Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/634a12-e58c-455c-8933-6e6e8d9303e9/1/IDWazOisJyYkOdtiRcpSqL5zvkM.roa
File:                     IDWazOisJyYkOdtiRcpSqL5zvkM.roa (raw, json)
Hash identifier:          kj1Tnmcomdy+x5AHsc9OBz4FEdgVWPCo9Rp2vhAW6Is=
Subject key identifier:   20:35:9A:CC:E8:AC:27:26:24:39:DB:62:45:CA:52:A8:BE:73:BE:43
Certificate issuer:       /CN=04a2ae2cd094333018c41daafb474c6cfa80d07d
Certificate serial:       01856EAFD959DEFFA0055210176355980809
Authority key identifier: 04:A2:AE:2C:D0:94:33:30:18:C4:1D:AA:FB:47:4C:6C:FA:80:D0:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BKKuLNCUMzAYxB2q-0dMbPqA0H0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/634a12-e58c-455c-8933-6e6e8d9303e9/1/IDWazOisJyYkOdtiRcpSqL5zvkM.roa
Signing time:             Sun 01 Jan 2023 18:54:56 +0000
ROA not before:           Sun 01 Jan 2023 18:54:56 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     8257
IP address blocks:        188.112.64.0/19 maxlen: 19
                          188.112.64.0/18 maxlen: 18
                          176.61.192.0/20 maxlen: 20
                          176.61.192.0/18 maxlen: 18
                          176.61.208.0/20 maxlen: 20
                          188.112.96.0/19 maxlen: 19
                          176.61.224.0/21 maxlen: 21
                          178.253.128.0/18 maxlen: 18
                          178.253.128.0/19 maxlen: 19
                          185.37.240.0/22 maxlen: 22
                          178.253.160.0/19 maxlen: 19
                          85.135.128.0/17 maxlen: 20
                          176.61.232.0/21 maxlen: 21

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 12:33:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:af:d9:59:de:ff:a0:05:52:10:17:63:55:98:08:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=04a2ae2cd094333018c41daafb474c6cfa80d07d
        Validity
            Not Before: Jan  1 18:54:56 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=20359acce8ac27262439db6245ca52a8be73be43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:16:fd:6f:a0:08:97:7f:9f:e3:0d:29:c9:cf:
                    5c:ef:ef:75:39:d2:c3:35:c7:c4:0d:7d:26:fc:ed:
                    c5:bd:63:36:73:fd:73:7b:c6:a3:b9:62:c2:4b:ff:
                    36:1c:fe:d0:44:9b:22:32:d5:df:f1:dd:b1:f1:63:
                    de:84:c7:aa:f8:3e:b0:a2:b7:a0:1a:48:57:fe:b8:
                    a0:88:ce:1d:d5:21:35:97:0e:6a:2b:f6:d6:c4:f1:
                    e4:e3:5e:79:10:d2:bd:a9:1d:2d:94:70:08:90:20:
                    e6:b2:fc:61:7b:5a:5f:f3:c9:5d:2d:b1:65:b8:55:
                    b2:6f:f2:2c:b5:78:fc:bd:d8:e9:64:69:4b:04:62:
                    c4:95:b1:40:43:fb:5b:f0:42:17:e6:b4:a6:4d:a2:
                    f7:a8:45:0b:2e:ab:88:07:bb:5f:8d:0a:69:86:e1:
                    96:b3:49:d6:72:8a:0d:23:e7:2b:5f:4a:d3:01:62:
                    50:24:f9:16:9f:cc:99:81:1e:86:14:87:71:68:34:
                    21:31:91:5c:94:fd:d9:5d:cc:41:32:1c:93:f9:39:
                    ed:9a:72:11:cc:62:4b:d7:86:d0:b7:c0:3f:4d:46:
                    20:29:9d:da:ac:0e:c6:81:cc:1a:25:30:e2:24:da:
                    5f:2b:ac:13:93:5d:1f:26:24:87:60:30:42:f1:43:
                    03:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:35:9A:CC:E8:AC:27:26:24:39:DB:62:45:CA:52:A8:BE:73:BE:43
