Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/4b6ef4-38ee-4c06-8cb6-76982493ea1a/1/sxWwACbYX8QDmvg_RJnuWdNhNvc.roa
File:                     sxWwACbYX8QDmvg_RJnuWdNhNvc.roa (raw, json)
Hash identifier:          5kvlW5mgGcwlK8h588Z8/GbB9DBgGxx42DTXB+MSu6Q=
Subject key identifier:   B3:15:B0:00:26:D8:5F:C4:03:9A:F8:3F:44:99:EE:59:D3:61:36:F7
Certificate issuer:       /CN=290bcc50a9a33ba5651efd1afe40b6fdb02556f0
Certificate serial:       01893F6CF0B2325397B8C2946EEFC9077D3C
Authority key identifier: 29:0B:CC:50:A9:A3:3B:A5:65:1E:FD:1A:FE:40:B6:FD:B0:25:56:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KQvMUKmjO6VlHv0a_kC2_bAlVvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/4b6ef4-38ee-4c06-8cb6-76982493ea1a/1/sxWwACbYX8QDmvg_RJnuWdNhNvc.roa
Signing time:             Mon 10 Jul 2023 10:50:51 +0000
ROA not before:           Mon 10 Jul 2023 10:50:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     48573
IP address blocks:        94.143.44.0/22 maxlen: 22
                          94.143.40.0/22 maxlen: 22
                          94.143.40.0/21 maxlen: 21
                          185.43.10.0/23 maxlen: 23
                          185.43.8.0/23 maxlen: 23
                          185.43.8.0/22 maxlen: 22
                          95.215.138.0/23 maxlen: 23
                          95.215.136.0/23 maxlen: 23
                          95.215.136.0/22 maxlen: 22
                          193.29.230.0/23 maxlen: 23
                          31.185.0.0/22 maxlen: 22
                          31.185.0.0/21 maxlen: 21
                          31.185.4.0/22 maxlen: 22

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 16:30:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:3f:6c:f0:b2:32:53:97:b8:c2:94:6e:ef:c9:07:7d:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=290bcc50a9a33ba5651efd1afe40b6fdb02556f0
        Validity
            Not Before: Jul 10 10:50:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b315b00026d85fc4039af83f4499ee59d36136f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:8c:c5:70:c8:b1:b0:a1:68:e6:67:ca:37:21:
                    18:64:6c:10:bb:46:cd:56:90:9f:af:ba:01:03:26:
                    9e:06:d9:69:e9:87:c6:06:48:22:fe:cb:f2:94:01:
                    5d:a8:5d:b5:d6:d1:a6:ab:07:4f:da:8b:e3:58:97:
                    91:c7:55:0d:67:e8:20:8a:9c:f9:f8:d8:d8:87:27:
                    b7:79:d5:a4:02:3f:44:00:bf:55:6f:a9:2a:df:12:
                    b4:6b:e9:4b:25:65:af:e3:5b:06:78:c2:f4:52:2b:
                    52:96:2a:d9:d0:6e:f5:11:dc:c2:a5:40:56:ca:17:
                    95:1b:5a:0c:58:ad:23:22:45:6f:69:b3:01:40:3f:
                    86:15:42:92:2c:78:7a:a6:26:fb:1d:d7:d9:82:23:
                    f3:13:e4:4d:96:17:da:46:e1:3e:65:03:4b:fb:83:
                    5d:0f:fa:cc:1b:a7:44:4b:40:7b:28:9e:9b:36:c6:
                    24:d4:37:0e:81:79:df:dc:98:9d:25:5d:59:b0:f2:
                    c6:b6:de:8b:d6:50:f8:dc:ba:68:14:5a:0d:b9:10:
                    9b:37:e2:6e:a3:53:e8:d5:30:41:2a:e5:c3:28:c8:
                    5f:43:a7:bb:4e:e1:1c:6b:84:70:56:13:8f:bf:f7:
                    03:d0:3d:66:58:f4:1c:c2:db:2e:9f:3a:cb:92:37:
                    8a:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:15:B0:00:26:D8:5F:C4:03:9A:F8:3F:44:99:EE:59:D3:61:36:F7
