Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/dbfca1-2b94-4d0b-9dd8-1ef9f2319522/1/8lzywOVi5JYGBWHiZhsvYU2vW1U.roa
File:                     8lzywOVi5JYGBWHiZhsvYU2vW1U.roa (raw, json)
Hash identifier:          mWpd99oYZUFnUoVRPLhsNBD1mhjlyEUwRBREOQfgC0o=
Subject key identifier:   F2:5C:F2:C0:E5:62:E4:96:06:05:61:E2:66:1B:2F:61:4D:AF:5B:55
Certificate issuer:       /CN=8f78963b3c4f2dd187c20437df1d7d9c168cab81
Certificate serial:       01857030560A66691C70748C7451D31B12EA
Authority key identifier: 8F:78:96:3B:3C:4F:2D:D1:87:C2:04:37:DF:1D:7D:9C:16:8C:AB:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j3iWOzxPLdGHwgQ33x19nBaMq4E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/dbfca1-2b94-4d0b-9dd8-1ef9f2319522/1/8lzywOVi5JYGBWHiZhsvYU2vW1U.roa
Signing time:             Mon 02 Jan 2023 01:54:53 +0000
ROA not before:           Mon 02 Jan 2023 01:54:53 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     8468
IP address blocks:        81.31.96.0/19 maxlen: 19
                          185.220.12.0/22 maxlen: 22
                          195.74.96.0/19 maxlen: 19
                          87.127.0.0/16 maxlen: 16
                          188.39.0.0/16 maxlen: 16
                          79.143.144.0/20 maxlen: 20
                          84.45.128.0/17 maxlen: 17
                          78.32.0.0/15 maxlen: 15
                          62.249.192.0/18 maxlen: 18
                          2001:4d48::/32 maxlen: 32
                          2001:4d48::/29 maxlen: 29

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 02:31:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:30:56:0a:66:69:1c:70:74:8c:74:51:d3:1b:12:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f78963b3c4f2dd187c20437df1d7d9c168cab81
        Validity
            Not Before: Jan  2 01:54:53 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f25cf2c0e562e496060561e2661b2f614daf5b55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:50:97:4b:b0:c3:0a:ba:d4:ba:16:f4:93:e9:
                    3c:6c:ab:a9:c2:e6:ad:39:46:48:f8:57:22:f5:24:
                    ee:73:53:27:f6:f7:87:d6:7d:d2:53:7d:5d:26:55:
                    ed:2c:a6:b7:af:1d:5a:51:4a:cb:fd:4b:7d:22:59:
                    99:da:9c:f9:3a:9c:0c:27:11:2d:28:7f:4a:df:4d:
                    b9:9e:1d:53:97:f6:d7:7f:ee:59:c2:23:53:d2:fd:
                    87:18:83:0e:5a:b9:0e:f7:05:de:e3:b3:15:02:6b:
                    d1:63:04:78:16:3d:82:6c:c3:83:df:c5:5f:51:cc:
                    6d:e0:e8:97:5c:ee:ea:a5:59:72:1c:63:c7:17:c4:
                    d3:c5:50:75:18:77:88:d6:5e:5e:bc:be:ac:41:bd:
                    c8:21:5a:63:db:16:44:87:92:9e:4b:a7:d6:1b:a8:
                    eb:91:ad:f4:35:3a:2f:b3:a7:cf:8c:5f:96:34:6a:
                    2b:f5:df:53:75:8d:7c:b8:71:fc:07:25:19:a6:f5:
                    37:78:d3:06:d4:bf:81:54:77:55:8e:94:fc:a5:63:
                    ac:e0:dd:b1:3b:23:e8:57:27:3b:f9:15:a8:73:b4:
                    bd:da:46:68:95:f2:16:8c:59:73:00:a9:7c:da:d8:
                    3b:56:27:b0:ed:28:f7:cf:ec:bd:5b:e1:97:69:18:
                    6a:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:5C:F2:C0:E5:62:E4:96:06:05:61:E2:66:1B:2F:61:4D:AF:5B:55
            X509v3 Authority Key Identifier:
                keyid:8F:78:96:3B:3C:4F:2D:D1:87:C2:04:37:DF:1D:7D:9C:16:8C:AB:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j3iWOzxPLdGHwgQ33x19nBaMq4E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/dbfca1-2b94-4d0b-9dd8-1ef9f2319522/1/8lzywOVi5JYGBWHiZhsvYU2vW1U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/dbfca1-2b94-4d0b-9dd8-1ef9f2319522/1/j3iWOzxPLdGHwgQ33x19nBaMq4E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.249.192.0/18
                  78.32.0.0/15
                  79.143.144.0/20
                  81.31.96.0/19
                  84.45.128.0/17
                  87.127.0.0/16
                  185.220.12.0/22
                  188.39.0.0/16
                  195.74.96.0/19
                IPv6:
                  2001:4d48::/29

    Signature Algorithm: sha256WithRSAEncryption
         1a:f4:b5:50:00:3d:98:91:ee:a5:29:00:72:21:78:e2:8b:86:
         b4:44:06:51:ac:1d:ae:62:1e:93:44:90:3d:eb:dc:11:f9:d2:
         03:1b:31:1b:22:d1:f6:31:e0:64:85:04:e9:4f:3d:57:2b:53:
         ba:5e:37:ca:1b:d3:01:12:36:b8:25:af:3e:03:73:73:67:e9:
         fa:d5:5b:93:4c:50:bd:76:72:b4:f9:21:a0:4a:37:ab:da:89:
         3b:98:57:52:99:53:03:64:92:a1:55:7c:19:98:40:cb:1f:ad:
         52:24:f8:94:dc:ab:98:bd:dc:75:33:45:0a:81:80:52:6b:f6:
         ee:43:01:15:97:03:3c:4e:a4:6c:29:5d:42:c5:6d:23:e3:a3:
         af:8e:c5:a5:1a:7b:3c:61:08:a3:bc:92:8e:92:13:d7:7e:45:
         9c:12:d1:84:d3:82:e7:87:d6:fd:9e:be:55:1a:e8:b0:cc:42:
         a5:3e:75:b1:77:64:35:56:aa:e1:00:2c:d5:dd:4b:85:38:b1:
         46:59:cd:18:a6:04:c5:0a:7a:24:26:ca:8c:b9:a6:fc:2c:c8:
         60:dc:29:b0:45:7e:52:39:60:5d:6e:0f:4a:58:dc:fa:02:f9:
         37:8e:27:81:57:58:a3:0a:fb:06:a8:84:8e:39:42:14:32:1d:
         28:7a:30:16
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYVwMFYKZmkccHSMdFHTGxLqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmNzg5NjNiM2M0ZjJkZDE4N2MyMDQzN2RmMWQ3ZDljMTY4
Y2FiODEwHhcNMjMwMTAyMDE1NDUzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjVjZjJjMGU1NjJlNDk2MDYwNTYxZTI2NjFiMmY2MTRkYWY1YjU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhFCXS7DDCrrUuhb0k+k8bKupwuat
OUZI+Fci9STuc1Mn9veH1n3SU31dJlXtLKa3rx1aUUrL/Ut9IlmZ2pz5OpwMJxEt
KH9K3025nh1Tl/bXf+5ZwiNT0v2HGIMOWrkO9wXe47MVAmvRYwR4Fj2CbMOD38Vf
Ucxt4OiXXO7qpVlyHGPHF8TTxVB1GHeI1l5evL6sQb3IIVpj2xZEh5KeS6fWG6jr
ka30NTovs6fPjF+WNGor9d9TdY18uHH8ByUZpvU3eNMG1L+BVHdVjpT8pWOs4N2x
OyPoVyc7+RWoc7S92kZolfIWjFlzAKl82tg7View7Sj3z+y9W+GXaRhqUwIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFPJc8sDlYuSWBgVh4mYbL2FNr1tVMB8GA1UdIwQY
MBaAFI94ljs8Ty3Rh8IEN98dfZwWjKuBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajNpV096eFBMZEdId2dRMzN4MTluQmFNcTRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS9kYmZjYTEtMmI5NC00ZDBiLTlkZDgt
MWVmOWYyMzE5NTIyLzEvOGx6eXdPVmk1SllHQldIaVpoc3ZZVTJ2VzFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS9kYmZjYTEtMmI5NC00ZDBiLTlkZDgtMWVmOWYyMzE5NTIy
LzEvajNpV096eFBMZEdId2dRMzN4MTluQmFNcTRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjA5BAIAATAzAwQGPvnAAwMB
TiADBARPj5ADBAVRH2ADBAdULYADAwBXfwMEArncDAMDALwnAwQFw0pgMA0EAgAC
MAcDBQMgAU1IMA0GCSqGSIb3DQEBCwUAA4IBAQAa9LVQAD2Yke6lKQByIXjii4a0
RAZRrB2uYh6TRJA969wR+dIDGzEbItH2MeBkhQTpTz1XK1O6XjfKG9MBEja4Ja8+
A3NzZ+n61VuTTFC9dnK0+SGgSjer2ok7mFdSmVMDZJKhVXwZmEDLH61SJPiU3KuY
vdx1M0UKgYBSa/buQwEVlwM8TqRsKV1CxW0j46OvjsWlGns8YQijvJKOkhPXfkWc
EtGE04Lnh9b9nr5VGuiwzEKlPnWxd2Q1VqrhACzV3UuFOLFGWc0YpgTFCnokJsqM
uab8LMhg3CmwRX5SOWBdbg9KWNz6Avk3jieBV1ijCvsGqISOOUIUMh0oejAW
-----END CERTIFICATE-----