Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/eacce5-e4dd-4d9f-8ec1-47120b9069b7/1/GYRwcjqTETegF41hura7BaNj5vc.roa
File:                     GYRwcjqTETegF41hura7BaNj5vc.roa (raw, json)
Hash identifier:          VlPwakLeb4k/IBFqzMbY3q2f436gqKOiwAEMEKeTAGk=
Subject key identifier:   19:84:70:72:3A:93:11:37:A0:17:8D:61:BA:B6:BB:05:A3:63:E6:F7
Certificate issuer:       /CN=411dea53467b6c7143eb23d284569a8183b2e82f
Certificate serial:       01856D2F382E25CAAC39550AD5743DF0CE3B
Authority key identifier: 41:1D:EA:53:46:7B:6C:71:43:EB:23:D2:84:56:9A:81:83:B2:E8:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QR3qU0Z7bHFD6yPShFaagYOy6C8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/eacce5-e4dd-4d9f-8ec1-47120b9069b7/1/GYRwcjqTETegF41hura7BaNj5vc.roa
Signing time:             Sun 01 Jan 2023 11:54:49 +0000
ROA not before:           Sun 01 Jan 2023 11:54:49 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     21294
IP address blocks:        84.239.53.0/24 maxlen: 24
                          84.239.16.0/23 maxlen: 23
                          84.239.24.0/24 maxlen: 24
                          84.239.23.0/24 maxlen: 24
                          84.239.22.0/24 maxlen: 24
                          84.239.20.0/24 maxlen: 24
                          84.239.19.0/24 maxlen: 24
                          84.239.31.0/24 maxlen: 24
                          84.239.30.0/24 maxlen: 24
                          84.239.29.0/24 maxlen: 24
                          84.239.28.0/24 maxlen: 24
                          84.239.26.0/24 maxlen: 24
                          84.239.25.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 24 Jan 2023 20:04:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:2f:38:2e:25:ca:ac:39:55:0a:d5:74:3d:f0:ce:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=411dea53467b6c7143eb23d284569a8183b2e82f
        Validity
            Not Before: Jan  1 11:54:49 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=198470723a931137a0178d61bab6bb05a363e6f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:43:8f:6e:00:e2:db:8a:b4:71:6f:30:48:cf:
                    28:84:6e:3a:e3:b9:96:20:57:6c:30:10:9c:06:f9:
                    aa:29:6f:04:85:66:d1:b3:79:f6:e1:ec:33:22:10:
                    fe:a0:f8:05:3e:1c:9e:c9:ac:c6:da:b7:5e:6e:f6:
                    76:5f:52:21:78:50:c2:d4:30:02:d7:2a:69:be:11:
                    fc:4e:e8:fe:8e:04:ab:23:4b:63:c6:d1:a8:fb:41:
                    9e:a3:6b:54:3b:d0:80:a9:42:9c:a8:9c:7f:ba:7a:
                    06:b5:90:05:04:09:19:de:06:54:b9:d2:a2:2c:00:
                    14:40:6f:10:29:29:fc:9d:93:36:ac:17:a9:69:a7:
                    0f:d9:cd:b9:24:67:5c:a9:49:ee:dd:00:83:03:45:
                    9c:2f:5c:43:33:1f:09:85:e7:cb:8f:01:41:56:03:
                    66:e4:96:d6:61:58:a3:84:ce:aa:3d:2e:4e:17:d6:
                    8b:3c:be:df:2c:76:44:c7:6d:47:0e:56:5a:9b:da:
                    3c:30:83:16:99:29:1a:ad:d9:99:12:b9:0f:1b:dd:
                    70:cf:8a:c3:41:5c:24:ab:84:60:d2:44:c5:16:ac:
                    a9:13:3f:9d:60:d7:4d:e4:94:9e:85:c1:e0:16:d3:
                    27:5b:cc:cd:3f:41:e5:c2:46:40:67:ce:a6:47:be:
                    3c:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:84:70:72:3A:93:11:37:A0:17:8D:61:BA:B6:BB:05:A3:63:E6:F7
