Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/m5Q1Uuog7WchQdh9kL1v6dmgVoI.roa
File:                     m5Q1Uuog7WchQdh9kL1v6dmgVoI.roa (raw, json)
Hash identifier:          J7mjIpNmQxqLbrJp9MkzsnjS0YI6vqLQcKALYVbbIm4=
Subject key identifier:   9B:94:35:52:EA:20:ED:67:21:41:D8:7D:90:BD:6F:E9:D9:A0:56:82
Certificate issuer:       /CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
Certificate serial:       0187755C2F1E315D44C2307C6F94BB561783
Authority key identifier: 49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/m5Q1Uuog7WchQdh9kL1v6dmgVoI.roa
Signing time:             Wed 12 Apr 2023 12:06:28 +0000
ROA not before:           Wed 12 Apr 2023 12:06:28 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     209408
IP address blocks:        80.71.225.0/24 maxlen: 24
                          80.71.228.0/24 maxlen: 24
                          45.66.224.0/22 maxlen: 22
                          81.29.145.0/24 maxlen: 24
                          81.29.146.0/24 maxlen: 24
                          81.29.149.0/24 maxlen: 24
                          81.29.148.0/24 maxlen: 24
                          81.29.147.0/24 maxlen: 24
                          81.29.151.0/24 maxlen: 24
                          81.29.156.0/24 maxlen: 24
                          81.29.158.0/24 maxlen: 24
                          2a09:6c40::/29 maxlen: 29

Validation:               Failed, certificate revoked on Tue 18 Apr 2023 05:39:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:75:5c:2f:1e:31:5d:44:c2:30:7c:6f:94:bb:56:17:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
        Validity
            Not Before: Apr 12 12:06:28 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9b943552ea20ed672141d87d90bd6fe9d9a05682
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:25:e7:fb:75:76:3d:c4:37:ae:59:45:0b:b9:
                    44:d7:94:6c:5a:97:ec:03:f1:b2:9a:a8:05:59:7c:
                    31:c6:b9:6a:31:ee:28:09:d1:8d:35:6a:5b:66:a0:
                    ca:c4:bb:b0:29:5c:62:cc:a4:41:e8:7a:ac:cc:cb:
                    5b:de:8a:80:1a:13:91:18:63:28:98:ed:83:c3:8b:
                    c5:13:c2:52:00:89:07:7f:23:56:65:32:c1:0e:74:
                    e6:80:fd:ef:e2:46:1e:1a:58:23:c0:6f:d2:ab:df:
                    ff:0a:f0:7f:66:bb:13:fb:ea:ef:4a:d9:61:0a:f5:
                    eb:86:97:d4:22:05:c0:25:fe:61:da:60:fa:41:1b:
                    80:18:f1:15:aa:4e:e3:36:fe:68:89:2d:24:98:ab:
                    53:c6:3f:2b:a9:3c:e3:a5:1d:c7:54:8e:9a:aa:20:
                    6b:f1:7a:72:3d:9a:2c:27:ad:4d:8b:f7:a5:aa:cd:
                    0f:d2:b8:1d:45:8f:a3:d8:fd:b7:9b:09:c8:2a:37:
                    e8:dd:67:9d:92:b4:14:c5:71:7c:d7:9f:45:22:96:
                    d3:27:f2:10:31:f3:fa:1a:b1:41:06:18:09:44:51:
                    72:b7:01:bf:b6:90:1c:27:60:47:81:46:b3:f5:5c:
                    00:b2:4b:61:b5:a7:14:d0:9a:80:c6:55:66:41:36:
                    2a:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:94:35:52:EA:20:ED:67:21:41:D8:7D:90:BD:6F:E9:D9:A0:56:82
