Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/2061d9-649a-4136-8c93-2268e97a8bc1/1/hyjhLJU2izM4umKLtrabug6t4Io.roa
File:                     hyjhLJU2izM4umKLtrabug6t4Io.roa (raw, json)
Hash identifier:          xjNVkMUGamk+BwIYXDDJcenVnicnzOVnNuXTC1UQpP0=
Subject key identifier:   87:28:E1:2C:95:36:8B:33:38:BA:62:8B:B6:B6:9B:BA:0E:AD:E0:8A
Certificate issuer:       /CN=3618be04417a6bcb9f33942a631518be533ffaf4
Certificate serial:       01856D818DB5538EE35FC2B6D575A861DE1A
Authority key identifier: 36:18:BE:04:41:7A:6B:CB:9F:33:94:2A:63:15:18:BE:53:3F:FA:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nhi-BEF6a8ufM5QqYxUYvlM_-vQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/2061d9-649a-4136-8c93-2268e97a8bc1/1/hyjhLJU2izM4umKLtrabug6t4Io.roa
Signing time:             Sun 01 Jan 2023 13:24:44 +0000
ROA not before:           Sun 01 Jan 2023 13:24:44 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     1299
IP address blocks:        83.137.24.0/21 maxlen: 21
                          185.93.216.0/22 maxlen: 22
                          194.63.148.0/22 maxlen: 22
                          109.106.32.0/21 maxlen: 21
                          109.106.40.0/22 maxlen: 22
                          185.127.172.0/22 maxlen: 22
                          195.60.192.0/22 maxlen: 22
                          212.120.32.0/19 maxlen: 19
                          213.213.160.0/19 maxlen: 19
                          2a02:ab0::/29 maxlen: 29
                          2a00:5480::/29 maxlen: 29

Validation:               Failed, certificate revoked on Tue 25 Apr 2023 12:22:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:81:8d:b5:53:8e:e3:5f:c2:b6:d5:75:a8:61:de:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3618be04417a6bcb9f33942a631518be533ffaf4
        Validity
            Not Before: Jan  1 13:24:44 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8728e12c95368b3338ba628bb6b69bba0eade08a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:82:39:8e:2f:35:00:bd:89:d5:ac:10:c2:83:
                    2b:3e:3f:c3:f5:63:f3:bb:bb:fb:91:3e:27:45:c4:
                    6f:c3:64:69:7d:b1:29:2e:7e:9c:d1:eb:f6:35:95:
                    a1:e2:65:fd:0b:c0:1e:e1:28:03:67:04:c7:09:b5:
                    0d:03:37:91:4e:d4:c3:77:8b:db:a2:34:6c:58:e0:
                    ba:32:85:04:42:bb:17:53:6c:db:7d:72:29:81:d2:
                    55:de:d2:68:9a:7e:39:de:20:e2:6c:eb:ae:e9:b2:
                    fc:d0:31:77:07:84:45:51:f3:35:55:df:31:5c:f8:
                    16:d5:db:77:ea:b2:98:2c:ad:20:03:26:52:7b:95:
                    2c:3a:06:29:cb:37:db:60:a4:36:4f:80:f9:94:15:
                    2a:75:e2:31:f8:e7:ec:1c:e4:e9:d9:70:a0:7c:4c:
                    36:9b:67:31:b7:c9:f7:3c:29:6a:61:cd:04:44:bc:
                    a6:dc:e5:d6:5f:3c:7a:29:87:a9:5f:6c:e2:b4:86:
                    6a:f6:41:d1:43:8e:f4:ee:b3:f2:12:76:29:57:70:
                    e8:82:8a:86:d4:26:b6:58:5a:3d:5b:ab:f0:85:0f:
                    9e:3a:66:0e:8f:c2:4f:0d:ec:89:67:92:cd:3b:1f:
                    55:a0:41:79:9a:83:09:c5:39:7a:65:58:19:d9:38:
                    ca:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:28:E1:2C:95:36:8B:33:38:BA:62:8B:B6:B6:9B:BA:0E:AD:E0:8A
            X509v3 Authority Key Identifier:
                keyid:36:18:BE:04:41:7A:6B:CB:9F:33:94:2A:63:15:18:BE:53:3F:FA:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nhi-BEF6a8ufM5QqYxUYvlM_-vQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/2061d9-649a-4136-8c93-2268e97a8bc1/1/hyjhLJU2izM4umKLtrabug6t4Io.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/2061d9-649a-4136-8c93-2268e97a8bc1/1/Nhi-BEF6a8ufM5QqYxUYvlM_-vQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.137.24.0/21
                  109.106.32.0-109.106.43.255
                  185.93.216.0/22
                  185.127.172.0/22
                  194.63.148.0/22
                  195.60.192.0/22
                  212.120.32.0/19
                  213.213.160.0/19
                IPv6:
                  2a00:5480::/29
                  2a02:ab0::/29

    Signature Algorithm: sha256WithRSAEncryption
         0b:40:74:df:41:a8:53:c1:97:01:e7:6b:c7:dc:3d:e8:ba:ba:
         4a:9e:2c:03:7c:7b:5c:d0:76:ca:b4:79:6f:eb:ac:2e:61:5e:
         4d:76:10:06:79:a0:32:fd:60:2c:83:14:d6:ac:33:b4:c0:51:
         82:00:e1:48:32:ac:65:0e:41:d3:9d:e8:97:77:aa:7a:6c:ba:
         72:e4:c5:da:46:80:70:23:0d:99:10:92:61:57:6e:48:26:dc:
         67:8d:80:83:71:0c:72:45:57:a5:37:43:47:f6:d3:fd:6f:e1:
         b7:40:4a:a3:68:4b:ad:cc:a3:8d:26:03:67:4c:69:67:63:2d:
         25:c6:7d:32:b9:6a:f8:bc:d1:3e:32:69:ee:e6:62:24:a7:32:
         3a:1e:4e:16:36:a0:a2:c9:7d:47:8a:9b:69:fe:be:76:5d:b3:
         f4:0a:92:7e:13:a1:dd:28:f0:b4:3d:7d:b6:2f:d5:8c:f8:e5:
         80:b7:27:49:2a:f8:f8:bb:1a:db:7e:fc:c0:da:d6:4f:9b:a0:
         50:68:b8:57:ad:52:58:45:61:62:2a:c3:32:fd:5e:48:4d:d3:
         9d:9a:76:39:20:87:83:4c:6a:57:a6:2c:3c:89:da:49:67:1b:
         32:6d:b4:e1:e8:74:16:76:0d:d8:e1:a8:a0:7e:6a:7b:91:94:
         9e:5e:27:3e
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAYVtgY21U47jX8K21XWoYd4aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2MThiZTA0NDE3YTZiY2I5ZjMzOTQyYTYzMTUxOGJlNTMz
ZmZhZjQwHhcNMjMwMTAxMTMyNDQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzI4ZTEyYzk1MzY4YjMzMzhiYTYyOGJiNmI2OWJiYTBlYWRlMDhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6YI5ji81AL2J1awQwoMrPj/D9WPz
u7v7kT4nRcRvw2RpfbEpLn6c0ev2NZWh4mX9C8Ae4SgDZwTHCbUNAzeRTtTDd4vb
ojRsWOC6MoUEQrsXU2zbfXIpgdJV3tJomn453iDibOuu6bL80DF3B4RFUfM1Vd8x
XPgW1dt36rKYLK0gAyZSe5UsOgYpyzfbYKQ2T4D5lBUqdeIx+OfsHOTp2XCgfEw2
m2cxt8n3PClqYc0ERLym3OXWXzx6KYepX2zitIZq9kHRQ4707rPyEnYpV3DogoqG
1Ca2WFo9W6vwhQ+eOmYOj8JPDeyJZ5LNOx9VoEF5moMJxTl6ZVgZ2TjKvwIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFIco4SyVNoszOLpii7a2m7oOreCKMB8GA1UdIwQY
MBaAFDYYvgRBemvLnzOUKmMVGL5TP/r0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmhpLUJFRjZhOHVmTTVRcVl4VVl2bE1fLXZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC8yMDYxZDktNjQ5YS00MTM2LThjOTMt
MjI2OGU5N2E4YmMxLzEvaHlqaExKVTJpek00dW1LTHRyYWJ1ZzZ0NElvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC8yMDYxZDktNjQ5YS00MTM2LThjOTMtMjI2OGU5N2E4YmMx
LzEvTmhpLUJFRjZhOHVmTTVRcVl4VVl2bE1fLXZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjA+BAIAATA4AwQDU4kYMAwD
BAVtaiADBAJtaigDBAK5XdgDBAK5f6wDBALCP5QDBALDPMADBAXUeCADBAXV1aAw
FAQCAAIwDgMFAyoAVIADBQMqAgqwMA0GCSqGSIb3DQEBCwUAA4IBAQALQHTfQahT
wZcB52vH3D3ourpKniwDfHtc0HbKtHlv66wuYV5NdhAGeaAy/WAsgxTWrDO0wFGC
AOFIMqxlDkHTneiXd6p6bLpy5MXaRoBwIw2ZEJJhV25IJtxnjYCDcQxyRVelN0NH
9tP9b+G3QEqjaEutzKONJgNnTGlnYy0lxn0yuWr4vNE+Mmnu5mIkpzI6Hk4WNqCi
yX1Hiptp/r52XbP0CpJ+E6HdKPC0PX22L9WM+OWAtydJKvj4uxrbfvzA2tZPm6BQ
aLhXrVJYRWFiKsMy/V5ITdOdmnY5IIeDTGpXpiw8idpJZxsybbTh6HQWdg3Y4aig
fmp7kZSeXic+
-----END CERTIFICATE-----