Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/ae6r-Rklrgwg8JObwRmvPVnsEMg.roa
File:                     ae6r-Rklrgwg8JObwRmvPVnsEMg.roa (raw, json)
Hash identifier:          GKJLJRn9S5pnlmhpc8cfy+SjQLWx0oh4PfG1ekA9cBk=
Subject key identifier:   69:EE:AB:F9:19:25:AE:0C:20:F0:93:9B:C1:19:AF:3D:59:EC:10:C8
Certificate issuer:       /CN=ebec9030c70a3d4192d59c28dcc8d547694340b3
Certificate serial:       01856FCB8800E5C8B595DE55EA6DC85FF4D2
Authority key identifier: EB:EC:90:30:C7:0A:3D:41:92:D5:9C:28:DC:C8:D5:47:69:43:40:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/ae6r-Rklrgwg8JObwRmvPVnsEMg.roa
Signing time:             Mon 02 Jan 2023 00:04:47 +0000
ROA not before:           Mon 02 Jan 2023 00:04:47 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     41313
IP address blocks:        185.40.164.0/22 maxlen: 24
                          46.35.160.0/19 maxlen: 24
                          80.95.16.0/21 maxlen: 24
                          80.95.22.0/24 maxlen: 24
                          93.175.244.0/23 maxlen: 23
                          185.18.228.0/22 maxlen: 24
                          212.21.128.0/19 maxlen: 24
                          151.252.192.0/20 maxlen: 24
                          79.110.120.0/21 maxlen: 24
                          95.158.128.0/18 maxlen: 24
                          2a00:e200::/32 maxlen: 64

Validation:               Failed, certificate revoked on Fri 31 Mar 2023 09:05:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:cb:88:00:e5:c8:b5:95:de:55:ea:6d:c8:5f:f4:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebec9030c70a3d4192d59c28dcc8d547694340b3
        Validity
            Not Before: Jan  2 00:04:47 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=69eeabf91925ae0c20f0939bc119af3d59ec10c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:21:b5:d1:08:ef:b4:7b:1a:d8:8c:48:0a:1c:
                    21:dc:13:59:f4:66:06:60:b0:d0:81:24:d5:d1:f5:
                    69:78:be:50:23:a9:3d:4e:9b:b2:65:a5:14:1c:2e:
                    87:61:64:d8:41:8f:55:b5:69:d4:81:f4:38:e0:e5:
                    63:86:54:56:82:cf:fd:bd:20:09:ef:52:5f:4c:62:
                    33:fe:03:e8:74:92:0d:04:89:99:f6:99:46:56:d3:
                    c1:95:1c:9b:a4:88:1c:90:1e:44:2b:07:9d:b7:ca:
                    de:ae:ae:6c:25:99:e8:7b:37:ce:d0:fc:c9:a2:23:
                    9a:6a:79:09:94:80:0f:d2:47:77:3a:6d:b7:94:14:
                    fc:7d:47:e1:33:4e:2e:fc:a2:3f:b8:90:e5:85:74:
                    71:e5:65:56:2e:f4:d1:51:97:9c:0a:2c:3a:44:08:
                    81:8e:0a:e1:59:40:06:c0:c9:1c:74:48:db:21:ea:
                    2d:a7:54:8f:90:17:9a:c5:15:43:a8:b6:fb:17:e1:
                    62:81:04:05:e2:60:6a:30:2a:27:5e:69:3f:1b:fb:
                    46:a5:af:8d:b1:ef:d3:5d:a2:8f:4c:57:2a:7d:2c:
                    81:bf:4d:cc:22:fc:d9:0c:eb:01:fd:6f:50:4d:35:
                    f7:51:86:8f:c0:f3:47:c9:d2:ae:93:10:c8:cd:ca:
                    5f:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:EE:AB:F9:19:25:AE:0C:20:F0:93:9B:C1:19:AF:3D:59:EC:10:C8
            X509v3 Authority Key Identifier:
