Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/6be5a6-eb0e-44b4-b6a7-af1f36811098/1/0yPvsxfKpW1B78vM4FI4-ix761o.roa
File:                     0yPvsxfKpW1B78vM4FI4-ix761o.roa (raw, json)
Hash identifier:          24fCAfPDpyle3tGpIleLMGPJJrzSrKI8YmLIAE2KEXw=
Subject key identifier:   D3:23:EF:B3:17:CA:A5:6D:41:EF:CB:CC:E0:52:38:FA:2C:7B:EB:5A
Certificate issuer:       /CN=464dcfa96399716692d245a804887c09da451f8f
Certificate serial:       01856C812BF7FFFB34D0CCDB815B86BA2766
Authority key identifier: 46:4D:CF:A9:63:99:71:66:92:D2:45:A8:04:88:7C:09:DA:45:1F:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Rk3PqWOZcWaS0kWoBIh8CdpFH48.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/6be5a6-eb0e-44b4-b6a7-af1f36811098/1/0yPvsxfKpW1B78vM4FI4-ix761o.roa
Signing time:             Sun 01 Jan 2023 08:44:42 +0000
ROA not before:           Sun 01 Jan 2023 08:44:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     51173
IP address blocks:        37.203.48.0/24 maxlen: 24
                          37.203.50.0/24 maxlen: 24
                          37.203.49.0/24 maxlen: 24
                          37.203.51.0/24 maxlen: 24
                          37.203.54.0/24 maxlen: 24
                          37.203.52.0/24 maxlen: 24
                          37.203.53.0/24 maxlen: 24
                          185.94.47.0/24 maxlen: 24
                          185.94.46.0/24 maxlen: 24
                          89.106.137.0/24 maxlen: 24
                          89.106.139.0/24 maxlen: 24
                          89.106.138.0/24 maxlen: 24
                          89.106.136.0/24 maxlen: 24
                          89.106.141.0/24 maxlen: 24
                          89.106.140.0/24 maxlen: 24
                          89.106.143.0/24 maxlen: 24
                          89.106.142.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 06:29:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:81:2b:f7:ff:fb:34:d0:cc:db:81:5b:86:ba:27:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=464dcfa96399716692d245a804887c09da451f8f
        Validity
            Not Before: Jan  1 08:44:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d323efb317caa56d41efcbcce05238fa2c7beb5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:c7:96:ed:96:45:0c:fc:09:30:0d:1d:5e:ba:
                    93:53:8e:96:f0:ff:60:fd:e3:f1:c6:4c:86:a2:8e:
                    8b:d6:0f:2c:e9:ea:b1:c3:7d:9e:16:ef:37:04:53:
                    5f:4d:e1:a4:42:3a:36:87:25:3a:3c:ec:fd:78:8b:
                    89:2a:81:86:bf:66:83:b9:29:e1:8e:37:e7:db:41:
                    b0:c1:a5:a3:31:40:a8:6c:b5:c3:47:72:17:e9:11:
                    bc:65:9f:2a:6c:bb:e0:7e:fb:fa:f6:6d:ff:14:93:
                    0c:12:4b:a2:92:87:0f:ab:1a:8c:46:9e:ba:d7:c4:
                    77:a5:23:09:d4:49:61:a2:ab:6b:ab:25:80:04:61:
                    25:99:c3:1a:ce:7b:64:5f:00:16:97:d3:c2:e8:28:
                    cb:fc:e9:a8:db:49:aa:4c:87:92:c2:ec:32:2d:41:
                    b4:3e:5c:f1:3f:a3:3d:11:d0:55:4e:37:70:5b:a2:
                    76:cc:56:54:be:64:59:50:67:51:e5:cc:87:5a:a2:
                    1b:05:3e:a3:fe:f6:8d:18:b6:b6:20:92:e6:db:70:
                    37:10:d4:b8:85:6e:ab:d4:5e:69:c8:f1:4a:29:3d:
                    d3:2f:97:15:ad:75:18:fd:9f:96:07:90:1f:87:cf:
                    b0:ac:7b:10:8f:e7:38:94:43:25:22:88:fa:4b:a7:
                    02:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:23:EF:B3:17:CA:A5:6D:41:EF:CB:CC:E0:52:38:FA:2C:7B:EB:5A
            X509v3 Authority Key Identifier:
                keyid:46:4D:CF:A9:63:99:71:66:92:D2:45:A8:04:88:7C:09:DA:45:1F:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rk3PqWOZcWaS0kWoBIh8CdpFH48.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/6be5a6-eb0e-44b4-b6a7-af1f36811098/1/0yPvsxfKpW1B78vM4FI4-ix761o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/6be5a6-eb0e-44b4-b6a7-af1f36811098/1/Rk3PqWOZcWaS0kWoBIh8CdpFH48.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.203.48.0-37.203.54.255
                  89.106.136.0/21
                  185.94.46.0/23

    Signature Algorithm: sha256WithRSAEncryption
         63:6b:95:22:0e:9d:98:fa:d3:94:44:3d:a3:36:91:25:bc:ad:
         7c:67:10:bb:c9:b6:ca:c3:1b:51:17:f5:b5:24:45:70:1b:85:
         57:26:66:43:23:bd:53:99:f2:9b:79:4b:55:f2:48:97:ec:58:
         0b:59:72:03:73:83:b3:81:97:fc:0d:e1:0e:f4:d5:2c:ff:c3:
         c5:f7:be:5a:45:a0:85:87:47:13:13:48:3b:f9:c5:be:4d:f7:
         e3:f5:1c:bd:b0:1d:77:cb:07:9b:47:e4:30:9c:d8:d4:0c:0c:
         e6:36:98:e1:94:07:41:9c:6e:ec:49:1b:3d:d3:ab:a9:0d:5b:
         bd:d9:f2:c1:35:aa:c9:cd:45:2b:b5:64:42:98:2f:84:53:52:
         96:c8:3f:12:77:27:63:23:dc:6c:70:4a:d9:b7:18:ab:2f:a7:
         c2:c5:84:f4:74:a9:1b:f5:05:33:eb:14:93:d9:34:d2:ed:5a:
         44:97:64:77:18:b7:d5:e4:b5:4d:a5:b1:b8:e3:ae:4e:5d:f5:
         a5:2e:28:f0:3f:22:4b:9f:3b:fb:94:d9:21:24:28:3a:26:8f:
         1a:5e:13:c1:30:4d:23:e2:d4:e9:7e:21:04:20:4f:de:d3:68:
         76:d3:b5:da:65:4e:32:54:34:db:09:5f:3c:bf:4e:88:2f:07:
         1f:2e:6d:31
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYVsgSv3//s00MzbgVuGuidmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2NGRjZmE5NjM5OTcxNjY5MmQyNDVhODA0ODg3YzA5ZGE0
NTFmOGYwHhcNMjMwMTAxMDg0NDQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzIzZWZiMzE3Y2FhNTZkNDFlZmNiY2NlMDUyMzhmYTJjN2JlYjVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvceW7ZZFDPwJMA0dXrqTU46W8P9g
/ePxxkyGoo6L1g8s6eqxw32eFu83BFNfTeGkQjo2hyU6POz9eIuJKoGGv2aDuSnh
jjfn20GwwaWjMUCobLXDR3IX6RG8ZZ8qbLvgfvv69m3/FJMMEkuikocPqxqMRp66
18R3pSMJ1ElhoqtrqyWABGElmcMazntkXwAWl9PC6CjL/Omo20mqTIeSwuwyLUG0
PlzxP6M9EdBVTjdwW6J2zFZUvmRZUGdR5cyHWqIbBT6j/vaNGLa2IJLm23A3ENS4
hW6r1F5pyPFKKT3TL5cVrXUY/Z+WB5Afh8+wrHsQj+c4lEMlIoj6S6cClQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFNMj77MXyqVtQe/LzOBSOPose+taMB8GA1UdIwQY
MBaAFEZNz6ljmXFmktJFqASIfAnaRR+PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmszUHFXT1pjV2FTMGtXb0JJaDhDZHBGSDQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS82YmU1YTYtZWIwZS00NGI0LWI2YTct
YWYxZjM2ODExMDk4LzEvMHlQdnN4ZktwVzFCNzh2TTRGSTQtaXg3NjFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS82YmU1YTYtZWIwZS00NGI0LWI2YTctYWYxZjM2ODExMDk4
LzEvUmszUHFXT1pjV2FTMGtXb0JJaDhDZHBGSDQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaMAwDBAQlyzAD
BAAlyzYDBANZaogDBAG5Xi4wDQYJKoZIhvcNAQELBQADggEBAGNrlSIOnZj605RE
PaM2kSW8rXxnELvJtsrDG1EX9bUkRXAbhVcmZkMjvVOZ8pt5S1XySJfsWAtZcgNz
g7OBl/wN4Q701Sz/w8X3vlpFoIWHRxMTSDv5xb5N9+P1HL2wHXfLB5tH5DCc2NQM
DOY2mOGUB0GcbuxJGz3Tq6kNW73Z8sE1qsnNRSu1ZEKYL4RTUpbIPxJ3J2Mj3Gxw
Stm3GKsvp8LFhPR0qRv1BTPrFJPZNNLtWkSXZHcYt9XktU2lsbjjrk5d9aUuKPA/
IkufO/uU2SEkKDomjxpeE8EwTSPi1Ol+IQQgT97TaHbTtdplTjJUNNsJXzy/Togv
Bx8ubTE=
-----END CERTIFICATE-----