Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/877e40-6ca1-4a2b-89a5-8abf5ee6c4ad/1/XgiEkyODVt_UbCW66yhqOb2ajsM.roa
File:                     XgiEkyODVt_UbCW66yhqOb2ajsM.roa (raw, json)
Hash identifier:          qEgvi2fX0iVsCDp4Y8JzAXJQOjFqoj3udtLlrZZUhqQ=
Subject key identifier:   5E:08:84:93:23:83:56:DF:D4:6C:25:BA:EB:28:6A:39:BD:9A:8E:C3
Certificate issuer:       /CN=cac21641bdbcfac24c54b6a4859483c5e41640b6
Certificate serial:       01856D53DDCFA955359D7B7FA95A6F7292B1
Authority key identifier: CA:C2:16:41:BD:BC:FA:C2:4C:54:B6:A4:85:94:83:C5:E4:16:40:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ysIWQb28-sJMVLakhZSDxeQWQLY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/877e40-6ca1-4a2b-89a5-8abf5ee6c4ad/1/XgiEkyODVt_UbCW66yhqOb2ajsM.roa
Signing time:             Sun 01 Jan 2023 12:34:50 +0000
ROA not before:           Sun 01 Jan 2023 12:34:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     203101
IP address blocks:        199.5.180.0/23 maxlen: 23
                          185.98.100.0/22 maxlen: 22
                          72.46.154.0/23 maxlen: 23
                          172.93.4.0/23 maxlen: 23
                          45.56.224.0/21 maxlen: 21
                          45.56.233.0/24 maxlen: 24
                          45.56.232.0/24 maxlen: 24
                          45.56.238.0/23 maxlen: 23
                          45.56.236.0/22 maxlen: 23
                          45.56.234.0/23 maxlen: 23
                          45.56.240.0/20 maxlen: 20
                          199.195.130.0/23 maxlen: 23

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 22:31:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:53:dd:cf:a9:55:35:9d:7b:7f:a9:5a:6f:72:92:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cac21641bdbcfac24c54b6a4859483c5e41640b6
        Validity
            Not Before: Jan  1 12:34:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5e088493238356dfd46c25baeb286a39bd9a8ec3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:5f:15:8f:28:32:bb:62:27:13:0c:fb:2b:db:
                    d5:8e:d6:3e:39:72:f2:34:9b:30:6a:ef:ea:4c:c2:
                    cd:e7:0c:e4:4f:4b:00:b0:1e:da:f9:fe:0b:94:a3:
                    bf:a6:d5:fa:12:79:a4:5e:0e:d5:e0:fa:aa:4f:85:
                    d1:68:cc:f7:ee:b7:2c:8e:1d:3f:32:e4:a3:f9:59:
                    a0:1e:f4:97:ff:03:a7:43:81:74:31:ca:7a:90:72:
                    ca:17:1c:de:4d:d7:ae:f9:a7:70:bc:53:a4:89:2e:
                    1d:c0:7a:48:ad:88:ad:a4:71:67:be:d3:24:d2:13:
                    45:cb:6f:da:54:23:9d:39:16:16:eb:5f:72:32:3c:
                    35:78:bf:a2:53:be:1b:4b:bb:3e:74:bb:69:7d:35:
                    ad:b3:d3:96:5d:16:69:4c:93:77:41:1f:6a:07:98:
                    73:5f:90:4f:ff:cb:ef:8d:e6:88:20:9e:ae:fa:11:
                    4b:74:2b:5c:83:39:9a:97:41:e7:45:2c:3e:80:41:
                    bc:17:05:89:ef:90:f6:4e:56:94:b4:eb:db:ff:52:
                    26:f9:a9:c2:43:00:84:f4:c7:f7:eb:07:1a:b3:7a:
                    3c:02:25:d5:83:aa:c6:92:02:e8:60:4f:ca:c4:e5:
                    21:98:79:fd:6a:d2:61:31:51:fb:2e:22:f0:7f:36:
                    3e:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:08:84:93:23:83:56:DF:D4:6C:25:BA:EB:28:6A:39:BD:9A:8E:C3
            X509v3 Authority Key Identifier:
                keyid:CA:C2:16:41:BD:BC:FA:C2:4C:54:B6:A4:85:94:83:C5:E4:16:40:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ysIWQb28-sJMVLakhZSDxeQWQLY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/877e40-6ca1-4a2b-89a5-8abf5ee6c4ad/1/XgiEkyODVt_UbCW66yhqOb2ajsM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/877e40-6ca1-4a2b-89a5-8abf5ee6c4ad/1/ysIWQb28-sJMVLakhZSDxeQWQLY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.56.224.0/19
                  72.46.154.0/23
                  172.93.4.0/23
                  185.98.100.0/22
                  199.5.180.0/23
                  199.195.130.0/23

    Signature Algorithm: sha256WithRSAEncryption
         33:75:4a:20:ef:1b:be:a2:3c:7a:fd:23:5b:e8:bb:ff:88:24:
         0f:06:91:f4:3a:53:93:8c:58:58:aa:b2:c7:b1:89:07:16:82:
         b0:c4:ff:9f:a8:81:f5:32:13:e5:b7:20:64:4a:5d:73:e2:79:
         e8:2e:4b:fb:41:ca:8a:2f:6f:77:de:02:bf:82:d8:34:01:f6:
         68:81:64:9b:57:5b:8a:c5:26:2c:a9:40:36:1a:09:00:66:94:
         d0:c6:07:4f:e8:9a:49:70:22:81:9e:40:07:88:a2:d5:6d:be:
         63:e2:d0:80:2e:01:05:ca:e4:ec:a9:08:49:a8:40:95:8b:38:
         58:83:59:90:34:77:bd:d4:d6:9a:08:2f:f6:a3:ac:aa:d7:69:
         66:30:c4:5a:38:ff:c7:b5:d3:7e:bd:b6:f8:3c:75:73:2c:28:
         e3:9c:58:ef:dc:5b:e0:03:2b:08:69:31:f0:ef:75:b6:54:3c:
         22:45:a5:83:05:c7:2e:d0:8c:d1:c1:27:c7:13:4d:bc:93:ca:
         4f:df:d9:f3:8a:6d:bc:4a:bc:16:17:4a:39:7a:e4:e1:f4:b2:
         17:0e:17:ea:31:ef:02:24:35:86:15:26:ee:de:8c:18:74:0c:
         a2:87:f9:3b:ff:81:6e:ea:23:e6:37:ae:33:ba:cd:4e:26:fb:
         63:d2:7b:06
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYVtU93PqVU1nXt/qVpvcpKxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhYzIxNjQxYmRiY2ZhYzI0YzU0YjZhNDg1OTQ4M2M1ZTQx
NjQwYjYwHhcNMjMwMTAxMTIzNDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTA4ODQ5MzIzODM1NmRmZDQ2YzI1YmFlYjI4NmEzOWJkOWE4ZWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiV8Vjygyu2InEwz7K9vVjtY+OXLy
NJswau/qTMLN5wzkT0sAsB7a+f4LlKO/ptX6EnmkXg7V4PqqT4XRaMz37rcsjh0/
MuSj+VmgHvSX/wOnQ4F0Mcp6kHLKFxzeTdeu+adwvFOkiS4dwHpIrYitpHFnvtMk
0hNFy2/aVCOdORYW619yMjw1eL+iU74bS7s+dLtpfTWts9OWXRZpTJN3QR9qB5hz
X5BP/8vvjeaIIJ6u+hFLdCtcgzmal0HnRSw+gEG8FwWJ75D2TlaUtOvb/1Im+anC
QwCE9Mf36wcas3o8AiXVg6rGkgLoYE/KxOUhmHn9atJhMVH7LiLwfzY+3wIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFF4IhJMjg1bf1Gwluusoajm9mo7DMB8GA1UdIwQY
MBaAFMrCFkG9vPrCTFS2pIWUg8XkFkC2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXNJV1FiMjgtc0pNVkxha2haU0R4ZVFXUUxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi84NzdlNDAtNmNhMS00YTJiLTg5YTUt
OGFiZjVlZTZjNGFkLzEvWGdpRWt5T0RWdF9VYkNXNjZ5aHFPYjJhanNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi84NzdlNDAtNmNhMS00YTJiLTg5YTUtOGFiZjVlZTZjNGFk
LzEveXNJV1FiMjgtc0pNVkxha2haU0R4ZVFXUUxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQFLTjgAwQB
SC6aAwQBrF0EAwQCuWJkAwQBxwW0AwQBx8OCMA0GCSqGSIb3DQEBCwUAA4IBAQAz
dUog7xu+ojx6/SNb6Lv/iCQPBpH0OlOTjFhYqrLHsYkHFoKwxP+fqIH1MhPltyBk
Sl1z4nnoLkv7QcqKL2933gK/gtg0AfZogWSbV1uKxSYsqUA2GgkAZpTQxgdP6JpJ
cCKBnkAHiKLVbb5j4tCALgEFyuTsqQhJqECVizhYg1mQNHe91NaaCC/2o6yq12lm
MMRaOP/HtdN+vbb4PHVzLCjjnFjv3FvgAysIaTHw73W2VDwiRaWDBccu0IzRwSfH
E028k8pP39nzim28SrwWF0o5euTh9LIXDhfqMe8CJDWGFSbu3owYdAyih/k7/4Fu
6iPmN64zus1OJvtj0nsG
-----END CERTIFICATE-----