            X509v3 Authority Key Identifier:
                keyid:49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/m5Q1Uuog7WchQdh9kL1v6dmgVoI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.224.0/22
                  80.71.225.0/24
                  80.71.228.0/24
                  81.29.145.0-81.29.149.255
                  81.29.151.0/24
                  81.29.156.0/24
                  81.29.158.0/24
                IPv6:
                  2a09:6c40::/29

    Signature Algorithm: sha256WithRSAEncryption
         0b:11:c4:b8:7d:7a:04:d1:3c:d6:69:9a:72:c3:cf:91:b9:83:
         84:3c:4e:2b:a1:2b:46:83:b5:85:57:44:0a:80:3f:92:9d:7b:
         73:5e:86:aa:a0:23:cc:ef:58:22:ad:f6:0b:1a:52:e7:e4:65:
         d3:75:e2:83:e5:78:e1:51:a3:f6:ab:6a:5a:3e:bd:01:92:bf:
         b8:e5:6a:75:76:60:33:32:2a:ed:02:92:c3:cd:fa:45:42:f6:
         ab:dd:a4:5f:73:94:a2:be:89:b1:c4:5c:af:bb:c9:d7:74:28:
         99:59:5b:41:36:31:36:f9:2d:76:35:59:55:26:ff:01:b4:6c:
         ad:a5:b3:dd:b0:58:99:26:5b:a7:00:d6:48:8d:e0:76:90:a1:
         72:e7:e5:5c:d9:b6:11:02:10:d2:8c:25:25:82:94:b0:25:55:
         05:95:5b:61:dc:82:5a:f8:5a:42:c6:99:ec:72:7a:e6:2f:00:
         aa:a8:58:68:90:3a:e6:8a:90:03:b3:e8:31:a3:35:ce:0f:41:
         43:c2:fe:e7:45:ff:0d:35:63:11:dc:30:df:07:f6:fd:06:a3:
         30:2d:78:a2:1e:61:9e:1a:4e:c0:ae:50:53:4a:92:7b:3a:1d:
         64:a1:09:93:a0:73:a8:a0:c3:15:82:bc:30:ec:1f:c4:ce:02:
         c5:62:4d:f8
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgISAYd1XC8eMV1EwjB8b5S7VheDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZTUxNjk0YzRkNDZiNGZjYzAyZmFlNzFlNWRiOTQyYTcx
MDhlNDcwHhcNMjMwNDEyMTIwNjI4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Yjk0MzU1MmVhMjBlZDY3MjE0MWQ4N2Q5MGJkNmZlOWQ5YTA1NjgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAziXn+3V2PcQ3rllFC7lE15RsWpfs
A/GymqgFWXwxxrlqMe4oCdGNNWpbZqDKxLuwKVxizKRB6HqszMtb3oqAGhORGGMo
mO2Dw4vFE8JSAIkHfyNWZTLBDnTmgP3v4kYeGlgjwG/Sq9//CvB/ZrsT++rvStlh
CvXrhpfUIgXAJf5h2mD6QRuAGPEVqk7jNv5oiS0kmKtTxj8rqTzjpR3HVI6aqiBr
8XpyPZosJ61Ni/elqs0P0rgdRY+j2P23mwnIKjfo3WedkrQUxXF8159FIpbTJ/IQ
MfP6GrFBBhgJRFFytwG/tpAcJ2BHgUaz9VwAskthtacU0JqAxlVmQTYqWwIDAQAB
o4ICRDCCAkAwHQYDVR0OBBYEFJuUNVLqIO1nIUHYfZC9b+nZoFaCMB8GA1UdIwQY
MBaAFEnlFpTE1GtPzAL65x5duUKnEI5HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQt
MTkxODliM2M5YzdkLzEvbTVRMVV1b2c3V2NoUWRoOWtMMXY2ZG1nVm9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQtMTkxODliM2M5Yzdk
LzEvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFoGCCsGAQUFBwEHAQH/BEswSTA4BAIAATAyAwQCLULgAwQA
UEfhAwQAUEfkMAwDBABRHZEDBAFRHZQDBABRHZcDBABRHZwDBABRHZ4wDQQCAAIw
BwMFAyoJbEAwDQYJKoZIhvcNAQELBQADggEBAAsRxLh9egTRPNZpmnLDz5G5g4Q8
TiuhK0aDtYVXRAqAP5Kde3NehqqgI8zvWCKt9gsaUufkZdN14oPleOFRo/aralo+
vQGSv7jlanV2YDMyKu0CksPN+kVC9qvdpF9zlKK+ibHEXK+7ydd0KJlZW0E2MTb5
LXY1WVUm/wG0bK2ls92wWJkmW6cA1kiN4HaQoXLn5VzZthECENKMJSWClLAlVQWV
W2Hcglr4WkLGmexyeuYvAKqoWGiQOuaKkAOz6DGjNc4PQUPC/udF/w01YxHcMN8H
9v0GozAteKIeYZ4aTsCuUFNKkns6HWShCZOgc6igwxWCvDDsH8TOAsViTfg=
-----END CERTIFICATE-----