Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/1d9b05-ec61-4c33-a097-36ae76ee983e/1/PrLyHlE-xTtxa3zRXCfZft0cvzc.roa
File:                     PrLyHlE-xTtxa3zRXCfZft0cvzc.roa (raw, json)
Hash identifier:          wpu3AXzq5GfClRfy+hLRZDhFc/Bx5OHpCW3db6QxFas=
Subject key identifier:   3E:B2:F2:1E:51:3E:C5:3B:71:6B:7C:D1:5C:27:D9:7E:DD:1C:BF:37
Certificate issuer:       /CN=4b529a4d22faef23135d6eff8912266623c49255
Certificate serial:       018953FD3E85F2FF501FC7B978B6AF07EF76
Authority key identifier: 4B:52:9A:4D:22:FA:EF:23:13:5D:6E:FF:89:12:26:66:23:C4:92:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S1KaTSL67yMTXW7_iRImZiPEklU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/1d9b05-ec61-4c33-a097-36ae76ee983e/1/PrLyHlE-xTtxa3zRXCfZft0cvzc.roa
Signing time:             Fri 14 Jul 2023 10:40:52 +0000
ROA not before:           Fri 14 Jul 2023 10:40:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     42705
IP address blocks:        80.251.0.0/20 maxlen: 20
                          80.251.10.0/24 maxlen: 24
                          80.251.11.0/24 maxlen: 24
                          85.31.64.0/19 maxlen: 24
                          5.11.16.0/24 maxlen: 24
                          5.11.17.0/24 maxlen: 24
                          5.11.16.0/22 maxlen: 22
                          5.11.18.0/24 maxlen: 24
                          5.11.24.0/23 maxlen: 23
                          5.11.24.0/21 maxlen: 21
                          5.11.24.0/24 maxlen: 24
                          5.11.28.0/22 maxlen: 22
                          5.11.26.0/23 maxlen: 23
                          5.11.25.0/24 maxlen: 24
                          5.11.28.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 19 Jul 2023 11:16:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:53:fd:3e:85:f2:ff:50:1f:c7:b9:78:b6:af:07:ef:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b529a4d22faef23135d6eff8912266623c49255
        Validity
            Not Before: Jul 14 10:40:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3eb2f21e513ec53b716b7cd15c27d97edd1cbf37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:06:e8:3e:8f:cc:e3:a4:da:c2:5b:26:66:34:
                    c3:26:c5:b6:fc:3f:59:fc:f8:26:e3:70:f2:2a:a9:
                    87:32:fc:89:66:0a:8b:73:90:54:b6:20:8c:24:be:
                    0b:ec:ad:42:f6:a0:8c:fc:ab:49:57:4e:db:47:c2:
                    2a:44:01:bb:7d:3f:c9:60:da:63:b2:d3:bf:1f:7d:
                    b4:29:3d:7e:68:44:f7:b4:18:b0:91:f1:46:0d:26:
                    f5:ff:7c:c4:9f:58:48:2f:74:07:87:eb:a4:19:a0:
                    b0:73:ad:cc:51:46:ba:ea:00:1d:cf:3c:19:da:4b:
                    c8:a8:5e:3b:d1:d4:8a:42:28:53:9c:cd:1b:4c:f6:
                    c6:0c:b7:96:79:a1:c2:c7:b4:75:b5:ca:7f:8c:6c:
                    e8:cc:3c:2a:7b:00:55:b1:0b:e4:de:14:8f:a5:3f:
                    43:88:da:8b:73:40:ec:be:75:bd:96:df:1d:88:ac:
                    78:ca:ea:db:63:db:a6:f4:06:06:c2:5c:9f:4f:83:
                    67:f5:56:f8:3f:70:8c:15:d8:10:b3:62:e5:cd:b3:
                    7f:76:ac:61:3b:3b:77:5c:b7:02:7e:e7:a6:dd:10:
                    4b:3a:f7:9d:7a:5a:45:7b:82:9b:a6:7a:17:ba:af:
                    7b:d8:f8:4b:93:be:35:8f:2a:82:ed:2a:57:b8:12:
                    eb:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:B2:F2:1E:51:3E:C5:3B:71:6B:7C:D1:5C:27:D9:7E:DD:1C:BF:37
