Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/kbnvY5n-gbQ_4cclla9DYr4BCl4.roa
File:                     kbnvY5n-gbQ_4cclla9DYr4BCl4.roa (raw, json)
Hash identifier:          5LS7b3Ka8z7N24ML3eOGw8pQ9J3XiLGMQ2Lgzri81bQ=
Subject key identifier:   91:B9:EF:63:99:FE:81:B4:3F:E1:C7:25:95:AF:43:62:BE:01:0A:5E
Certificate issuer:       /CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Certificate serial:       018A1C2A8DE6F8AF431E09C9F27CE0D87EA0
Authority key identifier: 92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/kbnvY5n-gbQ_4cclla9DYr4BCl4.roa
Signing time:             Tue 22 Aug 2023 07:34:25 +0000
ROA not before:           Tue 22 Aug 2023 07:34:25 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     41976
IP address blocks:        109.74.112.0/21 maxlen: 21
                          213.168.53.0/24 maxlen: 24
                          213.168.54.0/24 maxlen: 24
                          213.168.56.0/21 maxlen: 21
                          213.168.61.0/24 maxlen: 24
                          213.168.60.0/24 maxlen: 24
                          213.168.62.0/24 maxlen: 24
                          213.168.34.0/24 maxlen: 24
                          213.168.36.0/24 maxlen: 24
                          213.168.32.0/21 maxlen: 21
                          213.168.43.0/24 maxlen: 24
                          213.168.40.0/21 maxlen: 21
                          213.168.47.0/24 maxlen: 24
                          213.168.46.0/24 maxlen: 24
                          213.168.49.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 23 Aug 2023 14:41:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:1c:2a:8d:e6:f8:af:43:1e:09:c9:f2:7c:e0:d8:7e:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92d7c2a1072d73507adbf6507de68aaac01785c0
        Validity
            Not Before: Aug 22 07:34:25 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=91b9ef6399fe81b43fe1c72595af4362be010a5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:10:49:24:26:e3:43:b9:fb:17:51:ae:b9:2c:
                    3b:4d:26:63:62:f6:9e:af:e9:fe:46:c0:19:0e:67:
                    79:1f:49:35:ce:69:03:5b:ba:ba:05:db:ce:e2:01:
                    d9:ab:d3:63:09:03:ab:e5:b6:a2:6a:1d:82:2d:8a:
                    b1:d9:aa:21:17:c1:3b:74:96:54:8b:e1:6d:62:19:
                    85:30:cd:5f:4e:e2:0d:3c:f0:f3:9f:5e:36:20:7b:
                    04:d4:ca:67:9d:a3:1b:94:56:f2:a2:f8:8b:89:8e:
                    b9:bc:c6:50:10:89:d2:5e:5f:be:c0:89:7e:51:1b:
                    89:67:bb:68:d2:69:46:3f:8c:96:4e:ac:b3:a5:1a:
                    b2:ff:1b:64:9b:90:1f:5c:50:fc:e1:4b:e5:1f:08:
                    c3:0c:23:6b:e5:ab:34:ba:17:df:1e:a0:2c:72:75:
                    e3:29:5d:12:c1:77:63:1b:3c:90:b5:3f:70:d3:c6:
                    8e:f6:7e:1a:04:b0:37:f5:88:97:16:6b:e5:be:ef:
                    6f:be:89:ae:c7:18:d9:df:56:c2:0b:83:05:23:eb:
                    79:31:0a:ac:ff:2a:56:0c:a4:59:67:72:97:24:93:
                    dc:15:a6:24:00:6e:dd:ba:22:82:70:7e:3b:f9:f5:
