Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/1d9b05-ec61-4c33-a097-36ae76ee983e/1/PeBHui44uYyBpE3y1swzj9ucc2c.roa
File:                     PeBHui44uYyBpE3y1swzj9ucc2c.roa (raw, json)
Hash identifier:          YLEeYgEeiPBYHkR65n4WCD1tQBAzjKkzcSyP/lwm6t8=
Subject key identifier:   3D:E0:47:BA:2E:38:B9:8C:81:A4:4D:F2:D6:CC:33:8F:DB:9C:73:67
Certificate issuer:       /CN=4b529a4d22faef23135d6eff8912266623c49255
Certificate serial:       0189F30157123DD1838B4D119BF8AF85971D
Authority key identifier: 4B:52:9A:4D:22:FA:EF:23:13:5D:6E:FF:89:12:26:66:23:C4:92:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S1KaTSL67yMTXW7_iRImZiPEklU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/1d9b05-ec61-4c33-a097-36ae76ee983e/1/PeBHui44uYyBpE3y1swzj9ucc2c.roa
Signing time:             Mon 14 Aug 2023 07:44:58 +0000
ROA not before:           Mon 14 Aug 2023 07:44:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     42705
IP address blocks:        80.251.0.0/20 maxlen: 20
                          80.251.10.0/24 maxlen: 24
                          80.251.11.0/24 maxlen: 24
                          85.31.64.0/19 maxlen: 24
                          5.11.16.0/24 maxlen: 24
                          5.11.17.0/24 maxlen: 24
                          5.11.16.0/22 maxlen: 22
                          5.11.18.0/24 maxlen: 24
                          5.11.24.0/23 maxlen: 23
                          5.11.24.0/21 maxlen: 21
                          5.11.21.0/24 maxlen: 24
                          5.11.24.0/24 maxlen: 24
                          5.11.26.0/23 maxlen: 23
                          5.11.25.0/24 maxlen: 24
                          5.11.26.0/24 maxlen: 24
                          5.11.27.0/24 maxlen: 24
                          5.11.28.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 15 Aug 2023 13:04:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:f3:01:57:12:3d:d1:83:8b:4d:11:9b:f8:af:85:97:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b529a4d22faef23135d6eff8912266623c49255
        Validity
            Not Before: Aug 14 07:44:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3de047ba2e38b98c81a44df2d6cc338fdb9c7367
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:17:8e:91:01:a0:20:68:ca:f6:f8:fe:bc:8c:
                    c5:55:11:26:16:8d:9c:73:80:d3:34:9d:2d:42:d3:
                    06:46:62:fd:b6:e0:1e:03:93:0f:cd:16:36:88:79:
                    ad:b9:5f:88:73:d3:b9:e0:af:33:86:2a:27:73:01:
                    d2:6b:53:03:9d:3a:1c:00:5e:04:a8:76:19:49:f9:
                    ef:00:95:9c:1b:2a:41:f1:6e:2d:eb:5a:6f:3c:b0:
                    cf:e3:d8:c4:6d:b3:b0:dd:98:38:eb:df:0c:18:4b:
                    a5:a0:b0:63:87:8f:27:ef:2a:bd:5d:d7:fa:b0:38:
                    46:da:d3:b9:e5:c9:f8:ac:af:fc:d0:29:2b:b2:5a:
                    35:eb:75:8e:76:12:b5:7c:6c:cc:ce:6f:4d:76:ed:
                    f2:41:42:90:a4:fc:a5:b6:ca:14:5b:7f:9a:81:50:
                    81:7e:4b:0f:fc:be:a9:d9:ca:b2:2f:8b:4d:0d:d8:
                    0f:61:0b:b9:81:13:07:79:6c:be:4f:e4:a6:18:d2:
                    6e:e6:0b:96:95:0d:2e:14:f6:ad:8c:c5:74:c4:07:
                    8b:d0:eb:5d:ee:7a:65:25:44:45:7a:05:13:5d:63:
                    c7:a7:c5:d5:ec:a9:67:7c:55:5d:99:a1:89:0d:2a:
                    0c:8f:5e:76:b5:8a:f7:8c:88:14:3c:0e:4c:64:28:
                    72:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:E0:47:BA:2E:38:B9:8C:81:A4:4D:F2:D6:CC:33:8F:DB:9C:73:67
            X509v3 Authority Key Identifier:
                keyid:4B:52:9A:4D:22:FA:EF:23:13:5D:6E:FF:89:12:26:66:23:C4:92:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S1KaTSL67yMTXW7_iRImZiPEklU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/1d9b05-ec61-4c33-a097-36ae76ee983e/1/PeBHui44uYyBpE3y1swzj9ucc2c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/1d9b05-ec61-4c33-a097-36ae76ee983e/1/S1KaTSL67yMTXW7_iRImZiPEklU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.11.16.0/22
                  5.11.21.0/24
                  5.11.24.0/21
                  80.251.0.0/20
                  85.31.64.0/19

    Signature Algorithm: sha256WithRSAEncryption
         21:00:5e:c5:af:aa:68:23:93:e9:1e:dc:2a:a6:4f:92:b5:6a:
         70:ee:30:81:b3:94:9d:4e:8b:28:f6:c2:57:85:e1:fc:00:9f:
         3b:be:99:a9:2f:06:f9:8a:bf:f9:87:ca:25:29:73:65:a8:70:
         68:9f:4e:23:d3:65:d1:dc:02:f1:dc:be:4b:69:e9:f7:fb:22:
         9d:58:2d:32:65:6b:0f:a4:a0:f0:ae:23:ba:de:1c:2f:36:6e:
         c9:68:12:8b:16:ec:5e:fb:7a:37:e5:a0:41:13:cb:b6:1e:c8:
         29:5c:78:77:8f:48:74:12:02:46:e8:3d:ca:b2:38:89:3e:52:
         f7:12:80:e1:d3:10:fe:4a:19:13:8d:f2:9d:38:e8:29:9d:d4:
         0d:04:d4:5b:59:60:78:94:28:80:e6:d6:4a:da:41:6b:56:0c:
         51:fe:1d:23:70:94:cf:ea:79:54:a5:37:d2:54:d4:8b:cb:08:
         e9:14:2e:a3:4f:5a:11:75:32:01:68:4a:c3:6d:ce:36:9f:04:
         aa:c7:b4:0e:00:df:be:01:c0:0e:c5:1f:e2:1c:0d:b7:45:43:
         63:94:4f:f8:e9:ba:52:c1:8c:90:82:c8:d2:78:5a:da:b7:64:
         af:67:40:ac:5a:e5:a8:c6:c0:3b:4b:ae:9f:04:6c:c9:4b:c8:
         35:85:b1:73
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYnzAVcSPdGDi00Rm/ivhZcdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiNTI5YTRkMjJmYWVmMjMxMzVkNmVmZjg5MTIyNjY2MjNj
NDkyNTUwHhcNMjMwODE0MDc0NDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGUwNDdiYTJlMzhiOThjODFhNDRkZjJkNmNjMzM4ZmRiOWM3MzY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjReOkQGgIGjK9vj+vIzFVREmFo2c
c4DTNJ0tQtMGRmL9tuAeA5MPzRY2iHmtuV+Ic9O54K8zhioncwHSa1MDnTocAF4E
qHYZSfnvAJWcGypB8W4t61pvPLDP49jEbbOw3Zg4698MGEuloLBjh48n7yq9Xdf6
sDhG2tO55cn4rK/80Ckrslo163WOdhK1fGzMzm9Ndu3yQUKQpPyltsoUW3+agVCB
fksP/L6p2cqyL4tNDdgPYQu5gRMHeWy+T+SmGNJu5guWlQ0uFPatjMV0xAeL0Otd
7nplJURFegUTXWPHp8XV7KlnfFVdmaGJDSoMj152tYr3jIgUPA5MZChyUQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFD3gR7ouOLmMgaRN8tbMM4/bnHNnMB8GA1UdIwQY
MBaAFEtSmk0i+u8jE11u/4kSJmYjxJJVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzFLYVRTTDY3eU1UWFc3X2lSSW1aaVBFa2xVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy8xZDliMDUtZWM2MS00YzMzLWEwOTct
MzZhZTc2ZWU5ODNlLzEvUGVCSHVpNDR1WXlCcEUzeTFzd3pqOXVjYzJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy8xZDliMDUtZWM2MS00YzMzLWEwOTctMzZhZTc2ZWU5ODNl
LzEvUzFLYVRTTDY3eU1UWFc3X2lSSW1aaVBFa2xVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQCBQsQAwQA
BQsVAwQDBQsYAwQEUPsAAwQFVR9AMA0GCSqGSIb3DQEBCwUAA4IBAQAhAF7Fr6po
I5PpHtwqpk+StWpw7jCBs5SdToso9sJXheH8AJ87vpmpLwb5ir/5h8olKXNlqHBo
n04j02XR3ALx3L5Laen3+yKdWC0yZWsPpKDwriO63hwvNm7JaBKLFuxe+3o35aBB
E8u2HsgpXHh3j0h0EgJG6D3KsjiJPlL3EoDh0xD+ShkTjfKdOOgpndQNBNRbWWB4
lCiA5tZK2kFrVgxR/h0jcJTP6nlUpTfSVNSLywjpFC6jT1oRdTIBaErDbc42nwSq
x7QOAN++AcAOxR/iHA23RUNjlE/46bpSwYyQgsjSeFrat2SvZ0CsWuWoxsA7S66f
BGzJS8g1hbFz
-----END CERTIFICATE-----