Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/7a8f3f-304c-4a26-aeca-18bdfe8cc0cd/1/dHyOQQ0vMtyAFDOxCmcj3xVX4h8.roa
File:                     dHyOQQ0vMtyAFDOxCmcj3xVX4h8.roa (raw, json)
Hash identifier:          RtKJ5eeRxqRg7kS84QcpQ0scwJWJGRTELcfZOSYnSeI=
Subject key identifier:   74:7C:8E:41:0D:2F:32:DC:80:14:33:B1:0A:67:23:DF:15:57:E2:1F
Certificate issuer:       /CN=bc663c6e779dae9bdb046854f189fe8c5c3c32e1
Certificate serial:       0186B60BA17226C5738610CE774182413670
Authority key identifier: BC:66:3C:6E:77:9D:AE:9B:DB:04:68:54:F1:89:FE:8C:5C:3C:32:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vGY8bnedrpvbBGhU8Yn-jFw8MuE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/7a8f3f-304c-4a26-aeca-18bdfe8cc0cd/1/dHyOQQ0vMtyAFDOxCmcj3xVX4h8.roa
Signing time:             Mon 06 Mar 2023 08:31:00 +0000
ROA not before:           Mon 06 Mar 2023 08:31:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     47586
IP address blocks:        91.214.56.0/22 maxlen: 24
                          109.235.184.0/21 maxlen: 24
                          37.77.108.0/22 maxlen: 24
                          158.58.128.0/21 maxlen: 24
                          194.114.128.0/22 maxlen: 24
                          146.19.211.0/24 maxlen: 24
                          80.249.204.0/22 maxlen: 24
                          185.30.116.0/22 maxlen: 24
                          93.190.16.0/21 maxlen: 24
                          2a00:b160::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 13 Mar 2023 17:59:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:b6:0b:a1:72:26:c5:73:86:10:ce:77:41:82:41:36:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc663c6e779dae9bdb046854f189fe8c5c3c32e1
        Validity
            Not Before: Mar  6 08:31:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=747c8e410d2f32dc801433b10a6723df1557e21f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:2d:c0:ce:ba:07:37:be:bc:ae:93:38:91:72:
                    24:3e:01:d3:c5:1a:f9:5b:5c:8e:4f:80:e2:d6:71:
                    65:b3:a0:71:b3:47:be:f4:29:1b:6c:de:b5:72:5a:
                    f6:0c:95:02:dd:96:26:8a:6f:1d:2d:a7:29:16:8a:
                    af:e6:eb:14:36:33:73:d6:2c:90:59:a6:0b:10:e3:
                    c9:bb:f4:f5:3e:63:6f:9f:85:13:29:42:2e:9e:76:
                    a2:b1:3f:57:59:57:c2:aa:50:22:0a:6b:d5:0c:1b:
                    d7:c4:9d:51:47:72:97:04:a0:fa:fe:71:a4:c2:92:
                    bf:8d:09:70:2b:51:c6:45:20:98:ca:a6:6c:94:2e:
                    b0:16:45:57:49:18:cd:53:6b:66:ce:1e:a0:b6:9e:
                    fb:1a:4f:cb:6d:fe:85:57:d8:52:5d:2a:18:00:9c:
                    68:34:cf:27:c9:64:03:8e:0e:b5:58:11:e2:21:10:
                    fb:96:64:17:00:d6:a2:9f:7f:e3:2a:f1:05:9b:92:
                    92:5e:21:fe:ad:0b:9e:27:8d:bd:e2:03:d9:ec:46:
                    40:94:b1:ee:7f:7d:1f:3f:50:af:5d:9d:1d:04:34:
                    1f:9d:f3:1f:aa:5b:c5:af:0b:02:a9:37:80:4a:db:
                    78:18:3e:9c:00:b9:15:1f:d4:83:8b:62:b1:29:07:
                    25:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:7C:8E:41:0D:2F:32:DC:80:14:33:B1:0A:67:23:DF:15:57:E2:1F
            X509v3 Authority Key Identifier:
                keyid:BC:66:3C:6E:77:9D:AE:9B:DB:04:68:54:F1:89:FE:8C:5C:3C:32:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vGY8bnedrpvbBGhU8Yn-jFw8MuE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/7a8f3f-304c-4a26-aeca-18bdfe8cc0cd/1/dHyOQQ0vMtyAFDOxCmcj3xVX4h8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/7a8f3f-304c-4a26-aeca-18bdfe8cc0cd/1/vGY8bnedrpvbBGhU8Yn-jFw8MuE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.77.108.0/22
                  80.249.204.0/22
                  91.214.56.0/22
                  93.190.16.0/21
                  109.235.184.0/21
                  146.19.211.0/24
                  158.58.128.0/21
                  185.30.116.0/22
                  194.114.128.0/22
                IPv6:
                  2a00:b160::/32

    Signature Algorithm: sha256WithRSAEncryption
         9d:d5:b8:56:ab:be:d0:43:80:7c:20:be:37:38:d3:13:a9:de:
         ef:8a:37:12:6e:46:33:cf:7e:60:ea:0a:ae:9a:0d:83:b5:df:
         7f:2d:4a:4e:c3:c9:ac:42:f2:e2:dc:51:eb:a1:43:20:99:55:
         56:68:5a:7d:c6:78:81:3f:7b:42:25:26:2c:39:c7:2d:85:05:
         8b:9d:7d:15:1b:ce:c8:6d:04:f5:d8:c5:4c:73:a2:3a:6b:50:
         7e:1f:b7:8e:ce:2a:80:22:72:cf:5b:da:12:0d:7c:fd:dc:53:
         99:7e:03:3f:f1:b6:41:b6:a8:82:7c:c4:3a:dc:28:d2:6a:df:
         57:1b:5f:31:6a:ee:b0:94:ed:f7:fd:58:8a:ea:7e:27:1b:7f:
         bf:17:83:d8:bb:20:89:b5:14:3e:4b:f6:1a:3d:f9:9a:3c:73:
         af:99:48:a0:2b:db:51:4f:2d:b2:e4:15:88:57:72:a0:55:b5:
         cc:1a:d1:cf:65:59:4f:05:7d:cf:22:47:80:24:81:8f:c6:19:
         5f:a5:1a:66:4b:41:a8:53:d6:59:53:a3:54:86:ee:f6:63:d9:
         bf:2a:fc:99:44:df:dd:99:a9:30:2e:1d:4a:12:ee:76:a2:c3:
         37:60:c3:d6:f0:50:6b:d1:bf:f6:74:f9:10:80:d2:e2:51:76:
         e1:d5:1a:fa
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAYa2C6FyJsVzhhDOd0GCQTZwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjNjYzYzZlNzc5ZGFlOWJkYjA0Njg1NGYxODlmZThjNWMz
YzMyZTEwHhcNMjMwMzA2MDgzMTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDdjOGU0MTBkMmYzMmRjODAxNDMzYjEwYTY3MjNkZjE1NTdlMjFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApy3AzroHN768rpM4kXIkPgHTxRr5
W1yOT4Di1nFls6Bxs0e+9CkbbN61clr2DJUC3ZYmim8dLacpFoqv5usUNjNz1iyQ
WaYLEOPJu/T1PmNvn4UTKUIunnaisT9XWVfCqlAiCmvVDBvXxJ1RR3KXBKD6/nGk
wpK/jQlwK1HGRSCYyqZslC6wFkVXSRjNU2tmzh6gtp77Gk/Lbf6FV9hSXSoYAJxo
NM8nyWQDjg61WBHiIRD7lmQXANain3/jKvEFm5KSXiH+rQueJ4294gPZ7EZAlLHu
f30fP1CvXZ0dBDQfnfMfqlvFrwsCqTeAStt4GD6cALkVH9SDi2KxKQclDQIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFHR8jkENLzLcgBQzsQpnI98VV+IfMB8GA1UdIwQY
MBaAFLxmPG53na6b2wRoVPGJ/oxcPDLhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkdZOGJuZWRycHZiQkdoVThZbi1qRnc4TXVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy83YThmM2YtMzA0Yy00YTI2LWFlY2Et
MThiZGZlOGNjMGNkLzEvZEh5T1FRMHZNdHlBRkRPeENtY2ozeFZYNGg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy83YThmM2YtMzA0Yy00YTI2LWFlY2EtMThiZGZlOGNjMGNk
LzEvdkdZOGJuZWRycHZiQkdoVThZbi1qRnc4TXVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQCJU1sAwQC
UPnMAwQCW9Y4AwQDXb4QAwQDbeu4AwQAkhPTAwQDnjqAAwQCuR50AwQCwnKAMA0E
AgACMAcDBQAqALFgMA0GCSqGSIb3DQEBCwUAA4IBAQCd1bhWq77QQ4B8IL43ONMT
qd7vijcSbkYzz35g6gqumg2Dtd9/LUpOw8msQvLi3FHroUMgmVVWaFp9xniBP3tC
JSYsOccthQWLnX0VG87IbQT12MVMc6I6a1B+H7eOziqAInLPW9oSDXz93FOZfgM/
8bZBtqiCfMQ63CjSat9XG18xau6wlO33/ViK6n4nG3+/F4PYuyCJtRQ+S/YaPfma
PHOvmUigK9tRTy2y5BWIV3KgVbXMGtHPZVlPBX3PIkeAJIGPxhlfpRpmS0GoU9ZZ
U6NUhu72Y9m/KvyZRN/dmakwLh1KEu52osM3YMPW8FBr0b/2dPkQgNLiUXbh1Rr6
-----END CERTIFICATE-----