Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/4d7f40-49ec-4ce2-882e-5ac7f066230b/1/m_YT5C4f4GZ_2-FPZRJPMVFQV8E.roa
File:                     m_YT5C4f4GZ_2-FPZRJPMVFQV8E.roa (raw, json)
Hash identifier:          MZwoE4ITxriHIrE/SOefo7+aqprkCpPns/ERYDbxEaI=
Subject key identifier:   9B:F6:13:E4:2E:1F:E0:66:7F:DB:E1:4F:65:12:4F:31:51:50:57:C1
Certificate issuer:       /CN=7bd5997ed075c2298b461225e1060f577b1d7d4d
Certificate serial:       0185E324C9F7DCDF426741AA5853757B01E4
Authority key identifier: 7B:D5:99:7E:D0:75:C2:29:8B:46:12:25:E1:06:0F:57:7B:1D:7D:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e9WZftB1wimLRhIl4QYPV3sdfU0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/4d7f40-49ec-4ce2-882e-5ac7f066230b/1/m_YT5C4f4GZ_2-FPZRJPMVFQV8E.roa
Signing time:             Tue 24 Jan 2023 09:38:37 +0000
ROA not before:           Tue 24 Jan 2023 09:38:37 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     41344
IP address blocks:        185.124.177.0/24 maxlen: 24
                          89.249.233.0/24 maxlen: 24
                          89.249.232.0/24 maxlen: 24
                          31.185.15.0/24 maxlen: 24
                          31.185.14.0/24 maxlen: 24
                          89.249.235.0/24 maxlen: 24
                          89.249.238.0/24 maxlen: 24
                          89.249.237.0/24 maxlen: 24
                          89.249.236.0/24 maxlen: 24
                          31.185.11.0/24 maxlen: 24
                          89.249.226.0/24 maxlen: 24
                          31.185.10.0/24 maxlen: 24
                          31.185.9.0/24 maxlen: 24
                          31.185.8.0/21 maxlen: 21
                          31.185.8.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 23 May 2023 07:11:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:e3:24:c9:f7:dc:df:42:67:41:aa:58:53:75:7b:01:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7bd5997ed075c2298b461225e1060f577b1d7d4d
        Validity
            Not Before: Jan 24 09:38:37 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9bf613e42e1fe0667fdbe14f65124f31515057c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:12:10:0a:21:16:dc:4d:49:e8:dc:c6:ce:68:
                    95:12:b1:04:fc:3e:c3:9c:1a:24:a6:4b:5f:77:fd:
                    34:f7:c6:da:6e:12:dc:c2:54:7c:5d:f3:0e:51:b8:
                    53:42:48:d8:2b:8a:04:c4:0c:6a:97:34:74:23:52:
                    63:53:ca:85:72:6c:74:a2:7a:f5:a7:eb:c7:fb:40:
                    7d:b3:4d:9a:6e:be:e3:2d:a9:b9:52:1e:d5:7d:1f:
                    73:36:be:ec:97:72:60:93:7d:3e:35:a5:31:b1:f9:
                    31:4a:fd:e3:a1:13:e5:6e:26:09:e8:b2:31:d2:81:
                    b9:be:83:c7:0c:a7:9f:90:f4:b8:eb:39:8e:8c:82:
                    e3:e5:a2:57:e4:1c:b5:58:33:74:99:cc:1b:8b:6e:
                    18:0c:86:41:e6:17:54:14:22:df:dc:28:26:9c:af:
                    33:32:29:dd:e1:17:d1:37:9a:50:7a:71:5b:17:7e:
                    88:2a:de:d0:ed:b5:7f:65:fd:17:a6:b6:af:77:31:
                    44:e5:57:57:51:2b:84:14:66:6a:e4:0a:d3:43:86:
                    a1:c9:c5:a1:dc:76:14:84:d3:e6:fc:92:77:90:25:
                    b6:cd:e0:b9:94:2a:9c:62:92:dd:14:ed:dd:dd:45:
                    72:28:c4:ef:b7:2d:07:5d:08:7b:a5:c6:10:f3:e9:
                    c7:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:F6:13:E4:2E:1F:E0:66:7F:DB:E1:4F:65:12:4F:31:51:50:57:C1
