Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/767ae5-b9a2-4993-81a8-05f18fc212a7/1/RSNhbsEW_y7fovWHUIPsxemZkNA.roa
File:                     RSNhbsEW_y7fovWHUIPsxemZkNA.roa (raw, json)
Hash identifier:          1sdQVcdbMy7u0caL/pnp5Q0nT5WVi5NNiXU3wVsGqQk=
Subject key identifier:   45:23:61:6E:C1:16:FF:2E:DF:A2:F5:87:50:83:EC:C5:E9:99:90:D0
Certificate issuer:       /CN=86cb742a03bc9c85507217a25204dfff82fccdf9
Certificate serial:       0188E76BB96AFB4B94518ED8F144600F634F
Authority key identifier: 86:CB:74:2A:03:BC:9C:85:50:72:17:A2:52:04:DF:FF:82:FC:CD:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hst0KgO8nIVQcheiUgTf_4L8zfk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/767ae5-b9a2-4993-81a8-05f18fc212a7/1/RSNhbsEW_y7fovWHUIPsxemZkNA.roa
Signing time:             Fri 23 Jun 2023 08:42:56 +0000
ROA not before:           Fri 23 Jun 2023 08:42:56 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     44493
IP address blocks:        31.192.233.0/24 maxlen: 24
                          31.192.232.0/24 maxlen: 24
                          31.192.238.0/24 maxlen: 24
                          31.192.237.0/24 maxlen: 24
                          31.192.236.0/24 maxlen: 24
                          31.192.235.0/24 maxlen: 24
                          31.192.234.0/24 maxlen: 24
                          31.192.239.0/24 maxlen: 24
                          2a0a:eec0:6::/48 maxlen: 48
                          2a0a:eec0:1::/48 maxlen: 48
                          2a0a:eec0:5::/48 maxlen: 48
                          2a0a:eec0:3::/48 maxlen: 48
                          2a0a:eec0:4::/48 maxlen: 48
                          2a0a:eec0:7::/48 maxlen: 48
                          2a0a:eec0:2::/48 maxlen: 48

Validation:               Failed, certificate revoked on Fri 23 Jun 2023 14:33:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:e7:6b:b9:6a:fb:4b:94:51:8e:d8:f1:44:60:0f:63:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cb742a03bc9c85507217a25204dfff82fccdf9
        Validity
            Not Before: Jun 23 08:42:56 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4523616ec116ff2edfa2f5875083ecc5e99990d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:cc:b5:d7:c3:5d:1e:e9:7e:9f:7b:cf:54:b3:
                    2c:0b:86:df:eb:61:9f:ed:03:6e:df:6e:96:fb:c9:
                    91:40:c1:f6:b6:c8:57:2b:ff:26:34:2d:87:f0:f7:
                    62:e9:66:40:3e:45:db:53:f3:b6:6d:78:13:4f:a8:
                    7d:e0:18:53:04:fb:e4:1c:ce:95:7f:e5:d8:c4:83:
                    bf:c9:b8:b0:2d:a5:89:7b:01:0c:76:88:b6:e2:bd:
                    e0:94:55:ca:2e:8c:47:f7:1e:82:d2:73:b8:56:03:
                    78:ec:d8:59:ad:cf:67:b2:c2:6d:f2:c9:4b:cb:93:
                    80:7a:1b:f5:0f:4f:64:cc:eb:da:d8:6b:a4:07:92:
                    67:6b:a8:b5:c5:a1:a6:13:9e:7f:ce:01:71:3a:00:
                    1d:22:dc:b9:f2:fc:07:4b:0f:0a:90:c8:44:89:65:
                    f5:53:6d:de:24:24:69:22:90:33:49:f4:ea:0b:c5:
                    26:cd:39:6f:3e:21:5d:3d:a1:b3:02:ed:55:dd:4c:
                    c6:c4:bd:cc:bb:0e:de:71:b0:d0:a4:57:56:0d:4e:
                    d3:96:98:c5:70:2a:eb:f7:2c:8c:4f:7b:6c:71:b1:
                    2a:8e:1f:24:4e:03:47:3d:97:e2:0e:bd:26:b5:c0:
                    ce:b5:e2:59:e5:7f:dd:d3:27:47:54:30:f5:46:f1:
                    42:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:23:61:6E:C1:16:FF:2E:DF:A2:F5:87:50:83:EC:C5:E9:99:90:D0
            X509v3 Authority Key Identifier:
                keyid:86:CB:74:2A:03:BC:9C:85:50:72:17:A2:52:04:DF:FF:82:FC:CD:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hst0KgO8nIVQcheiUgTf_4L8zfk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/767ae5-b9a2-4993-81a8-05f18fc212a7/1/RSNhbsEW_y7fovWHUIPsxemZkNA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/767ae5-b9a2-4993-81a8-05f18fc212a7/1/hst0KgO8nIVQcheiUgTf_4L8zfk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.192.232.0/21
                IPv6:
                  2a0a:eec0:1::-2a0a:eec0:7:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         a5:41:9d:a8:2a:92:20:5a:12:5c:85:5f:41:57:d2:15:cf:78:
         fd:ce:6b:f1:cb:eb:22:42:7d:78:99:72:fa:21:3a:3f:73:78:
         a5:49:16:a4:a5:15:fa:cf:4f:94:36:60:fb:b8:b1:7e:3d:ac:
         68:e4:0b:6a:e6:5d:67:30:7c:ed:0a:52:ca:56:78:e6:d5:e5:
         f9:06:d5:7c:55:78:1e:4b:41:fa:20:71:c0:01:40:b4:01:bf:
         ee:a9:94:f3:1c:db:26:e0:0f:d5:36:4e:79:03:ed:08:59:1f:
         4d:78:49:b1:fb:a6:83:d5:8b:dd:32:02:f0:c1:f5:06:28:c4:
         81:57:86:4f:1d:e4:8f:e7:62:d1:db:28:20:87:7b:0c:fc:6c:
         6e:ba:7e:bf:ed:88:f0:e3:22:af:55:8f:ba:6a:7d:22:ba:73:
         eb:f6:d7:81:9a:07:81:5f:c3:22:54:65:a9:82:30:8d:00:29:
         2b:74:b1:08:63:32:56:e5:55:ff:31:d7:24:6a:ed:e4:58:9e:
         9e:a0:cb:4f:9c:e7:78:f2:d8:f0:66:8e:2f:04:da:44:fe:41:
         24:1d:f3:9d:42:0a:e8:e0:d1:f0:3b:d2:d0:16:cb:b3:67:52:
         65:4e:9d:77:e9:1e:50:75:2a:11:8a:22:f3:c6:08:77:61:ec:
         7e:92:a4:09
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAYjna7lq+0uUUY7Y8URgD2NPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2I3NDJhMDNiYzljODU1MDcyMTdhMjUyMDRkZmZmODJm
Y2NkZjkwHhcNMjMwNjIzMDg0MjU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTIzNjE2ZWMxMTZmZjJlZGZhMmY1ODc1MDgzZWNjNWU5OTk5MGQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAscy118NdHul+n3vPVLMsC4bf62Gf
7QNu326W+8mRQMH2tshXK/8mNC2H8Pdi6WZAPkXbU/O2bXgTT6h94BhTBPvkHM6V
f+XYxIO/ybiwLaWJewEMdoi24r3glFXKLoxH9x6C0nO4VgN47NhZrc9nssJt8slL
y5OAehv1D09kzOva2GukB5Jna6i1xaGmE55/zgFxOgAdIty58vwHSw8KkMhEiWX1
U23eJCRpIpAzSfTqC8UmzTlvPiFdPaGzAu1V3UzGxL3Muw7ecbDQpFdWDU7TlpjF
cCrr9yyMT3tscbEqjh8kTgNHPZfiDr0mtcDOteJZ5X/d0ydHVDD1RvFChwIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFEUjYW7BFv8u36L1h1CD7MXpmZDQMB8GA1UdIwQY
MBaAFIbLdCoDvJyFUHIXolIE3/+C/M35MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN0MEtnTzhuSVZRY2hlaVVnVGZfNEw4emZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS83NjdhZTUtYjlhMi00OTkzLTgxYTgt
MDVmMThmYzIxMmE3LzEvUlNOaGJzRVdfeTdmb3ZXSFVJUHN4ZW1aa05BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS83NjdhZTUtYjlhMi00OTkzLTgxYTgtMDVmMThmYzIxMmE3
LzEvaHN0MEtnTzhuSVZRY2hlaVVnVGZfNEw4emZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAMBAIAATAGAwQDH8DoMBoE
AgACMBQwEgMHACoK7sAAAQMHAyoK7sAAADANBgkqhkiG9w0BAQsFAAOCAQEApUGd
qCqSIFoSXIVfQVfSFc94/c5r8cvrIkJ9eJly+iE6P3N4pUkWpKUV+s9PlDZg+7ix
fj2saOQLauZdZzB87QpSylZ45tXl+QbVfFV4HktB+iBxwAFAtAG/7qmU8xzbJuAP
1TZOeQPtCFkfTXhJsfumg9WL3TIC8MH1BijEgVeGTx3kj+di0dsoIId7DPxsbrp+
v+2I8OMir1WPump9Irpz6/bXgZoHgV/DIlRlqYIwjQApK3SxCGMyVuVV/zHXJGrt
5FienqDLT5znePLY8GaOLwTaRP5BJB3znUIK6ODR8DvS0BbLs2dSZU6dd+keUHUq
EYoi88YId2HsfpKkCQ==
-----END CERTIFICATE-----