Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/237947-70c2-4661-a36f-6b497b2c0b38/1/zuSMFwYEyUHkqDUHpFB_OaPQ4bc.roa
File:                     zuSMFwYEyUHkqDUHpFB_OaPQ4bc.roa (raw, json)
Hash identifier:          S/+uN9BbwXVaryixoggdbbB6dro9humCMKjLREpEkpE=
Subject key identifier:   CE:E4:8C:17:06:04:C9:41:E4:A8:35:07:A4:50:7F:39:A3:D0:E1:B7
Certificate issuer:       /CN=10a8c6e9308bb00083100171e00dbb6140f4f580
Certificate serial:       01856CC16A4F4DACFF51C5C84A45BA5A48E2
Authority key identifier: 10:A8:C6:E9:30:8B:B0:00:83:10:01:71:E0:0D:BB:61:40:F4:F5:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EKjG6TCLsACDEAFx4A27YUD09YA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/237947-70c2-4661-a36f-6b497b2c0b38/1/zuSMFwYEyUHkqDUHpFB_OaPQ4bc.roa
Signing time:             Sun 01 Jan 2023 09:54:52 +0000
ROA not before:           Sun 01 Jan 2023 09:54:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     57948
IP address blocks:        185.70.44.0/24 maxlen: 24
                          185.70.45.0/24 maxlen: 24
                          185.70.46.0/24 maxlen: 24
                          185.70.47.0/24 maxlen: 24
                          91.236.244.0/24 maxlen: 24
                          91.236.245.0/24 maxlen: 24
                          171.25.229.0/24 maxlen: 24
                          2a05:2600::/32 maxlen: 32
                          2a05:2603::/32 maxlen: 32
                          2a05:2605::/32 maxlen: 32
                          2a05:2600::/29 maxlen: 29
                          2a05:2602::/32 maxlen: 32
                          2a05:2606::/32 maxlen: 32
                          2a05:2601::/32 maxlen: 32
                          2a05:2607::/32 maxlen: 32
                          2a05:2604::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 13 Feb 2023 16:36:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:c1:6a:4f:4d:ac:ff:51:c5:c8:4a:45:ba:5a:48:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10a8c6e9308bb00083100171e00dbb6140f4f580
        Validity
            Not Before: Jan  1 09:54:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=cee48c170604c941e4a83507a4507f39a3d0e1b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:0c:77:be:8b:34:d1:10:3f:9f:de:6a:cf:43:
                    a7:c6:54:89:51:d5:a6:23:17:7a:d7:36:33:61:c0:
                    df:ee:78:fc:2f:99:cd:8b:dd:89:6c:1f:7f:7c:be:
                    06:b7:9c:9c:d9:cf:45:39:f9:e9:a7:15:b0:e9:cf:
                    a4:28:8e:54:c3:b8:04:ca:32:c1:a5:46:9d:fd:38:
                    c6:17:24:91:45:66:a6:42:9d:3a:1e:0d:bf:ef:92:
                    62:03:cc:7e:cc:ca:53:2c:4a:ec:ab:2e:6e:19:6c:
                    b6:6c:8c:de:e9:5f:4d:a4:b7:91:2d:54:46:e7:04:
                    70:84:bb:be:a0:62:6b:2c:38:61:fb:e5:ba:f4:38:
                    dd:28:46:f3:7b:7b:fe:87:a4:16:53:a5:2a:ed:0f:
                    02:37:c2:da:fc:bf:fd:6d:a0:f2:47:cf:42:83:0f:
                    bc:bc:dc:ac:c9:81:22:d5:42:d1:ab:89:af:c8:e9:
                    40:3a:75:c2:45:3f:80:7e:bf:6e:ec:e1:3c:e6:2e:
                    56:a7:65:ed:c9:93:c9:c3:66:9f:8c:ca:c1:c2:d0:
                    34:08:10:e2:3a:56:d3:e6:ba:f8:a8:8e:7e:97:1e:
                    d7:24:03:01:cf:8d:35:eb:47:ae:ff:a0:21:17:c5:
                    78:60:54:29:66:b5:2a:57:c9:3f:13:d5:79:e2:a0:
