Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/gXtDumh6J2wL4Pr1ANRO1ENIgh8.roa
File:                     gXtDumh6J2wL4Pr1ANRO1ENIgh8.roa (raw, json)
Hash identifier:          KtSA2MsOsPuwU3+LjKsJ2yzJSYNxSE1pw5ygvVcfZcY=
Subject key identifier:   81:7B:43:BA:68:7A:27:6C:0B:E0:FA:F5:00:D4:4E:D4:43:48:82:1F
Certificate issuer:       /CN=9e459aa4602bffa2d2650ba66818458c89fc4582
Certificate serial:       01857042A4213A0CE11A1DBD92392A1E2F56
Authority key identifier: 9E:45:9A:A4:60:2B:FF:A2:D2:65:0B:A6:68:18:45:8C:89:FC:45:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nkWapGAr_6LSZQumaBhFjIn8RYI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/gXtDumh6J2wL4Pr1ANRO1ENIgh8.roa
Signing time:             Mon 02 Jan 2023 02:14:53 +0000
ROA not before:           Mon 02 Jan 2023 02:14:53 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     12310
IP address blocks:        195.95.228.0/23 maxlen: 23
                          89.42.16.0/21 maxlen: 21
                          89.149.0.0/18 maxlen: 18
                          188.240.216.0/22 maxlen: 22
                          83.166.192.0/19 maxlen: 19
                          188.240.8.0/22 maxlen: 22
                          194.102.203.0/24 maxlen: 24
                          80.86.96.0/20 maxlen: 20
                          80.86.96.0/19 maxlen: 19
                          84.247.64.0/18 maxlen: 18
                          2a02:2a00::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 02:29:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:42:a4:21:3a:0c:e1:1a:1d:bd:92:39:2a:1e:2f:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e459aa4602bffa2d2650ba66818458c89fc4582
        Validity
            Not Before: Jan  2 02:14:53 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=817b43ba687a276c0be0faf500d44ed44348821f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:83:2c:06:b0:69:7c:f5:9f:69:82:62:e9:dc:
                    16:04:1e:8b:1e:94:86:28:e3:32:80:4e:45:57:b9:
                    74:36:ab:69:04:6d:e4:cb:25:bc:07:7e:19:ca:f3:
                    27:92:f1:3c:da:93:04:1d:65:15:33:09:be:44:59:
                    e8:04:fe:75:d0:28:08:f0:53:64:83:35:07:5b:e8:
                    1c:41:03:d7:35:d7:b2:01:8c:7d:8e:12:c4:a0:bd:
                    ab:8a:20:eb:58:69:5b:ef:be:66:6a:f8:53:0f:01:
                    61:13:15:90:09:7b:c5:21:4d:d7:d2:30:94:99:0f:
                    d1:ae:4e:39:cf:c4:78:34:18:d2:af:f6:1b:e5:42:
                    23:6b:70:6a:3b:c1:e4:f0:5c:d2:52:6a:a8:91:5f:
                    e6:86:a4:82:46:d6:af:6f:ee:8f:6c:a2:52:06:f3:
                    b9:a4:c5:f4:bb:d9:40:ee:ba:53:52:4a:55:51:c4:
                    c4:26:ae:9a:12:2e:ae:4e:ee:4b:d9:3a:57:e2:30:
                    85:45:b6:2e:0a:15:c9:a4:1e:2f:0d:79:b2:73:39:
                    73:61:d6:98:e7:60:ca:f5:86:ee:be:75:10:0c:ee:
                    f1:1f:a9:e7:fa:ae:18:c7:22:e8:7e:45:59:e2:ca:
                    65:ff:2b:30:15:c2:d2:e2:42:e2:06:23:55:96:f8:
                    e2:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:7B:43:BA:68:7A:27:6C:0B:E0:FA:F5:00:D4:4E:D4:43:48:82:1F
            X509v3 Authority Key Identifier:
