Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/XLwJTF2x6ZCeBwS1HvbElM-sor8.roa
File:                     XLwJTF2x6ZCeBwS1HvbElM-sor8.roa (raw, json)
Hash identifier:          Sb7EJZQFPfFUXF2OnD8H7go1ykxH9Wo0Qyel71bs+D4=
Subject key identifier:   5C:BC:09:4C:5D:B1:E9:90:9E:07:04:B5:1E:F6:C4:94:CF:AC:A2:BF
Certificate issuer:       /CN=f13533399f55eb52e6b2200c7cae4272b74d6464
Certificate serial:       01894F570B6E832B614E743FA593C31FBD2B
Authority key identifier: F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/XLwJTF2x6ZCeBwS1HvbElM-sor8.roa
Signing time:             Thu 13 Jul 2023 13:00:51 +0000
ROA not before:           Thu 13 Jul 2023 13:00:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     197343
IP address blocks:        5.56.128.0/22 maxlen: 22
                          37.32.42.0/24 maxlen: 24
                          37.32.41.0/24 maxlen: 24
                          37.32.40.0/22 maxlen: 24
                          5.57.34.0/24 maxlen: 24
                          5.57.33.0/24 maxlen: 24
                          5.57.36.0/24 maxlen: 24
                          5.57.35.0/24 maxlen: 24
                          185.212.48.0/24 maxlen: 24
                          185.212.49.0/24 maxlen: 24
                          178.239.150.0/24 maxlen: 24
                          178.239.156.0/23 maxlen: 23
                          178.239.156.0/22 maxlen: 22

Validation:               Failed, certificate revoked on Mon 25 Sep 2023 15:36:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:4f:57:0b:6e:83:2b:61:4e:74:3f:a5:93:c3:1f:bd:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f13533399f55eb52e6b2200c7cae4272b74d6464
        Validity
            Not Before: Jul 13 13:00:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5cbc094c5db1e9909e0704b51ef6c494cfaca2bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:b9:e7:d8:8d:6c:ad:c6:c9:4f:07:e3:01:d4:
                    0b:1c:fa:c7:8f:21:60:76:17:80:1e:4f:0b:e3:a1:
                    ad:ca:a3:c6:a6:1b:5c:ec:59:3e:a7:eb:1b:a2:bf:
                    23:c9:06:bd:01:1f:ea:61:4b:1f:17:72:f3:76:63:
                    67:4f:1d:49:5b:44:9e:fe:2f:b3:8b:a3:3d:f1:13:
                    d6:57:4a:a3:6f:f5:0f:0e:92:0b:0a:ec:c5:19:ef:
                    f1:39:5f:f8:99:5f:3e:f5:4a:02:1f:6f:59:ce:e7:
                    3a:8a:39:94:13:e4:c4:37:3d:21:24:2a:6f:b2:b1:
                    a3:6e:95:44:0d:ec:6b:89:d6:1e:4c:98:04:64:ca:
                    f5:af:0c:5f:4f:aa:54:9c:7e:f1:7b:34:fb:ad:ad:
                    c6:b5:5a:23:f3:ef:47:c4:58:a6:b3:b9:59:f3:a6:
                    ca:be:14:15:4f:5c:6b:29:8c:36:a9:9a:22:24:b3:
                    0a:b0:91:0a:32:20:ea:63:e6:87:0b:e7:06:1e:7d:
                    cf:41:aa:88:3f:3f:6b:ca:fa:d9:e3:8c:2f:13:23:
                    68:0c:7b:5e:99:e7:c6:70:d6:7a:f7:01:d0:a7:db:
                    36:5a:df:70:cb:7b:7a:c9:49:57:0e:8c:a1:c1:bc:
                    cf:ae:92:cb:ee:be:2d:80:d0:ff:ea:7c:fa:78:75:
                    aa:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:BC:09:4C:5D:B1:E9:90:9E:07:04:B5:1E:F6:C4:94:CF:AC:A2:BF
            X509v3 Authority Key Identifier:
                keyid:F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/XLwJTF2x6ZCeBwS1HvbElM-sor8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.56.128.0/22
                  5.57.33.0-5.57.36.255
                  37.32.40.0/22
                  178.239.150.0/24
                  178.239.156.0/22
                  185.212.48.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b7:3e:46:1e:d3:a6:59:61:62:75:f5:06:d6:f6:98:ef:38:f8:
         55:7b:e1:1c:6d:33:18:6c:83:c7:ea:bb:f5:5d:25:16:55:f4:
         03:dd:0f:6f:90:02:25:97:80:7d:14:10:43:69:26:d1:fe:9e:
         da:32:ec:49:8a:8a:05:3c:b9:2b:20:03:42:30:39:6b:41:47:
         38:6b:23:22:bf:9c:7a:ba:36:bc:5a:ad:79:e9:c9:3a:f1:47:
         10:b1:37:c1:5e:0f:7d:86:a6:a1:12:c8:c1:53:2a:0c:c8:2a:
         db:d9:77:51:b3:9f:31:f0:f7:03:d2:6c:62:47:45:12:00:8e:
         91:ed:2e:e1:d5:a9:7d:17:ee:ca:4d:1f:e7:e0:9c:e0:22:d0:
         4c:b4:c1:f6:14:5a:d3:5c:03:03:32:0c:3d:a3:13:f2:8b:8e:
         a3:05:8d:dd:b1:7b:ab:53:c5:83:8c:6c:3c:65:c6:12:63:20:
         75:36:11:88:89:36:b0:3b:18:47:49:bf:33:8d:4e:c9:d0:35:
         99:00:14:9f:95:aa:40:da:7e:9e:bd:87:07:4d:e9:7a:af:00:
         7b:06:e4:c7:e2:c6:6c:45:d3:25:95:11:b1:09:51:01:b0:b8:
         8b:e5:f2:5f:e0:13:ae:f9:6c:6b:a3:8b:fe:59:ea:86:83:fe:
         15:00:08:7d
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAYlPVwtugythTnQ/pZPDH70rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzUzMzM5OWY1NWViNTJlNmIyMjAwYzdjYWU0MjcyYjc0
ZDY0NjQwHhcNMjMwNzEzMTMwMDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2JjMDk0YzVkYjFlOTkwOWUwNzA0YjUxZWY2YzQ5NGNmYWNhMmJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6bnn2I1srcbJTwfjAdQLHPrHjyFg
dheAHk8L46GtyqPGphtc7Fk+p+sbor8jyQa9AR/qYUsfF3LzdmNnTx1JW0Se/i+z
i6M98RPWV0qjb/UPDpILCuzFGe/xOV/4mV8+9UoCH29Zzuc6ijmUE+TENz0hJCpv
srGjbpVEDexridYeTJgEZMr1rwxfT6pUnH7xezT7ra3GtVoj8+9HxFims7lZ86bK
vhQVT1xrKYw2qZoiJLMKsJEKMiDqY+aHC+cGHn3PQaqIPz9ryvrZ44wvEyNoDHte
mefGcNZ69wHQp9s2Wt9wy3t6yUlXDoyhwbzPrpLL7r4tgND/6nz6eHWqaQIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFFy8CUxdsemQngcEtR72xJTPrKK/MB8GA1UdIwQY
MBaAFPE1MzmfVetS5rIgDHyuQnK3TWRkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEt
OTg5MTY2ODgxOTY5LzEvWEx3SlRGMng2WkNlQndTMUh2YkVsTS1zb3I4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEtOTg5MTY2ODgxOTY5
LzEvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQCBTiAMAwD
BAAFOSEDBAAFOSQDBAIlICgDBACy75YDBAKy75wDBAG51DAwDQYJKoZIhvcNAQEL
BQADggEBALc+Rh7TpllhYnX1Btb2mO84+FV74RxtMxhsg8fqu/VdJRZV9APdD2+Q
AiWXgH0UEENpJtH+ntoy7EmKigU8uSsgA0IwOWtBRzhrIyK/nHq6NrxarXnpyTrx
RxCxN8FeD32GpqESyMFTKgzIKtvZd1GznzHw9wPSbGJHRRIAjpHtLuHVqX0X7spN
H+fgnOAi0Ey0wfYUWtNcAwMyDD2jE/KLjqMFjd2xe6tTxYOMbDxlxhJjIHU2EYiJ
NrA7GEdJvzONTsnQNZkAFJ+VqkDafp69hwdN6XqvAHsG5MfixmxF0yWVEbEJUQGw
uIvl8l/gE675bGuji/5Z6oaD/hUACH0=
-----END CERTIFICATE-----