Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/2jwbh2dxhycispCQSPMagHwWGbM.roa
File:                     2jwbh2dxhycispCQSPMagHwWGbM.roa (raw, json)
Hash identifier:          j08FwrWTJ52qFnECM+AWhw6gs+DJhQpHcrp4kFSMVLA=
Subject key identifier:   DA:3C:1B:87:67:71:87:27:22:B2:90:90:48:F3:1A:80:7C:16:19:B3
Certificate issuer:       /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial:       018635AEB849976B521FF9D1A460CCB30444
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/2jwbh2dxhycispCQSPMagHwWGbM.roa
Signing time:             Thu 09 Feb 2023 10:18:08 +0000
ROA not before:           Thu 09 Feb 2023 10:18:08 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     52209
IP address blocks:        85.133.174.0/24 maxlen: 24
                          85.133.199.0/24 maxlen: 24
                          85.133.205.0/24 maxlen: 24
                          85.133.208.0/24 maxlen: 24
                          85.133.221.0/24 maxlen: 24
                          85.133.132.0/24 maxlen: 24
                          85.133.135.0/24 maxlen: 24
                          85.133.151.0/24 maxlen: 24
                          85.133.153.0/24 maxlen: 24
                          85.133.166.0/24 maxlen: 24
                          85.133.160.0/24 maxlen: 24
                          85.133.161.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 27 Feb 2023 11:32:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:35:ae:b8:49:97:6b:52:1f:f9:d1:a4:60:cc:b3:04:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
        Validity
            Not Before: Feb  9 10:18:08 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=da3c1b876771872722b2909048f31a807c1619b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:7c:5f:e3:1f:02:bd:45:7a:24:71:6b:1a:cb:
                    99:41:d6:05:a7:f5:e8:db:99:fc:16:87:79:79:47:
                    bd:93:e4:66:c2:03:6d:eb:76:da:43:9a:fd:de:55:
                    91:81:98:68:01:e4:cb:e0:25:57:9b:b9:e4:1d:8a:
                    3c:e9:c8:e4:d2:43:38:c4:32:76:75:18:be:63:6a:
                    d8:eb:e1:e9:d2:3e:f6:15:31:24:dc:a5:89:55:4c:
                    0b:1e:c3:fc:fa:50:a0:9d:74:80:53:62:93:78:6f:
                    2b:83:30:2b:cf:67:e8:eb:80:7b:b0:17:5b:01:4b:
                    e9:f8:b5:cd:df:37:be:27:70:85:f6:4b:a4:36:f0:
                    87:d6:4d:94:64:dd:66:3d:64:50:39:6f:f8:f3:dc:
                    ed:53:60:eb:83:f7:79:fa:a8:72:cc:e5:20:64:56:
                    bb:0c:eb:ae:87:4a:e6:f0:ce:d0:f9:23:bd:b9:4b:
                    3f:ab:9b:ef:21:46:9b:da:60:58:a7:88:43:ab:60:
                    d2:79:1f:df:39:f1:27:76:57:d2:ab:04:fc:00:ae:
                    f3:04:aa:5c:1d:57:c1:6e:b1:bd:e6:c0:04:74:92:
                    d0:44:e3:02:54:f3:48:6c:17:8d:af:82:91:00:53:
                    09:97:9e:0e:89:92:86:b6:8e:9a:2e:f5:4a:7b:f9:
                    7d:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:3C:1B:87:67:71:87:27:22:B2:90:90:48:F3:1A:80:7C:16:19:B3
