Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/ca4c34-2704-4f82-bff8-a7ccd0098477/1/rRQCy90AI7IRBxoKUAHrM47fZTc.roa
File:                     rRQCy90AI7IRBxoKUAHrM47fZTc.roa (raw, json)
Hash identifier:          obXR4a1w73l30orqkJVfVPurOViuJfl665xthS1fiQw=
Subject key identifier:   AD:14:02:CB:DD:00:23:B2:11:07:1A:0A:50:01:EB:33:8E:DF:65:37
Certificate issuer:       /CN=4e622bc550687b6d0ef60788ceadb0fc820a381f
Certificate serial:       0186C612A1B3BF646C2D7979511CE62BE4A2
Authority key identifier: 4E:62:2B:C5:50:68:7B:6D:0E:F6:07:88:CE:AD:B0:FC:82:0A:38:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TmIrxVBoe20O9geIzq2w_IIKOB8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/ca4c34-2704-4f82-bff8-a7ccd0098477/1/rRQCy90AI7IRBxoKUAHrM47fZTc.roa
Signing time:             Thu 09 Mar 2023 11:12:35 +0000
ROA not before:           Thu 09 Mar 2023 11:12:35 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     13113
IP address blocks:        213.144.64.0/19 maxlen: 19
                          87.253.96.0/19 maxlen: 19
                          37.60.32.0/21 maxlen: 21
                          93.88.112.0/20 maxlen: 20
                          185.145.84.0/22 maxlen: 22
                          109.75.112.0/20 maxlen: 20
                          5.198.224.0/20 maxlen: 20
                          5.172.208.0/21 maxlen: 21
                          185.3.252.0/22 maxlen: 22
                          2a03:3d80::/29 maxlen: 29
                          2a0c:8a80::/29 maxlen: 29

Validation:               Failed, certificate revoked on Wed 12 Apr 2023 09:32:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:c6:12:a1:b3:bf:64:6c:2d:79:79:51:1c:e6:2b:e4:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e622bc550687b6d0ef60788ceadb0fc820a381f
        Validity
            Not Before: Mar  9 11:12:35 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ad1402cbdd0023b211071a0a5001eb338edf6537
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:9e:15:35:49:f6:b2:a6:b5:65:32:c8:e2:c7:
                    f7:e5:b2:36:44:9c:20:2b:2f:b9:bf:70:34:82:8d:
                    25:0a:25:0d:01:69:e0:d8:37:ed:05:a2:ef:d3:12:
                    f4:ab:c9:7f:b9:5a:48:48:c1:7b:53:92:d9:22:a6:
                    4e:6e:f1:45:3e:10:bf:1b:e4:a3:2b:29:c7:cf:5c:
                    0b:31:6e:f3:17:71:33:64:a9:ef:2e:08:b7:27:a0:
                    69:d7:57:82:30:45:b8:48:b6:a4:cb:c7:b9:79:f4:
                    df:23:bf:e9:9e:8c:1a:ba:42:e1:02:08:b6:6e:4a:
                    bc:70:88:aa:50:59:5a:da:0c:2e:19:ac:30:c8:92:
                    71:68:95:eb:20:a7:8b:1a:bd:27:f0:1a:13:9c:79:
                    1f:24:74:9c:1b:9f:3e:c4:0d:9d:9a:4f:bd:6f:fb:
                    df:23:93:78:a6:89:13:1f:0f:0c:c2:15:82:e3:61:
                    ae:9e:e3:50:39:2c:a5:39:1a:13:7f:ae:08:3a:ce:
                    43:b5:62:c9:b8:be:0d:fc:d3:b7:3f:a5:4a:48:34:
                    99:0c:ac:63:a2:c1:2d:8b:ef:23:01:ce:f6:df:84:
                    91:72:59:5b:d6:5c:e1:53:81:23:84:15:8b:b3:01:
                    88:b5:84:30:c7:b1:74:67:61:59:b7:55:23:36:1b:
                    b8:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:14:02:CB:DD:00:23:B2:11:07:1A:0A:50:01:EB:33:8E:DF:65:37
            X509v3 Authority Key Identifier:
                keyid:4E:62:2B:C5:50:68:7B:6D:0E:F6:07:88:CE:AD:B0:FC:82:0A:38:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TmIrxVBoe20O9geIzq2w_IIKOB8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/ca4c34-2704-4f82-bff8-a7ccd0098477/1/rRQCy90AI7IRBxoKUAHrM47fZTc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/ca4c34-2704-4f82-bff8-a7ccd0098477/1/TmIrxVBoe20O9geIzq2w_IIKOB8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.172.208.0/21
                  5.198.224.0/20
                  37.60.32.0/21
                  87.253.96.0/19
                  93.88.112.0/20
                  109.75.112.0/20
                  185.3.252.0/22
                  185.145.84.0/22
                  213.144.64.0/19
                IPv6:
                  2a03:3d80::/29
                  2a0c:8a80::/29

    Signature Algorithm: sha256WithRSAEncryption
         b2:a3:87:ed:04:5d:3e:22:c6:e5:24:0c:22:e0:85:cb:20:be:
         87:6e:a2:f3:f9:dc:e4:86:7e:6f:1c:43:75:a6:d7:a9:09:f0:
         1f:88:38:a5:1f:27:b6:d0:c5:4c:15:be:33:5f:47:b4:b6:b4:
         50:74:8c:bf:1b:c1:f3:98:9f:66:2e:0d:f5:8e:42:ab:17:48:
         ab:d2:39:16:74:a0:db:dd:9c:8c:e4:42:64:26:8b:20:d5:5a:
         f3:fa:07:d8:62:79:ae:e1:2c:be:db:0e:3e:ac:1b:c9:a3:f3:
         81:85:13:9a:65:5f:1a:68:98:02:36:15:1d:2e:1f:fb:12:7c:
         80:a5:75:fa:83:69:04:99:8e:df:a0:94:0c:dd:b3:3c:24:2e:
         b3:d3:71:29:19:b6:b8:be:04:04:43:60:04:64:22:db:91:ac:
         ca:32:b6:90:ee:15:36:af:ac:72:da:cf:98:13:0e:e6:1d:ed:
         11:8f:ab:2b:4b:33:9c:d3:c9:75:29:db:15:5c:a4:09:9c:e5:
         00:1b:b9:83:42:fa:ad:73:78:99:c2:d8:29:85:af:5f:81:14:
         de:4a:7c:1a:57:01:9e:f2:3a:98:3d:c8:27:d0:c3:c3:eb:88:
         ec:1a:2a:83:8a:62:cc:25:3d:49:91:56:93:e1:cf:a8:f4:a3:
         59:c0:b6:e8
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAYbGEqGzv2RsLXl5URzmK+SiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlNjIyYmM1NTA2ODdiNmQwZWY2MDc4OGNlYWRiMGZjODIw
YTM4MWYwHhcNMjMwMzA5MTExMjM1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDE0MDJjYmRkMDAyM2IyMTEwNzFhMGE1MDAxZWIzMzhlZGY2NTM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiZ4VNUn2sqa1ZTLI4sf35bI2RJwg
Ky+5v3A0go0lCiUNAWng2DftBaLv0xL0q8l/uVpISMF7U5LZIqZObvFFPhC/G+Sj
KynHz1wLMW7zF3EzZKnvLgi3J6Bp11eCMEW4SLaky8e5efTfI7/pnowaukLhAgi2
bkq8cIiqUFla2gwuGawwyJJxaJXrIKeLGr0n8BoTnHkfJHScG58+xA2dmk+9b/vf
I5N4pokTHw8MwhWC42GunuNQOSylORoTf64IOs5DtWLJuL4N/NO3P6VKSDSZDKxj
osEti+8jAc7234SRcllb1lzhU4EjhBWLswGItYQwx7F0Z2FZt1UjNhu44wIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFK0UAsvdACOyEQcaClAB6zOO32U3MB8GA1UdIwQY
MBaAFE5iK8VQaHttDvYHiM6tsPyCCjgfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVG1JcnhWQm9lMjBPOWdlSXpxMndfSUlLT0I4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS9jYTRjMzQtMjcwNC00ZjgyLWJmZjgt
YTdjY2QwMDk4NDc3LzEvclJRQ3k5MEFJN0lSQnhvS1VBSHJNNDdmWlRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS9jYTRjMzQtMjcwNC00ZjgyLWJmZjgtYTdjY2QwMDk4NDc3
LzEvVG1JcnhWQm9lMjBPOWdlSXpxMndfSUlLT0I4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDA8BAIAATA2AwQDBazQAwQE
BcbgAwQDJTwgAwQFV/1gAwQEXVhwAwQEbUtwAwQCuQP8AwQCuZFUAwQF1ZBAMBQE
AgACMA4DBQMqAz2AAwUDKgyKgDANBgkqhkiG9w0BAQsFAAOCAQEAsqOH7QRdPiLG
5SQMIuCFyyC+h26i8/nc5IZ+bxxDdabXqQnwH4g4pR8nttDFTBW+M19HtLa0UHSM
vxvB85ifZi4N9Y5CqxdIq9I5FnSg292cjORCZCaLINVa8/oH2GJ5ruEsvtsOPqwb
yaPzgYUTmmVfGmiYAjYVHS4f+xJ8gKV1+oNpBJmO36CUDN2zPCQus9NxKRm2uL4E
BENgBGQi25GsyjK2kO4VNq+sctrPmBMO5h3tEY+rK0sznNPJdSnbFVykCZzlABu5
g0L6rXN4mcLYKYWvX4EU3kp8GlcBnvI6mD3IJ9DDw+uI7Boqg4pizCU9SZFWk+HP
qPSjWcC26A==
-----END CERTIFICATE-----