Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/w8HB9WCyvlsjSEJGhQ5BAsZk_xE.roa
File:                     w8HB9WCyvlsjSEJGhQ5BAsZk_xE.roa (raw, json)
Hash identifier:          G1wS6XziPfcoGLxawRlAaIV6Yb47Rxk8gYqiHZEPEEQ=
Subject key identifier:   C3:C1:C1:F5:60:B2:BE:5B:23:48:42:46:85:0E:41:02:C6:64:FF:11
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       0185737ABBBF4F49E2040801C49962C70FD9
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/w8HB9WCyvlsjSEJGhQ5BAsZk_xE.roa
Signing time:             Mon 02 Jan 2023 17:15:01 +0000
ROA not before:           Mon 02 Jan 2023 17:15:01 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     29119
IP address blocks:        45.146.224.0/22 maxlen: 24
                          185.131.188.0/22 maxlen: 24
                          5.182.72.0/22 maxlen: 24
                          185.151.176.0/22 maxlen: 24
                          185.230.0.0/22 maxlen: 24
                          141.98.52.0/22 maxlen: 24
                          185.114.64.0/22 maxlen: 24
                          185.123.136.0/22 maxlen: 24
                          185.126.232.0/22 maxlen: 24

Validation:               Failed, certificate revoked on Wed 14 Jun 2023 09:37:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:73:7a:bb:bf:4f:49:e2:04:08:01:c4:99:62:c7:0f:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jan  2 17:15:01 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c3c1c1f560b2be5b23484246850e4102c664ff11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:04:ee:aa:88:89:5b:30:aa:41:bb:0b:3f:44:
                    1b:07:9f:97:49:e9:42:db:d5:69:49:3e:59:c9:82:
                    94:5d:ce:dc:51:67:f3:d1:a8:a7:2a:47:91:3f:98:
                    62:29:dc:89:02:d5:a4:9e:ec:ed:49:01:34:98:c7:
                    af:69:a2:48:fb:7c:de:b9:bd:dd:91:e5:9d:a5:ec:
                    45:f8:9f:00:b9:16:3e:21:66:b3:e0:9e:13:bb:03:
                    ed:eb:1e:86:65:27:e2:23:f3:97:79:80:b5:5f:3b:
                    94:12:cc:4a:4e:1d:19:ac:02:c6:59:a9:3d:a6:2c:
                    19:a2:96:2a:c9:58:b4:f1:b7:9f:cb:88:cb:0f:cd:
                    27:57:ef:80:c9:4e:63:c4:f9:46:17:4c:0a:54:c8:
                    1b:08:d7:8c:aa:19:f2:47:fc:41:42:f0:74:97:fa:
                    80:13:2f:e7:36:7a:9b:1d:53:d9:c6:ab:f3:03:18:
                    fe:71:87:3b:7d:74:1b:04:5d:9e:f5:a6:e0:e6:0e:
                    2f:66:8e:05:b6:3b:85:09:f1:06:5d:6b:e0:ca:b7:
                    be:53:c1:68:2f:d2:ad:78:9d:82:02:ac:4f:f9:94:
                    bd:2a:0a:33:70:0a:0d:41:3d:ba:42:7f:b8:6d:c8:
                    b5:47:e7:2a:1b:60:13:ae:0a:be:91:5d:f4:5b:5f:
                    5d:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:C1:C1:F5:60:B2:BE:5B:23:48:42:46:85:0E:41:02:C6:64:FF:11
