Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/rCY5t5NnObJSJlP0A6mvHGPzJJU.roa
File:                     rCY5t5NnObJSJlP0A6mvHGPzJJU.roa (raw, json)
Hash identifier:          4ixMPAfUvFTZDIijY1roC15r9rjcyt2lGUY4UNcOWQ4=
Subject key identifier:   AC:26:39:B7:93:67:39:B2:52:26:53:F4:03:A9:AF:1C:63:F3:24:95
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       01856ECB6F05197650186D947043D43F4FBB
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/rCY5t5NnObJSJlP0A6mvHGPzJJU.roa
Signing time:             Sun 01 Jan 2023 19:25:04 +0000
ROA not before:           Sun 01 Jan 2023 19:25:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     25198
IP address blocks:        93.114.194.0/24 maxlen: 24
                          86.107.179.0/24 maxlen: 24
                          86.107.178.0/24 maxlen: 24
                          185.101.107.0/24 maxlen: 24
                          89.34.27.0/24 maxlen: 24
                          89.41.181.0/24 maxlen: 24
                          89.41.180.0/24 maxlen: 24
                          188.241.219.0/24 maxlen: 24
                          188.241.218.0/24 maxlen: 24
                          89.36.95.0/24 maxlen: 24
                          89.36.94.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 24 Oct 2023 10:43:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:cb:6f:05:19:76:50:18:6d:94:70:43:d4:3f:4f:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Jan  1 19:25:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ac2639b7936739b2522653f403a9af1c63f32495
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:48:23:0e:01:bb:b0:ec:64:b4:2e:18:6b:a1:
                    84:2b:60:8b:f6:97:f6:b4:71:d4:03:f2:2a:51:f0:
                    a2:94:ef:12:34:4f:48:23:b5:61:b5:88:34:ea:f3:
                    53:21:94:a1:43:f5:d1:5e:ca:b0:df:3d:13:ea:13:
                    73:99:df:bf:b1:d1:76:1b:c1:56:87:71:f9:01:4b:
                    85:04:ca:f6:d9:06:39:8d:44:f9:28:ad:09:b5:79:
                    86:dc:ae:69:55:2a:cf:29:8e:fd:72:e7:09:44:d6:
                    bc:73:5e:d0:33:31:27:51:d5:11:93:f0:77:79:7c:
                    31:83:aa:bb:4e:fe:7a:27:42:94:af:08:7b:fb:82:
                    0e:e7:2a:c6:7f:91:13:7b:34:66:7d:36:f9:2c:bd:
                    ed:2c:f1:35:76:e6:ec:f8:47:f4:b5:56:1a:2b:6d:
                    9d:06:68:52:7e:0c:6b:13:70:7e:86:e9:83:a5:d4:
                    da:15:76:53:d3:35:c8:35:1f:57:f9:5d:71:e6:5b:
                    da:89:24:0b:a8:57:b8:0e:30:ad:91:5f:79:76:27:
                    47:81:10:d2:11:76:28:16:b0:25:0e:0b:cb:4e:fa:
                    0c:ed:9c:c4:fd:e7:1d:67:9e:0a:cc:1f:cb:c4:52:
                    03:bf:b7:8b:9f:5d:d3:62:88:66:fc:41:ca:64:02:
                    f9:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:26:39:B7:93:67:39:B2:52:26:53:F4:03:A9:AF:1C:63:F3:24:95
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/rCY5t5NnObJSJlP0A6mvHGPzJJU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.107.178.0/23
                  89.34.27.0/24
                  89.36.94.0/23
                  89.41.180.0/23
                  93.114.194.0/24
                  185.101.107.0/24
                  188.241.218.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5a:4b:a6:c6:37:c1:96:82:38:08:25:22:ec:47:37:25:b5:49:
         92:9e:48:99:3f:56:46:04:0c:71:2e:b6:b8:fb:a3:7a:a1:fe:
         ff:f8:23:96:23:2b:6d:62:d3:4f:1c:b2:1e:61:cb:97:c8:88:
         17:54:ff:3d:a2:87:9f:c4:08:e1:af:cc:a1:7e:bd:cc:13:60:
         d8:eb:56:a4:39:d4:6e:d2:db:7c:65:7a:fc:55:70:f8:23:5b:
         93:2b:68:87:0f:8b:08:06:60:96:9e:e5:c4:3a:d1:09:0f:02:
         b2:2c:fd:30:d8:54:12:f9:12:12:83:28:f5:09:7c:4d:c8:38:
         81:cc:a8:41:44:9e:40:29:2d:9e:57:10:a5:4b:56:3e:0c:1c:
         b4:8e:3a:e2:a0:0b:77:c8:fd:d2:12:25:a9:02:04:72:00:a3:
         62:c7:5f:1f:af:ee:4b:0a:78:52:03:b3:1f:5b:6f:d1:de:aa:
         3a:99:31:51:11:31:88:c8:0e:1f:f8:d9:e5:72:b6:9d:ca:c2:
         93:c2:a4:59:89:90:f7:fc:9b:26:2d:ca:60:cd:99:66:a0:a1:
         34:d6:7d:a1:23:5b:b4:62:4f:2f:95:71:4e:bf:c3:dd:69:4f:
         f9:44:db:8e:8b:2e:8b:7a:80:74:e1:e3:d9:94:1e:fa:1d:27:
         ea:4b:d4:8b
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYVuy28FGXZQGG2UcEPUP0+7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjMwMTAxMTkyNTA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzI2MzliNzkzNjczOWIyNTIyNjUzZjQwM2E5YWYxYzYzZjMyNDk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiUgjDgG7sOxktC4Ya6GEK2CL9pf2
tHHUA/IqUfCilO8SNE9II7VhtYg06vNTIZShQ/XRXsqw3z0T6hNzmd+/sdF2G8FW
h3H5AUuFBMr22QY5jUT5KK0JtXmG3K5pVSrPKY79cucJRNa8c17QMzEnUdURk/B3
eXwxg6q7Tv56J0KUrwh7+4IO5yrGf5ETezRmfTb5LL3tLPE1dubs+Ef0tVYaK22d
BmhSfgxrE3B+humDpdTaFXZT0zXINR9X+V1x5lvaiSQLqFe4DjCtkV95didHgRDS
EXYoFrAlDgvLTvoM7ZzE/ecdZ54KzB/LxFIDv7eLn13TYohm/EHKZAL5PQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFKwmObeTZzmyUiZT9AOprxxj8ySVMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvckNZNXQ1Tm5PYkpTSmxQMEE2bXZIR1B6SkpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQBVmuyAwQA
WSIbAwQBWSReAwQBWSm0AwQAXXLCAwQAuWVrAwQBvPHaMA0GCSqGSIb3DQEBCwUA
A4IBAQBaS6bGN8GWgjgIJSLsRzcltUmSnkiZP1ZGBAxxLra4+6N6of7/+COWIytt
YtNPHLIeYcuXyIgXVP89ooefxAjhr8yhfr3ME2DY61akOdRu0tt8ZXr8VXD4I1uT
K2iHD4sIBmCWnuXEOtEJDwKyLP0w2FQS+RISgyj1CXxNyDiBzKhBRJ5AKS2eVxCl
S1Y+DBy0jjrioAt3yP3SEiWpAgRyAKNix18fr+5LCnhSA7MfW2/R3qo6mTFRETGI
yA4f+NnlcradysKTwqRZiZD3/JsmLcpgzZlmoKE01n2hI1u0Yk8vlXFOv8PdaU/5
RNuOiy6LeoB04ePZlB76HSfqS9SL
-----END CERTIFICATE-----