Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/sDjCL-Fm5aQgPV5czceGRJXAxjY.roa
File:                     sDjCL-Fm5aQgPV5czceGRJXAxjY.roa (raw, json)
Hash identifier:          7CotYmBzfs1/OQ2mw7nXCQIPSCTf7uhdZq9FHmi3HfQ=
Subject key identifier:   B0:38:C2:2F:E1:66:E5:A4:20:3D:5E:5C:CD:C7:86:44:95:C0:C6:36
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0189CF8BE0E828165177478AA74CDD4C7C4C
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/sDjCL-Fm5aQgPV5czceGRJXAxjY.roa
Signing time:             Mon 07 Aug 2023 10:29:58 +0000
ROA not before:           Mon 07 Aug 2023 10:29:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     140155
IP address blocks:        89.213.174.0/24 maxlen: 24
                          89.213.189.0/24 maxlen: 24
                          89.213.188.0/24 maxlen: 24
                          89.213.141.0/24 maxlen: 24
                          89.213.146.0/24 maxlen: 24
                          109.176.252.0/24 maxlen: 24
                          89.213.154.0/24 maxlen: 24
                          89.213.47.0/24 maxlen: 24
                          89.213.164.0/24 maxlen: 24
                          82.153.225.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 07 Aug 2023 15:30:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:cf:8b:e0:e8:28:16:51:77:47:8a:a7:4c:dd:4c:7c:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Aug  7 10:29:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b038c22fe166e5a4203d5e5ccdc7864495c0c636
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:3a:12:60:d0:7d:da:5c:e4:7a:ae:24:e2:9f:
                    80:ce:c4:dc:45:64:3c:99:e9:f5:41:c7:80:c1:b7:
                    97:fd:63:6a:39:46:dd:3e:eb:1e:f9:1c:97:3f:b2:
                    53:fb:11:41:40:67:a4:20:81:ef:00:77:c3:eb:ea:
                    8a:57:25:0e:cb:8e:21:80:39:73:21:ad:b7:d8:6d:
                    ea:5e:5e:72:2c:03:23:7e:cf:f6:2c:d3:13:75:71:
                    8e:e6:0a:d2:9e:cd:ba:11:33:3c:03:85:e6:c9:6e:
                    34:ac:75:9e:4a:ea:bb:5e:d7:54:bb:5b:cb:cd:5b:
                    37:a2:17:55:30:b7:1c:a9:e9:d0:85:c5:20:7e:ab:
                    bd:77:ac:79:85:74:d0:f4:3a:02:e5:93:29:e2:dc:
                    50:1b:3f:a3:72:2a:29:11:45:12:d4:ff:0b:a2:0d:
                    01:60:28:5a:00:ee:55:33:43:4f:54:e0:77:f2:aa:
                    b0:32:48:24:f8:4f:95:94:09:b7:45:14:95:16:10:
                    a8:79:14:1a:ba:4f:ca:a3:ad:5c:cf:91:40:0c:16:
                    00:b1:95:8a:b0:4e:a1:89:ff:97:01:38:f6:f4:d0:
                    bd:e7:83:04:af:46:c6:56:4b:39:f7:87:8a:02:42:
                    a1:c5:1e:b1:89:93:18:f8:24:39:68:20:cd:97:72:
                    f0:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:38:C2:2F:E1:66:E5:A4:20:3D:5E:5C:CD:C7:86:44:95:C0:C6:36