                keyid:EB:EC:90:30:C7:0A:3D:41:92:D5:9C:28:DC:C8:D5:47:69:43:40:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/ae6r-Rklrgwg8JObwRmvPVnsEMg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.35.160.0/19
                  79.110.120.0/21
                  80.95.16.0/21
                  93.175.244.0/23
                  95.158.128.0/18
                  151.252.192.0/20
                  185.18.228.0/22
                  185.40.164.0/22
                  212.21.128.0/19
                IPv6:
                  2a00:e200::/32

    Signature Algorithm: sha256WithRSAEncryption
         64:89:bd:ef:92:20:25:76:30:5f:a4:4c:02:59:b3:60:18:69:
         a9:22:12:85:38:98:c3:a2:49:71:e5:2b:a5:24:8c:21:c5:57:
         6b:3a:68:0c:d0:0f:3f:92:0c:af:42:a4:95:ca:7f:45:92:77:
         59:6d:29:4e:88:69:59:48:d8:49:f2:27:25:56:1e:1d:71:6b:
         51:e8:4a:a6:5a:0c:df:fe:50:65:80:36:75:2e:3b:4c:1a:77:
         f8:a4:6a:91:59:76:da:e9:21:60:4c:08:ae:d7:97:88:a8:7c:
         f9:7a:3d:c5:7d:e8:47:63:2d:a8:3b:af:6a:2c:78:6a:ac:39:
         d3:fe:96:d4:ef:61:7a:c1:a9:5a:0d:0e:ef:c7:13:23:d0:5e:
         f4:74:b7:7d:55:cf:ba:3c:8b:d4:60:41:92:11:27:57:b7:42:
         79:67:a5:48:83:ea:20:d5:4d:59:4c:bc:1e:18:b0:74:14:62:
         88:5c:65:cb:c5:e3:b2:a8:57:b9:36:49:df:32:90:ec:b1:09:
         7b:28:ae:10:d6:63:bf:a7:ee:77:50:7c:6c:80:c0:61:3a:e0:
         d8:4b:74:d5:7f:b8:ac:9f:a9:fe:0f:c0:49:29:41:02:bc:10:
         3e:45:af:36:35:c9:40:dc:a6:b2:a1:6b:87:fb:6b:d8:2b:6b:
         f9:c9:43:df
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAYVvy4gA5ci1ld5V6m3IX/TSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViZWM5MDMwYzcwYTNkNDE5MmQ1OWMyOGRjYzhkNTQ3Njk0
MzQwYjMwHhcNMjMwMTAyMDAwNDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWVlYWJmOTE5MjVhZTBjMjBmMDkzOWJjMTE5YWYzZDU5ZWMxMGM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtyG10QjvtHsa2IxIChwh3BNZ9GYG
YLDQgSTV0fVpeL5QI6k9TpuyZaUUHC6HYWTYQY9VtWnUgfQ44OVjhlRWgs/9vSAJ
71JfTGIz/gPodJINBImZ9plGVtPBlRybpIgckB5EKwedt8rerq5sJZnoezfO0PzJ
oiOaankJlIAP0kd3Om23lBT8fUfhM04u/KI/uJDlhXRx5WVWLvTRUZecCiw6RAiB
jgrhWUAGwMkcdEjbIeotp1SPkBeaxRVDqLb7F+FigQQF4mBqMConXmk/G/tGpa+N
se/TXaKPTFcqfSyBv03MIvzZDOsB/W9QTTX3UYaPwPNHydKukxDIzcpfVwIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFGnuq/kZJa4MIPCTm8EZrz1Z7BDIMB8GA1UdIwQY
MBaAFOvskDDHCj1BktWcKNzI1UdpQ0CzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNi15UU1NY0tQVUdTMVp3bzNNalZSMmxEUUxNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS8zNzJiODctOTVmNC00Yzk4LWE2ZjQt
NGE2Zjg2ODMyNjVjLzEvYWU2ci1Sa2xyZ3dnOEpPYndSbXZQVm5zRU1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS8zNzJiODctOTVmNC00Yzk4LWE2ZjQtNGE2Zjg2ODMyNjVj
LzEvNi15UU1NY0tQVUdTMVp3bzNNalZSMmxEUUxNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQFLiOgAwQD
T254AwQDUF8QAwQBXa/0AwQGX56AAwQEl/zAAwQCuRLkAwQCuSikAwQF1BWAMA0E
AgACMAcDBQAqAOIAMA0GCSqGSIb3DQEBCwUAA4IBAQBkib3vkiAldjBfpEwCWbNg
GGmpIhKFOJjDoklx5SulJIwhxVdrOmgM0A8/kgyvQqSVyn9FkndZbSlOiGlZSNhJ
8iclVh4dcWtR6EqmWgzf/lBlgDZ1LjtMGnf4pGqRWXba6SFgTAiu15eIqHz5ej3F
fehHYy2oO69qLHhqrDnT/pbU72F6walaDQ7vxxMj0F70dLd9Vc+6PIvUYEGSESdX
t0J5Z6VIg+og1U1ZTLweGLB0FGKIXGXLxeOyqFe5NknfMpDssQl7KK4Q1mO/p+53
UHxsgMBhOuDYS3TVf7isn6n+D8BJKUECvBA+Ra82NclA3KayoWuH+2vYK2v5yUPf
-----END CERTIFICATE-----