            X509v3 Authority Key Identifier:
                keyid:04:A2:AE:2C:D0:94:33:30:18:C4:1D:AA:FB:47:4C:6C:FA:80:D0:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BKKuLNCUMzAYxB2q-0dMbPqA0H0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/634a12-e58c-455c-8933-6e6e8d9303e9/1/IDWazOisJyYkOdtiRcpSqL5zvkM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/634a12-e58c-455c-8933-6e6e8d9303e9/1/BKKuLNCUMzAYxB2q-0dMbPqA0H0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.135.128.0/17
                  176.61.192.0/18
                  178.253.128.0/18
                  185.37.240.0/22
                  188.112.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         28:af:9b:d9:75:ca:17:63:3a:5e:4c:24:09:83:a3:1d:08:28:
         36:a2:d0:2b:b0:f8:95:92:0c:3b:b3:17:a7:3d:03:bb:d5:d8:
         d7:63:40:9c:54:8b:c4:9c:30:76:4a:68:aa:c5:b6:c6:4c:29:
         3d:df:59:e9:b1:60:2d:a2:38:d5:22:ed:3b:aa:40:77:33:68:
         ba:9c:91:a0:22:cf:fb:65:d7:0d:66:40:2b:3e:73:5d:d8:60:
         16:98:21:5d:6b:6a:93:3d:54:55:60:29:ab:92:49:7b:2b:a4:
         2d:91:d7:53:67:e9:ef:13:b8:32:0d:c1:8a:64:02:6d:f9:01:
         42:0c:7b:a7:c0:a8:80:a4:4c:c5:6e:0e:93:fd:33:93:54:c9:
         97:3f:de:93:36:ca:3c:50:95:dd:ff:74:ff:cc:18:7e:4b:9d:
         78:b4:1c:4c:ed:54:cc:9c:ce:e5:23:15:60:09:2c:ea:6c:44:
         5a:ce:65:cf:c8:c9:43:1b:9f:bb:b4:78:27:30:4a:03:22:bb:
         72:c1:ce:b6:5a:66:3a:3f:8f:9f:00:11:15:1f:34:8a:d9:73:
         bf:a3:56:da:4c:55:c4:9a:10:6e:e5:43:35:43:80:7d:aa:c1:
         d6:0f:62:c3:38:b3:7c:e1:a5:30:ad:54:5a:64:bb:eb:89:cc:
         b0:9b:d5:b2
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYVur9lZ3v+gBVIQF2NVmAgJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0YTJhZTJjZDA5NDMzMzAxOGM0MWRhYWZiNDc0YzZjZmE4
MGQwN2QwHhcNMjMwMTAxMTg1NDU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDM1OWFjY2U4YWMyNzI2MjQzOWRiNjI0NWNhNTJhOGJlNzNiZTQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApBb9b6AIl3+f4w0pyc9c7+91OdLD
NcfEDX0m/O3FvWM2c/1ze8ajuWLCS/82HP7QRJsiMtXf8d2x8WPehMeq+D6woreg
GkhX/rigiM4d1SE1lw5qK/bWxPHk4155ENK9qR0tlHAIkCDmsvxhe1pf88ldLbFl
uFWyb/IstXj8vdjpZGlLBGLElbFAQ/tb8EIX5rSmTaL3qEULLquIB7tfjQpphuGW
s0nWcooNI+crX0rTAWJQJPkWn8yZgR6GFIdxaDQhMZFclP3ZXcxBMhyT+TntmnIR
zGJL14bQt8A/TUYgKZ3arA7GgcwaJTDiJNpfK6wTk10fJiSHYDBC8UMDTQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFCA1mszorCcmJDnbYkXKUqi+c75DMB8GA1UdIwQY
MBaAFASirizQlDMwGMQdqvtHTGz6gNB9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQktLdUxOQ1VNekFZeEIycS0wZE1iUHFBMEgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS82MzRhMTItZTU4Yy00NTVjLTg5MzMt
NmU2ZThkOTMwM2U5LzEvSURXYXpPaXNKeVlrT2R0aVJjcFNxTDV6dmtNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS82MzRhMTItZTU4Yy00NTVjLTg5MzMtNmU2ZThkOTMwM2U5
LzEvQktLdUxOQ1VNekFZeEIycS0wZE1iUHFBMEgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQHVYeAAwQG
sD3AAwQGsv2AAwQCuSXwAwQGvHBAMA0GCSqGSIb3DQEBCwUAA4IBAQAor5vZdcoX
YzpeTCQJg6MdCCg2otArsPiVkgw7sxenPQO71djXY0CcVIvEnDB2SmiqxbbGTCk9
31npsWAtojjVIu07qkB3M2i6nJGgIs/7ZdcNZkArPnNd2GAWmCFda2qTPVRVYCmr
kkl7K6QtkddTZ+nvE7gyDcGKZAJt+QFCDHunwKiApEzFbg6T/TOTVMmXP96TNso8
UJXd/3T/zBh+S514tBxM7VTMnM7lIxVgCSzqbERazmXPyMlDG5+7tHgnMEoDIrty
wc62WmY6P4+fABEVHzSK2XO/o1baTFXEmhBu5UM1Q4B9qsHWD2LDOLN84aUwrVRa
ZLvricywm9Wy
-----END CERTIFICATE-----