Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/05e0ee-ae03-4124-b670-309b7b960d14/1/_shWEJo4dIWvr8somVRLxkjTlFA.roa
File:                     _shWEJo4dIWvr8somVRLxkjTlFA.roa (raw, json)
Hash identifier:          6SotI6hrfBHgyaW3mLtIoc4fL46e1aleUkPWLHIQoAc=
Subject key identifier:   FE:C8:56:10:9A:38:74:85:AF:AF:CB:28:99:54:4B:C6:48:D3:94:50
Certificate issuer:       /CN=6f3d89a81fc299f39c092e4f6d0173a9a9cfbc65
Certificate serial:       0185E299A118EF1A420934F0B38BD255B020
Authority key identifier: 6F:3D:89:A8:1F:C2:99:F3:9C:09:2E:4F:6D:01:73:A9:A9:CF:BC:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bz2JqB_CmfOcCS5PbQFzqanPvGU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/05e0ee-ae03-4124-b670-309b7b960d14/1/_shWEJo4dIWvr8somVRLxkjTlFA.roa
Signing time:             Tue 24 Jan 2023 07:06:37 +0000
ROA not before:           Tue 24 Jan 2023 07:06:37 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     16024
IP address blocks:        156.67.56.0/23 maxlen: 23
                          156.67.56.0/24 maxlen: 24
                          156.67.57.0/24 maxlen: 24
                          149.232.184.0/22 maxlen: 24
                          217.70.160.0/20 maxlen: 24
                          149.232.190.0/23 maxlen: 24
                          185.47.232.0/22 maxlen: 24
                          46.28.32.0/21 maxlen: 24
                          185.159.32.0/22 maxlen: 24
                          149.232.244.0/22 maxlen: 24
                          149.232.248.0/22 maxlen: 24
                          2a02:1670::/29 maxlen: 32

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 02:29:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:e2:99:a1:18:ef:1a:42:09:34:f0:b3:8b:d2:55:b0:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f3d89a81fc299f39c092e4f6d0173a9a9cfbc65
        Validity
            Not Before: Jan 24 07:06:37 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=fec856109a387485afafcb2899544bc648d39450
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:9a:5e:8f:4d:5f:45:a6:06:83:c3:56:ef:cf:
                    f8:bc:87:b8:57:4b:1c:f1:f7:a9:5d:9d:e1:7e:e7:
                    f9:65:7b:5f:43:99:f4:14:12:11:91:16:78:e6:44:
                    14:d9:70:1a:29:21:87:81:c3:3a:df:e7:47:4a:91:
                    e5:fc:31:f4:33:39:bf:a9:2c:a7:6e:c2:e0:16:67:
                    98:bc:e5:26:3e:15:22:70:44:41:ed:3c:57:50:03:
                    85:f1:c4:0a:d1:a0:a4:83:01:ee:12:59:ad:91:8b:
                    6d:54:e9:7c:6e:7e:21:fe:8c:32:eb:63:35:af:06:
                    6d:88:2d:a1:66:05:38:6a:cd:f9:63:bb:ac:00:b0:
                    73:2b:85:5c:2d:08:d2:19:d2:67:93:eb:d1:64:25:
                    63:37:d9:43:69:dc:d4:b6:fc:9a:2a:1a:8a:f0:23:
                    84:d0:d8:52:ce:5f:a5:0f:12:2f:44:21:5e:bb:79:
                    81:9c:18:05:0a:e1:0b:95:25:cb:6e:20:90:30:c3:
                    97:d7:b0:37:70:5b:49:69:6a:0d:d5:28:0f:61:da:
                    69:1a:31:1d:bf:bc:16:7c:be:f8:7f:ae:42:14:13:
                    ee:b5:e0:fd:8e:6f:1a:67:15:3a:da:f2:bf:4f:ea:
                    cb:3e:e9:34:ef:cb:88:52:73:d8:15:9e:37:8f:f3:
                    9a:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:C8:56:10:9A:38:74:85:AF:AF:CB:28:99:54:4B:C6:48:D3:94:50
            X509v3 Authority Key Identifier:
                keyid:6F:3D:89:A8:1F:C2:99:F3:9C:09:2E:4F:6D:01:73:A9:A9:CF:BC:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bz2JqB_CmfOcCS5PbQFzqanPvGU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/05e0ee-ae03-4124-b670-309b7b960d14/1/_shWEJo4dIWvr8somVRLxkjTlFA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/05e0ee-ae03-4124-b670-309b7b960d14/1/bz2JqB_CmfOcCS5PbQFzqanPvGU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.28.32.0/21
                  149.232.184.0/22
                  149.232.190.0/23
                  149.232.244.0-149.232.251.255
                  156.67.56.0/23
                  185.47.232.0/22
                  185.159.32.0/22
                  217.70.160.0/20
                IPv6:
                  2a02:1670::/29

    Signature Algorithm: sha256WithRSAEncryption
         19:2f:64:9e:50:5b:57:af:24:49:7b:58:3b:0c:5b:ea:af:84:
         ce:bf:ed:33:b9:d0:92:98:c3:58:8c:d1:6d:e5:0c:fd:13:83:
         14:88:85:0b:95:57:3b:84:66:85:2a:0d:5f:fa:a5:8e:22:79:
         98:fe:3f:51:87:1c:9d:51:41:1c:69:f0:38:77:f9:2a:3b:90:
         b5:79:35:db:72:93:8e:6b:6d:e5:21:fa:26:d2:f5:ab:71:eb:
         7c:9b:83:5d:0e:02:84:7e:52:6d:9a:00:a9:c0:f8:70:4d:8f:
         4a:8f:f9:9f:89:9b:70:6d:c0:0b:fd:40:eb:fc:55:50:4a:09:
         bb:95:ca:21:8f:5e:9e:aa:9b:d0:fc:0d:48:ac:bf:75:c1:04:
         d2:95:0f:be:6f:3a:d5:3c:2e:0c:78:60:a4:ee:08:a4:4f:95:
         51:8b:45:f8:3a:b6:3e:0c:52:cf:60:43:97:c7:3e:15:4e:0b:
         0a:65:eb:de:ac:ee:82:96:a1:40:55:84:fa:f8:74:81:0f:48:
         97:32:a7:f6:af:b4:69:f2:91:d5:83:d1:98:9e:2e:e0:e4:5a:
         8a:07:ef:52:e3:35:6e:44:94:22:12:47:d5:e2:e9:b5:4c:d8:
         de:b4:33:d2:ba:b9:ad:7c:88:e6:b7:fd:d3:dc:78:d6:c9:b3:
         6c:33:7b:4c
-----BEGIN CERTIFICATE-----
MIIFPjCCBCagAwIBAgISAYXimaEY7xpCCTTws4vSVbAgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmM2Q4OWE4MWZjMjk5ZjM5YzA5MmU0ZjZkMDE3M2E5YTlj
ZmJjNjUwHhcNMjMwMTI0MDcwNjM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWM4NTYxMDlhMzg3NDg1YWZhZmNiMjg5OTU0NGJjNjQ4ZDM5NDUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqppej01fRaYGg8NW78/4vIe4V0sc
8fepXZ3hfuf5ZXtfQ5n0FBIRkRZ45kQU2XAaKSGHgcM63+dHSpHl/DH0Mzm/qSyn
bsLgFmeYvOUmPhUicERB7TxXUAOF8cQK0aCkgwHuElmtkYttVOl8bn4h/owy62M1
rwZtiC2hZgU4as35Y7usALBzK4VcLQjSGdJnk+vRZCVjN9lDadzUtvyaKhqK8COE
0NhSzl+lDxIvRCFeu3mBnBgFCuELlSXLbiCQMMOX17A3cFtJaWoN1SgPYdppGjEd
v7wWfL74f65CFBPuteD9jm8aZxU62vK/T+rLPuk078uIUnPYFZ43j/OaMwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFP7IVhCaOHSFr6/LKJlUS8ZI05RQMB8GA1UdIwQY
MBaAFG89iagfwpnznAkuT20Bc6mpz7xlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnoySnFCX0NtZk9jQ1M1UGJRRnpxYW5QdkdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni8wNWUwZWUtYWUwMy00MTI0LWI2NzAt
MzA5YjdiOTYwZDE0LzEvX3NoV0VKbzRkSVd2cjhzb21WUkx4a2pUbEZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni8wNWUwZWUtYWUwMy00MTI0LWI2NzAtMzA5YjdiOTYwZDE0
LzEvYnoySnFCX0NtZk9jQ1M1UGJRRnpxYW5QdkdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGAGCCsGAQUFBwEHAQH/BFEwTzA+BAIAATA4AwQDLhwgAwQC
lei4AwQBlei+MAwDBAKV6PQDBAKV6PgDBAGcQzgDBAK5L+gDBAK5nyADBATZRqAw
DQQCAAIwBwMFAyoCFnAwDQYJKoZIhvcNAQELBQADggEBABkvZJ5QW1evJEl7WDsM
W+qvhM6/7TO50JKYw1iM0W3lDP0TgxSIhQuVVzuEZoUqDV/6pY4ieZj+P1GHHJ1R
QRxp8Dh3+So7kLV5Ndtyk45rbeUh+ibS9atx63ybg10OAoR+Um2aAKnA+HBNj0qP
+Z+Jm3BtwAv9QOv8VVBKCbuVyiGPXp6qm9D8DUisv3XBBNKVD75vOtU8Lgx4YKTu
CKRPlVGLRfg6tj4MUs9gQ5fHPhVOCwpl696s7oKWoUBVhPr4dIEPSJcyp/avtGny
kdWD0ZieLuDkWooH71LjNW5ElCISR9Xi6bVM2N60M9K6ua18iOa3/dPceNbJs2wz
e0w=
-----END CERTIFICATE-----