Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/LyHzxXXDS3mBvasPK7tw_bJ4tEA.roa
File:                     LyHzxXXDS3mBvasPK7tw_bJ4tEA.roa (raw, json)
Hash identifier:          7qEj44M0cY0bYEqgZItUwoVlOJSnKa1WouBaiLNWjIQ=
Subject key identifier:   2F:21:F3:C5:75:C3:4B:79:81:BD:AB:0F:2B:BB:70:FD:B2:78:B4:40
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       01856DCAFCA420A1034E56052E9321972664
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/LyHzxXXDS3mBvasPK7tw_bJ4tEA.roa
Signing time:             Sun 01 Jan 2023 14:44:57 +0000
ROA not before:           Sun 01 Jan 2023 14:44:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     400177
IP address blocks:        2a13:540::/29 maxlen: 29
                          2a0a:7d00::/29 maxlen: 29
                          2a13:5c80::/29 maxlen: 29
                          2a07:8a40::/29 maxlen: 29
                          2a0c:d380::/29 maxlen: 29
                          2a13:3080::/29 maxlen: 29
                          2a13:3380::/29 maxlen: 29
                          2a0f:d200::/29 maxlen: 29
                          2a13:5b80::/29 maxlen: 29
                          2a13:7d80::/29 maxlen: 29

Validation:               Failed, certificate revoked on Thu 05 Oct 2023 07:26:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:ca:fc:a4:20:a1:03:4e:56:05:2e:93:21:97:26:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Jan  1 14:44:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2f21f3c575c34b7981bdab0f2bbb70fdb278b440
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:92:bf:08:da:50:0c:c7:e5:32:df:35:af:48:
                    c3:c1:62:ff:10:9b:c8:68:23:87:ff:8b:e4:9e:c5:
                    cb:4b:ad:7a:83:59:ea:3f:dc:a7:de:43:1c:39:34:
                    be:4a:3d:b2:cd:e7:4b:ad:cb:96:a3:10:1e:50:be:
                    ea:d4:54:08:d8:dc:69:c4:4d:41:be:f6:7e:29:14:
                    c3:58:fc:ef:e3:1e:57:4f:c2:29:9f:2a:de:3d:a7:
                    b5:8b:06:35:b1:57:d3:94:35:cd:eb:93:a1:c0:1b:
                    39:2c:ec:08:ac:06:de:44:d9:e8:2b:23:e2:3e:b4:
                    17:08:eb:70:b1:d8:19:24:c3:e6:19:1b:00:11:03:
                    9f:1b:24:ea:fb:dc:5a:96:f8:cb:c3:9c:5e:37:65:
                    36:52:0e:4d:5c:1e:1c:48:70:28:37:4d:42:d5:d7:
                    df:8c:ac:4b:6b:0a:38:ce:02:ca:3b:7c:c2:42:00:
                    b9:43:7b:d3:d5:d6:63:5f:fe:ef:64:f1:94:55:18:
                    99:86:d8:75:54:f0:d2:85:1b:69:ff:88:b4:44:8a:
                    71:91:a0:20:8f:25:b6:66:c0:bb:48:bd:75:ea:03:
                    63:0d:6a:d2:fe:bb:f3:36:4d:09:7d:2b:b8:4c:96:
                    67:86:d7:d5:61:b3:92:1e:10:82:a4:9f:46:3b:b7:
                    9e:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:21:F3:C5:75:C3:4B:79:81:BD:AB:0F:2B:BB:70:FD:B2:78:B4:40
