Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/c72b67-76ec-4afa-b376-f9ad38051220/1/yesxb76nliGLNIc7c5OMdl5Tugo.roa
File:                     yesxb76nliGLNIc7c5OMdl5Tugo.roa (raw, json)
Hash identifier:          MXk0/PIQII7AZhUrsIUqmKkueavzyb/vpCpPypJsfzU=
Subject key identifier:   C9:EB:31:6F:BE:A7:96:21:8B:34:87:3B:73:93:8C:76:5E:53:BA:0A
Certificate issuer:       /CN=3be2f0164b66a76795860b4ea3586fad563bac47
Certificate serial:       01866F4A2C01AE1159AD5759BF41770CB393
Authority key identifier: 3B:E2:F0:16:4B:66:A7:67:95:86:0B:4E:A3:58:6F:AD:56:3B:AC:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O-LwFktmp2eVhgtOo1hvrVY7rEc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/c72b67-76ec-4afa-b376-f9ad38051220/1/yesxb76nliGLNIc7c5OMdl5Tugo.roa
Signing time:             Mon 20 Feb 2023 14:46:17 +0000
ROA not before:           Mon 20 Feb 2023 14:46:17 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     206264
IP address blocks:        5.183.209.0/24 maxlen: 24
                          185.191.125.0/24 maxlen: 24
                          185.191.124.0/24 maxlen: 24
                          93.123.72.0/24 maxlen: 24
                          185.191.126.0/24 maxlen: 24
                          94.156.33.0/24 maxlen: 24
                          185.191.127.0/24 maxlen: 24
                          80.251.152.0/23 maxlen: 24
                          89.249.49.0/24 maxlen: 24
                          45.139.122.0/24 maxlen: 24
                          2a0d:1000::/30 maxlen: 30
                          2a0d:1000::/29 maxlen: 29
                          2a0d:1004::/30 maxlen: 30

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 06:29:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:6f:4a:2c:01:ae:11:59:ad:57:59:bf:41:77:0c:b3:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3be2f0164b66a76795860b4ea3586fad563bac47
        Validity
            Not Before: Feb 20 14:46:17 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c9eb316fbea796218b34873b73938c765e53ba0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:07:62:bb:16:93:22:5d:56:9c:11:ac:87:24:
                    16:25:1a:01:a4:64:95:fd:9a:cf:d8:4c:4e:7f:de:
                    84:59:18:d3:44:ae:f8:cd:da:a4:57:a8:2e:51:53:
                    ca:8f:70:bb:b3:32:28:ec:a5:41:c6:f7:d0:7c:72:
                    33:9b:4c:22:e9:3b:fe:c7:b7:50:d8:43:70:cd:a6:
                    f0:d8:ac:cc:1b:e7:0b:0b:25:9e:55:66:3b:74:d9:
                    30:71:c7:03:06:07:a1:0d:43:5e:ae:36:40:de:06:
                    a1:90:a8:d5:c3:bb:88:3b:b4:d6:c7:5a:f4:1c:e7:
                    47:7f:e3:a1:05:9f:ae:89:70:9b:a5:b5:90:47:93:
                    1e:5f:64:5d:61:6c:ef:b8:21:aa:33:65:32:59:21:
                    aa:ed:18:28:2a:19:12:9b:68:b8:dd:e5:c2:05:8b:
                    7c:bf:5f:a8:ed:6e:db:2f:5b:82:88:89:f5:ea:97:
                    3b:62:8c:cf:70:74:9c:17:1e:94:92:c7:44:6e:80:
                    59:fd:bb:bf:26:29:6e:78:d5:1b:4d:2c:4c:d9:34:
                    f8:22:1d:2a:c5:4a:40:d2:67:cb:5b:24:6c:d2:13:
                    5e:77:70:d1:ad:cc:2b:78:f4:de:c8:d5:d7:ba:76:
                    a7:8b:a6:aa:08:32:eb:a5:78:ba:ae:3a:98:ba:92:
                    8b:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:EB:31:6F:BE:A7:96:21:8B:34:87:3B:73:93:8C:76:5E:53:BA:0A
            X509v3 Authority Key Identifier:
