa3uF1LwMFnqsA+5wfBq7WNMzPGJ4q1/A8BHhh3n4yTcqWzR0
4zjI1ztv18iwatDKIl0OY2WcsH6ieuirZjrb
-----END CERTIFICATE-----