            X509v3 Authority Key Identifier:
                keyid:29:0B:CC:50:A9:A3:3B:A5:65:1E:FD:1A:FE:40:B6:FD:B0:25:56:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KQvMUKmjO6VlHv0a_kC2_bAlVvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/4b6ef4-38ee-4c06-8cb6-76982493ea1a/1/sxWwACbYX8QDmvg_RJnuWdNhNvc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/4b6ef4-38ee-4c06-8cb6-76982493ea1a/1/KQvMUKmjO6VlHv0a_kC2_bAlVvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.185.0.0/21
                  94.143.40.0/21
                  95.215.136.0/22
                  185.43.8.0/22
                  193.29.230.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5a:53:2e:06:c4:0a:b7:0f:4b:6e:c0:bf:d1:2e:94:6f:88:74:
         6b:00:62:5a:40:ee:93:34:95:a1:cd:b9:1b:89:28:e7:98:38:
         18:3f:f9:dd:08:e5:e2:4e:93:7f:be:7e:8b:e1:2d:bc:ab:f6:
         4d:30:d4:72:ab:fb:15:3c:19:45:aa:a4:b2:bc:2d:c0:78:7b:
         3d:96:d1:ba:38:6b:9e:4d:f4:db:0c:4a:55:50:c9:cf:46:cc:
         e9:17:ea:8d:9b:26:51:70:e7:24:6a:34:8e:f2:af:9d:ea:ce:
         81:fb:96:ca:2c:f0:49:f9:2a:f1:4d:d4:71:d0:6e:c8:7f:4a:
         cf:af:75:6d:00:1e:0e:78:68:7e:9c:e0:cf:61:cf:59:8d:68:
         a6:8e:f0:41:11:68:16:e4:d6:5f:b5:7f:99:8c:ba:f7:d5:75:
         45:64:16:e4:94:4c:99:0a:3e:11:ce:ce:af:cb:a3:29:2f:db:
         c4:52:d9:1e:5f:3d:85:e5:9a:2d:aa:dc:4e:c3:7b:a1:b2:bc:
         e6:e4:64:3e:78:e3:39:a3:5e:24:9d:1e:fb:62:a0:5a:09:80:
         18:a5:9e:44:00:92:21:fa:78:89:6f:f8:5b:24:83:7c:75:cd:
         54:f2:71:b6:fc:f6:39:29:46:f0:6d:e7:65:a3:b9:bb:a1:6b:
         9a:91:f1:24
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYk/bPCyMlOXuMKUbu/JB308MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5MGJjYzUwYTlhMzNiYTU2NTFlZmQxYWZlNDBiNmZkYjAy
NTU2ZjAwHhcNMjMwNzEwMTA1MDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzE1YjAwMDI2ZDg1ZmM0MDM5YWY4M2Y0NDk5ZWU1OWQzNjEzNmY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu4zFcMixsKFo5mfKNyEYZGwQu0bN
VpCfr7oBAyaeBtlp6YfGBkgi/svylAFdqF211tGmqwdP2ovjWJeRx1UNZ+ggipz5
+NjYhye3edWkAj9EAL9Vb6kq3xK0a+lLJWWv41sGeML0UitSlirZ0G71EdzCpUBW
yheVG1oMWK0jIkVvabMBQD+GFUKSLHh6pib7HdfZgiPzE+RNlhfaRuE+ZQNL+4Nd
D/rMG6dES0B7KJ6bNsYk1DcOgXnf3JidJV1ZsPLGtt6L1lD43LpoFFoNuRCbN+Ju
o1Po1TBBKuXDKMhfQ6e7TuEca4RwVhOPv/cD0D1mWPQcwtsunzrLkjeK7wIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFLMVsAAm2F/EA5r4P0SZ7lnTYTb3MB8GA1UdIwQY
MBaAFCkLzFCpozulZR79Gv5Atv2wJVbwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1F2TVVLbWpPNlZsSHYwYV9rQzJfYkFsVnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi80YjZlZjQtMzhlZS00YzA2LThjYjYt
NzY5ODI0OTNlYTFhLzEvc3hXd0FDYllYOFFEbXZnX1JKbnVXZE5oTnZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi80YjZlZjQtMzhlZS00YzA2LThjYjYtNzY5ODI0OTNlYTFh
LzEvS1F2TVVLbWpPNlZsSHYwYV9rQzJfYkFsVnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQDH7kAAwQD
Xo8oAwQCX9eIAwQCuSsIAwQBwR3mMA0GCSqGSIb3DQEBCwUAA4IBAQBaUy4GxAq3
D0tuwL/RLpRviHRrAGJaQO6TNJWhzbkbiSjnmDgYP/ndCOXiTpN/vn6L4S28q/ZN
MNRyq/sVPBlFqqSyvC3AeHs9ltG6OGueTfTbDEpVUMnPRszpF+qNmyZRcOckajSO
8q+d6s6B+5bKLPBJ+SrxTdRx0G7If0rPr3VtAB4OeGh+nODPYc9ZjWimjvBBEWgW
5NZftX+ZjLr31XVFZBbklEyZCj4Rzs6vy6MpL9vEUtkeXz2F5ZotqtxOw3uhsrzm
5GQ+eOM5o14knR77YqBaCYAYpZ5EAJIh+niJb/hbJIN8dc1U8nG2/PY5KUbwbedl
o7m7oWuakfEk
-----END CERTIFICATE-----