Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/QPoxVUPtiM87LV_o-zNuTtEysnk.roa
File:                     QPoxVUPtiM87LV_o-zNuTtEysnk.roa (raw, json)
Hash identifier:          VtP7fyWqgKR3XiHEwS+VL6Wjsiv88d+4JWBXtTcpxTg=
Subject key identifier:   40:FA:31:55:43:ED:88:CF:3B:2D:5F:E8:FB:33:6E:4E:D1:32:B2:79
Certificate issuer:       /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial:       01867815D71129AEFD31AA86BE4CA6598EFC
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/QPoxVUPtiM87LV_o-zNuTtEysnk.roa
Signing time:             Wed 22 Feb 2023 07:45:42 +0000
ROA not before:           Wed 22 Feb 2023 07:45:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     200088
IP address blocks:        5.44.46.0/24 maxlen: 24
                          5.44.47.0/24 maxlen: 24
                          185.166.196.0/24 maxlen: 24
                          185.166.197.0/24 maxlen: 24
                          81.200.157.0/24 maxlen: 24
                          81.200.154.0/24 maxlen: 24
                          81.200.156.0/24 maxlen: 24
                          81.200.155.0/24 maxlen: 24
                          194.31.173.0/24 maxlen: 24
                          37.220.81.0/24 maxlen: 24
                          194.31.174.0/24 maxlen: 24
                          37.220.83.0/24 maxlen: 24
                          37.220.82.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 05 Apr 2023 16:13:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:78:15:d7:11:29:ae:fd:31:aa:86:be:4c:a6:59:8e:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
        Validity
            Not Before: Feb 22 07:45:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=40fa315543ed88cf3b2d5fe8fb336e4ed132b279
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:da:67:c6:ab:5c:3b:b6:93:91:7a:e5:0f:b6:
                    dd:37:2e:c5:98:33:3a:fe:aa:14:c4:d0:c8:f4:61:
                    88:d3:fb:94:7f:2c:ea:0d:d0:9e:8a:fa:c8:8a:45:
                    63:3d:ca:98:22:3a:ee:27:82:9a:1b:d3:1b:2f:57:
                    11:64:0c:ca:f3:ec:b3:6f:16:87:0e:4d:63:3c:f9:
                    5e:d3:a4:92:1f:f2:61:6a:22:ae:75:84:a4:39:99:
                    69:bc:0e:0f:9b:96:4f:39:9a:b5:8d:d1:8c:7c:92:
                    ed:c1:34:8d:05:7f:7b:95:40:d1:4e:f8:ac:52:d4:
                    f7:b7:73:8a:a9:09:eb:a7:d3:92:8f:36:a3:f7:fd:
                    fa:95:df:11:25:82:34:7f:34:3f:e1:cc:79:6b:a8:
                    a1:ea:07:d6:fb:7f:d9:e7:97:8c:7b:09:9a:42:21:
                    a3:8a:2b:43:97:3d:1e:d3:e3:c0:96:5c:76:3f:70:
                    94:15:bf:d4:69:ce:d2:a7:b7:8d:a9:0e:d5:39:28:
                    3c:6c:3b:be:da:86:9f:fa:f4:77:a6:3b:e7:ae:95:
                    20:94:f6:dd:bd:5d:84:88:f1:5c:54:ff:bd:f6:1f:
                    ec:ee:c1:e5:e9:16:c8:3b:30:41:10:73:62:b3:99:
                    28:71:68:74:57:df:2b:47:c4:31:21:4e:68:31:16:
                    13:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:FA:31:55:43:ED:88:CF:3B:2D:5F:E8:FB:33:6E:4E:D1:32:B2:79
            X509v3 Authority Key Identifier:
                keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/QPoxVUPtiM87LV_o-zNuTtEysnk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.44.46.0/23
                  37.220.81.0-37.220.83.255
                  81.200.154.0-81.200.157.255
                  185.166.196.0/23
                  194.31.173.0-194.31.174.255

    Signature Algorithm: sha256WithRSAEncryption
         63:7d:87:7f:e0:39:84:80:aa:63:f4:25:cb:9a:33:82:83:60:
         3f:25:6c:4d:b6:55:9b:7a:bb:4c:de:93:58:d8:dc:7d:5d:07:
         e4:e5:1f:31:c6:0e:94:c7:69:08:ee:4c:6d:d0:43:3b:22:e9:
         f7:d3:70:67:23:80:40:d9:82:81:b0:f2:74:10:c4:a3:9e:5e:
         16:a4:25:ff:b8:e0:00:6a:db:93:47:8a:6b:94:bd:36:bf:fd:
         3b:4c:84:59:a4:34:06:b3:1e:af:a2:82:3a:ab:bd:6f:26:84:
         0f:fb:05:2f:69:a4:92:b7:56:0b:91:78:61:12:93:8a:20:89:
         45:65:ac:2c:0d:60:35:57:c6:0a:b2:f7:f2:79:f8:e1:40:ad:
         b2:8f:a3:8a:3e:e1:b7:f6:3d:c2:23:11:0a:74:75:42:c6:19:
         e4:5c:1e:2e:3f:09:d7:40:d9:2d:7d:46:60:7b:76:09:1f:3e:
         17:86:24:56:95:f1:ed:5a:e1:05:f5:dd:09:79:e0:14:f1:83:
         27:2f:1c:82:a0:2e:97:f6:ad:70:01:50:3c:5b:cd:ec:7e:23:
         b6:70:56:72:ab:03:ed:c8:dc:fe:15:dd:db:8e:c8:5c:17:83:
         ac:ac:12:8a:a9:6d:4f:0d:37:57:47:2d:a0:08:a2:44:4e:4d:
         ae:2d:05:7d
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYZ4FdcRKa79MaqGvkymWY78MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjMwMjIyMDc0NTQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGZhMzE1NTQzZWQ4OGNmM2IyZDVmZThmYjMzNmU0ZWQxMzJiMjc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu9pnxqtcO7aTkXrlD7bdNy7FmDM6
/qoUxNDI9GGI0/uUfyzqDdCeivrIikVjPcqYIjruJ4KaG9MbL1cRZAzK8+yzbxaH
Dk1jPPle06SSH/JhaiKudYSkOZlpvA4Pm5ZPOZq1jdGMfJLtwTSNBX97lUDRTvis
UtT3t3OKqQnrp9OSjzaj9/36ld8RJYI0fzQ/4cx5a6ih6gfW+3/Z55eMewmaQiGj
iitDlz0e0+PAllx2P3CUFb/Uac7Sp7eNqQ7VOSg8bDu+2oaf+vR3pjvnrpUglPbd
vV2EiPFcVP+99h/s7sHl6RbIOzBBEHNis5kocWh0V98rR8QxIU5oMRYTHwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFED6MVVD7YjPOy1f6Pszbk7RMrJ5MB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvUVBveFZVUHRpTTg3TFZfby16TnVUdEV5c25rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQBBSwuMAwD
BAAl3FEDBAIl3FAwDAMEAVHImgMEAVHInAMEAbmmxDAMAwQAwh+tAwQAwh+uMA0G
CSqGSIb3DQEBCwUAA4IBAQBjfYd/4DmEgKpj9CXLmjOCg2A/JWxNtlWbertM3pNY
2Nx9XQfk5R8xxg6Ux2kI7kxt0EM7Iun303BnI4BA2YKBsPJ0EMSjnl4WpCX/uOAA
atuTR4prlL02v/07TIRZpDQGsx6vooI6q71vJoQP+wUvaaSSt1YLkXhhEpOKIIlF
ZawsDWA1V8YKsvfyefjhQK2yj6OKPuG39j3CIxEKdHVCxhnkXB4uPwnXQNktfUZg
e3YJHz4XhiRWlfHtWuEF9d0JeeAU8YMnLxyCoC6X9q1wAVA8W83sfiO2cFZyqwPt
yNz+Fd3bjshcF4OsrBKKqW1PDTdXRy2gCKJETk2uLQV9
-----END CERTIFICATE-----