Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/f153dc-cbfb-4a4f-80d2-745e08fe58c6/1/Ifac5NKy49h_E0cN7P40o6VDiPc.roa
File:                     Ifac5NKy49h_E0cN7P40o6VDiPc.roa (raw, json)
Hash identifier:          h9nR58KMj20puzDOD7IRLKmms+zBkJEtf8j9VVtcUzI=
Subject key identifier:   21:F6:9C:E4:D2:B2:E3:D8:7F:13:47:0D:EC:FE:34:A3:A5:43:88:F7
Certificate issuer:       /CN=b0b5a80a7106e0a4b8545c8150bb72c699fcc9a0
Certificate serial:       0186359257C346FCEF6898098E36EBA1B9CA
Authority key identifier: B0:B5:A8:0A:71:06:E0:A4:B8:54:5C:81:50:BB:72:C6:99:FC:C9:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sLWoCnEG4KS4VFyBULtyxpn8yaA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/f153dc-cbfb-4a4f-80d2-745e08fe58c6/1/Ifac5NKy49h_E0cN7P40o6VDiPc.roa
Signing time:             Thu 09 Feb 2023 09:47:08 +0000
ROA not before:           Thu 09 Feb 2023 09:47:08 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     209604
IP address blocks:        185.255.92.0/24 maxlen: 24
                          185.255.93.0/24 maxlen: 24
                          185.93.70.0/24 maxlen: 24
                          185.93.68.0/24 maxlen: 24
                          185.93.69.0/24 maxlen: 24
                          185.255.94.0/24 maxlen: 24
                          185.255.95.0/24 maxlen: 24
                          193.164.5.0/24 maxlen: 24
                          89.35.52.0/24 maxlen: 24
                          185.132.126.0/24 maxlen: 24
                          93.115.10.0/24 maxlen: 24
                          93.177.101.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 17 Feb 2023 14:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:35:92:57:c3:46:fc:ef:68:98:09:8e:36:eb:a1:b9:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0b5a80a7106e0a4b8545c8150bb72c699fcc9a0
        Validity
            Not Before: Feb  9 09:47:08 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=21f69ce4d2b2e3d87f13470decfe34a3a54388f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:f2:4e:04:8d:43:37:f8:0e:43:52:f1:ea:15:
                    59:23:ab:6a:9a:e9:03:71:93:dc:d9:42:6e:46:56:
                    23:7f:8e:80:4a:01:4b:16:fb:9a:a0:b3:a5:34:0b:
                    72:c8:81:b1:0a:f7:80:44:cd:a3:2e:55:ca:9e:1d:
                    6a:c7:ec:3f:af:f4:c0:9c:f8:81:af:75:77:94:25:
                    ec:64:2e:fe:9e:fc:61:5d:a6:0d:d6:c5:42:c3:c0:
                    21:67:5a:5a:1a:69:77:a1:f3:f4:76:50:40:e5:69:
                    d9:ed:90:c2:bf:ef:e3:44:c1:c1:f3:69:b7:dc:2b:
                    1c:36:9a:67:e5:32:e7:4c:e3:75:c9:b2:4a:41:0f:
                    c6:1e:28:12:68:aa:83:c6:e1:9d:8d:84:6d:75:43:
                    c1:95:4c:a7:8c:80:35:6e:c4:f5:86:4e:4f:c9:7f:
                    a7:d3:40:b7:26:ff:0a:4b:83:de:ba:d0:11:8c:6d:
                    40:06:69:59:07:70:20:6e:a4:b2:2a:ad:47:3b:0c:
                    dd:c9:ab:d6:8a:f3:e4:59:e3:be:66:04:f3:3d:6b:
                    53:5f:07:c5:d2:dd:d3:d1:39:2b:1b:9b:9f:78:2c:
                    8b:fc:bc:5e:16:8e:ab:9d:af:d4:fe:25:5a:4b:c5:
                    af:ef:32:33:ad:0b:78:3b:26:73:96:b8:1d:89:f6:
                    2b:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:F6:9C:E4:D2:B2:E3:D8:7F:13:47:0D:EC:FE:34:A3:A5:43:88:F7
            X509v3 Authority Key Identifier:
                keyid:B0:B5:A8:0A:71:06:E0:A4:B8:54:5C:81:50:BB:72:C6:99:FC:C9:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sLWoCnEG4KS4VFyBULtyxpn8yaA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/f153dc-cbfb-4a4f-80d2-745e08fe58c6/1/Ifac5NKy49h_E0cN7P40o6VDiPc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/f153dc-cbfb-4a4f-80d2-745e08fe58c6/1/sLWoCnEG4KS4VFyBULtyxpn8yaA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.35.52.0/24
                  93.115.10.0/24
                  93.177.101.0/24
                  185.93.68.0-185.93.70.255
                  185.132.126.0/24
                  185.255.92.0/22
                  193.164.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:16:c4:79:df:21:b8:23:36:29:9d:ce:5d:19:6c:0c:d5:71:
         74:29:76:2e:0d:8a:9c:c3:fb:27:9a:db:2a:e8:34:63:0d:04:
         95:b1:3e:15:74:50:2b:0f:20:0e:ac:f4:41:0c:93:f7:54:88:
         e6:00:25:47:79:31:e6:37:33:39:b0:6a:08:ab:d4:a1:dc:94:
         90:8f:a5:19:c0:a6:63:8a:c6:02:66:5e:1b:e0:f0:ee:d2:e2:
         4f:dc:b6:bf:d6:cc:08:b8:5a:92:fe:de:fd:5c:56:c6:82:15:
         85:71:c9:d2:e8:40:bb:71:65:40:7d:98:57:7c:90:23:ef:ab:
         89:4d:40:9a:0c:97:93:69:f1:12:ab:15:96:f8:03:0b:89:56:
         39:5e:5a:d2:c8:7a:e7:2d:3e:2e:6d:af:48:53:78:82:72:72:
         4a:36:07:8d:c3:98:f6:56:1d:46:e4:08:84:3b:b5:1e:15:59:
         e8:81:12:55:00:75:14:0d:af:19:21:ce:4e:bb:9a:e7:77:8a:
         74:5e:63:f0:f1:61:42:7c:d9:de:b8:fc:21:c6:b7:3b:21:d9:
         c7:5a:ac:81:90:2e:d2:60:7f:d4:66:8f:c6:d4:c6:3f:49:06:
         8d:3f:62:37:70:90:d7:31:3f:b1:97:74:e4:22:a3:fe:e7:81:
         25:59:f3:2f
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYY1klfDRvzvaJgJjjbrobnKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwYjVhODBhNzEwNmUwYTRiODU0NWM4MTUwYmI3MmM2OTlm
Y2M5YTAwHhcNMjMwMjA5MDk0NzA4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWY2OWNlNGQyYjJlM2Q4N2YxMzQ3MGRlY2ZlMzRhM2E1NDM4OGY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnPJOBI1DN/gOQ1Lx6hVZI6tqmukD
cZPc2UJuRlYjf46ASgFLFvuaoLOlNAtyyIGxCveARM2jLlXKnh1qx+w/r/TAnPiB
r3V3lCXsZC7+nvxhXaYN1sVCw8AhZ1paGml3ofP0dlBA5WnZ7ZDCv+/jRMHB82m3
3CscNppn5TLnTON1ybJKQQ/GHigSaKqDxuGdjYRtdUPBlUynjIA1bsT1hk5PyX+n
00C3Jv8KS4PeutARjG1ABmlZB3AgbqSyKq1HOwzdyavWivPkWeO+ZgTzPWtTXwfF
0t3T0TkrG5ufeCyL/LxeFo6rna/U/iVaS8Wv7zIzrQt4OyZzlrgdifYr4QIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFCH2nOTSsuPYfxNHDez+NKOlQ4j3MB8GA1UdIwQY
MBaAFLC1qApxBuCkuFRcgVC7csaZ/MmgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0xXb0NuRUc0S1M0VkZ5QlVMdHl4cG44eWFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi9mMTUzZGMtY2JmYi00YTRmLTgwZDIt
NzQ1ZTA4ZmU1OGM2LzEvSWZhYzVOS3k0OWhfRTBjTjdQNDBvNlZEaVBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi9mMTUzZGMtY2JmYi00YTRmLTgwZDItNzQ1ZTA4ZmU1OGM2
LzEvc0xXb0NuRUc0S1M0VkZ5QlVMdHl4cG44eWFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQAWSM0AwQA
XXMKAwQAXbFlMAwDBAK5XUQDBAC5XUYDBAC5hH4DBAK5/1wDBADBpAUwDQYJKoZI
hvcNAQELBQADggEBABIWxHnfIbgjNimdzl0ZbAzVcXQpdi4NipzD+yea2yroNGMN
BJWxPhV0UCsPIA6s9EEMk/dUiOYAJUd5MeY3Mzmwagir1KHclJCPpRnApmOKxgJm
Xhvg8O7S4k/ctr/WzAi4WpL+3v1cVsaCFYVxydLoQLtxZUB9mFd8kCPvq4lNQJoM
l5Np8RKrFZb4AwuJVjleWtLIeuctPi5tr0hTeIJycko2B43DmPZWHUbkCIQ7tR4V
WeiBElUAdRQNrxkhzk67mud3inReY/DxYUJ82d64/CHGtzsh2cdarIGQLtJgf9Rm
j8bUxj9JBo0/YjdwkNcxP7GXdOQio/7ngSVZ8y8=
-----END CERTIFICATE-----