Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/82e2ba-442c-42b0-9315-bc0dba932b35/1/xSy7cDPR_tHU-nPb-L-P_c250Hc.roa
File:                     xSy7cDPR_tHU-nPb-L-P_c250Hc.roa (raw, json)
Hash identifier:          oV4DhTu7ggh/sVhlzwBWZTz7Xziy0HshI9U3WgLlPQs=
Subject key identifier:   C5:2C:BB:70:33:D1:FE:D1:D4:FA:73:DB:F8:BF:8F:FD:CD:B9:D0:77
Certificate issuer:       /CN=44e888a76e99851b01fb86cec537d4d8e610de16
Certificate serial:       01856CEF42C50AAB2C8BB1DF9CEEBF7052B0
Authority key identifier: 44:E8:88:A7:6E:99:85:1B:01:FB:86:CE:C5:37:D4:D8:E6:10:DE:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ROiIp26ZhRsB-4bOxTfU2OYQ3hY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/82e2ba-442c-42b0-9315-bc0dba932b35/1/xSy7cDPR_tHU-nPb-L-P_c250Hc.roa
Signing time:             Sun 01 Jan 2023 10:44:57 +0000
ROA not before:           Sun 01 Jan 2023 10:44:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     48095
IP address blocks:        193.228.12.0/22 maxlen: 22
                          91.132.248.0/23 maxlen: 23
                          194.76.32.0/22 maxlen: 22
                          91.132.250.0/23 maxlen: 23
                          109.196.170.0/23 maxlen: 23
                          109.196.168.0/23 maxlen: 23
                          185.245.245.0/24 maxlen: 24
                          192.144.24.0/23 maxlen: 23
                          91.197.36.0/22 maxlen: 22
                          192.144.26.0/23 maxlen: 23
                          185.249.0.0/22 maxlen: 22
                          193.39.88.0/22 maxlen: 22

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 12:30:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:ef:42:c5:0a:ab:2c:8b:b1:df:9c:ee:bf:70:52:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=44e888a76e99851b01fb86cec537d4d8e610de16
        Validity
            Not Before: Jan  1 10:44:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c52cbb7033d1fed1d4fa73dbf8bf8ffdcdb9d077
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:9a:63:a7:83:0b:47:58:68:c4:2c:f8:55:14:
                    e3:a9:35:84:d1:c3:b1:dd:9a:6d:16:74:09:81:57:
                    b4:7b:32:49:a4:c7:e4:9a:e2:0b:5a:d9:20:6c:f9:
                    6e:1e:c2:5a:35:03:ce:90:57:82:32:e5:32:70:5f:
                    3e:b4:ef:b4:98:c5:83:05:fb:72:0f:43:ad:2e:ce:
                    25:07:fc:be:77:b3:e8:dc:b7:33:c3:06:fc:fb:b0:
                    f1:81:3b:29:3d:28:2a:aa:41:ba:ce:6c:4c:df:4f:
                    88:a7:c3:8c:62:59:3d:26:4c:5f:36:67:5a:b0:43:
                    0d:88:03:e3:a9:a9:77:ca:59:27:56:70:bf:b4:6b:
                    ec:1f:5b:7c:c0:a6:b6:d3:85:7d:79:59:0f:5b:81:
                    86:cf:a7:7f:2c:49:dd:90:29:72:de:6e:e8:25:d3:
                    a8:9a:b1:c7:eb:01:9d:6b:dc:96:02:36:91:12:21:
                    8e:65:7a:26:31:6c:6e:01:9c:5c:13:b2:b4:b1:4e:
                    88:f9:6e:27:38:8b:62:02:77:c2:9d:6a:7b:18:e6:
                    bf:44:fa:c4:fa:1d:47:8a:e0:d9:16:5b:27:8b:2b:
                    75:91:86:63:b6:85:02:d3:7b:9a:d9:84:77:da:64:
                    71:ac:02:60:a7:f8:05:b6:2d:34:63:60:2a:b5:6b:
                    7a:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:2C:BB:70:33:D1:FE:D1:D4:FA:73:DB:F8:BF:8F:FD:CD:B9:D0:77
            X509v3 Authority Key Identifier:
                keyid:44:E8:88:A7:6E:99:85:1B:01:FB:86:CE:C5:37:D4:D8:E6:10:DE:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ROiIp26ZhRsB-4bOxTfU2OYQ3hY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/82e2ba-442c-42b0-9315-bc0dba932b35/1/xSy7cDPR_tHU-nPb-L-P_c250Hc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/82e2ba-442c-42b0-9315-bc0dba932b35/1/ROiIp26ZhRsB-4bOxTfU2OYQ3hY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.132.248.0/22
                  91.197.36.0/22
                  109.196.168.0/22
                  185.245.245.0/24
                  185.249.0.0/22
                  192.144.24.0/22
                  193.39.88.0/22
                  193.228.12.0/22
                  194.76.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9e:e0:24:60:1d:50:6f:f3:83:7b:0d:4b:a4:fb:cb:2e:ea:0b:
         f6:09:16:36:9b:7f:a0:11:45:7e:4c:47:8f:0f:00:64:33:92:
         44:7f:af:cf:f4:fa:87:89:77:83:30:8a:69:d2:73:5c:29:58:
         1e:6d:13:2f:9d:86:85:1c:a6:e3:e9:ee:cb:90:dd:5c:78:3e:
         1d:67:86:11:f7:3d:24:02:b7:bf:ea:22:3d:e2:4c:c5:0c:4b:
         2f:ee:2d:4c:ce:9c:ce:6e:c0:9b:cf:32:3f:c4:a7:fb:02:ab:
         68:91:9c:ab:28:5c:8e:fd:39:91:38:d5:0a:c6:b9:0e:b3:6f:
         4a:67:ff:09:15:1c:94:cf:a4:26:ad:0b:09:5a:40:0d:0e:d3:
         ad:49:7e:78:78:9d:8f:14:fa:a6:cd:97:12:f2:39:9a:b9:6f:
         f9:52:bb:5b:ed:a7:65:2e:b7:b2:69:fa:7d:01:bb:ac:b7:55:
         bd:53:9d:ea:20:4d:22:42:83:b4:d8:c7:2e:4f:db:d1:13:da:
         56:16:b5:a5:f5:e4:ad:c0:e1:f7:21:ac:7f:40:a1:2f:2e:cf:
         05:72:7f:94:b4:7c:8c:f0:e3:b8:f3:ec:32:5b:f9:9c:9e:eb:
         63:f4:03:6c:1b:af:df:ad:ed:67:10:53:24:10:7b:46:42:ca:
         23:ee:8c:a7
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYVs70LFCqssi7HfnO6/cFKwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0ZTg4OGE3NmU5OTg1MWIwMWZiODZjZWM1MzdkNGQ4ZTYx
MGRlMTYwHhcNMjMwMTAxMTA0NDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTJjYmI3MDMzZDFmZWQxZDRmYTczZGJmOGJmOGZmZGNkYjlkMDc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlppjp4MLR1hoxCz4VRTjqTWE0cOx
3ZptFnQJgVe0ezJJpMfkmuILWtkgbPluHsJaNQPOkFeCMuUycF8+tO+0mMWDBfty
D0OtLs4lB/y+d7Po3Lczwwb8+7DxgTspPSgqqkG6zmxM30+Ip8OMYlk9JkxfNmda
sEMNiAPjqal3ylknVnC/tGvsH1t8wKa204V9eVkPW4GGz6d/LEndkCly3m7oJdOo
mrHH6wGda9yWAjaREiGOZXomMWxuAZxcE7K0sU6I+W4nOItiAnfCnWp7GOa/RPrE
+h1HiuDZFlsniyt1kYZjtoUC03ua2YR32mRxrAJgp/gFti00Y2AqtWt6DQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFMUsu3Az0f7R1Ppz2/i/j/3NudB3MB8GA1UdIwQY
MBaAFEToiKdumYUbAfuGzsU31NjmEN4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUk9pSXAyNlpoUnNCLTRiT3hUZlUyT1lRM2hZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS84MmUyYmEtNDQyYy00MmIwLTkzMTUt
YmMwZGJhOTMyYjM1LzEveFN5N2NEUFJfdEhVLW5QYi1MLVBfYzI1MEhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS84MmUyYmEtNDQyYy00MmIwLTkzMTUtYmMwZGJhOTMyYjM1
LzEvUk9pSXAyNlpoUnNCLTRiT3hUZlUyT1lRM2hZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQCW4T4AwQC
W8UkAwQCbcSoAwQAufX1AwQCufkAAwQCwJAYAwQCwSdYAwQCweQMAwQCwkwgMA0G
CSqGSIb3DQEBCwUAA4IBAQCe4CRgHVBv84N7DUuk+8su6gv2CRY2m3+gEUV+TEeP
DwBkM5JEf6/P9PqHiXeDMIpp0nNcKVgebRMvnYaFHKbj6e7LkN1ceD4dZ4YR9z0k
Are/6iI94kzFDEsv7i1MzpzObsCbzzI/xKf7AqtokZyrKFyO/TmRONUKxrkOs29K
Z/8JFRyUz6QmrQsJWkANDtOtSX54eJ2PFPqmzZcS8jmauW/5Urtb7adlLreyafp9
Abust1W9U53qIE0iQoO02McuT9vRE9pWFrWl9eStwOH3Iax/QKEvLs8Fcn+UtHyM
8OO48+wyW/mcnutj9ANsG6/fre1nEFMkEHtGQsoj7oyn
-----END CERTIFICATE-----