Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/0fbc2e-fd88-4df2-aae3-9eb40cc5f68b/1/io5V1TSN5irYrAp6rdxMwWojfy0.roa
File:                     io5V1TSN5irYrAp6rdxMwWojfy0.roa (raw, json)
Hash identifier:          JlI1fkCLd6/Nh+i+bqBy63uTtRr4SRA4IORiGWWbBzc=
Subject key identifier:   8A:8E:55:D5:34:8D:E6:2A:D8:AC:0A:7A:AD:DC:4C:C1:6A:23:7F:2D
Certificate issuer:       /CN=9295b1f1dcd8fa6ac1ef788278c489e15eacae70
Certificate serial:       01856F0B6FAFCBAB2A30A49C219EE87D1A73
Authority key identifier: 92:95:B1:F1:DC:D8:FA:6A:C1:EF:78:82:78:C4:89:E1:5E:AC:AE:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kpWx8dzY-mrB73iCeMSJ4V6srnA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/0fbc2e-fd88-4df2-aae3-9eb40cc5f68b/1/io5V1TSN5irYrAp6rdxMwWojfy0.roa
Signing time:             Sun 01 Jan 2023 20:34:58 +0000
ROA not before:           Sun 01 Jan 2023 20:34:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     8560
IP address blocks:        195.20.224.0/19 maxlen: 24
                          217.72.192.0/20 maxlen: 24
                          87.106.0.0/16 maxlen: 24
                          82.165.0.0/16 maxlen: 24
                          217.160.0.0/16 maxlen: 24
                          212.227.0.0/16 maxlen: 24
                          157.97.105.0/24 maxlen: 32
                          157.97.104.0/24 maxlen: 32
                          217.160.150.0/23 maxlen: 32
                          213.165.64.0/19 maxlen: 24
                          2001:8d8::/32 maxlen: 48

Validation:               Failed, certificate revoked on Mon 23 Jan 2023 10:47:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:0b:6f:af:cb:ab:2a:30:a4:9c:21:9e:e8:7d:1a:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9295b1f1dcd8fa6ac1ef788278c489e15eacae70
        Validity
            Not Before: Jan  1 20:34:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8a8e55d5348de62ad8ac0a7aaddc4cc16a237f2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:c5:2a:82:a7:0a:58:3f:44:01:e2:e9:53:40:
                    90:ac:e3:8a:8a:61:94:3c:93:4c:93:fb:5c:95:c2:
                    f4:4a:b5:fe:88:31:fc:bb:b9:59:bf:45:0b:df:85:
                    2c:85:72:35:b6:5e:fc:c3:54:7a:63:4a:a8:04:51:
                    9c:00:74:b9:51:ef:c1:1f:30:26:cd:9f:02:7d:9a:
                    45:4c:7f:07:e0:aa:10:dc:0a:dc:a0:f9:3c:b0:7b:
                    20:87:e1:8c:ed:57:a7:85:85:d8:a1:05:bf:ce:bd:
                    12:49:5e:48:ee:18:e6:1a:52:a3:f0:48:a0:76:5b:
                    f2:f8:29:41:17:46:7b:a0:e8:1f:c0:d5:ea:b8:07:
                    68:fa:93:ae:86:af:bf:75:02:56:1e:c2:ef:20:72:
                    24:33:43:a9:0f:0c:0c:1a:4d:d8:65:b6:dd:e0:1a:
                    8c:29:74:da:85:4c:2b:bc:0d:d3:08:0b:e5:db:37:
                    2a:13:5c:94:42:e9:c9:1e:7d:2d:25:73:da:16:de:
                    e4:e5:aa:d5:12:b3:01:7b:d7:f1:e7:b0:56:97:b1:
                    1f:dc:9f:d3:ac:ee:63:09:03:19:7c:39:49:b6:65:
                    86:69:bf:2a:bb:fc:6e:36:93:a6:6e:ef:a6:a5:be:
                    f6:59:94:c5:5b:dc:1f:b5:bc:cc:ca:d9:0b:23:25:
                    8c:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:8E:55:D5:34:8D:E6:2A:D8:AC:0A:7A:AD:DC:4C:C1:6A:23:7F:2D
            X509v3 Authority Key Identifier:
                keyid:92:95:B1:F1:DC:D8:FA:6A:C1:EF:78:82:78:C4:89:E1:5E:AC:AE:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kpWx8dzY-mrB73iCeMSJ4V6srnA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/0fbc2e-fd88-4df2-aae3-9eb40cc5f68b/1/io5V1TSN5irYrAp6rdxMwWojfy0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/0fbc2e-fd88-4df2-aae3-9eb40cc5f68b/1/kpWx8dzY-mrB73iCeMSJ4V6srnA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.165.0.0/16
                  87.106.0.0/16
                  157.97.104.0/23
                  195.20.224.0/19
                  212.227.0.0/16
                  213.165.64.0/19
                  217.72.192.0/20
                  217.160.0.0/16
                IPv6:
                  2001:8d8::/32

    Signature Algorithm: sha256WithRSAEncryption
         d0:1b:ee:7d:ba:17:7d:c2:45:6f:c2:40:4b:ee:54:b8:d8:31:
         a7:5a:f6:d9:14:bd:1a:a1:13:5e:08:0a:8a:b1:d8:4e:90:9e:
         72:b2:c0:5a:2f:ad:6a:0b:83:b0:53:c1:d8:a8:16:29:cc:56:
         8d:0c:5e:e8:63:84:e7:78:19:ce:e4:46:ab:fb:29:b0:26:66:
         62:c0:4f:39:ef:36:b9:71:96:78:02:a4:3f:38:a1:92:85:28:
         64:ed:4e:9a:3f:07:09:bf:23:9b:cc:c2:52:52:69:da:04:1a:
         ad:e3:f8:a7:9a:25:38:99:3b:8e:5e:88:fb:71:9f:45:f6:e7:
         36:95:01:f4:7a:5e:ca:b1:4b:db:ab:89:98:6d:6c:92:c1:f5:
         cf:40:1d:73:87:14:33:ad:8e:36:ac:c7:94:52:ee:56:f4:d8:
         91:9e:88:30:8f:e0:83:d9:f9:07:c8:e5:cb:22:68:12:b3:b3:
         bd:08:13:fd:26:54:13:82:b8:76:23:fd:0c:76:27:08:69:2a:
         cb:8e:ab:bd:f7:1e:c3:33:b5:3b:c1:2c:9e:22:db:46:28:23:
         b0:8c:a8:3a:06:c0:c2:76:24:01:46:7c:c5:14:5d:05:2b:3e:
         a1:3a:41:e3:df:79:9f:ef:01:6d:b3:90:5e:81:68:e0:f6:95:
         8d:a1:82:96
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgISAYVvC2+vy6sqMKScIZ7ofRpzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyOTViMWYxZGNkOGZhNmFjMWVmNzg4Mjc4YzQ4OWUxNWVh
Y2FlNzAwHhcNMjMwMTAxMjAzNDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YThlNTVkNTM0OGRlNjJhZDhhYzBhN2FhZGRjNGNjMTZhMjM3ZjJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhMUqgqcKWD9EAeLpU0CQrOOKimGU
PJNMk/tclcL0SrX+iDH8u7lZv0UL34UshXI1tl78w1R6Y0qoBFGcAHS5Ue/BHzAm
zZ8CfZpFTH8H4KoQ3ArcoPk8sHsgh+GM7VenhYXYoQW/zr0SSV5I7hjmGlKj8Eig
dlvy+ClBF0Z7oOgfwNXquAdo+pOuhq+/dQJWHsLvIHIkM0OpDwwMGk3YZbbd4BqM
KXTahUwrvA3TCAvl2zcqE1yUQunJHn0tJXPaFt7k5arVErMBe9fx57BWl7Ef3J/T
rO5jCQMZfDlJtmWGab8qu/xuNpOmbu+mpb72WZTFW9wftbzMytkLIyWMKwIDAQAB
o4ICPjCCAjowHQYDVR0OBBYEFIqOVdU0jeYq2KwKeq3cTMFqI38tMB8GA1UdIwQY
MBaAFJKVsfHc2Ppqwe94gnjEieFerK5wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3BXeDhkelktbXJCNzNpQ2VNU0o0VjZzcm5BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi8wZmJjMmUtZmQ4OC00ZGYyLWFhZTMt
OWViNDBjYzVmNjhiLzEvaW81VjFUU041aXJZckFwNnJkeE13V29qZnkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi8wZmJjMmUtZmQ4OC00ZGYyLWFhZTMtOWViNDBjYzVmNjhi
LzEva3BXeDhkelktbXJCNzNpQ2VNU0o0VjZzcm5BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFQGCCsGAQUFBwEHAQH/BEUwQzAyBAIAATAsAwMAUqUDAwBX
agMEAZ1haAMEBcMU4AMDANTjAwQF1aVAAwQE2UjAAwMA2aAwDQQCAAIwBwMFACAB
CNgwDQYJKoZIhvcNAQELBQADggEBANAb7n26F33CRW/CQEvuVLjYMada9tkUvRqh
E14ICoqx2E6QnnKywFovrWoLg7BTwdioFinMVo0MXuhjhOd4Gc7kRqv7KbAmZmLA
TznvNrlxlngCpD84oZKFKGTtTpo/Bwm/I5vMwlJSadoEGq3j+KeaJTiZO45eiPtx
n0X25zaVAfR6XsqxS9uriZhtbJLB9c9AHXOHFDOtjjasx5RS7lb02JGeiDCP4IPZ
+QfI5csiaBKzs70IE/0mVBOCuHYj/Qx2JwhpKsuOq733HsMztTvBLJ4i20YoI7CM
qDoGwMJ2JAFGfMUUXQUrPqE6QePfeZ/vAW2zkF6BaOD2lY2hgpY=
-----END CERTIFICATE-----