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/sDjCL-Fm5aQgPV5czceGRJXAxjY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.225.0/24
                  89.213.47.0/24
                  89.213.141.0/24
                  89.213.146.0/24
                  89.213.154.0/24
                  89.213.164.0/24
                  89.213.174.0/24
                  89.213.188.0/23
                  109.176.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:4e:83:29:51:78:2b:6f:72:b8:78:20:6d:f9:0d:f3:80:11:
         80:39:60:53:cf:0e:59:09:e2:85:a8:bf:e0:44:55:32:ee:91:
         2c:ac:fe:33:40:83:d0:6e:5d:e2:4b:5e:13:d6:24:4a:4e:98:
         9f:39:72:97:02:ad:b2:bd:47:01:68:c2:8d:60:5a:fa:da:15:
         fb:32:00:cb:20:3a:74:7d:af:92:43:c3:de:bb:b0:29:93:14:
         0b:15:c6:4d:0d:50:ec:3d:a6:89:b3:d3:65:1e:91:cb:c8:80:
         b8:6f:c3:f7:c8:0c:7f:06:34:82:e6:26:81:c2:bb:1c:87:02:
         4f:87:22:ee:46:eb:a5:cc:2d:d1:49:f8:01:1a:a5:01:80:7c:
         57:0b:d9:cd:cb:01:f7:4e:72:f4:39:c6:09:aa:dc:60:3c:ad:
         c0:d3:6c:72:f9:33:dc:22:b5:b1:b5:75:a0:07:f5:1d:e4:ad:
         7c:a4:58:8f:ae:6e:4c:b3:ed:83:a8:fc:ff:be:05:3c:df:e7:
         b5:cc:d0:ac:7c:a7:dc:07:1b:2c:9d:04:1e:2a:6a:68:62:ed:
         b3:2c:72:76:5c:70:40:ba:f8:0f:3d:6b:6f:fe:1f:c2:44:61:
         57:42:d5:ac:af:2b:e8:27:39:d7:2b:cb:19:1a:dd:fd:39:de:
         60:db:3a:2d
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYnPi+DoKBZRd0eKp0zdTHxMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwODA3MTAyOTU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDM4YzIyZmUxNjZlNWE0MjAzZDVlNWNjZGM3ODY0NDk1YzBjNjM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkzoSYNB92lzkeq4k4p+AzsTcRWQ8
men1QceAwbeX/WNqOUbdPuse+RyXP7JT+xFBQGekIIHvAHfD6+qKVyUOy44hgDlz
Ia232G3qXl5yLAMjfs/2LNMTdXGO5grSns26ETM8A4XmyW40rHWeSuq7XtdUu1vL
zVs3ohdVMLccqenQhcUgfqu9d6x5hXTQ9DoC5ZMp4txQGz+jciopEUUS1P8Log0B
YChaAO5VM0NPVOB38qqwMkgk+E+VlAm3RRSVFhCoeRQauk/Ko61cz5FADBYAsZWK
sE6hif+XATj29NC954MEr0bGVks594eKAkKhxR6xiZMY+CQ5aCDNl3LwIQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFLA4wi/hZuWkID1eXM3HhkSVwMY2MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvc0RqQ0wtRm01YVFnUFY1Y3pjZUdSSlhBeGpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAUpnhAwQA
WdUvAwQAWdWNAwQAWdWSAwQAWdWaAwQAWdWkAwQAWdWuAwQBWdW8AwQAbbD8MA0G
CSqGSIb3DQEBCwUAA4IBAQBWToMpUXgrb3K4eCBt+Q3zgBGAOWBTzw5ZCeKFqL/g
RFUy7pEsrP4zQIPQbl3iS14T1iRKTpifOXKXAq2yvUcBaMKNYFr62hX7MgDLIDp0
fa+SQ8Peu7ApkxQLFcZNDVDsPaaJs9NlHpHLyIC4b8P3yAx/BjSC5iaBwrschwJP
hyLuRuulzC3RSfgBGqUBgHxXC9nNywH3TnL0OcYJqtxgPK3A02xy+TPcIrWxtXWg
B/Ud5K18pFiPrm5Ms+2DqPz/vgU83+e1zNCsfKfcBxssnQQeKmpoYu2zLHJ2XHBA
uvgPPWtv/h/CRGFXQtWsryvoJznXK8sZGt39Od5g2zot
-----END CERTIFICATE-----