            X509v3 Authority Key Identifier:
                keyid:7B:D5:99:7E:D0:75:C2:29:8B:46:12:25:E1:06:0F:57:7B:1D:7D:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9WZftB1wimLRhIl4QYPV3sdfU0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/4d7f40-49ec-4ce2-882e-5ac7f066230b/1/m_YT5C4f4GZ_2-FPZRJPMVFQV8E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/4d7f40-49ec-4ce2-882e-5ac7f066230b/1/e9WZftB1wimLRhIl4QYPV3sdfU0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.185.8.0/21
                  89.249.226.0/24
                  89.249.232.0/23
                  89.249.235.0-89.249.238.255
                  185.124.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:e5:98:4d:e4:a8:65:5d:a5:b0:38:49:ba:89:d7:cd:3d:3b:
         d6:d8:e5:eb:34:e2:c5:92:c0:b0:31:e4:26:a6:ca:3c:02:c8:
         04:d0:33:8e:7e:57:94:34:9f:4b:6d:53:2c:f3:e1:2e:a4:de:
         12:34:b1:eb:8f:d2:f5:5e:08:7b:54:b7:05:ba:59:aa:78:40:
         d6:f9:1c:0d:1b:30:dd:dc:a0:db:e9:8b:fc:1d:f9:b3:5b:07:
         61:67:1e:b1:c6:bc:ea:90:ae:fb:2f:35:1f:e8:91:70:df:98:
         3b:27:f2:6f:27:85:0c:d4:36:bb:c5:cb:8e:ee:85:52:7f:f7:
         4d:a2:3a:51:d9:55:16:f5:aa:e1:d5:3d:d4:92:97:ae:6e:26:
         13:3f:17:46:e6:87:19:54:0b:a1:25:82:17:f6:89:65:a8:54:
         44:27:39:ae:3b:d7:7f:f4:7e:88:c1:b8:4b:74:96:e2:56:c0:
         2b:9e:bd:b5:e4:33:ef:bc:2e:94:cb:8a:77:67:01:97:b2:ca:
         48:c1:f1:6f:20:18:f0:9d:45:62:ea:86:01:5a:b7:e8:8b:55:
         2b:74:ab:f2:c6:cd:98:87:cc:16:ba:3b:0f:63:d4:07:b0:d2:
         a4:81:ba:2e:8c:fe:43:0c:97:a7:d5:32:36:6c:ef:19:1a:f1:
         c8:5c:be:a4
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAYXjJMn33N9CZ0GqWFN1ewHkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiZDU5OTdlZDA3NWMyMjk4YjQ2MTIyNWUxMDYwZjU3N2Ix
ZDdkNGQwHhcNMjMwMTI0MDkzODM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmY2MTNlNDJlMWZlMDY2N2ZkYmUxNGY2NTEyNGYzMTUxNTA1N2MxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgBIQCiEW3E1J6NzGzmiVErEE/D7D
nBokpktfd/0098babhLcwlR8XfMOUbhTQkjYK4oExAxqlzR0I1JjU8qFcmx0onr1
p+vH+0B9s02abr7jLam5Uh7VfR9zNr7sl3Jgk30+NaUxsfkxSv3joRPlbiYJ6LIx
0oG5voPHDKefkPS46zmOjILj5aJX5By1WDN0mcwbi24YDIZB5hdUFCLf3CgmnK8z
Mind4RfRN5pQenFbF36IKt7Q7bV/Zf0XpravdzFE5VdXUSuEFGZq5ArTQ4ahycWh
3HYUhNPm/JJ3kCW2zeC5lCqcYpLdFO3d3UVyKMTvty0HXQh7pcYQ8+nHSwIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFJv2E+QuH+Bmf9vhT2USTzFRUFfBMB8GA1UdIwQY
MBaAFHvVmX7QdcIpi0YSJeEGD1d7HX1NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTlXWmZ0QjF3aW1MUmhJbDRRWVBWM3NkZlUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS80ZDdmNDAtNDllYy00Y2UyLTg4MmUt
NWFjN2YwNjYyMzBiLzEvbV9ZVDVDNGY0R1pfMi1GUFpSSlBNVkZRVjhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS80ZDdmNDAtNDllYy00Y2UyLTg4MmUtNWFjN2YwNjYyMzBi
LzEvZTlXWmZ0QjF3aW1MUmhJbDRRWVBWM3NkZlUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwQDH7kIAwQA
WfniAwQBWfnoMAwDBABZ+esDBABZ+e4DBAC5fLEwDQYJKoZIhvcNAQELBQADggEB
AAvlmE3kqGVdpbA4SbqJ1809O9bY5es04sWSwLAx5CamyjwCyATQM45+V5Q0n0tt
Uyzz4S6k3hI0seuP0vVeCHtUtwW6Wap4QNb5HA0bMN3coNvpi/wd+bNbB2FnHrHG
vOqQrvsvNR/okXDfmDsn8m8nhQzUNrvFy47uhVJ/902iOlHZVRb1quHVPdSSl65u
JhM/F0bmhxlUC6Elghf2iWWoVEQnOa4713/0fojBuEt0luJWwCuevbXkM++8LpTL
indnAZeyykjB8W8gGPCdRWLqhgFat+iLVSt0q/LGzZiHzBa6Ow9j1Aew0qSBui6M
/kMMl6fVMjZs7xka8chcvqQ=
-----END CERTIFICATE-----