                    b5:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:E4:8C:17:06:04:C9:41:E4:A8:35:07:A4:50:7F:39:A3:D0:E1:B7
            X509v3 Authority Key Identifier:
                keyid:10:A8:C6:E9:30:8B:B0:00:83:10:01:71:E0:0D:BB:61:40:F4:F5:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EKjG6TCLsACDEAFx4A27YUD09YA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/237947-70c2-4661-a36f-6b497b2c0b38/1/zuSMFwYEyUHkqDUHpFB_OaPQ4bc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/237947-70c2-4661-a36f-6b497b2c0b38/1/EKjG6TCLsACDEAFx4A27YUD09YA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.236.244.0/23
                  171.25.229.0/24
                  185.70.44.0/22
                IPv6:
                  2a05:2600::/29

    Signature Algorithm: sha256WithRSAEncryption
         be:92:e0:b0:57:29:ac:f1:ec:61:04:d9:03:01:32:a1:f1:fd:
         cb:5f:7b:81:58:77:7f:2f:56:09:fb:c8:03:01:68:8c:8d:ef:
         92:77:a8:40:51:d0:29:c2:cd:54:dc:fa:b3:cc:0d:38:a9:10:
         77:71:4e:64:90:e5:d5:b0:9d:cb:95:89:f6:e7:89:06:98:10:
         17:af:d1:65:89:8b:c6:ef:af:ba:5e:e3:df:44:99:a3:f0:49:
         c9:38:b5:92:67:40:f4:b0:42:f3:ed:98:b0:05:dd:18:b8:96:
         73:23:a1:9f:ef:6f:80:02:b8:c6:27:58:43:c0:20:04:ff:d0:
         88:cb:29:99:3d:71:8f:43:9d:a5:e4:fc:9d:94:0b:7b:5d:ce:
         57:88:3b:ff:8a:65:d3:4e:0b:81:d9:cc:4b:8a:04:b3:6f:90:
         ee:0a:c4:a3:ff:f6:6b:39:cc:60:6f:4c:19:cd:ea:b7:55:d3:
         da:c4:4f:a0:72:c4:f1:d1:ff:5f:d6:33:fb:16:8c:b1:03:af:
         e1:05:89:f7:58:99:b0:96:62:d2:e7:28:06:0d:3d:fa:d1:51:
         ab:36:4e:10:e2:f2:6f:fc:7d:b2:54:f2:88:52:83:d4:fb:2f:
         4d:db:db:23:bf:c3:2d:fb:fe:f6:96:26:bf:df:b3:8b:21:c6:
         23:a0:86:42
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYVswWpPTaz/UcXISkW6WkjiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwYThjNmU5MzA4YmIwMDA4MzEwMDE3MWUwMGRiYjYxNDBm
NGY1ODAwHhcNMjMwMTAxMDk1NDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWU0OGMxNzA2MDRjOTQxZTRhODM1MDdhNDUwN2YzOWEzZDBlMWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwQx3vos00RA/n95qz0OnxlSJUdWm
Ixd61zYzYcDf7nj8L5nNi92JbB9/fL4Gt5yc2c9FOfnppxWw6c+kKI5Uw7gEyjLB
pUad/TjGFySRRWamQp06Hg2/75JiA8x+zMpTLErsqy5uGWy2bIze6V9NpLeRLVRG
5wRwhLu+oGJrLDhh++W69DjdKEbze3v+h6QWU6Uq7Q8CN8La/L/9baDyR89Cgw+8
vNysyYEi1ULRq4mvyOlAOnXCRT+Afr9u7OE85i5Wp2XtyZPJw2afjMrBwtA0CBDi
OlbT5rr4qI5+lx7XJAMBz40160eu/6AhF8V4YFQpZrUqV8k/E9V54qC1lwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFM7kjBcGBMlB5Kg1B6RQfzmj0OG3MB8GA1UdIwQY
MBaAFBCoxukwi7AAgxABceANu2FA9PWAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUtqRzZUQ0xzQUNERUFGeDRBMjdZVUQwOVlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8yMzc5NDctNzBjMi00NjYxLWEzNmYt
NmI0OTdiMmMwYjM4LzEvenVTTUZ3WUV5VUhrcURVSHBGQl9PYVBRNGJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8yMzc5NDctNzBjMi00NjYxLWEzNmYtNmI0OTdiMmMwYjM4
LzEvRUtqRzZUQ0xzQUNERUFGeDRBMjdZVUQwOVlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQBW+z0AwQA
qxnlAwQCuUYsMA0EAgACMAcDBQMqBSYAMA0GCSqGSIb3DQEBCwUAA4IBAQC+kuCw
Vyms8exhBNkDATKh8f3LX3uBWHd/L1YJ+8gDAWiMje+Sd6hAUdApws1U3PqzzA04
qRB3cU5kkOXVsJ3LlYn254kGmBAXr9FliYvG76+6XuPfRJmj8EnJOLWSZ0D0sELz
7ZiwBd0YuJZzI6Gf72+AArjGJ1hDwCAE/9CIyymZPXGPQ52l5PydlAt7Xc5XiDv/
imXTTguB2cxLigSzb5DuCsSj//ZrOcxgb0wZzeq3VdPaxE+gcsTx0f9f1jP7Foyx
A6/hBYn3WJmwlmLS5ygGDT360VGrNk4Q4vJv/H2yVPKIUoPU+y9N29sjv8Mt+/72
lia/37OLIcYjoIZC
-----END CERTIFICATE-----