Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Ueh9q4eygcZu9PtOEX2gZ9TonO0.roa
File:                     Ueh9q4eygcZu9PtOEX2gZ9TonO0.roa (raw, json)
Hash identifier:          J3ioB9XV0yM1QnSzRoP6O+H2C/QA9YHzWLFmUrNHYJ8=
Subject key identifier:   51:E8:7D:AB:87:B2:81:C6:6E:F4:FB:4E:11:7D:A0:67:D4:E8:9C:ED
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       0186A31C5996DF3E2BB80D0CAAF83D4F3223
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Ueh9q4eygcZu9PtOEX2gZ9TonO0.roa
Signing time:             Thu 02 Mar 2023 16:16:29 +0000
ROA not before:           Thu 02 Mar 2023 16:16:29 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61138
IP address blocks:        93.115.255.0/24 maxlen: 24
                          188.212.132.0/24 maxlen: 24
                          188.212.133.0/24 maxlen: 24
                          188.213.202.0/24 maxlen: 24
                          213.232.93.0/24 maxlen: 24
                          213.232.95.0/24 maxlen: 24
                          188.212.159.0/24 maxlen: 24
                          94.176.110.0/24 maxlen: 24
                          188.214.209.0/24 maxlen: 24
                          185.255.168.0/24 maxlen: 24
                          188.214.208.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sat 04 Mar 2023 06:11:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:a3:1c:59:96:df:3e:2b:b8:0d:0c:aa:f8:3d:4f:32:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Mar  2 16:16:29 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=51e87dab87b281c66ef4fb4e117da067d4e89ced
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:9d:66:49:12:70:55:be:9b:af:9b:c7:6f:06:
                    4d:49:d6:d1:8e:6d:cc:7d:cf:62:5d:bb:4c:18:15:
                    02:ed:4b:48:d4:7f:f5:13:02:9b:8c:c7:41:bd:80:
                    81:05:86:de:41:51:0b:2a:d8:5b:bd:96:c5:3c:f4:
                    18:84:72:89:b9:29:3a:ae:f4:ed:c0:7b:11:39:89:
                    a6:74:67:0e:86:bd:9a:80:d0:13:f5:be:ec:cd:44:
                    06:df:8a:75:c0:a3:ba:7d:2f:05:78:a1:b3:73:82:
                    42:09:f0:98:39:d6:4a:75:8b:e1:34:20:6e:77:17:
                    8b:79:36:ae:6a:6a:e3:77:f2:5b:09:d9:d3:d8:66:
                    15:2c:d8:1b:40:a2:cc:43:b5:ab:4a:55:45:6a:f5:
                    5e:6a:4e:7e:46:36:f7:4d:df:c5:c4:c4:c2:71:72:
                    cd:78:b5:55:5f:fb:d6:50:48:df:c4:b0:40:26:db:
                    32:15:27:2a:fb:12:c3:5f:3e:0b:bd:b4:fc:eb:37:
                    69:2b:5f:5a:7e:c9:10:b5:4e:a3:4e:bc:a3:d2:06:
                    76:a2:c3:ea:59:69:b1:38:81:8d:3b:0a:d7:b1:a8:
                    ea:25:c6:53:8c:37:c2:8f:aa:a2:59:46:23:ba:c5:
                    17:45:0a:6a:93:18:94:6c:a1:c0:79:90:e4:f3:f0:
                    67:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:E8:7D:AB:87:B2:81:C6:6E:F4:FB:4E:11:7D:A0:67:D4:E8:9C:ED
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Ueh9q4eygcZu9PtOEX2gZ9TonO0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.115.255.0/24
                  94.176.110.0/24
                  185.255.168.0/24
                  188.212.132.0/23
                  188.212.159.0/24
                  188.213.202.0/24
                  188.214.208.0/23
                  213.232.93.0/24
                  213.232.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:d4:09:b6:f9:47:62:f8:29:04:23:07:65:4a:a0:33:a9:8a:
         9e:8d:8f:e1:b9:1b:f6:df:7a:aa:e6:1c:21:38:83:27:4a:31:
         62:54:29:a3:8a:a1:6e:0a:ba:d3:bd:f8:a0:54:25:7c:2b:45:
         db:2c:76:82:a7:9b:46:a0:8b:00:e6:fc:a2:90:90:92:4f:79:
         a6:9b:9b:3b:f5:51:b4:93:dd:90:f2:59:2c:29:02:ad:a4:a0:
         62:2c:7f:d3:bc:8c:19:9e:21:27:57:1a:90:fb:90:8c:cf:46:
         cb:92:3a:15:12:83:75:ba:e7:5b:9e:36:44:d2:b3:eb:f6:db:
         e7:da:2a:27:06:ed:48:8f:30:ce:82:d6:d1:46:0e:b3:6f:8f:
         e9:64:1a:f1:a8:c1:63:65:83:75:55:18:cf:a1:8e:95:6f:45:
         17:55:29:69:60:a9:a5:db:de:52:57:69:0b:24:1d:6b:49:40:
         6f:37:c6:e9:2d:5c:38:99:83:8f:c3:ec:7d:f0:f4:b3:eb:95:
         24:5b:40:d6:7e:58:b1:00:ac:58:2e:d8:e1:30:4e:1e:db:52:
         c7:c1:11:fd:c0:99:2a:66:eb:04:08:d2:24:62:ae:a3:f1:a2:
         49:7e:66:40:61:ef:b5:3c:36:f5:d9:bd:6c:e7:1a:1a:ee:38:
         a6:30:1b:4d
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYajHFmW3z4ruA0Mqvg9TzIjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMzAyMTYxNjI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWU4N2RhYjg3YjI4MWM2NmVmNGZiNGUxMTdkYTA2N2Q0ZTg5Y2VkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApp1mSRJwVb6br5vHbwZNSdbRjm3M
fc9iXbtMGBUC7UtI1H/1EwKbjMdBvYCBBYbeQVELKthbvZbFPPQYhHKJuSk6rvTt
wHsROYmmdGcOhr2agNAT9b7szUQG34p1wKO6fS8FeKGzc4JCCfCYOdZKdYvhNCBu
dxeLeTauamrjd/JbCdnT2GYVLNgbQKLMQ7WrSlVFavVeak5+Rjb3Td/FxMTCcXLN
eLVVX/vWUEjfxLBAJtsyFScq+xLDXz4LvbT86zdpK19afskQtU6jTryj0gZ2osPq
WWmxOIGNOwrXsajqJcZTjDfCj6qiWUYjusUXRQpqkxiUbKHAeZDk8/BnBwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFFHofauHsoHGbvT7ThF9oGfU6JztMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvVWVoOXE0ZXlnY1p1OVB0T0VYMmdaOVRvbk8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAXXP/AwQA
XrBuAwQAuf+oAwQBvNSEAwQAvNSfAwQAvNXKAwQBvNbQAwQA1ehdAwQA1ehfMA0G
CSqGSIb3DQEBCwUAA4IBAQAa1Am2+Udi+CkEIwdlSqAzqYqejY/huRv233qq5hwh
OIMnSjFiVCmjiqFuCrrTvfigVCV8K0XbLHaCp5tGoIsA5vyikJCST3mmm5s79VG0
k92Q8lksKQKtpKBiLH/TvIwZniEnVxqQ+5CMz0bLkjoVEoN1uudbnjZE0rPr9tvn
2ionBu1IjzDOgtbRRg6zb4/pZBrxqMFjZYN1VRjPoY6Vb0UXVSlpYKml295SV2kL
JB1rSUBvN8bpLVw4mYOPw+x98PSz65UkW0DWflixAKxYLtjhME4e21LHwRH9wJkq
ZusECNIkYq6j8aJJfmZAYe+1PDb12b1s5xoa7jimMBtN
-----END CERTIFICATE-----