Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/q5MjhqV000BIP41dii7N5Wjn2UY.roa
File:                     q5MjhqV000BIP41dii7N5Wjn2UY.roa (raw, json)
Hash identifier:          eV2t95NSSOOWNbIlyOlocYIVsEXhAY31mbiAurgLG64=
Subject key identifier:   AB:93:23:86:A5:74:D3:40:48:3F:8D:5D:8A:2E:CD:E5:68:E7:D9:46
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01887268D5281530F12B7D9B75B2B17495EB
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/q5MjhqV000BIP41dii7N5Wjn2UY.roa
Signing time:             Wed 31 May 2023 15:24:12 +0000
ROA not before:           Wed 31 May 2023 15:24:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        82.152.174.0/23 maxlen: 23
                          82.153.248.0/24 maxlen: 24
                          82.153.249.0/24 maxlen: 24
                          82.153.73.0/24 maxlen: 24
                          81.168.116.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          82.152.249.0/24 maxlen: 24
                          82.152.255.0/24 maxlen: 24
                          82.153.222.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 01 Jun 2023 07:59:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:72:68:d5:28:15:30:f1:2b:7d:9b:75:b2:b1:74:95:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 31 15:24:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ab932386a574d340483f8d5d8a2ecde568e7d946
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:cc:0a:ce:9f:6f:4f:3d:3d:bb:e0:76:c1:6c:
                    78:90:c0:0a:cf:04:b8:e8:f5:d6:a1:cd:89:8e:07:
                    c4:a2:59:83:f5:18:6f:c6:29:61:d6:70:d4:dd:74:
                    b2:56:db:5a:e7:19:65:42:a8:99:ff:13:d6:a6:20:
                    27:e0:9c:56:c7:a6:1a:8d:15:0d:7e:0c:88:5e:96:
                    c5:38:7c:c1:70:03:23:0a:d6:9b:e8:ab:34:4d:18:
                    c4:31:6f:84:d0:60:e8:8c:35:04:a0:0a:16:d9:c3:
                    20:91:dd:e0:91:36:0c:9a:2c:4b:f8:d2:91:95:28:
                    7d:5b:e4:d2:e3:6f:34:97:6e:1e:ad:5b:3c:6a:d2:
                    bf:15:b5:b4:49:58:ed:4b:fb:ba:96:77:73:f9:e8:
                    e5:96:b0:e2:e6:32:58:19:86:ea:00:77:77:f7:aa:
                    11:82:76:b2:08:79:a6:47:2a:e4:35:46:bb:56:df:
                    fa:ca:72:bd:b8:9f:7c:af:ed:e6:dd:1c:19:77:c9:
                    9b:85:05:22:90:d7:de:b6:75:d5:ea:e0:11:f3:04:
                    de:2a:11:b3:cf:f4:63:57:66:fa:ff:1f:42:63:a6:
                    c2:26:83:22:9d:3d:b6:68:25:9a:3c:51:8e:52:eb:
                    a1:79:3b:28:bc:99:d0:7c:de:81:20:fd:a1:ae:05:
                    0f:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:93:23:86:A5:74:D3:40:48:3F:8D:5D:8A:2E:CD:E5:68:E7:D9:46
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/q5MjhqV000BIP41dii7N5Wjn2UY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.116.0/24
                  81.168.119.0/24
                  81.168.123.0/24
                  82.152.174.0/23
                  82.152.249.0/24
                  82.152.255.0/24
                  82.153.73.0/24
                  82.153.222.0/24
                  82.153.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         46:f9:f2:c3:89:c8:bf:f7:2a:73:42:98:b4:55:d2:f6:91:a4:
         94:a9:5f:14:2c:32:ea:bd:5a:10:4e:db:4b:82:f9:58:b6:d2:
         fe:bc:b0:34:bf:bf:ef:9c:75:61:46:df:ea:68:a8:5c:f4:b3:
         ef:85:56:a8:0d:f4:b8:79:80:a9:89:6a:0f:10:b6:c6:9f:85:
         53:49:04:57:c0:37:ad:83:de:f9:8b:bc:db:31:1c:6a:59:d1:
         46:9d:47:26:39:71:9c:ca:f0:fb:7f:0f:7a:ab:1a:6c:cd:fa:
         82:89:21:df:d9:a4:d2:5b:a0:8b:52:79:66:0f:ba:a8:0e:d3:
         2d:ea:a3:84:b7:77:31:c3:99:d1:bb:63:96:63:b0:63:b5:9d:
         99:00:1d:c2:dd:50:b4:d6:49:3d:7a:25:92:0e:b7:c8:04:e3:
         e9:19:14:74:84:a0:c0:3d:55:09:ac:27:03:6c:f9:1b:ec:ca:
         0c:5b:ed:41:80:7b:9f:7f:b5:fe:a7:02:28:f1:86:ae:fd:98:
         3b:48:88:0d:69:f8:c4:7c:e2:a0:b3:37:82:48:52:48:b9:9b:
         01:7d:71:9b:f4:5a:b5:5e:56:81:de:ea:70:e6:09:fa:04:00:
         a2:c8:08:32:46:4b:27:e0:62:0b:d1:64:27:b9:6b:4f:d0:87:
         5c:9c:df:39
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYhyaNUoFTDxK32bdbKxdJXrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNTMxMTUyNDEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjkzMjM4NmE1NzRkMzQwNDgzZjhkNWQ4YTJlY2RlNTY4ZTdkOTQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuMwKzp9vTz09u+B2wWx4kMAKzwS4
6PXWoc2JjgfEolmD9Rhvxilh1nDU3XSyVtta5xllQqiZ/xPWpiAn4JxWx6YajRUN
fgyIXpbFOHzBcAMjCtab6Ks0TRjEMW+E0GDojDUEoAoW2cMgkd3gkTYMmixL+NKR
lSh9W+TS4280l24erVs8atK/FbW0SVjtS/u6lndz+ejllrDi5jJYGYbqAHd396oR
gnayCHmmRyrkNUa7Vt/6ynK9uJ98r+3m3RwZd8mbhQUikNfetnXV6uAR8wTeKhGz
z/RjV2b6/x9CY6bCJoMinT22aCWaPFGOUuuheTsovJnQfN6BIP2hrgUPswIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFKuTI4aldNNASD+NXYouzeVo59lGMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvcTVNamhxVjAwMEJJUDQxZGlpN041V2puMlVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAUah0AwQA
Uah3AwQAUah7AwQBUpiuAwQAUpj5AwQAUpj/AwQAUplJAwQAUpneAwQBUpn4MA0G
CSqGSIb3DQEBCwUAA4IBAQBG+fLDici/9ypzQpi0VdL2kaSUqV8ULDLqvVoQTttL
gvlYttL+vLA0v7/vnHVhRt/qaKhc9LPvhVaoDfS4eYCpiWoPELbGn4VTSQRXwDet
g975i7zbMRxqWdFGnUcmOXGcyvD7fw96qxpszfqCiSHf2aTSW6CLUnlmD7qoDtMt
6qOEt3cxw5nRu2OWY7BjtZ2ZAB3C3VC01kk9eiWSDrfIBOPpGRR0hKDAPVUJrCcD
bPkb7MoMW+1BgHuff7X+pwIo8Yau/Zg7SIgNafjEfOKgszeCSFJIuZsBfXGb9Fq1
XlaB3upw5gn6BACiyAgyRksn4GIL0WQnuWtP0IdcnN85
-----END CERTIFICATE-----