                keyid:9E:45:9A:A4:60:2B:FF:A2:D2:65:0B:A6:68:18:45:8C:89:FC:45:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nkWapGAr_6LSZQumaBhFjIn8RYI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/gXtDumh6J2wL4Pr1ANRO1ENIgh8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/nkWapGAr_6LSZQumaBhFjIn8RYI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.86.96.0/19
                  83.166.192.0/19
                  84.247.64.0/18
                  89.42.16.0/21
                  89.149.0.0/18
                  188.240.8.0/22
                  188.240.216.0/22
                  194.102.203.0/24
                  195.95.228.0/23
                IPv6:
                  2a02:2a00::/32

    Signature Algorithm: sha256WithRSAEncryption
         35:ef:d4:51:11:17:7f:f1:cc:0a:05:78:dc:24:30:5a:a2:1c:
         e3:b0:21:35:47:cd:71:6e:73:8a:72:d5:c8:0c:f5:62:d2:04:
         a0:69:05:be:9a:2b:29:70:c4:86:de:2c:1b:74:80:38:60:7d:
         e7:32:9d:f8:5d:db:3e:cd:b3:e1:61:95:6c:66:91:b5:1d:a0:
         26:f1:11:b0:95:63:9e:25:e7:4e:8f:a9:02:1b:08:4b:5d:ac:
         ce:b8:69:2b:a3:10:44:21:72:6d:7a:b8:18:98:fd:8d:19:9f:
         56:aa:2c:5d:a5:0c:5d:4c:12:14:74:88:cc:e0:42:8b:b8:42:
         f6:b1:b7:e5:a2:ca:01:57:ae:55:fb:15:0c:97:ee:d0:50:a3:
         db:7d:55:bb:d1:e3:63:b3:fe:14:18:69:cf:e7:21:2c:ec:37:
         bf:1d:4b:9c:a9:56:48:0f:5d:7b:a9:34:b0:99:24:a5:0b:c5:
         2f:ba:ce:fa:26:3a:2e:20:c7:59:74:c5:6b:ab:67:66:58:31:
         b1:a5:ca:7b:eb:e2:90:56:c3:40:00:bc:12:ad:4a:03:04:84:
         f2:43:32:b3:f0:7a:54:31:14:55:ee:db:46:59:2b:67:be:68:
         2d:a3:08:64:4b:9d:f0:b1:4b:27:82:79:15:5f:16:91:21:89:
         bd:eb:4f:ad
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAYVwQqQhOgzhGh29kjkqHi9WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllNDU5YWE0NjAyYmZmYTJkMjY1MGJhNjY4MTg0NThjODlm
YzQ1ODIwHhcNMjMwMTAyMDIxNDUzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTdiNDNiYTY4N2EyNzZjMGJlMGZhZjUwMGQ0NGVkNDQzNDg4MjFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkoMsBrBpfPWfaYJi6dwWBB6LHpSG
KOMygE5FV7l0NqtpBG3kyyW8B34ZyvMnkvE82pMEHWUVMwm+RFnoBP510CgI8FNk
gzUHW+gcQQPXNdeyAYx9jhLEoL2riiDrWGlb775mavhTDwFhExWQCXvFIU3X0jCU
mQ/Rrk45z8R4NBjSr/Yb5UIja3BqO8Hk8FzSUmqokV/mhqSCRtavb+6PbKJSBvO5
pMX0u9lA7rpTUkpVUcTEJq6aEi6uTu5L2TpX4jCFRbYuChXJpB4vDXmyczlzYdaY
52DK9YbuvnUQDO7xH6nn+q4YxyLofkVZ4spl/yswFcLS4kLiBiNVlvji3wIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFIF7Q7poeidsC+D69QDUTtRDSIIfMB8GA1UdIwQY
MBaAFJ5FmqRgK/+i0mULpmgYRYyJ/EWCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmtXYXBHQXJfNkxTWlF1bWFCaEZqSW44UllJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi85Y2MzMzMtNjhkNS00NjkyLTljNWIt
MjhhODQxZGEwYmZkLzEvZ1h0RHVtaDZKMndMNFByMUFOUk8xRU5JZ2g4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi85Y2MzMzMtNjhkNS00NjkyLTljNWItMjhhODQxZGEwYmZk
LzEvbmtXYXBHQXJfNkxTWlF1bWFCaEZqSW44UllJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQFUFZgAwQF
U6bAAwQGVPdAAwQDWSoQAwQGWZUAAwQCvPAIAwQCvPDYAwQAwmbLAwQBw1/kMA0E
AgACMAcDBQAqAioAMA0GCSqGSIb3DQEBCwUAA4IBAQA179RRERd/8cwKBXjcJDBa
ohzjsCE1R81xbnOKctXIDPVi0gSgaQW+mispcMSG3iwbdIA4YH3nMp34Xds+zbPh
YZVsZpG1HaAm8RGwlWOeJedOj6kCGwhLXazOuGkroxBEIXJtergYmP2NGZ9Wqixd
pQxdTBIUdIjM4EKLuEL2sbflosoBV65V+xUMl+7QUKPbfVW70eNjs/4UGGnP5yEs
7De/HUucqVZID117qTSwmSSlC8Uvus76JjouIMdZdMVrq2dmWDGxpcp76+KQVsNA
ALwSrUoDBITyQzKz8HpUMRRV7ttGWStnvmgtowhkS53wsUsngnkVXxaRIYm960+t
-----END CERTIFICATE-----