            X509v3 Authority Key Identifier:
                keyid:4B:52:9A:4D:22:FA:EF:23:13:5D:6E:FF:89:12:26:66:23:C4:92:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S1KaTSL67yMTXW7_iRImZiPEklU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/1d9b05-ec61-4c33-a097-36ae76ee983e/1/PrLyHlE-xTtxa3zRXCfZft0cvzc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/1d9b05-ec61-4c33-a097-36ae76ee983e/1/S1KaTSL67yMTXW7_iRImZiPEklU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.11.16.0/22
                  5.11.24.0/21
                  80.251.0.0/20
                  85.31.64.0/19

    Signature Algorithm: sha256WithRSAEncryption
         2b:12:09:82:ab:89:1f:96:e2:3c:0c:f1:d9:43:b9:40:b2:31:
         a2:7c:fc:6e:00:e2:8e:19:e6:94:95:49:f1:53:54:55:a4:41:
         54:2b:d1:18:f0:ae:75:fe:fd:22:bb:50:ff:9f:ae:72:46:3c:
         bf:b0:81:f8:60:56:46:f7:51:77:80:c1:5f:25:59:71:62:7d:
         6d:cb:18:57:3b:49:9c:ba:e6:26:cc:69:a5:c0:a4:86:95:68:
         d5:ba:30:be:16:f5:61:b0:52:77:be:2f:e8:3e:ee:b9:e2:fc:
         6f:76:49:f3:04:28:17:66:47:f9:44:24:d1:ca:2c:33:c2:07:
         f4:6c:d3:07:96:8d:81:bb:5b:d4:2c:9e:5e:0c:e2:35:eb:f1:
         a6:5d:25:2e:5b:6d:77:cb:90:83:17:49:82:ac:66:10:b2:11:
         61:cc:0a:e8:54:25:82:8b:af:c6:c8:36:15:13:36:d8:25:30:
         fc:ce:a9:12:94:61:15:dd:1a:2c:6e:13:84:cf:f0:fd:46:35:
         b9:d2:52:66:09:20:0a:2e:b9:0b:5b:92:47:5c:0c:95:53:14:
         0b:f6:2a:2e:1c:2c:47:51:72:8b:2a:02:fa:aa:23:09:dd:8b:
         80:01:93:13:45:b6:f1:f5:9e:b3:53:5f:de:2b:53:59:22:94:
         40:fa:95:74
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYlT/T6F8v9QH8e5eLavB+92MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiNTI5YTRkMjJmYWVmMjMxMzVkNmVmZjg5MTIyNjY2MjNj
NDkyNTUwHhcNMjMwNzE0MTA0MDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWIyZjIxZTUxM2VjNTNiNzE2YjdjZDE1YzI3ZDk3ZWRkMWNiZjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApgboPo/M46TawlsmZjTDJsW2/D9Z
/Pgm43DyKqmHMvyJZgqLc5BUtiCMJL4L7K1C9qCM/KtJV07bR8IqRAG7fT/JYNpj
stO/H320KT1+aET3tBiwkfFGDSb1/3zEn1hIL3QHh+ukGaCwc63MUUa66gAdzzwZ
2kvIqF470dSKQihTnM0bTPbGDLeWeaHCx7R1tcp/jGzozDwqewBVsQvk3hSPpT9D
iNqLc0DsvnW9lt8diKx4yurbY9um9AYGwlyfT4Nn9Vb4P3CMFdgQs2LlzbN/dqxh
Ozt3XLcCfuem3RBLOvedelpFe4KbpnoXuq972PhLk741jyqC7SpXuBLr+wIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFD6y8h5RPsU7cWt80Vwn2X7dHL83MB8GA1UdIwQY
MBaAFEtSmk0i+u8jE11u/4kSJmYjxJJVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzFLYVRTTDY3eU1UWFc3X2lSSW1aaVBFa2xVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy8xZDliMDUtZWM2MS00YzMzLWEwOTct
MzZhZTc2ZWU5ODNlLzEvUHJMeUhsRS14VHR4YTN6UlhDZlpmdDBjdnpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy8xZDliMDUtZWM2MS00YzMzLWEwOTctMzZhZTc2ZWU5ODNl
LzEvUzFLYVRTTDY3eU1UWFc3X2lSSW1aaVBFa2xVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCBQsQAwQD
BQsYAwQEUPsAAwQFVR9AMA0GCSqGSIb3DQEBCwUAA4IBAQArEgmCq4kfluI8DPHZ
Q7lAsjGifPxuAOKOGeaUlUnxU1RVpEFUK9EY8K51/v0iu1D/n65yRjy/sIH4YFZG
91F3gMFfJVlxYn1tyxhXO0mcuuYmzGmlwKSGlWjVujC+FvVhsFJ3vi/oPu654vxv
dknzBCgXZkf5RCTRyiwzwgf0bNMHlo2Bu1vULJ5eDOI16/GmXSUuW213y5CDF0mC
rGYQshFhzAroVCWCi6/GyDYVEzbYJTD8zqkSlGEV3RosbhOEz/D9RjW50lJmCSAK
LrkLW5JHXAyVUxQL9iouHCxHUXKLKgL6qiMJ3YuAAZMTRbbx9Z6zU1/eK1NZIpRA
+pV0
-----END CERTIFICATE-----