Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/30282c-3c82-4730-b95e-e745948983ed/1/TkS9CMo2HQngEeFVNik2MxA5xpg.roa
File:                     TkS9CMo2HQngEeFVNik2MxA5xpg.roa (raw, json)
Hash identifier:          K74B3Wh5hxBQ+OSlWnfcVIslhFWpEU9wnAhkn62beto=
Subject key identifier:   4E:44:BD:08:CA:36:1D:09:E0:11:E1:55:36:29:36:33:10:39:C6:98
Certificate issuer:       /CN=09e5518e68467b4290c3509268b6d6d664962c86
Certificate serial:       01857355E414AEE9EDD1C265DCC850E19115
Authority key identifier: 09:E5:51:8E:68:46:7B:42:90:C3:50:92:68:B6:D6:D6:64:96:2C:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CeVRjmhGe0KQw1CSaLbW1mSWLIY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/30282c-3c82-4730-b95e-e745948983ed/1/TkS9CMo2HQngEeFVNik2MxA5xpg.roa
Signing time:             Mon 02 Jan 2023 16:34:46 +0000
ROA not before:           Mon 02 Jan 2023 16:34:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     31515
IP address blocks:        161.30.33.0/24 maxlen: 24
                          161.30.40.0/23 maxlen: 23
                          161.30.5.0/24 maxlen: 24
                          161.30.7.0/24 maxlen: 24
                          161.30.12.0/22 maxlen: 22
                          161.30.16.0/22 maxlen: 22
                          161.30.22.0/23 maxlen: 23
                          161.30.237.0/24 maxlen: 24
                          161.30.238.0/24 maxlen: 24
                          161.30.236.0/22 maxlen: 24
                          2a11:ae00::/32 maxlen: 32

Validation:               Failed, certificate revoked on Wed 18 Jan 2023 12:20:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:73:55:e4:14:ae:e9:ed:d1:c2:65:dc:c8:50:e1:91:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=09e5518e68467b4290c3509268b6d6d664962c86
        Validity
            Not Before: Jan  2 16:34:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4e44bd08ca361d09e011e155362936331039c698
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:b9:c3:30:3f:f3:cc:76:91:d1:48:84:7c:fa:
                    79:fb:d5:f8:bf:eb:85:c0:d7:f1:98:72:04:9f:6d:
                    cb:fc:75:0b:74:3d:51:4c:98:dd:76:50:91:ae:a9:
                    36:bf:26:7e:d8:37:f2:45:ee:24:a6:c6:03:d0:80:
                    5e:ab:b0:df:36:89:98:d6:09:a2:c2:e7:e5:19:9a:
                    f5:e8:b1:d5:6b:2d:5e:a3:df:f5:c8:3e:92:a0:00:
                    37:2e:e2:c9:c7:34:e6:59:e8:4f:b7:63:e4:8f:b9:
                    90:e3:9c:1f:61:d3:6a:d5:e3:b5:8d:f4:fd:3c:bb:
                    7e:38:a7:2e:43:ea:fe:cd:56:13:9d:e1:54:1e:e2:
                    77:5c:c3:26:23:65:b3:7e:d2:37:5a:4d:fd:06:d1:
                    76:68:77:7a:dd:24:d6:c4:ee:a9:bf:41:ab:89:4c:
                    28:e9:11:69:d6:5b:87:7e:15:6a:ff:25:77:2c:94:
                    37:52:76:58:20:ac:72:3d:c2:05:fe:5c:48:50:f2:
                    cb:72:c1:a2:f7:99:1c:b7:11:2b:51:51:ab:a6:c8:
                    1d:91:88:58:c8:9c:3c:87:d6:8d:02:df:b3:5a:04:
                    b3:80:ff:6c:0d:22:2b:50:51:7f:72:ef:c4:f9:e9:
                    16:c7:b1:2c:d9:46:17:07:73:c8:39:cb:17:54:c6:
                    a5:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:44:BD:08:CA:36:1D:09:E0:11:E1:55:36:29:36:33:10:39:C6:98
            X509v3 Authority Key Identifier:
                keyid:09:E5:51:8E:68:46:7B:42:90:C3:50:92:68:B6:D6:D6:64:96:2C:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CeVRjmhGe0KQw1CSaLbW1mSWLIY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/30282c-3c82-4730-b95e-e745948983ed/1/TkS9CMo2HQngEeFVNik2MxA5xpg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/30282c-3c82-4730-b95e-e745948983ed/1/CeVRjmhGe0KQw1CSaLbW1mSWLIY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  161.30.5.0/24
                  161.30.7.0/24
                  161.30.12.0-161.30.19.255
                  161.30.22.0/23
                  161.30.33.0/24
                  161.30.40.0/23
                  161.30.236.0/22
                IPv6:
                  2a11:ae00::/32

    Signature Algorithm: sha256WithRSAEncryption
         7c:de:b3:8b:cd:4d:ad:0b:cb:22:78:7a:b8:c0:b9:bb:6a:10:
         c3:66:3b:6c:dc:f4:2f:09:d1:61:35:7c:10:f2:33:27:7e:9e:
         f9:2f:1b:c0:b3:aa:31:bd:42:2f:50:70:9f:02:72:b4:a0:7e:
         d3:44:26:71:c2:4b:9b:69:81:48:53:10:ed:b9:30:84:f3:d3:
         d0:be:13:b2:b7:70:42:d2:dd:d2:6b:a4:18:72:ec:5a:70:81:
         f6:b3:37:8c:05:48:3e:f7:f9:08:d5:9e:a3:cb:5b:f6:71:65:
         40:5c:fb:9a:e5:d6:44:ee:37:17:eb:fe:4c:24:51:36:3d:82:
         f8:07:f0:61:1a:35:e8:00:d2:c0:33:88:18:91:16:2f:cb:98:
         cf:df:d5:53:bc:5d:89:10:90:8f:04:fa:34:3b:53:20:84:ae:
         6e:96:cb:e4:7e:b3:96:ae:24:b0:3c:0d:ff:61:22:10:3e:17:
         22:18:d9:34:a8:1c:97:d7:ab:b7:f1:3c:74:2c:f8:1e:c4:f9:
         6b:cd:79:14:c1:d0:c2:00:87:e9:a4:36:fd:88:69:2a:3e:c5:
         bc:6c:87:74:71:23:2d:64:a7:bb:a9:71:e8:ee:5a:33:20:ca:
         13:97:7a:f8:5f:c6:bd:90:af:f0:4e:9e:60:6a:88:13:7e:83:
         d5:0a:02:16
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgISAYVzVeQUrunt0cJl3MhQ4ZEVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5ZTU1MThlNjg0NjdiNDI5MGMzNTA5MjY4YjZkNmQ2NjQ5
NjJjODYwHhcNMjMwMTAyMTYzNDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTQ0YmQwOGNhMzYxZDA5ZTAxMWUxNTUzNjI5MzYzMzEwMzljNjk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlrnDMD/zzHaR0UiEfPp5+9X4v+uF
wNfxmHIEn23L/HULdD1RTJjddlCRrqk2vyZ+2DfyRe4kpsYD0IBeq7DfNomY1gmi
wuflGZr16LHVay1eo9/1yD6SoAA3LuLJxzTmWehPt2Pkj7mQ45wfYdNq1eO1jfT9
PLt+OKcuQ+r+zVYTneFUHuJ3XMMmI2WzftI3Wk39BtF2aHd63STWxO6pv0GriUwo
6RFp1luHfhVq/yV3LJQ3UnZYIKxyPcIF/lxIUPLLcsGi95kctxErUVGrpsgdkYhY
yJw8h9aNAt+zWgSzgP9sDSIrUFF/cu/E+ekWx7Es2UYXB3PIOcsXVMal3wIDAQAB
o4ICRDCCAkAwHQYDVR0OBBYEFE5EvQjKNh0J4BHhVTYpNjMQOcaYMB8GA1UdIwQY
MBaAFAnlUY5oRntCkMNQkmi21tZkliyGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2VWUmptaEdlMEtRdzFDU2FMYlcxbVNXTElZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC8zMDI4MmMtM2M4Mi00NzMwLWI5NWUt
ZTc0NTk0ODk4M2VkLzEvVGtTOUNNbzJIUW5nRWVGVk5pazJNeEE1eHBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC8zMDI4MmMtM2M4Mi00NzMwLWI5NWUtZTc0NTk0ODk4M2Vk
LzEvQ2VWUmptaEdlMEtRdzFDU2FMYlcxbVNXTElZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFoGCCsGAQUFBwEHAQH/BEswSTA4BAIAATAyAwQAoR4FAwQA
oR4HMAwDBAKhHgwDBAKhHhADBAGhHhYDBAChHiEDBAGhHigDBAKhHuwwDQQCAAIw
BwMFACoRrgAwDQYJKoZIhvcNAQELBQADggEBAHzes4vNTa0LyyJ4erjAubtqEMNm
O2zc9C8J0WE1fBDyMyd+nvkvG8CzqjG9Qi9QcJ8CcrSgftNEJnHCS5tpgUhTEO25
MITz09C+E7K3cELS3dJrpBhy7FpwgfazN4wFSD73+QjVnqPLW/ZxZUBc+5rl1kTu
Nxfr/kwkUTY9gvgH8GEaNegA0sAziBiRFi/LmM/f1VO8XYkQkI8E+jQ7UyCErm6W
y+R+s5auJLA8Df9hIhA+FyIY2TSoHJfXq7fxPHQs+B7E+WvNeRTB0MIAh+mkNv2I
aSo+xbxsh3RxIy1kp7upcejuWjMgyhOXevhfxr2Qr/BOnmBqiBN+g9UKAhY=
-----END CERTIFICATE-----