Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/ba9674-e571-4e35-ab20-e5d507a826bf/1/akliKDfdBbh1UIc5RJpavQUnqVk.roa
File:                     akliKDfdBbh1UIc5RJpavQUnqVk.roa (raw, json)
Hash identifier:          Qdz1lVHnGCeHkeQsuag+bj8U+7kPKuS1ip7oLOZyAhI=
Subject key identifier:   6A:49:62:28:37:DD:05:B8:75:50:87:39:44:9A:5A:BD:05:27:A9:59
Certificate issuer:       /CN=99a2c2ecf58c44b35a0da2957ff4dca2e60b686a
Certificate serial:       0185700B9A513FC4DD24BEE97FB3D0DA6244
Authority key identifier: 99:A2:C2:EC:F5:8C:44:B3:5A:0D:A2:95:7F:F4:DC:A2:E6:0B:68:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/maLC7PWMRLNaDaKVf_TcouYLaGo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/ba9674-e571-4e35-ab20-e5d507a826bf/1/akliKDfdBbh1UIc5RJpavQUnqVk.roa
Signing time:             Mon 02 Jan 2023 01:14:46 +0000
ROA not before:           Mon 02 Jan 2023 01:14:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     28836
IP address blocks:        194.213.114.0/24 maxlen: 24
                          194.213.114.0/23 maxlen: 23
                          194.213.115.0/24 maxlen: 24
                          185.194.84.0/22 maxlen: 22
                          185.194.84.0/24 maxlen: 24
                          185.194.84.0/23 maxlen: 23
                          185.194.85.0/24 maxlen: 24
                          185.194.86.0/23 maxlen: 23
                          91.230.171.0/24 maxlen: 24
                          91.230.170.0/23 maxlen: 23
                          91.230.170.0/24 maxlen: 24
                          91.230.176.0/22 maxlen: 22
                          91.230.176.0/23 maxlen: 23
                          91.230.176.0/24 maxlen: 24
                          91.230.177.0/24 maxlen: 24
                          91.230.178.0/24 maxlen: 24
                          91.230.178.0/23 maxlen: 23

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 08:30:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:0b:9a:51:3f:c4:dd:24:be:e9:7f:b3:d0:da:62:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=99a2c2ecf58c44b35a0da2957ff4dca2e60b686a
        Validity
            Not Before: Jan  2 01:14:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6a49622837dd05b875508739449a5abd0527a959
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:a2:ee:00:0e:92:b3:03:43:78:90:87:4c:19:
                    43:04:97:d0:7f:a9:5e:c9:62:99:e9:5d:40:dd:04:
                    90:f3:ad:28:30:08:f3:9c:fd:64:ea:61:b9:6a:77:
                    52:ca:cf:16:b9:70:d4:7d:99:c2:7c:f0:be:fc:7f:
                    03:eb:88:65:99:6a:76:fa:cf:44:b8:12:fe:fc:cb:
                    c0:73:33:22:47:92:ca:d9:be:72:ec:95:f9:bb:25:
                    35:43:35:2b:3f:49:47:bf:2f:3f:b8:e7:d0:28:fd:
                    97:bc:80:0c:b5:97:2f:7f:ea:3b:a3:37:59:82:b7:
                    1b:93:52:ce:76:e9:cd:ed:c5:2a:c6:93:15:9c:c5:
                    9a:fe:fd:59:9b:08:fb:fa:2e:d0:28:8c:58:4c:a2:
                    ac:2e:0e:92:c7:f4:51:d9:63:52:79:e3:f7:eb:bf:
                    af:ee:bf:43:dc:da:1d:70:32:a6:8e:3f:36:5e:d6:
                    de:13:d5:f5:d9:2b:c6:81:49:36:50:a1:8f:68:c2:
                    26:85:2e:62:98:60:9f:8a:31:ef:1e:31:2d:c8:52:
                    2f:27:e0:fe:d2:e9:5b:f9:34:7b:6f:5c:8d:a6:9a:
                    28:b5:a7:93:7a:b6:ec:05:45:11:3f:59:66:76:74:
                    3e:45:15:ab:ea:3c:d5:30:45:fc:85:f3:59:a7:32:
                    37:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:49:62:28:37:DD:05:B8:75:50:87:39:44:9A:5A:BD:05:27:A9:59
            X509v3 Authority Key Identifier:
                keyid:99:A2:C2:EC:F5:8C:44:B3:5A:0D:A2:95:7F:F4:DC:A2:E6:0B:68:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/maLC7PWMRLNaDaKVf_TcouYLaGo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/ba9674-e571-4e35-ab20-e5d507a826bf/1/akliKDfdBbh1UIc5RJpavQUnqVk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/ba9674-e571-4e35-ab20-e5d507a826bf/1/maLC7PWMRLNaDaKVf_TcouYLaGo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.230.170.0/23
                  91.230.176.0/22
                  185.194.84.0/22
                  194.213.114.0/23

    Signature Algorithm: sha256WithRSAEncryption
         00:24:38:79:07:54:64:e6:85:6c:6e:52:d2:28:91:0b:29:07:
         69:93:b2:c1:52:f7:29:f5:ef:03:c1:84:0b:43:83:36:c6:a3:
         4b:2e:97:1a:92:fc:52:77:98:dc:fd:b7:6e:cf:cd:b3:76:6a:
         47:d2:36:39:f1:d5:4e:3a:76:3c:9d:d4:be:02:58:d6:fe:e1:
         0f:be:f8:8f:49:58:2c:f7:a0:f9:4e:f3:80:36:12:55:a0:a6:
         12:f4:a5:c7:f6:05:70:62:3c:7b:c0:25:16:bb:36:a6:6a:11:
         ba:de:cf:44:b8:d5:01:43:4b:63:70:c3:13:26:1d:a9:07:8a:
         78:5c:99:f1:a8:02:d1:1b:db:98:62:dc:c5:ed:71:05:f9:4e:
         98:d7:96:86:84:2a:b3:3e:1f:eb:40:36:7b:67:f4:16:44:d8:
         b1:5e:a5:c3:fa:22:06:96:57:10:9a:dd:1f:dc:44:b1:84:99:
         da:49:b7:f1:08:c5:f8:91:ad:66:12:a7:3d:a0:b3:19:a5:4f:
         0d:7b:9e:38:c3:f6:24:f9:5b:b6:87:da:88:85:31:0e:20:56:
         f3:a7:b3:ad:d9:2d:96:20:63:5c:32:77:9c:92:68:0a:00:5f:
         8c:47:1d:65:01:bc:56:47:21:79:ab:22:5f:0d:c9:6b:fd:25:
         09:ef:51:d6
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYVwC5pRP8TdJL7pf7PQ2mJEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5YTJjMmVjZjU4YzQ0YjM1YTBkYTI5NTdmZjRkY2EyZTYw
YjY4NmEwHhcNMjMwMTAyMDExNDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTQ5NjIyODM3ZGQwNWI4NzU1MDg3Mzk0NDlhNWFiZDA1MjdhOTU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtaLuAA6SswNDeJCHTBlDBJfQf6le
yWKZ6V1A3QSQ860oMAjznP1k6mG5andSys8WuXDUfZnCfPC+/H8D64hlmWp2+s9E
uBL+/MvAczMiR5LK2b5y7JX5uyU1QzUrP0lHvy8/uOfQKP2XvIAMtZcvf+o7ozdZ
grcbk1LOdunN7cUqxpMVnMWa/v1Zmwj7+i7QKIxYTKKsLg6Sx/RR2WNSeeP367+v
7r9D3NodcDKmjj82XtbeE9X12SvGgUk2UKGPaMImhS5imGCfijHvHjEtyFIvJ+D+
0ulb+TR7b1yNppootaeTerbsBUURP1lmdnQ+RRWr6jzVMEX8hfNZpzI3AwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFGpJYig33QW4dVCHOUSaWr0FJ6lZMB8GA1UdIwQY
MBaAFJmiwuz1jESzWg2ilX/03KLmC2hqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWFMQzdQV01STE5hRGFLVmZfVGNvdVlMYUdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi9iYTk2NzQtZTU3MS00ZTM1LWFiMjAt
ZTVkNTA3YTgyNmJmLzEvYWtsaUtEZmRCYmgxVUljNVJKcGF2UVVucVZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi9iYTk2NzQtZTU3MS00ZTM1LWFiMjAtZTVkNTA3YTgyNmJm
LzEvbWFMQzdQV01STE5hRGFLVmZfVGNvdVlMYUdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQBW+aqAwQC
W+awAwQCucJUAwQBwtVyMA0GCSqGSIb3DQEBCwUAA4IBAQAAJDh5B1Rk5oVsblLS
KJELKQdpk7LBUvcp9e8DwYQLQ4M2xqNLLpcakvxSd5jc/bduz82zdmpH0jY58dVO
OnY8ndS+AljW/uEPvviPSVgs96D5TvOANhJVoKYS9KXH9gVwYjx7wCUWuzamahG6
3s9EuNUBQ0tjcMMTJh2pB4p4XJnxqALRG9uYYtzF7XEF+U6Y15aGhCqzPh/rQDZ7
Z/QWRNixXqXD+iIGllcQmt0f3ESxhJnaSbfxCMX4ka1mEqc9oLMZpU8Ne544w/Yk
+Vu2h9qIhTEOIFbzp7Ot2S2WIGNcMneckmgKAF+MRx1lAbxWRyF5qyJfDclr/SUJ
71HW
-----END CERTIFICATE-----