Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/0ee2ab-07d9-4a81-abf0-e0e4be6696f9/1/2q72ye7eMEJr_YeFQHc0xqv5WjQ.roa
File:                     2q72ye7eMEJr_YeFQHc0xqv5WjQ.roa (raw, json)
Hash identifier:          KrcWkoJgiyiL8bWutZglkjtlfcAs/iiA41kFOafuNFg=
Subject key identifier:   DA:AE:F6:C9:EE:DE:30:42:6B:FD:87:85:40:77:34:C6:AB:F9:5A:34
Certificate issuer:       /CN=586329f307b98285b71d22c7197ec19b701ded67
Certificate serial:       018891413D9AD4F61B19AA815774FB3E2319
Authority key identifier: 58:63:29:F3:07:B9:82:85:B7:1D:22:C7:19:7E:C1:9B:70:1D:ED:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WGMp8we5goW3HSLHGX7Bm3Ad7Wc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/0ee2ab-07d9-4a81-abf0-e0e4be6696f9/1/2q72ye7eMEJr_YeFQHc0xqv5WjQ.roa
Signing time:             Tue 06 Jun 2023 15:09:11 +0000
ROA not before:           Tue 06 Jun 2023 15:09:11 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     42586
IP address blocks:        77.36.128.0/17 maxlen: 20
                          77.36.128.0/19 maxlen: 19
                          77.36.128.0/20 maxlen: 20
                          77.36.128.0/18 maxlen: 18
                          77.36.144.0/20 maxlen: 20
                          77.36.224.0/20 maxlen: 20
                          77.36.224.0/19 maxlen: 19
                          77.36.240.0/20 maxlen: 20
                          77.36.160.0/20 maxlen: 20
                          77.36.160.0/19 maxlen: 19
                          77.36.165.0/24 maxlen: 24
                          185.194.244.0/22 maxlen: 22
                          77.36.166.0/24 maxlen: 24
                          77.36.163.0/24 maxlen: 24
                          77.36.164.0/24 maxlen: 24
                          77.36.176.0/20 maxlen: 20
                          77.36.192.0/20 maxlen: 20
                          77.36.192.0/19 maxlen: 19
                          77.36.192.0/18 maxlen: 18
                          77.36.208.0/20 maxlen: 20

Validation:               Failed, certificate revoked on Tue 06 Jun 2023 15:20:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:91:41:3d:9a:d4:f6:1b:19:aa:81:57:74:fb:3e:23:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=586329f307b98285b71d22c7197ec19b701ded67
        Validity
            Not Before: Jun  6 15:09:11 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=daaef6c9eede30426bfd8785407734c6abf95a34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:93:4f:99:7d:dd:23:95:c7:5f:ea:d3:d8:96:
                    f2:07:fd:02:ff:08:90:fd:a3:59:fc:ae:78:bc:a5:
                    97:3f:a2:eb:4c:30:c0:a7:b6:23:86:8b:27:4c:56:
                    e5:82:c9:a0:07:d9:96:1e:87:0b:9d:2e:91:aa:44:
                    26:f8:3c:a8:b7:10:36:2b:ca:40:ff:14:1f:66:44:
                    62:13:66:37:67:f1:18:b2:b6:63:4f:83:e0:cb:98:
                    02:7e:71:18:d1:ae:ae:09:df:cc:57:f1:ab:9c:a6:
                    6d:35:f6:9e:c8:56:a8:da:6e:0c:3b:57:f7:9d:69:
                    cd:b2:3b:a7:4e:4f:5a:d0:39:44:1d:c7:72:23:f0:
                    bc:41:7c:63:17:36:d3:ce:a3:a0:aa:70:ad:5a:d8:
                    55:53:89:47:de:a8:a9:c9:a1:0d:02:5e:d9:de:58:
                    89:d0:77:4a:48:65:37:4e:5a:dc:64:5f:67:cc:40:
                    47:54:78:bc:bf:f3:15:56:74:32:64:06:81:77:58:
                    b4:99:fb:3e:f5:ef:31:3f:ae:bb:af:76:4c:78:4b:
                    03:dc:96:49:87:a0:1d:02:b4:b3:fa:8e:2c:96:fe:
                    1e:d9:66:92:b1:29:17:81:54:6a:90:bd:6f:50:a0:
                    34:2e:69:71:5b:82:c4:de:ca:f7:bb:28:78:d1:cb:
                    10:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:AE:F6:C9:EE:DE:30:42:6B:FD:87:85:40:77:34:C6:AB:F9:5A:34
            X509v3 Authority Key Identifier:
                keyid:58:63:29:F3:07:B9:82:85:B7:1D:22:C7:19:7E:C1:9B:70:1D:ED:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WGMp8we5goW3HSLHGX7Bm3Ad7Wc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/0ee2ab-07d9-4a81-abf0-e0e4be6696f9/1/2q72ye7eMEJr_YeFQHc0xqv5WjQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/0ee2ab-07d9-4a81-abf0-e0e4be6696f9/1/WGMp8we5goW3HSLHGX7Bm3Ad7Wc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.36.128.0/17
                  185.194.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0a:87:3e:b2:57:03:0a:a6:2d:91:5d:d2:06:79:1c:b7:a7:07:
         89:cc:3d:2e:1a:fb:c6:3e:51:22:dd:e3:ae:e5:17:5c:74:1a:
         e0:8d:3f:31:92:3a:b2:90:1f:7b:15:37:04:63:cf:70:60:0d:
         13:38:84:e1:34:38:a2:39:e3:d4:9e:2b:4c:55:f4:cb:db:9a:
         b7:6a:b9:49:de:7f:c0:8c:18:07:f7:13:06:7a:00:f8:7c:cb:
         6a:b5:8c:b5:e1:6a:78:b7:d8:12:27:54:da:d9:aa:7a:b3:56:
         03:0d:3e:30:62:01:2e:e5:64:c2:27:b5:dd:ee:55:ae:2a:b6:
         aa:c1:1d:7f:26:a0:ea:c6:aa:8b:1d:be:d8:dd:c8:30:c8:6e:
         38:2a:52:24:73:2e:19:ef:88:3f:ae:bd:a3:a2:36:62:90:af:
         55:25:db:00:36:e7:35:09:71:5e:06:3a:79:db:3e:c1:f4:2e:
         6b:57:1c:97:0c:6e:92:40:34:be:69:93:03:64:22:d0:97:f0:
         3c:88:80:4a:3e:81:9c:93:17:d0:af:dc:bf:2f:17:6b:20:2b:
         52:43:42:0d:73:44:b6:1a:fc:72:a6:62:84:20:c5:c9:6c:dc:
         de:7d:79:61:b5:b4:c8:84:dc:6f:15:d3:86:1f:fb:bb:4f:4c:
         24:05:04:07
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYiRQT2a1PYbGaqBV3T7PiMZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4NjMyOWYzMDdiOTgyODViNzFkMjJjNzE5N2VjMTliNzAx
ZGVkNjcwHhcNMjMwNjA2MTUwOTExWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWFlZjZjOWVlZGUzMDQyNmJmZDg3ODU0MDc3MzRjNmFiZjk1YTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgpNPmX3dI5XHX+rT2JbyB/0C/wiQ
/aNZ/K54vKWXP6LrTDDAp7YjhosnTFblgsmgB9mWHocLnS6RqkQm+DyotxA2K8pA
/xQfZkRiE2Y3Z/EYsrZjT4Pgy5gCfnEY0a6uCd/MV/GrnKZtNfaeyFao2m4MO1f3
nWnNsjunTk9a0DlEHcdyI/C8QXxjFzbTzqOgqnCtWthVU4lH3qipyaENAl7Z3liJ
0HdKSGU3TlrcZF9nzEBHVHi8v/MVVnQyZAaBd1i0mfs+9e8xP667r3ZMeEsD3JZJ
h6AdArSz+o4slv4e2WaSsSkXgVRqkL1vUKA0LmlxW4LE3sr3uyh40csQiQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNqu9snu3jBCa/2HhUB3NMar+Vo0MB8GA1UdIwQY
MBaAFFhjKfMHuYKFtx0ixxl+wZtwHe1nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0dNcDh3ZTVnb1czSFNMSEdYN0JtM0FkN1djLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8wZWUyYWItMDdkOS00YTgxLWFiZjAt
ZTBlNGJlNjY5NmY5LzEvMnE3MnllN2VNRUpyX1llRlFIYzB4cXY1V2pRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8wZWUyYWItMDdkOS00YTgxLWFiZjAtZTBlNGJlNjY5NmY5
LzEvV0dNcDh3ZTVnb1czSFNMSEdYN0JtM0FkN1djLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQHTSSAAwQC
ucL0MA0GCSqGSIb3DQEBCwUAA4IBAQAKhz6yVwMKpi2RXdIGeRy3pweJzD0uGvvG
PlEi3eOu5RdcdBrgjT8xkjqykB97FTcEY89wYA0TOIThNDiiOePUnitMVfTL25q3
arlJ3n/AjBgH9xMGegD4fMtqtYy14Wp4t9gSJ1Ta2ap6s1YDDT4wYgEu5WTCJ7Xd
7lWuKraqwR1/JqDqxqqLHb7Y3cgwyG44KlIkcy4Z74g/rr2jojZikK9VJdsANuc1
CXFeBjp52z7B9C5rVxyXDG6SQDS+aZMDZCLQl/A8iIBKPoGckxfQr9y/LxdrICtS
Q0INc0S2GvxypmKEIMXJbNzefXlhtbTIhNxvFdOGH/u7T0wkBQQH
-----END CERTIFICATE-----