Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/4ae64b-f73e-408c-b4a8-cbb3d635d82f/1/47dgYg742zW9rHd9wboCY3hKG-A.roa
File:                     47dgYg742zW9rHd9wboCY3hKG-A.roa (raw, json)
Hash identifier:          dhHPG8cdHVFA0d2kSYZttlXgPOM/vvmSi2Owzvr0iSk=
Subject key identifier:   E3:B7:60:62:0E:F8:DB:35:BD:AC:77:7D:C1:BA:02:63:78:4A:1B:E0
Certificate issuer:       /CN=69042c1f27a7d7862475087023dc97c3330f73c6
Certificate serial:       0186086D167E85F94F432504A4F44E8E2FED
Authority key identifier: 69:04:2C:1F:27:A7:D7:86:24:75:08:70:23:DC:97:C3:33:0F:73:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aQQsHyen14YkdQhwI9yXwzMPc8Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/4ae64b-f73e-408c-b4a8-cbb3d635d82f/1/47dgYg742zW9rHd9wboCY3hKG-A.roa
Signing time:             Tue 31 Jan 2023 15:23:32 +0000
ROA not before:           Tue 31 Jan 2023 15:23:32 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     48847
IP address blocks:        185.104.68.144/28 maxlen: 28
                          185.104.70.0/28 maxlen: 28
                          185.104.71.32/28 maxlen: 28
                          185.104.71.176/29 maxlen: 29
                          185.104.68.240/29 maxlen: 29
                          185.104.70.220/30 maxlen: 30
                          185.104.68.0/26 maxlen: 26
                          185.104.68.64/26 maxlen: 26
                          185.104.71.0/24 maxlen: 24
                          185.104.70.0/24 maxlen: 24
                          185.104.68.0/22 maxlen: 22
                          185.104.68.0/24 maxlen: 24
                          185.104.71.16/30 maxlen: 30
                          185.104.71.20/30 maxlen: 30
                          2a06:3480::/29 maxlen: 29

Validation:               Failed, certificate revoked on Wed 06 Dec 2023 22:41:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:08:6d:16:7e:85:f9:4f:43:25:04:a4:f4:4e:8e:2f:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69042c1f27a7d7862475087023dc97c3330f73c6
        Validity
            Not Before: Jan 31 15:23:32 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e3b760620ef8db35bdac777dc1ba0263784a1be0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:96:67:73:b3:c1:b9:38:4e:13:1b:56:6a:77:
                    76:d6:04:bf:54:30:1a:3d:6a:81:63:c3:80:e7:f8:
                    4a:2c:be:94:27:4e:49:cf:11:8e:32:9a:2c:e4:0b:
                    53:c7:88:a5:0d:58:9e:f3:67:fd:91:63:3a:b3:c5:
                    3a:68:25:49:8d:09:29:5a:cb:4b:61:3b:cb:bf:f4:
                    58:e8:0e:3a:ed:60:4c:f4:31:79:b1:90:b0:45:f9:
                    18:0d:83:a8:4a:cf:a6:e7:58:0d:e5:1f:90:fe:89:
                    4b:26:f6:83:e9:19:05:b3:84:d5:64:11:70:36:0f:
                    2e:40:8e:2e:b9:8c:64:91:1a:ca:f8:96:52:bf:cb:
                    d4:73:64:23:3b:3f:ef:85:8f:35:6f:5d:a0:cd:e1:
                    9b:6d:c3:43:68:4e:aa:2f:52:f1:7a:79:99:1d:b1:
                    6c:ce:7d:90:de:fe:ae:db:9f:42:3f:31:09:d4:cd:
                    64:d9:17:de:9a:84:6a:b8:e6:25:c8:17:9e:79:ff:
                    d0:83:d9:06:8f:90:e0:34:cc:14:ae:6e:39:ad:35:
                    7d:6c:55:db:36:aa:62:0c:63:89:ea:92:63:68:3e:
                    77:a7:a4:ab:9a:a1:9e:a8:bf:54:20:17:17:79:06:
                    3f:9f:b3:e3:ba:fd:eb:8f:b5:25:f2:fc:fd:dd:cb:
                    3f:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:B7:60:62:0E:F8:DB:35:BD:AC:77:7D:C1:BA:02:63:78:4A:1B:E0
            X509v3 Authority Key Identifier:
                keyid:69:04:2C:1F:27:A7:D7:86:24:75:08:70:23:DC:97:C3:33:0F:73:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aQQsHyen14YkdQhwI9yXwzMPc8Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/4ae64b-f73e-408c-b4a8-cbb3d635d82f/1/47dgYg742zW9rHd9wboCY3hKG-A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/4ae64b-f73e-408c-b4a8-cbb3d635d82f/1/aQQsHyen14YkdQhwI9yXwzMPc8Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.104.68.0/22
                IPv6:
                  2a06:3480::/29

    Signature Algorithm: sha256WithRSAEncryption
         55:d8:9e:57:a6:c2:a5:f3:c2:c7:1b:ba:b2:e7:46:69:95:ce:
         7e:f9:64:34:87:94:c0:a1:c3:de:f3:64:76:9b:3f:5a:ac:90:
         d4:63:4f:0e:00:38:66:54:e0:10:e1:e2:01:d6:8a:2b:9a:0b:
         6d:a0:a6:47:89:e0:03:a3:4b:63:04:5b:a4:43:a1:2d:b1:d4:
         74:a0:f3:f3:15:0d:6f:f7:2d:d6:22:05:ee:7b:91:96:04:e9:
         e3:10:64:d0:9c:68:c9:47:2c:1c:d3:6f:6b:35:08:f9:54:4d:
         ad:5d:c0:35:fd:b2:06:5f:95:37:3c:83:74:d7:5b:27:45:75:
         d2:d2:7f:4a:88:60:14:97:da:c4:c2:e0:57:62:1f:fa:f8:72:
         d4:a3:b3:47:3e:31:76:52:ac:f5:b3:c0:16:9d:c2:d5:ce:c1:
         dc:97:05:d6:27:b1:51:57:e0:c9:e9:71:9f:8b:74:8a:e5:d2:
         9e:12:c4:8f:1e:3e:f8:78:4b:50:d3:9f:70:a9:81:bf:bb:ce:
         93:62:dc:da:c3:f6:cf:74:16:b3:64:8a:7c:f3:de:9a:9d:fb:
         2c:5d:13:84:1e:2a:4b:5f:cf:e6:22:25:89:db:d9:52:f8:68:
         84:fb:fc:02:e8:c1:28:23:e6:04:57:d4:e1:92:27:4b:19:c8:
         ee:3a:71:c0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYYIbRZ+hflPQyUEpPROji/tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5MDQyYzFmMjdhN2Q3ODYyNDc1MDg3MDIzZGM5N2MzMzMw
ZjczYzYwHhcNMjMwMTMxMTUyMzMyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2I3NjA2MjBlZjhkYjM1YmRhYzc3N2RjMWJhMDI2Mzc4NGExYmUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsZZnc7PBuThOExtWand21gS/VDAa
PWqBY8OA5/hKLL6UJ05JzxGOMpos5AtTx4ilDVie82f9kWM6s8U6aCVJjQkpWstL
YTvLv/RY6A467WBM9DF5sZCwRfkYDYOoSs+m51gN5R+Q/olLJvaD6RkFs4TVZBFw
Ng8uQI4uuYxkkRrK+JZSv8vUc2QjOz/vhY81b12gzeGbbcNDaE6qL1LxenmZHbFs
zn2Q3v6u259CPzEJ1M1k2RfemoRquOYlyBeeef/Qg9kGj5DgNMwUrm45rTV9bFXb
NqpiDGOJ6pJjaD53p6SrmqGeqL9UIBcXeQY/n7Pjuv3rj7Ul8vz93cs/FQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOO3YGIO+Ns1vax3fcG6AmN4ShvgMB8GA1UdIwQY
MBaAFGkELB8np9eGJHUIcCPcl8MzD3PGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVFRc0h5ZW4xNFlrZFFod0k5eVh3ek1QYzhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy80YWU2NGItZjczZS00MDhjLWI0YTgt
Y2JiM2Q2MzVkODJmLzEvNDdkZ1lnNzQyelc5ckhkOXdib0NZM2hLRy1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy80YWU2NGItZjczZS00MDhjLWI0YTgtY2JiM2Q2MzVkODJm
LzEvYVFRc0h5ZW4xNFlrZFFod0k5eVh3ek1QYzhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuWhEMA0E
AgACMAcDBQMqBjSAMA0GCSqGSIb3DQEBCwUAA4IBAQBV2J5XpsKl88LHG7qy50Zp
lc5++WQ0h5TAocPe82R2mz9arJDUY08OADhmVOAQ4eIB1oormgttoKZHieADo0tj
BFukQ6EtsdR0oPPzFQ1v9y3WIgXue5GWBOnjEGTQnGjJRywc029rNQj5VE2tXcA1
/bIGX5U3PIN011snRXXS0n9KiGAUl9rEwuBXYh/6+HLUo7NHPjF2Uqz1s8AWncLV
zsHclwXWJ7FRV+DJ6XGfi3SK5dKeEsSPHj74eEtQ059wqYG/u86TYtzaw/bPdBaz
ZIp8896anfssXROEHipLX8/mIiWJ29lS+GiE+/wC6MEoI+YEV9ThkidLGcjuOnHA
-----END CERTIFICATE-----