Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/d900b3-5462-4eb4-9c90-0e0377d4e6d6/1/F6dK2HAEbgv2ZbeCqAwoyFkwuME.roa
File:                     F6dK2HAEbgv2ZbeCqAwoyFkwuME.roa (raw, json)
Hash identifier:          C/pxVE7ocZDtReOAGin4ZsvEnOY73RjslfTfmCXTLgs=
Subject key identifier:   17:A7:4A:D8:70:04:6E:0B:F6:65:B7:82:A8:0C:28:C8:59:30:B8:C1
Certificate issuer:       /CN=9110100f3cc787d6315303cb7fc88d9e25e56ea8
Certificate serial:       01856FA6FCBB76001C6319EF4C9484CE43C6
Authority key identifier: 91:10:10:0F:3C:C7:87:D6:31:53:03:CB:7F:C8:8D:9E:25:E5:6E:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kRAQDzzHh9YxUwPLf8iNniXlbqg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/d900b3-5462-4eb4-9c90-0e0377d4e6d6/1/F6dK2HAEbgv2ZbeCqAwoyFkwuME.roa
Signing time:             Sun 01 Jan 2023 23:24:52 +0000
ROA not before:           Sun 01 Jan 2023 23:24:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     56823
IP address blocks:        176.109.175.0/24 maxlen: 24
                          176.109.174.0/24 maxlen: 24
                          176.109.173.0/24 maxlen: 24
                          31.134.208.0/21 maxlen: 21
                          31.134.210.0/24 maxlen: 24
                          31.134.209.0/24 maxlen: 24
                          31.134.211.0/24 maxlen: 24
                          31.134.212.0/24 maxlen: 24
                          31.134.214.0/24 maxlen: 24
                          176.109.168.0/21 maxlen: 21
                          176.109.170.0/24 maxlen: 24
                          176.109.169.0/24 maxlen: 24
                          176.109.172.0/24 maxlen: 24
                          176.109.171.0/24 maxlen: 24
                          2001:67c:1378::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 28 Feb 2023 15:10:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:a6:fc:bb:76:00:1c:63:19:ef:4c:94:84:ce:43:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9110100f3cc787d6315303cb7fc88d9e25e56ea8
        Validity
            Not Before: Jan  1 23:24:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=17a74ad870046e0bf665b782a80c28c85930b8c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:91:69:e4:a2:90:36:f4:36:56:ff:ac:a1:84:
                    ed:8a:97:50:44:0c:b4:a5:a6:5e:78:5c:6c:69:06:
                    8d:32:37:ae:8e:ad:f8:04:4e:3f:6d:44:79:23:e2:
                    8d:3f:f5:12:9e:c2:11:1c:82:f9:73:1a:ff:b4:1b:
                    2d:96:ea:49:35:9b:c3:7b:9f:6c:20:12:86:91:47:
                    c2:8e:38:e2:c4:36:d3:a8:9f:e1:23:5b:44:15:6a:
                    81:dc:ab:28:54:56:25:27:9d:23:69:03:71:0d:f6:
                    b2:ef:5e:ca:a0:19:43:4b:1e:61:dc:fe:f9:60:23:
                    2b:ce:a4:3d:ed:f7:65:41:1f:6a:4f:59:0e:00:be:
                    4f:85:2f:fe:11:77:ec:4c:b8:ed:87:0d:69:54:d8:
                    50:26:91:c0:b3:a4:a5:7f:1b:fb:64:84:f9:41:1d:
                    ab:b6:44:2e:f2:65:33:09:3a:c1:c0:1f:5f:b9:d9:
                    77:40:32:d4:6c:f0:91:f2:a3:67:4b:25:18:b3:d4:
                    ac:aa:8f:82:0b:94:b5:94:87:21:79:19:e3:f4:61:
                    d0:b0:ad:61:b3:8a:39:2e:29:e1:c9:d6:f5:cb:b5:
                    c7:08:5b:3a:e4:31:11:8a:0c:ee:bc:62:d3:25:df:
                    d1:bd:a7:61:07:92:be:2c:31:20:82:1e:10:61:bb:
                    0f:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:A7:4A:D8:70:04:6E:0B:F6:65:B7:82:A8:0C:28:C8:59:30:B8:C1
            X509v3 Authority Key Identifier:
                keyid:91:10:10:0F:3C:C7:87:D6:31:53:03:CB:7F:C8:8D:9E:25:E5:6E:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kRAQDzzHh9YxUwPLf8iNniXlbqg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/d900b3-5462-4eb4-9c90-0e0377d4e6d6/1/F6dK2HAEbgv2ZbeCqAwoyFkwuME.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/d900b3-5462-4eb4-9c90-0e0377d4e6d6/1/kRAQDzzHh9YxUwPLf8iNniXlbqg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.134.208.0/21
                  176.109.168.0/21
                IPv6:
                  2001:67c:1378::/48

    Signature Algorithm: sha256WithRSAEncryption
         17:22:49:f4:20:f9:9c:de:5c:b3:41:72:78:ce:0e:7f:d8:fa:
         4f:18:1d:fb:6e:79:51:0c:8f:5c:79:5c:03:8a:5d:a2:d1:78:
         67:11:ce:94:6d:45:b6:8f:7f:c7:b5:5d:f0:fb:aa:54:7c:bc:
         de:c5:1b:6a:12:d2:05:2c:eb:22:85:5a:7c:16:a4:f4:a5:cd:
         ff:7a:db:a0:52:a8:70:85:39:95:c8:74:51:bd:cf:b7:75:fb:
         a1:81:85:5d:fa:6a:1d:d2:26:12:10:0d:51:e9:78:15:7a:17:
         2b:13:ed:db:20:83:24:af:0b:9a:ef:b3:1b:06:06:c8:87:27:
         7e:d9:9d:5a:ef:85:00:e0:5a:21:f5:cc:68:0c:ac:aa:b5:2f:
         6f:f5:86:a0:4a:c2:e8:46:c6:5a:61:24:47:cb:70:da:da:47:
         29:12:d3:1c:f0:86:8f:dc:97:87:a4:0d:17:af:99:2d:21:99:
         3e:58:0b:ff:bf:ce:49:1b:eb:ad:74:97:e3:53:30:76:98:c5:
         b5:90:f6:75:77:76:1a:b2:d2:a2:06:2a:02:19:ef:45:2d:9d:
         7d:b9:7d:e0:58:1e:d4:72:2f:ed:69:86:d6:94:12:6f:e9:43:
         f8:63:c6:7f:ce:5b:3a:d5:53:b7:75:03:1c:99:42:05:7a:95:
         71:4d:13:0a
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYVvpvy7dgAcYxnvTJSEzkPGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxMTAxMDBmM2NjNzg3ZDYzMTUzMDNjYjdmYzg4ZDllMjVl
NTZlYTgwHhcNMjMwMTAxMjMyNDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxN2E3NGFkODcwMDQ2ZTBiZjY2NWI3ODJhODBjMjhjODU5MzBiOGMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwJFp5KKQNvQ2Vv+soYTtipdQRAy0
paZeeFxsaQaNMjeujq34BE4/bUR5I+KNP/USnsIRHIL5cxr/tBstlupJNZvDe59s
IBKGkUfCjjjixDbTqJ/hI1tEFWqB3KsoVFYlJ50jaQNxDfay717KoBlDSx5h3P75
YCMrzqQ97fdlQR9qT1kOAL5PhS/+EXfsTLjthw1pVNhQJpHAs6Slfxv7ZIT5QR2r
tkQu8mUzCTrBwB9fudl3QDLUbPCR8qNnSyUYs9Ssqo+CC5S1lIcheRnj9GHQsK1h
s4o5Linhydb1y7XHCFs65DERigzuvGLTJd/RvadhB5K+LDEggh4QYbsPdwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFBenSthwBG4L9mW3gqgMKMhZMLjBMB8GA1UdIwQY
MBaAFJEQEA88x4fWMVMDy3/IjZ4l5W6oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1JBUUR6ekhoOVl4VXdQTGY4aU5uaVhsYnFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy9kOTAwYjMtNTQ2Mi00ZWI0LTljOTAt
MGUwMzc3ZDRlNmQ2LzEvRjZkSzJIQUViZ3YyWmJlQ3FBd295Rmt3dU1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy9kOTAwYjMtNTQ2Mi00ZWI0LTljOTAtMGUwMzc3ZDRlNmQ2
LzEva1JBUUR6ekhoOVl4VXdQTGY4aU5uaVhsYnFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQDH4bQAwQD
sG2oMA8EAgACMAkDBwAgAQZ8E3gwDQYJKoZIhvcNAQELBQADggEBABciSfQg+Zze
XLNBcnjODn/Y+k8YHftueVEMj1x5XAOKXaLReGcRzpRtRbaPf8e1XfD7qlR8vN7F
G2oS0gUs6yKFWnwWpPSlzf9626BSqHCFOZXIdFG9z7d1+6GBhV36ah3SJhIQDVHp
eBV6FysT7dsggySvC5rvsxsGBsiHJ37ZnVrvhQDgWiH1zGgMrKq1L2/1hqBKwuhG
xlphJEfLcNraRykS0xzwho/cl4ekDRevmS0hmT5YC/+/zkkb6610l+NTMHaYxbWQ
9nV3dhqy0qIGKgIZ70UtnX25feBYHtRyL+1phtaUEm/pQ/hjxn/OWzrVU7d1AxyZ
QgV6lXFNEwo=
-----END CERTIFICATE-----