Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/65f4a2-5f69-465b-8891-9c01df7b9e66/1/r7xS81Fz6d9V1ukj6406NZsDXfU.roa
File:                     r7xS81Fz6d9V1ukj6406NZsDXfU.roa (raw, json)
Hash identifier:          Os5o2Ry+LsMm01PQnfGBw3jS14OS9uTv6PpIpYcri9M=
Subject key identifier:   AF:BC:52:F3:51:73:E9:DF:55:D6:E9:23:EB:8D:3A:35:9B:03:5D:F5
Certificate issuer:       /CN=854e103aaec432fc191d49819bd1ab71fe1cfa80
Certificate serial:       01857102DF08D1402E2421E98EDD03BD5A2C
Authority key identifier: 85:4E:10:3A:AE:C4:32:FC:19:1D:49:81:9B:D1:AB:71:FE:1C:FA:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hU4QOq7EMvwZHUmBm9Grcf4c-oA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/65f4a2-5f69-465b-8891-9c01df7b9e66/1/r7xS81Fz6d9V1ukj6406NZsDXfU.roa
Signing time:             Mon 02 Jan 2023 05:44:51 +0000
ROA not before:           Mon 02 Jan 2023 05:44:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     50297
IP address blocks:        46.148.16.0/24 maxlen: 24
                          46.148.17.0/24 maxlen: 24
                          46.148.22.0/24 maxlen: 24
                          46.148.19.0/24 maxlen: 24
                          46.148.20.0/24 maxlen: 24
                          46.148.21.0/24 maxlen: 24
                          46.148.18.0/24 maxlen: 24
                          46.148.26.0/24 maxlen: 24
                          46.148.27.0/24 maxlen: 24
                          46.148.28.0/24 maxlen: 24
                          193.106.28.0/22 maxlen: 22
                          2001:67c:28f8::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 14:34:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:02:df:08:d1:40:2e:24:21:e9:8e:dd:03:bd:5a:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=854e103aaec432fc191d49819bd1ab71fe1cfa80
        Validity
            Not Before: Jan  2 05:44:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=afbc52f35173e9df55d6e923eb8d3a359b035df5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:bd:e7:ee:dc:87:5a:7a:19:11:c5:0f:24:bb:
                    3f:42:44:e3:5e:86:f6:3a:1f:6c:f5:a3:33:17:89:
                    f7:42:0b:3f:0b:19:40:cb:43:26:c6:ee:71:cd:fa:
                    4d:04:08:82:d0:f9:5f:d5:fc:f8:a9:99:81:19:90:
                    e8:a0:24:be:5b:97:c9:08:7c:5a:e0:dd:a4:b5:db:
                    46:d0:66:f1:da:3f:e6:64:f2:02:50:3a:ad:f1:8b:
                    aa:96:56:93:62:70:e6:ee:d2:9f:2b:21:eb:ee:5a:
                    14:4a:55:25:fa:06:4e:7e:b1:d3:87:fa:d8:b8:86:
                    2b:6c:54:27:3d:b7:34:0d:de:13:6b:fd:2c:cf:45:
                    26:40:5b:87:d9:ff:a9:eb:a2:63:07:27:50:00:ae:
                    23:88:fc:0f:a3:33:d3:92:5a:8b:4a:af:79:2f:a9:
                    d9:d6:55:a3:60:97:8c:bd:df:4f:43:fb:17:59:5a:
                    c3:da:18:f2:2f:73:57:ce:38:43:3c:db:27:ee:23:
                    39:e4:9f:bd:36:9c:e4:8d:9a:82:2a:36:52:6c:eb:
                    94:80:3b:51:cc:b5:75:ae:98:b4:be:2f:6c:78:8a:
                    2b:89:64:61:3c:d9:9f:24:24:c0:c8:80:c6:ec:a8:
                    d5:0c:4f:c8:7c:bf:64:1b:b4:de:22:c7:b8:cd:62:
                    2b:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:BC:52:F3:51:73:E9:DF:55:D6:E9:23:EB:8D:3A:35:9B:03:5D:F5
            X509v3 Authority Key Identifier:
                keyid:85:4E:10:3A:AE:C4:32:FC:19:1D:49:81:9B:D1:AB:71:FE:1C:FA:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hU4QOq7EMvwZHUmBm9Grcf4c-oA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/65f4a2-5f69-465b-8891-9c01df7b9e66/1/r7xS81Fz6d9V1ukj6406NZsDXfU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/65f4a2-5f69-465b-8891-9c01df7b9e66/1/hU4QOq7EMvwZHUmBm9Grcf4c-oA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.148.16.0-46.148.22.255
                  46.148.26.0-46.148.28.255
                  193.106.28.0/22
                IPv6:
                  2001:67c:28f8::/48

    Signature Algorithm: sha256WithRSAEncryption
         8b:0b:93:40:4b:9f:6d:1b:6a:5a:6a:d6:d6:13:39:96:d2:58:
         3c:1c:27:69:82:77:54:f8:6a:81:7d:c4:74:f8:ae:c2:d2:d9:
         6d:8e:9a:1d:e3:65:ea:93:0c:35:c7:d8:88:b8:71:a3:e2:fd:
         d9:a5:08:13:30:df:d9:90:23:17:f7:9f:da:73:8c:83:62:36:
         c1:75:eb:7b:c6:42:0e:91:4a:4b:32:5d:0c:15:31:9d:e5:de:
         b0:94:01:98:73:95:09:8c:83:b6:ee:c9:41:cf:82:14:2a:7c:
         71:78:24:83:7c:de:22:64:4e:02:f0:c4:9b:49:65:5d:98:96:
         0e:fc:af:4e:99:0a:a7:37:e5:7d:79:aa:a3:63:bc:77:9c:40:
         38:f2:f4:9b:27:58:6d:b7:64:dd:1e:33:f1:4d:4f:3c:ab:07:
         de:fb:e5:76:65:fc:da:33:3b:9b:89:5d:8f:72:33:98:65:43:
         6c:1e:81:2b:b8:17:7f:ed:e2:ce:97:d7:41:05:4f:f9:61:1c:
         60:71:dc:a0:14:4f:0a:d5:60:c8:44:60:4a:f8:12:22:c8:bf:
         a5:6f:95:05:67:f8:c6:a7:50:e7:34:c7:d7:fc:4c:29:78:f4:
         3d:e2:03:bb:91:fd:5c:4d:01:71:62:53:a1:be:53:d1:17:75:
         a3:64:39:e0
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAYVxAt8I0UAuJCHpjt0DvVosMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1NGUxMDNhYWVjNDMyZmMxOTFkNDk4MTliZDFhYjcxZmUx
Y2ZhODAwHhcNMjMwMTAyMDU0NDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmJjNTJmMzUxNzNlOWRmNTVkNmU5MjNlYjhkM2EzNTliMDM1ZGY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg73n7tyHWnoZEcUPJLs/QkTjXob2
Oh9s9aMzF4n3Qgs/CxlAy0Mmxu5xzfpNBAiC0Plf1fz4qZmBGZDooCS+W5fJCHxa
4N2ktdtG0Gbx2j/mZPICUDqt8YuqllaTYnDm7tKfKyHr7loUSlUl+gZOfrHTh/rY
uIYrbFQnPbc0Dd4Ta/0sz0UmQFuH2f+p66JjBydQAK4jiPwPozPTklqLSq95L6nZ
1lWjYJeMvd9PQ/sXWVrD2hjyL3NXzjhDPNsn7iM55J+9NpzkjZqCKjZSbOuUgDtR
zLV1rpi0vi9seIoriWRhPNmfJCTAyIDG7KjVDE/IfL9kG7TeIse4zWIrUQIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFK+8UvNRc+nfVdbpI+uNOjWbA131MB8GA1UdIwQY
MBaAFIVOEDquxDL8GR1JgZvRq3H+HPqAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFU0UU9xN0VNdndaSFVtQm05R3JjZjRjLW9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi82NWY0YTItNWY2OS00NjViLTg4OTEt
OWMwMWRmN2I5ZTY2LzEvcjd4UzgxRno2ZDlWMXVrajY0MDZOWnNEWGZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi82NWY0YTItNWY2OS00NjViLTg4OTEtOWMwMWRmN2I5ZTY2
LzEvaFU0UU9xN0VNdndaSFVtQm05R3JjZjRjLW9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAoBAIAATAiMAwDBAQulBAD
BAAulBYwDAMEAS6UGgMEAC6UHAMEAsFqHDAPBAIAAjAJAwcAIAEGfCj4MA0GCSqG
SIb3DQEBCwUAA4IBAQCLC5NAS59tG2paatbWEzmW0lg8HCdpgndU+GqBfcR0+K7C
0tltjpod42Xqkww1x9iIuHGj4v3ZpQgTMN/ZkCMX95/ac4yDYjbBdet7xkIOkUpL
Ml0MFTGd5d6wlAGYc5UJjIO27slBz4IUKnxxeCSDfN4iZE4C8MSbSWVdmJYO/K9O
mQqnN+V9eaqjY7x3nEA48vSbJ1htt2TdHjPxTU88qwfe++V2ZfzaMzubiV2PcjOY
ZUNsHoEruBd/7eLOl9dBBU/5YRxgcdygFE8K1WDIRGBK+BIiyL+lb5UFZ/jGp1Dn
NMfX/EwpePQ94gO7kf1cTQFxYlOhvlPRF3WjZDng
-----END CERTIFICATE-----