Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/958c2c-b4c3-432d-9ab1-0cc83b00fc58/1/0n5Iyv1cOGZPTh3c9t2vZh7wsfY.roa
File:                     0n5Iyv1cOGZPTh3c9t2vZh7wsfY.roa (raw, json)
Hash identifier:          EVOi79H9owIL4n35tUKDGzL7H6y0R30A+rNuwseSOg0=
Subject key identifier:   D2:7E:48:CA:FD:5C:38:66:4F:4E:1D:DC:F6:DD:AF:66:1E:F0:B1:F6
Certificate issuer:       /CN=79101035d53377c5a72bedca522fc1456e0b8419
Certificate serial:       0188C48620D673703FEC9B13B7F6987BC713
Authority key identifier: 79:10:10:35:D5:33:77:C5:A7:2B:ED:CA:52:2F:C1:45:6E:0B:84:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eRAQNdUzd8WnK-3KUi_BRW4LhBk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/958c2c-b4c3-432d-9ab1-0cc83b00fc58/1/0n5Iyv1cOGZPTh3c9t2vZh7wsfY.roa
Signing time:             Fri 16 Jun 2023 14:05:04 +0000
ROA not before:           Fri 16 Jun 2023 14:05:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     28849
IP address blocks:        217.23.112.0/24 maxlen: 24
                          217.23.117.0/24 maxlen: 24
                          217.23.113.0/24 maxlen: 24
                          217.23.112.0/20 maxlen: 20
                          217.23.114.0/24 maxlen: 24
                          217.23.115.0/24 maxlen: 24
                          217.23.116.0/24 maxlen: 24
                          217.23.124.0/24 maxlen: 24
                          217.23.125.0/24 maxlen: 24
                          217.23.119.0/24 maxlen: 24
                          217.23.120.0/24 maxlen: 24
                          217.23.121.0/24 maxlen: 24
                          217.23.122.0/24 maxlen: 24
                          217.23.123.0/24 maxlen: 24
                          217.23.126.0/24 maxlen: 24
                          217.23.127.0/24 maxlen: 24
                          185.15.159.0/24 maxlen: 24
                          185.15.156.0/22 maxlen: 22

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 18:30:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:c4:86:20:d6:73:70:3f:ec:9b:13:b7:f6:98:7b:c7:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79101035d53377c5a72bedca522fc1456e0b8419
        Validity
            Not Before: Jun 16 14:05:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d27e48cafd5c38664f4e1ddcf6ddaf661ef0b1f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:81:42:f7:a6:c8:e9:ae:48:0b:d5:d2:00:a8:
                    c4:c0:90:95:f4:4e:5e:f7:71:d5:22:75:ab:28:77:
                    62:cf:a1:80:14:14:bd:d2:6b:1f:ec:ea:52:14:05:
                    ac:1a:1e:8c:92:1e:bf:2c:eb:29:7c:d4:64:45:f6:
                    ba:ee:43:fe:63:89:dc:1f:3c:2b:30:9d:e0:71:f6:
                    ab:91:b4:fb:21:a0:e5:76:d4:e2:17:53:99:a9:f5:
                    18:0a:03:5e:a9:be:f9:bf:ad:4d:7e:39:df:8c:26:
                    40:33:b6:57:a4:fa:e5:d3:b8:89:35:90:3d:b9:31:
                    2c:5a:d6:6b:58:21:95:9b:6e:dd:c5:c9:44:f4:2e:
                    ef:c2:ef:49:a6:c5:c7:26:02:2e:cd:45:11:e4:bb:
                    a2:86:57:c6:b5:93:81:48:39:a2:e3:93:b4:ce:a0:
                    11:e0:ab:c8:3e:b2:74:0d:14:c8:0b:c8:9a:84:7c:
                    19:ce:6e:75:69:b9:bb:0f:24:dd:60:8b:66:83:26:
                    94:ec:08:6f:60:61:5b:46:c4:a8:2f:74:f4:c3:3a:
                    bf:dd:f8:2d:4d:64:9f:3c:a4:87:40:00:a7:59:a8:
                    6a:21:7a:5b:f8:5b:d2:d8:10:1c:64:4e:d0:1c:b0:
                    1a:90:8d:cb:69:fb:8d:b9:1e:11:be:62:ca:de:35:
                    cc:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:7E:48:CA:FD:5C:38:66:4F:4E:1D:DC:F6:DD:AF:66:1E:F0:B1:F6
            X509v3 Authority Key Identifier:
                keyid:79:10:10:35:D5:33:77:C5:A7:2B:ED:CA:52:2F:C1:45:6E:0B:84:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eRAQNdUzd8WnK-3KUi_BRW4LhBk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/958c2c-b4c3-432d-9ab1-0cc83b00fc58/1/0n5Iyv1cOGZPTh3c9t2vZh7wsfY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/958c2c-b4c3-432d-9ab1-0cc83b00fc58/1/eRAQNdUzd8WnK-3KUi_BRW4LhBk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.15.156.0/22
                  217.23.112.0/20

    Signature Algorithm: sha256WithRSAEncryption
         86:db:72:6c:32:98:fa:4a:40:59:fe:86:44:d0:6f:2e:b7:74:
         0c:a7:ef:b6:f8:9b:16:17:f1:92:81:1a:17:51:40:be:9e:e9:
         67:fa:a2:bb:55:57:e7:30:19:29:73:91:12:5a:6c:a3:c9:b5:
         c2:17:c7:3b:a4:cd:91:ec:39:a1:32:1d:da:11:03:ef:da:4b:
         d3:d5:7a:10:80:8b:4c:23:33:3e:ce:19:f1:9f:df:8d:d1:4b:
         a8:1d:b6:75:c9:af:91:c8:69:40:eb:e5:82:1d:02:94:7b:de:
         88:a6:9b:65:31:8a:87:88:f9:24:35:f2:2e:c4:6e:75:91:e9:
         45:1f:81:65:4b:1a:c9:cb:44:82:9e:f4:62:68:c9:36:85:0b:
         63:14:1b:6a:61:c8:6e:e4:6c:2f:f6:68:0d:08:8f:30:88:48:
         14:36:bd:11:41:54:65:48:4d:dd:19:bb:45:13:8b:94:1e:89:
         bb:d2:b8:9a:37:2d:f4:bc:48:b0:40:aa:41:d6:ef:30:f6:3a:
         f7:ce:1f:7b:b3:56:9e:70:ef:7f:00:3e:47:2f:4f:df:bc:c4:
         77:38:b3:c8:24:ce:01:7b:95:0a:9c:7f:3d:29:60:1e:ff:e7:
         b5:8a:d3:17:43:c2:d5:a7:e9:fd:e3:a2:ea:70:d3:aa:ac:67:
         bb:79:1e:4c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYjEhiDWc3A/7JsTt/aYe8cTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5MTAxMDM1ZDUzMzc3YzVhNzJiZWRjYTUyMmZjMTQ1NmUw
Yjg0MTkwHhcNMjMwNjE2MTQwNTA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjdlNDhjYWZkNWMzODY2NGY0ZTFkZGNmNmRkYWY2NjFlZjBiMWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7IFC96bI6a5IC9XSAKjEwJCV9E5e
93HVInWrKHdiz6GAFBS90msf7OpSFAWsGh6Mkh6/LOspfNRkRfa67kP+Y4ncHzwr
MJ3gcfarkbT7IaDldtTiF1OZqfUYCgNeqb75v61NfjnfjCZAM7ZXpPrl07iJNZA9
uTEsWtZrWCGVm27dxclE9C7vwu9JpsXHJgIuzUUR5LuihlfGtZOBSDmi45O0zqAR
4KvIPrJ0DRTIC8iahHwZzm51abm7DyTdYItmgyaU7AhvYGFbRsSoL3T0wzq/3fgt
TWSfPKSHQACnWahqIXpb+FvS2BAcZE7QHLAakI3LafuNuR4RvmLK3jXMcwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNJ+SMr9XDhmT04d3Pbdr2Ye8LH2MB8GA1UdIwQY
MBaAFHkQEDXVM3fFpyvtylIvwUVuC4QZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVJBUU5kVXpkOFduSy0zS1VpX0JSVzRMaEJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS85NThjMmMtYjRjMy00MzJkLTlhYjEt
MGNjODNiMDBmYzU4LzEvMG41SXl2MWNPR1pQVGgzYzl0MnZaaDd3c2ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS85NThjMmMtYjRjMy00MzJkLTlhYjEtMGNjODNiMDBmYzU4
LzEvZVJBUU5kVXpkOFduSy0zS1VpX0JSVzRMaEJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuQ+cAwQE
2RdwMA0GCSqGSIb3DQEBCwUAA4IBAQCG23JsMpj6SkBZ/oZE0G8ut3QMp++2+JsW
F/GSgRoXUUC+nuln+qK7VVfnMBkpc5ESWmyjybXCF8c7pM2R7DmhMh3aEQPv2kvT
1XoQgItMIzM+zhnxn9+N0UuoHbZ1ya+RyGlA6+WCHQKUe96IpptlMYqHiPkkNfIu
xG51kelFH4FlSxrJy0SCnvRiaMk2hQtjFBtqYchu5Gwv9mgNCI8wiEgUNr0RQVRl
SE3dGbtFE4uUHom70riaNy30vEiwQKpB1u8w9jr3zh97s1aecO9/AD5HL0/fvMR3
OLPIJM4Be5UKnH89KWAe/+e1itMXQ8LVp+n946LqcNOqrGe7eR5M
-----END CERTIFICATE-----