            X509v3 Authority Key Identifier:
                keyid:41:1D:EA:53:46:7B:6C:71:43:EB:23:D2:84:56:9A:81:83:B2:E8:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QR3qU0Z7bHFD6yPShFaagYOy6C8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/eacce5-e4dd-4d9f-8ec1-47120b9069b7/1/GYRwcjqTETegF41hura7BaNj5vc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/eacce5-e4dd-4d9f-8ec1-47120b9069b7/1/QR3qU0Z7bHFD6yPShFaagYOy6C8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.239.16.0/23
                  84.239.19.0-84.239.20.255
                  84.239.22.0-84.239.26.255
                  84.239.28.0/22
                  84.239.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:85:b7:c6:7d:fe:61:47:ee:4d:15:35:b8:79:3f:61:58:a6:
         7e:70:03:3c:e9:fa:b7:e5:c1:4f:74:ee:26:c2:ba:22:fe:7a:
         9d:ec:b4:4f:a1:8e:7c:bb:64:a7:57:77:a8:13:25:b7:7c:9f:
         0b:7e:7a:9c:eb:7c:9e:c4:77:b1:ce:45:b8:d8:45:b4:5b:c9:
         31:69:fe:08:00:b4:ea:b4:80:cf:58:6b:79:e2:52:b2:42:a2:
         5f:6f:85:78:ff:6f:81:95:8f:fe:2c:9f:04:01:2e:35:82:db:
         2e:35:e1:26:aa:5d:cb:52:e9:26:bc:17:be:da:b9:53:59:86:
         78:87:da:57:ad:47:a2:73:52:27:26:5a:5a:56:c7:de:20:99:
         9a:e4:dd:05:28:7f:ad:75:d4:bd:75:2c:0f:d4:8d:d8:3a:7f:
         7f:c9:4a:38:b2:ac:f1:13:ce:98:70:1b:74:7a:9d:5d:09:a5:
         fa:e3:4c:05:cb:19:95:1c:7f:d3:ab:ed:e9:48:03:91:ea:8c:
         43:04:ea:9b:3a:9a:e1:43:e8:47:30:26:04:99:d9:b3:14:45:
         64:34:e6:72:ab:4e:0c:bf:2e:46:a8:80:09:3b:c7:6e:6e:b4:
         2d:3f:ac:af:22:a0:26:dc:5b:b8:9d:8e:00:b1:f6:6e:d5:34:
         18:75:1a:6e
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAYVtLzguJcqsOVUK1XQ98M47MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxMWRlYTUzNDY3YjZjNzE0M2ViMjNkMjg0NTY5YTgxODNi
MmU4MmYwHhcNMjMwMTAxMTE1NDQ5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTg0NzA3MjNhOTMxMTM3YTAxNzhkNjFiYWI2YmIwNWEzNjNlNmY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzUOPbgDi24q0cW8wSM8ohG4647mW
IFdsMBCcBvmqKW8EhWbRs3n24ewzIhD+oPgFPhyeyazG2rdebvZ2X1IheFDC1DAC
1yppvhH8Tuj+jgSrI0tjxtGo+0Geo2tUO9CAqUKcqJx/unoGtZAFBAkZ3gZUudKi
LAAUQG8QKSn8nZM2rBepaacP2c25JGdcqUnu3QCDA0WcL1xDMx8JhefLjwFBVgNm
5JbWYVijhM6qPS5OF9aLPL7fLHZEx21HDlZam9o8MIMWmSkardmZErkPG91wz4rD
QVwkq4Rg0kTFFqypEz+dYNdN5JSehcHgFtMnW8zNP0HlwkZAZ86mR748hQIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFBmEcHI6kxE3oBeNYbq2uwWjY+b3MB8GA1UdIwQY
MBaAFEEd6lNGe2xxQ+sj0oRWmoGDsugvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVIzcVUwWjdiSEZENnlQU2hGYWFnWU95NkM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS9lYWNjZTUtZTRkZC00ZDlmLThlYzEt
NDcxMjBiOTA2OWI3LzEvR1lSd2NqcVRFVGVnRjQxaHVyYTdCYU5qNXZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS9lYWNjZTUtZTRkZC00ZDlmLThlYzEtNDcxMjBiOTA2OWI3
LzEvUVIzcVUwWjdiSEZENnlQU2hGYWFnWU95NkM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAATAuAwQBVO8QMAwD
BABU7xMDBABU7xQwDAMEAVTvFgMEAFTvGgMEAlTvHAMEAFTvNTANBgkqhkiG9w0B
AQsFAAOCAQEAIIW3xn3+YUfuTRU1uHk/YVimfnADPOn6t+XBT3TuJsK6Iv56ney0
T6GOfLtkp1d3qBMlt3yfC356nOt8nsR3sc5FuNhFtFvJMWn+CAC06rSAz1hreeJS
skKiX2+FeP9vgZWP/iyfBAEuNYLbLjXhJqpdy1LpJrwXvtq5U1mGeIfaV61HonNS
JyZaWlbH3iCZmuTdBSh/rXXUvXUsD9SN2Dp/f8lKOLKs8RPOmHAbdHqdXQml+uNM
BcsZlRx/06vt6UgDkeqMQwTqmzqa4UPoRzAmBJnZsxRFZDTmcqtODL8uRqiACTvH
bm60LT+sryKgJtxbuJ2OALH2btU0GHUabg==
-----END CERTIFICATE-----