            X509v3 Authority Key Identifier:
                keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/2jwbh2dxhycispCQSPMagHwWGbM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.133.132.0/24
                  85.133.135.0/24
                  85.133.151.0/24
                  85.133.153.0/24
                  85.133.160.0/23
                  85.133.166.0/24
                  85.133.174.0/24
                  85.133.199.0/24
                  85.133.205.0/24
                  85.133.208.0/24
                  85.133.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:1f:6b:3e:9a:f5:1c:b0:6e:c1:60:95:71:57:9a:67:24:33:
         10:12:5c:27:ba:a7:f4:84:c6:64:c0:6c:95:b7:87:e2:35:12:
         58:eb:31:c6:48:a0:65:e5:94:e3:3c:e6:28:69:b4:2b:f5:9b:
         ad:00:9d:6f:69:bb:64:64:b3:da:d9:0b:be:03:43:11:f9:90:
         ae:78:30:1b:0e:a1:c3:ba:6e:ed:6e:99:b9:7b:53:02:cb:24:
         c6:37:01:62:c2:04:a6:b1:e6:33:56:1b:1a:4b:6f:a5:42:1a:
         36:0b:79:a8:6f:40:53:e7:bb:78:c2:e3:e8:f0:34:70:e2:43:
         22:99:0a:00:54:5f:ec:60:b6:c8:f1:8f:72:c5:98:59:82:fb:
         76:cd:c5:5e:dc:ee:5b:8a:70:25:aa:f1:5e:31:25:7d:21:db:
         31:33:8c:fc:e9:58:35:7e:cc:fd:d6:e5:68:4f:52:85:de:94:
         e0:5e:55:7a:46:51:3b:2b:2d:91:f3:b6:5a:3d:ab:8e:80:b0:
         da:6a:60:7f:b4:c5:ad:ac:a8:30:65:9c:e3:27:f6:0d:df:39:
         e9:c1:53:28:ed:fa:65:c6:25:4a:84:1e:c7:19:c2:de:e8:6a:
         7d:6a:df:e4:7e:aa:61:c2:9c:22:af:42:21:84:02:13:42:2a:
         c0:81:00:d5
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYY1rrhJl2tSH/nRpGDMswREMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjMwMjA5MTAxODA4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTNjMWI4NzY3NzE4NzI3MjJiMjkwOTA0OGYzMWE4MDdjMTYxOWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtnxf4x8CvUV6JHFrGsuZQdYFp/Xo
25n8Fod5eUe9k+RmwgNt63baQ5r93lWRgZhoAeTL4CVXm7nkHYo86cjk0kM4xDJ2
dRi+Y2rY6+Hp0j72FTEk3KWJVUwLHsP8+lCgnXSAU2KTeG8rgzArz2fo64B7sBdb
AUvp+LXN3ze+J3CF9kukNvCH1k2UZN1mPWRQOW/489ztU2Drg/d5+qhyzOUgZFa7
DOuuh0rm8M7Q+SO9uUs/q5vvIUab2mBYp4hDq2DSeR/fOfEndlfSqwT8AK7zBKpc
HVfBbrG95sAEdJLQROMCVPNIbBeNr4KRAFMJl54OiZKGto6aLvVKe/l9rwIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFNo8G4dncYcnIrKQkEjzGoB8FhmzMB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvMmp3YmgyZHhoeWNpc3BDUVNQTWFnSHdXR2JNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQAVYWEAwQA
VYWHAwQAVYWXAwQAVYWZAwQBVYWgAwQAVYWmAwQAVYWuAwQAVYXHAwQAVYXNAwQA
VYXQAwQAVYXdMA0GCSqGSIb3DQEBCwUAA4IBAQBXH2s+mvUcsG7BYJVxV5pnJDMQ
Elwnuqf0hMZkwGyVt4fiNRJY6zHGSKBl5ZTjPOYoabQr9ZutAJ1vabtkZLPa2Qu+
A0MR+ZCueDAbDqHDum7tbpm5e1MCyyTGNwFiwgSmseYzVhsaS2+lQho2C3mob0BT
57t4wuPo8DRw4kMimQoAVF/sYLbI8Y9yxZhZgvt2zcVe3O5binAlqvFeMSV9Idsx
M4z86Vg1fsz91uVoT1KF3pTgXlV6RlE7Ky2R87ZaPauOgLDaamB/tMWtrKgwZZzj
J/YN3znpwVMo7fplxiVKhB7HGcLe6Gp9at/kfqphwpwir0IhhAITQirAgQDV
-----END CERTIFICATE-----