Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/1d0152-856d-4717-8219-bf2f97f1e34f/1/l7KVGlxb0OD8QQh6LnCybWpGZHE.roa
File:                     l7KVGlxb0OD8QQh6LnCybWpGZHE.roa (raw, json)
Hash identifier:          OqU1QmNRTZMrOYQRPlC2GG95RgyQA0Kqo3PJb0ZG2xc=
Subject key identifier:   97:B2:95:1A:5C:5B:D0:E0:FC:41:08:7A:2E:70:B2:6D:6A:46:64:71
Certificate issuer:       /CN=0191496469167c5b1d8920b98bd51af3fe35ade5
Certificate serial:       01856E2F95489322E12668A14E1FB76369F7
Authority key identifier: 01:91:49:64:69:16:7C:5B:1D:89:20:B9:8B:D5:1A:F3:FE:35:AD:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AZFJZGkWfFsdiSC5i9Ua8_41reU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/1d0152-856d-4717-8219-bf2f97f1e34f/1/l7KVGlxb0OD8QQh6LnCybWpGZHE.roa
Signing time:             Sun 01 Jan 2023 16:34:50 +0000
ROA not before:           Sun 01 Jan 2023 16:34:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     42353
IP address blocks:        185.63.140.0/24 maxlen: 24
                          185.63.141.0/24 maxlen: 24
                          185.63.142.0/24 maxlen: 24
                          185.63.143.0/24 maxlen: 24
                          178.22.136.0/24 maxlen: 24
                          178.22.137.0/24 maxlen: 24
                          178.22.139.0/24 maxlen: 24
                          178.22.136.0/23 maxlen: 23
                          178.22.136.0/21 maxlen: 21
                          178.22.143.0/24 maxlen: 24
                          178.22.140.0/23 maxlen: 23
                          178.22.140.0/24 maxlen: 24
                          178.22.142.0/23 maxlen: 23
                          178.22.141.0/24 maxlen: 24
                          194.0.210.0/24 maxlen: 24
                          2a02:28c8::/32 maxlen: 32

Validation:               Failed, certificate revoked on Wed 22 Feb 2023 12:47:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:2f:95:48:93:22:e1:26:68:a1:4e:1f:b7:63:69:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0191496469167c5b1d8920b98bd51af3fe35ade5
        Validity
            Not Before: Jan  1 16:34:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=97b2951a5c5bd0e0fc41087a2e70b26d6a466471
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:4e:58:46:87:8b:1a:5e:b9:c4:de:22:d3:82:
                    60:ff:33:aa:91:91:76:b4:1f:c5:08:79:7c:3e:86:
                    d7:1b:0e:a0:19:ed:94:54:35:f6:50:7c:24:d5:36:
                    90:43:16:40:6f:1f:ce:2e:ac:7b:fd:33:5b:64:c8:
                    5b:9d:d5:04:d5:cb:29:68:88:00:ac:9e:bc:1a:f0:
                    29:92:24:a4:bd:0c:3a:1c:94:9b:18:2b:5a:85:02:
                    8c:19:b8:88:69:66:ff:42:29:6a:0b:93:5c:71:2e:
                    dd:a3:a9:9c:e5:2f:b9:09:7a:ba:c3:e4:95:1a:40:
                    70:e4:25:9c:43:da:2f:40:aa:f3:93:c6:67:4d:cc:
                    99:e1:1d:a6:7a:80:27:f4:4a:69:54:b3:9a:09:4b:
                    ea:a6:7f:98:7a:40:0c:6d:f3:f9:cf:69:ea:5d:9a:
                    49:b6:7e:b1:c3:0b:d8:69:10:66:4a:53:e9:dc:ce:
                    89:1e:1e:40:9a:af:65:06:1b:9e:e0:94:ff:f1:52:
                    3c:e5:f0:67:d0:b3:0b:e9:a3:7d:84:b5:b0:30:44:
                    c4:65:f5:3c:95:f2:65:20:0f:6c:17:67:09:92:6f:
                    c4:f9:d7:79:54:6c:1c:8d:bd:71:ef:26:7f:50:6f:
                    fa:87:13:43:52:5f:98:a8:c8:2f:12:92:e5:c1:7f:
                    71:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:B2:95:1A:5C:5B:D0:E0:FC:41:08:7A:2E:70:B2:6D:6A:46:64:71
            X509v3 Authority Key Identifier:
                keyid:01:91:49:64:69:16:7C:5B:1D:89:20:B9:8B:D5:1A:F3:FE:35:AD:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AZFJZGkWfFsdiSC5i9Ua8_41reU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/1d0152-856d-4717-8219-bf2f97f1e34f/1/l7KVGlxb0OD8QQh6LnCybWpGZHE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/1d0152-856d-4717-8219-bf2f97f1e34f/1/AZFJZGkWfFsdiSC5i9Ua8_41reU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.22.136.0/21
                  185.63.140.0/22
                  194.0.210.0/24
                IPv6:
                  2a02:28c8::/32

    Signature Algorithm: sha256WithRSAEncryption
         b7:0f:b5:0b:f1:f5:91:f0:d8:22:e1:26:55:6b:74:fc:b4:09:
         3f:9e:7f:e3:f6:2f:f2:c2:e8:e5:3a:e1:4e:aa:9d:55:e3:3b:
         65:9b:85:32:7b:da:7d:9b:db:63:27:71:43:77:b4:31:e1:52:
         60:66:fa:9e:5f:b9:70:27:41:3c:3a:c5:ba:65:66:ec:64:3a:
         e8:2e:11:49:d6:6a:5f:de:c6:10:3c:7e:54:88:21:e4:15:56:
         2d:20:cb:8c:91:80:13:7d:46:f9:c8:36:8d:27:25:7f:85:08:
         0a:97:50:da:41:fc:0b:b2:17:05:cb:2d:5c:68:bf:1b:03:f0:
         44:07:f0:65:73:b0:ae:0f:4d:a5:aa:c7:ec:f1:2a:ac:53:b4:
         1f:cc:85:d5:33:2c:d4:e2:49:5c:55:b3:75:55:5b:2c:6a:92:
         91:0b:88:b6:4c:ee:ec:30:7c:2c:c6:cf:6f:3c:b1:dc:08:5d:
         4f:70:80:5d:1c:9e:85:f1:4b:fe:71:b5:d8:6f:c9:8f:a2:ee:
         d3:d8:da:ca:d3:d5:83:1f:5f:f8:93:c7:72:2c:6e:d9:96:3d:
         4b:73:b2:b4:c9:6d:4d:63:b7:11:d3:70:7a:7c:05:30:ef:44:
         59:7e:52:c3:17:eb:05:89:2b:71:3c:2a:62:5a:66:53:55:9d:
         41:33:b5:6e
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYVuL5VIkyLhJmihTh+3Y2n3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxOTE0OTY0NjkxNjdjNWIxZDg5MjBiOThiZDUxYWYzZmUz
NWFkZTUwHhcNMjMwMTAxMTYzNDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2IyOTUxYTVjNWJkMGUwZmM0MTA4N2EyZTcwYjI2ZDZhNDY2NDcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy05YRoeLGl65xN4i04Jg/zOqkZF2
tB/FCHl8PobXGw6gGe2UVDX2UHwk1TaQQxZAbx/OLqx7/TNbZMhbndUE1cspaIgA
rJ68GvApkiSkvQw6HJSbGCtahQKMGbiIaWb/QilqC5NccS7do6mc5S+5CXq6w+SV
GkBw5CWcQ9ovQKrzk8ZnTcyZ4R2meoAn9EppVLOaCUvqpn+YekAMbfP5z2nqXZpJ
tn6xwwvYaRBmSlPp3M6JHh5Amq9lBhue4JT/8VI85fBn0LML6aN9hLWwMETEZfU8
lfJlIA9sF2cJkm/E+dd5VGwcjb1x7yZ/UG/6hxNDUl+YqMgvEpLlwX9x2wIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFJeylRpcW9Dg/EEIei5wsm1qRmRxMB8GA1UdIwQY
MBaAFAGRSWRpFnxbHYkguYvVGvP+Na3lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVpGSlpHa1dmRnNkaVNDNWk5VWE4XzQxcmVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS8xZDAxNTItODU2ZC00NzE3LTgyMTkt
YmYyZjk3ZjFlMzRmLzEvbDdLVkdseGIwT0Q4UVFoNkxuQ3liV3BHWkhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS8xZDAxNTItODU2ZC00NzE3LTgyMTktYmYyZjk3ZjFlMzRm
LzEvQVpGSlpHa1dmRnNkaVNDNWk5VWE4XzQxcmVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDshaIAwQC
uT+MAwQAwgDSMA0EAgACMAcDBQAqAijIMA0GCSqGSIb3DQEBCwUAA4IBAQC3D7UL
8fWR8Ngi4SZVa3T8tAk/nn/j9i/ywujlOuFOqp1V4ztlm4Uye9p9m9tjJ3FDd7Qx
4VJgZvqeX7lwJ0E8OsW6ZWbsZDroLhFJ1mpf3sYQPH5UiCHkFVYtIMuMkYATfUb5
yDaNJyV/hQgKl1DaQfwLshcFyy1caL8bA/BEB/Blc7CuD02lqsfs8SqsU7QfzIXV
MyzU4klcVbN1VVssapKRC4i2TO7sMHwsxs9vPLHcCF1PcIBdHJ6F8Uv+cbXYb8mP
ou7T2NrK09WDH1/4k8dyLG7Zlj1Lc7K0yW1NY7cR03B6fAUw70RZflLDF+sFiStx
PCpiWmZTVZ1BM7Vu
-----END CERTIFICATE-----