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/w8HB9WCyvlsjSEJGhQ5BAsZk_xE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.72.0/22
                  45.146.224.0/22
                  141.98.52.0/22
                  185.114.64.0/22
                  185.123.136.0/22
                  185.126.232.0/22
                  185.131.188.0/22
                  185.151.176.0/22
                  185.230.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a4:02:40:05:18:1d:35:4e:49:9a:11:a1:14:c4:b6:16:29:19:
         43:a4:d0:53:cc:a9:2b:57:d9:2b:2a:69:ae:22:68:3d:99:b5:
         f3:48:7c:c8:94:fe:cd:fc:7b:5e:43:47:e5:85:d5:d4:eb:bc:
         9e:68:2c:b5:6d:77:66:c5:4f:1c:fb:7d:ee:a8:01:17:4a:90:
         ea:d2:bd:78:fc:fd:dd:9d:12:b1:32:a8:62:70:7e:da:8b:cc:
         1b:2a:d4:90:4c:3f:98:b7:2d:3b:14:4d:06:3d:d9:f2:c4:30:
         44:02:39:ea:37:57:5f:9c:f7:fb:dc:f8:bf:b3:f5:3f:bd:8e:
         d0:f9:36:2f:94:b3:fe:0c:0e:90:c6:df:dc:ec:15:47:da:1e:
         b5:66:03:ef:86:b7:27:43:bd:7a:6c:45:c2:55:7d:59:5b:75:
         11:18:3e:21:ee:fd:c9:4b:27:25:ec:9d:ed:8c:a6:5f:d0:b6:
         4b:85:35:3e:b7:16:f6:bb:1a:5a:90:c2:bc:01:de:b4:d4:f9:
         4d:08:32:e0:a8:c7:54:df:87:78:cd:48:25:43:74:17:23:b6:
         05:10:d0:06:9a:62:80:2e:c8:6f:7d:f5:b3:85:a1:c8:1c:04:
         b6:95:32:cd:38:0c:fa:c1:db:c6:83:f7:83:8d:5a:33:35:b8:
         52:97:05:a6
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYVzeru/T0niBAgBxJlixw/ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjMwMTAyMTcxNTAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2MxYzFmNTYwYjJiZTViMjM0ODQyNDY4NTBlNDEwMmM2NjRmZjExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApwTuqoiJWzCqQbsLP0QbB5+XSelC
29VpST5ZyYKUXc7cUWfz0ainKkeRP5hiKdyJAtWknuztSQE0mMevaaJI+3zeub3d
keWdpexF+J8AuRY+IWaz4J4TuwPt6x6GZSfiI/OXeYC1XzuUEsxKTh0ZrALGWak9
piwZopYqyVi08befy4jLD80nV++AyU5jxPlGF0wKVMgbCNeMqhnyR/xBQvB0l/qA
Ey/nNnqbHVPZxqvzAxj+cYc7fXQbBF2e9abg5g4vZo4FtjuFCfEGXWvgyre+U8Fo
L9KteJ2CAqxP+ZS9KgozcAoNQT26Qn+4bci1R+cqG2ATrgq+kV30W19d0QIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFMPBwfVgsr5bI0hCRoUOQQLGZP8RMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvdzhIQjlXQ3l2bHNqU0VKR2hRNUJBc1prX3hFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQCBbZIAwQC
LZLgAwQCjWI0AwQCuXJAAwQCuXuIAwQCuX7oAwQCuYO8AwQCuZewAwQCueYAMA0G
CSqGSIb3DQEBCwUAA4IBAQCkAkAFGB01TkmaEaEUxLYWKRlDpNBTzKkrV9krKmmu
Img9mbXzSHzIlP7N/HteQ0flhdXU67yeaCy1bXdmxU8c+33uqAEXSpDq0r14/P3d
nRKxMqhicH7ai8wbKtSQTD+Yty07FE0GPdnyxDBEAjnqN1dfnPf73Pi/s/U/vY7Q
+TYvlLP+DA6Qxt/c7BVH2h61ZgPvhrcnQ716bEXCVX1ZW3URGD4h7v3JSycl7J3t
jKZf0LZLhTU+txb2uxpakMK8Ad601PlNCDLgqMdU34d4zUglQ3QXI7YFENAGmmKA
LshvffWzhaHIHAS2lTLNOAz6wdvGg/eDjVozNbhSlwWm
-----END CERTIFICATE-----