Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/2u5DrWDCa_5R6y7RQkVXeEmne48.roa
File:                     2u5DrWDCa_5R6y7RQkVXeEmne48.roa (raw, json)
Hash identifier:          7jZa7RWWeh5i/9yPcIVkCCapbMIadfunsAwO72ImPeo=
Subject key identifier:   DA:EE:43:AD:60:C2:6B:FE:51:EB:2E:D1:42:45:57:78:49:A7:7B:8F
Certificate issuer:       /CN=6b233d75508b4e85cccf44349a7cb703198d1d26
Certificate serial:       018868960E9DBE7E2639F082ADB3551DC903
Authority key identifier: 6B:23:3D:75:50:8B:4E:85:CC:CF:44:34:9A:7C:B7:03:19:8D:1D:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ayM9dVCLToXMz0Q0mny3AxmNHSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/2u5DrWDCa_5R6y7RQkVXeEmne48.roa
Signing time:             Mon 29 May 2023 17:37:24 +0000
ROA not before:           Mon 29 May 2023 17:37:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     133296
IP address blocks:        91.225.14.0/24 maxlen: 24
                          178.157.76.0/24 maxlen: 24
                          188.74.212.0/22 maxlen: 22
                          178.157.108.0/24 maxlen: 24
                          185.76.60.0/24 maxlen: 24
                          185.76.62.0/24 maxlen: 24
                          5.157.139.0/24 maxlen: 24
                          5.157.136.0/24 maxlen: 24
                          91.235.123.0/24 maxlen: 24
                          5.157.160.0/22 maxlen: 22

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 10:30:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:68:96:0e:9d:be:7e:26:39:f0:82:ad:b3:55:1d:c9:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b233d75508b4e85cccf44349a7cb703198d1d26
        Validity
            Not Before: May 29 17:37:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=daee43ad60c26bfe51eb2ed14245577849a77b8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:86:39:9c:a5:c5:e1:70:6a:b6:c1:ec:fd:31:
                    47:d1:0a:63:64:69:a2:d3:88:4b:9c:b2:9f:f4:9b:
                    62:10:e1:d7:14:52:d1:71:a0:58:68:ae:fc:c6:62:
                    a1:d5:6d:6e:35:b8:d6:53:78:e8:24:f3:52:e6:37:
                    8d:6a:30:1b:53:b2:1b:64:9b:07:3c:b1:13:f1:e6:
                    70:4d:13:a1:30:45:1b:a4:89:c9:8c:ac:21:b3:69:
                    ce:ba:bf:79:c2:4a:a0:bf:07:a2:ad:26:f4:ce:ce:
                    2a:48:5f:6a:c1:c3:1d:a4:db:d8:2d:69:26:14:09:
                    f4:af:35:0f:70:f7:75:31:4c:ac:2e:59:41:52:8c:
                    98:9e:b1:9d:c7:b7:6a:1d:5a:c4:8b:39:91:ac:99:
                    42:d7:61:d1:0a:02:27:b7:56:55:20:04:5e:00:f7:
                    61:66:5b:4b:3d:1f:bc:f8:b3:b8:33:dd:42:ef:9b:
                    d5:4f:52:91:44:9d:c8:cd:46:e7:64:3c:88:ab:f1:
                    6e:e1:e9:ed:cc:1e:f5:a0:e5:a1:56:41:93:9c:a2:
                    72:fb:d3:78:5f:50:8e:12:8c:70:3f:5d:31:47:61:
                    d4:22:9c:5e:a5:d0:12:c7:f7:c8:d1:cb:d2:58:ab:
                    b9:5d:4e:ba:c6:87:d4:a3:88:8c:06:de:c5:df:80:
                    a6:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:EE:43:AD:60:C2:6B:FE:51:EB:2E:D1:42:45:57:78:49:A7:7B:8F
            X509v3 Authority Key Identifier:
                keyid:6B:23:3D:75:50:8B:4E:85:CC:CF:44:34:9A:7C:B7:03:19:8D:1D:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ayM9dVCLToXMz0Q0mny3AxmNHSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/2u5DrWDCa_5R6y7RQkVXeEmne48.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/ayM9dVCLToXMz0Q0mny3AxmNHSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.157.136.0/24
                  5.157.139.0/24
                  5.157.160.0/22
                  91.225.14.0/24
                  91.235.123.0/24
                  178.157.76.0/24
                  178.157.108.0/24
                  185.76.60.0/24
                  185.76.62.0/24
                  188.74.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         89:7a:db:46:1b:56:85:1b:9b:2b:66:55:e1:30:39:9a:f3:a4:
         d7:70:08:14:f3:55:be:ea:84:de:f9:53:be:94:5a:30:15:a6:
         42:24:f6:dd:ea:89:95:9e:bb:0c:fe:dc:c7:41:94:6b:14:a5:
         3c:61:2f:a4:3e:c4:fa:0c:da:26:1e:6f:ce:f0:6e:0e:5c:2d:
         64:98:19:e9:40:07:e2:48:11:22:49:f5:c3:5e:23:28:56:9a:
         a6:0c:f4:75:aa:bc:c7:a8:af:19:c9:c8:70:0e:2f:a2:ff:3b:
         4b:b0:38:a4:b1:91:39:bc:56:c6:29:36:97:52:b4:6f:3f:69:
         44:55:c6:74:42:3b:1d:24:20:55:90:81:f6:c3:b3:b8:8b:e9:
         49:c4:ba:2a:bc:31:51:1e:a6:69:b2:b9:58:e5:e2:01:c0:f3:
         30:3f:a6:1e:b8:3c:60:ef:8c:9c:b5:ef:0c:bb:a9:55:24:89:
         9e:6f:01:d2:11:c4:5d:df:7b:12:5c:d5:a2:05:f9:90:c1:00:
         08:d8:7e:7c:94:ba:f2:a5:93:80:6b:41:54:68:19:f2:28:63:
         a1:63:5e:45:cc:b7:eb:b2:be:51:66:67:b9:01:f7:17:b0:38:
         d8:13:4d:61:97:d4:40:da:16:48:cd:17:fc:2e:7e:80:4f:50:
         30:e5:c9:a4
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYholg6dvn4mOfCCrbNVHckDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiMjMzZDc1NTA4YjRlODVjY2NmNDQzNDlhN2NiNzAzMTk4
ZDFkMjYwHhcNMjMwNTI5MTczNzI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWVlNDNhZDYwYzI2YmZlNTFlYjJlZDE0MjQ1NTc3ODQ5YTc3YjhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApoY5nKXF4XBqtsHs/TFH0QpjZGmi
04hLnLKf9JtiEOHXFFLRcaBYaK78xmKh1W1uNbjWU3joJPNS5jeNajAbU7IbZJsH
PLET8eZwTROhMEUbpInJjKwhs2nOur95wkqgvweirSb0zs4qSF9qwcMdpNvYLWkm
FAn0rzUPcPd1MUysLllBUoyYnrGdx7dqHVrEizmRrJlC12HRCgInt1ZVIAReAPdh
ZltLPR+8+LO4M91C75vVT1KRRJ3IzUbnZDyIq/Fu4entzB71oOWhVkGTnKJy+9N4
X1COEoxwP10xR2HUIpxepdASx/fI0cvSWKu5XU66xofUo4iMBt7F34CmAwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFNruQ61gwmv+Uesu0UJFV3hJp3uPMB8GA1UdIwQY
MBaAFGsjPXVQi06FzM9ENJp8twMZjR0mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXlNOWRWQ0xUb1hNejBRMG1ueTNBeG1OSFNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC85ZDkxOTItMjczYy00Y2E5LWIyYmEt
ZmE5Y2I1MWNkMGYxLzEvMnU1RHJXRENhXzVSNnk3UlFrVlhlRW1uZTQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC85ZDkxOTItMjczYy00Y2E5LWIyYmEtZmE5Y2I1MWNkMGYx
LzEvYXlNOWRWQ0xUb1hNejBRMG1ueTNBeG1OSFNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQABZ2IAwQA
BZ2LAwQCBZ2gAwQAW+EOAwQAW+t7AwQAsp1MAwQAsp1sAwQAuUw8AwQAuUw+AwQC
vErUMA0GCSqGSIb3DQEBCwUAA4IBAQCJettGG1aFG5srZlXhMDma86TXcAgU81W+
6oTe+VO+lFowFaZCJPbd6omVnrsM/tzHQZRrFKU8YS+kPsT6DNomHm/O8G4OXC1k
mBnpQAfiSBEiSfXDXiMoVpqmDPR1qrzHqK8ZychwDi+i/ztLsDiksZE5vFbGKTaX
UrRvP2lEVcZ0QjsdJCBVkIH2w7O4i+lJxLoqvDFRHqZpsrlY5eIBwPMwP6YeuDxg
74ycte8Mu6lVJImebwHSEcRd33sSXNWiBfmQwQAI2H58lLrypZOAa0FUaBnyKGOh
Y15FzLfrsr5RZme5AfcXsDjYE01hl9RA2hZIzRf8Ln6AT1Aw5cmk
-----END CERTIFICATE-----