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/LyHzxXXDS3mBvasPK7tw_bJ4tEA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:8a40::/29
                  2a0a:7d00::/29
                  2a0c:d380::/29
                  2a0f:d200::/29
                  2a13:540::/29
                  2a13:3080::/29
                  2a13:3380::/29
                  2a13:5b80::/29
                  2a13:5c80::/29
                  2a13:7d80::/29

    Signature Algorithm: sha256WithRSAEncryption
         6a:59:fa:2a:74:9e:a5:1d:cf:7b:1c:fa:90:89:45:86:00:03:
         15:bc:68:bc:10:1a:d5:f4:e2:b5:85:33:37:93:fa:4f:5b:24:
         2f:30:95:2f:18:95:83:31:c8:b8:ec:ee:4e:97:f3:3f:69:eb:
         79:66:d4:ff:fa:37:bb:d8:8b:4b:3d:27:6c:86:6c:ae:b8:12:
         15:ca:cc:0f:0b:06:3a:9b:d8:08:55:2e:92:fd:1e:42:f4:29:
         5e:af:63:25:f6:18:50:a4:a0:d6:3b:92:9c:21:6f:f9:12:87:
         f2:6b:1a:d4:20:a5:23:e7:11:1d:2d:57:58:f9:62:48:d2:6b:
         71:de:d6:b9:67:44:7b:6f:87:9b:ce:b3:ee:41:e5:7c:76:21:
         97:66:3c:fa:84:83:e5:15:47:d5:af:a8:c2:a1:2d:eb:f2:05:
         6e:0f:9a:4b:67:5a:56:5c:46:43:2f:91:9e:a1:97:47:41:df:
         42:a7:86:32:a7:dd:41:7b:2d:52:a9:83:38:b6:88:c2:38:c9:
         92:a8:b5:2e:92:29:c0:a3:95:94:db:07:ee:77:6e:aa:27:b2:
         f6:22:98:32:dd:d0:ba:02:25:2d:f8:7c:97:8e:da:94:ff:dd:
         0e:a8:f9:ef:a6:19:ed:dd:81:bd:e4:0d:e6:e0:05:12:b2:f9:
         8c:43:ae:8b
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYVtyvykIKEDTlYFLpMhlyZkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjMwMTAxMTQ0NDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjIxZjNjNTc1YzM0Yjc5ODFiZGFiMGYyYmJiNzBmZGIyNzhiNDQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo5K/CNpQDMflMt81r0jDwWL/EJvI
aCOH/4vknsXLS616g1nqP9yn3kMcOTS+Sj2yzedLrcuWoxAeUL7q1FQI2NxpxE1B
vvZ+KRTDWPzv4x5XT8IpnyrePae1iwY1sVfTlDXN65OhwBs5LOwIrAbeRNnoKyPi
PrQXCOtwsdgZJMPmGRsAEQOfGyTq+9xalvjLw5xeN2U2Ug5NXB4cSHAoN01C1dff
jKxLawo4zgLKO3zCQgC5Q3vT1dZjX/7vZPGUVRiZhth1VPDShRtp/4i0RIpxkaAg
jyW2ZsC7SL116gNjDWrS/rvzNk0JfSu4TJZnhtfVYbOSHhCCpJ9GO7eeiQIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFC8h88V1w0t5gb2rDyu7cP2yeLRAMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvTHlIenhYWERTM21CdmFzUEs3dHdfYko0dEVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjBMBAIAAjBGAwUDKgeKQAMF
AyoKfQADBQMqDNOAAwUDKg/SAAMFAyoTBUADBQMqEzCAAwUDKhMzgAMFAyoTW4AD
BQMqE1yAAwUDKhN9gDANBgkqhkiG9w0BAQsFAAOCAQEAaln6KnSepR3Pexz6kIlF
hgADFbxovBAa1fTitYUzN5P6T1skLzCVLxiVgzHIuOzuTpfzP2nreWbU//o3u9iL
Sz0nbIZsrrgSFcrMDwsGOpvYCFUukv0eQvQpXq9jJfYYUKSg1juSnCFv+RKH8msa
1CClI+cRHS1XWPliSNJrcd7WuWdEe2+Hm86z7kHlfHYhl2Y8+oSD5RVH1a+owqEt
6/IFbg+aS2daVlxGQy+RnqGXR0HfQqeGMqfdQXstUqmDOLaIwjjJkqi1LpIpwKOV
lNsH7nduqiey9iKYMt3QugIlLfh8l47alP/dDqj576YZ7d2BveQN5uAFErL5jEOu
iw==
-----END CERTIFICATE-----