                    87:12:c6:72:16:f9:00:48:94:65:fa:09:22:0e:6e:
                    0e:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:B9:EF:63:99:FE:81:B4:3F:E1:C7:25:95:AF:43:62:BE:01:0A:5E
            X509v3 Authority Key Identifier:
                keyid:92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/kbnvY5n-gbQ_4cclla9DYr4BCl4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.74.112.0/21
                  213.168.32.0/20
                  213.168.49.0/24
                  213.168.53.0-213.168.54.255
                  213.168.56.0/21

    Signature Algorithm: sha256WithRSAEncryption
         6c:99:f8:f9:9f:04:33:ba:cc:d8:b1:cc:33:26:95:43:aa:fe:
         76:ad:fc:20:50:b9:c5:49:3e:b4:ca:b9:f3:34:48:91:46:17:
         94:73:b6:2b:79:84:c6:a7:22:97:13:1b:d1:1f:91:78:8f:7b:
         e5:01:0c:35:0e:17:41:5b:ad:03:5d:ee:69:e8:9c:ef:32:9e:
         ce:4c:08:51:66:d0:d4:11:1c:0f:a7:4a:0b:78:d7:e3:13:aa:
         a9:e6:d4:b8:3c:68:c0:9b:04:b5:13:df:62:61:11:12:61:8c:
         37:16:64:0a:a9:9e:b5:84:47:dc:be:a4:d6:93:75:5f:88:be:
         a7:db:80:dd:51:d2:5f:22:a7:e8:2f:1d:d0:85:45:e5:6c:94:
         3a:fa:31:43:cb:11:0b:f4:d1:7f:45:8c:fd:f7:5f:2d:63:e8:
         c1:23:da:61:30:7f:63:49:e9:aa:ed:81:72:ac:5a:39:7c:e4:
         55:06:4c:85:03:d5:65:be:f9:ca:cc:f1:61:2c:0e:56:46:4b:
         3e:36:33:d5:36:d9:24:65:53:56:0b:c2:4c:38:c8:98:26:47:
         cd:91:d2:f7:2f:58:9f:36:2f:46:79:4f:ce:f4:d7:4a:47:25:
         fd:01:3e:49:58:de:42:fb:95:3a:46:51:15:97:d9:e3:49:e7:
         f5:ff:9a:e8
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAYocKo3m+K9DHgnJ8nzg2H6gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZDdjMmExMDcyZDczNTA3YWRiZjY1MDdkZTY4YWFhYzAx
Nzg1YzAwHhcNMjMwODIyMDczNDI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWI5ZWY2Mzk5ZmU4MWI0M2ZlMWM3MjU5NWFmNDM2MmJlMDEwYTVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgRBJJCbjQ7n7F1GuuSw7TSZjYvae
r+n+RsAZDmd5H0k1zmkDW7q6BdvO4gHZq9NjCQOr5baiah2CLYqx2aohF8E7dJZU
i+FtYhmFMM1fTuINPPDzn142IHsE1MpnnaMblFbyoviLiY65vMZQEInSXl++wIl+
URuJZ7to0mlGP4yWTqyzpRqy/xtkm5AfXFD84UvlHwjDDCNr5as0uhffHqAscnXj
KV0SwXdjGzyQtT9w08aO9n4aBLA39YiXFmvlvu9vvomuxxjZ31bCC4MFI+t5MQqs
/ypWDKRZZ3KXJJPcFaYkAG7duiKCcH47+fWHEsZyFvkASJRl+gkiDm4OHQIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFJG572OZ/oG0P+HHJZWvQ2K+AQpeMB8GA1UdIwQY
MBaAFJLXwqEHLXNQetv2UH3miqrAF4XAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTct
ODllNTZjODBkMWQwLzEva2Judlk1bi1nYlFfNGNjbGxhOURZcjRCQ2w0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTctODllNTZjODBkMWQw
LzEva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwQDbUpwAwQE
1aggAwQA1agxMAwDBADVqDUDBADVqDYDBAPVqDgwDQYJKoZIhvcNAQELBQADggEB
AGyZ+PmfBDO6zNixzDMmlUOq/nat/CBQucVJPrTKufM0SJFGF5Rztit5hManIpcT
G9EfkXiPe+UBDDUOF0FbrQNd7mnonO8yns5MCFFm0NQRHA+nSgt41+MTqqnm1Lg8
aMCbBLUT32JhERJhjDcWZAqpnrWER9y+pNaTdV+IvqfbgN1R0l8ip+gvHdCFReVs
lDr6MUPLEQv00X9FjP33Xy1j6MEj2mEwf2NJ6artgXKsWjl85FUGTIUD1WW++crM
8WEsDlZGSz42M9U22SRlU1YLwkw4yJgmR82R0vcvWJ82L0Z5T87010pHJf0BPklY
3kL7lTpGURWX2eNJ5/X/mug=
-----END CERTIFICATE-----