                keyid:3B:E2:F0:16:4B:66:A7:67:95:86:0B:4E:A3:58:6F:AD:56:3B:AC:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O-LwFktmp2eVhgtOo1hvrVY7rEc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/c72b67-76ec-4afa-b376-f9ad38051220/1/yesxb76nliGLNIc7c5OMdl5Tugo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/c72b67-76ec-4afa-b376-f9ad38051220/1/O-LwFktmp2eVhgtOo1hvrVY7rEc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.183.209.0/24
                  45.139.122.0/24
                  80.251.152.0/23
                  89.249.49.0/24
                  93.123.72.0/24
                  94.156.33.0/24
                  185.191.124.0/22
                IPv6:
                  2a0d:1000::/29

    Signature Algorithm: sha256WithRSAEncryption
         6d:cb:49:25:59:ab:23:45:8d:ff:4c:5d:d7:b8:79:25:24:ca:
         60:5a:b1:b9:74:6c:98:1e:eb:9e:a0:54:76:a2:8f:39:f7:b4:
         70:d5:91:8d:69:b1:a6:e5:89:4d:09:67:62:c2:b9:88:82:85:
         1b:cd:aa:f8:1b:cd:31:2e:5f:8a:4e:38:a5:af:1f:ca:7c:81:
         ef:07:31:19:a8:d3:14:2a:1e:89:77:dd:66:8a:a9:86:6f:63:
         ab:58:55:f9:e4:fc:f9:a9:f2:e0:2f:dc:5e:4c:d8:46:3d:e5:
         b3:12:9f:74:fc:b9:ec:c7:b3:13:fa:07:db:a8:73:d1:c8:64:
         e0:18:d3:03:2f:bd:9e:c0:d2:7f:86:ea:a1:3d:e2:cb:65:cb:
         9f:ae:f9:fd:26:7a:b0:e2:33:4f:47:c7:10:2d:71:64:74:0d:
         13:18:76:f0:79:eb:c1:84:1a:a3:7d:c0:de:0a:b0:d6:58:eb:
         96:ff:5b:86:23:00:77:2b:d0:12:b6:43:95:08:18:36:5c:4c:
         2d:96:08:21:2c:f3:4a:7d:83:c9:2b:69:88:9c:1a:ec:1c:8e:
         26:8b:9f:c0:77:2f:81:42:34:89:f1:82:49:92:0b:76:36:26:
         56:28:88:c8:ad:06:7c:df:d1:0a:84:86:26:2a:64:76:24:01:
         99:07:ba:15
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAYZvSiwBrhFZrVdZv0F3DLOTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiZTJmMDE2NGI2NmE3Njc5NTg2MGI0ZWEzNTg2ZmFkNTYz
YmFjNDcwHhcNMjMwMjIwMTQ0NjE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWViMzE2ZmJlYTc5NjIxOGIzNDg3M2I3MzkzOGM3NjVlNTNiYTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvwdiuxaTIl1WnBGshyQWJRoBpGSV
/ZrP2ExOf96EWRjTRK74zdqkV6guUVPKj3C7szIo7KVBxvfQfHIzm0wi6Tv+x7dQ
2ENwzabw2KzMG+cLCyWeVWY7dNkwcccDBgehDUNerjZA3gahkKjVw7uIO7TWx1r0
HOdHf+OhBZ+uiXCbpbWQR5MeX2RdYWzvuCGqM2UyWSGq7RgoKhkSm2i43eXCBYt8
v1+o7W7bL1uCiIn16pc7YozPcHScFx6UksdEboBZ/bu/JilueNUbTSxM2TT4Ih0q
xUpA0mfLWyRs0hNed3DRrcwrePTeyNXXunani6aqCDLrpXi6rjqYupKLswIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFMnrMW++p5YhizSHO3OTjHZeU7oKMB8GA1UdIwQY
MBaAFDvi8BZLZqdnlYYLTqNYb61WO6xHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTy1Md0ZrdG1wMmVWaGd0T28xaHZyVlk3ckVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC9jNzJiNjctNzZlYy00YWZhLWIzNzYt
ZjlhZDM4MDUxMjIwLzEveWVzeGI3Nm5saUdMTkljN2M1T01kbDVUdWdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC9jNzJiNjctNzZlYy00YWZhLWIzNzYtZjlhZDM4MDUxMjIw
LzEvTy1Md0ZrdG1wMmVWaGd0T28xaHZyVlk3ckVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQABbfRAwQA
LYt6AwQBUPuYAwQAWfkxAwQAXXtIAwQAXpwhAwQCub98MA0EAgACMAcDBQMqDRAA
MA0GCSqGSIb3DQEBCwUAA4IBAQBty0klWasjRY3/TF3XuHklJMpgWrG5dGyYHuue
oFR2oo8597Rw1ZGNabGm5YlNCWdiwrmIgoUbzar4G80xLl+KTjilrx/KfIHvBzEZ
qNMUKh6Jd91miqmGb2OrWFX55Pz5qfLgL9xeTNhGPeWzEp90/Lnsx7MT+gfbqHPR
yGTgGNMDL72ewNJ/huqhPeLLZcufrvn9Jnqw4jNPR8cQLXFkdA0TGHbweevBhBqj
fcDeCrDWWOuW/1uGIwB3K9AStkOVCBg2XEwtlgghLPNKfYPJK2mInBrsHI4mi5/A
dy+BQjSJ8YJJkgt2NiZWKIjIrQZ839EKhIYmKmR2JAGZB7oV
-----END CERTIFICATE-----