Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/20IeeRtqXaQFbapfw3cKLqQ1mek.roa
File:                     20IeeRtqXaQFbapfw3cKLqQ1mek.roa (raw, json)
Hash identifier:          M5Sqy/ecASve8XrMfjvv4G51BB0wCb573biylAMwRH0=
Subject key identifier:   DB:42:1E:79:1B:6A:5D:A4:05:6D:AA:5F:C3:77:0A:2E:A4:35:99:E9
Certificate issuer:       /CN=b557ccd43afe816e4953228bf14a75dc29014b8d
Certificate serial:       01859C93A19D65E57ACD294ECED618C1BEB8
Authority key identifier: B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/20IeeRtqXaQFbapfw3cKLqQ1mek.roa
Signing time:             Tue 10 Jan 2023 16:46:38 +0000
ROA not before:           Tue 10 Jan 2023 16:46:38 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     174
IP address blocks:        45.149.90.0/23 maxlen: 23
                          45.149.88.0/23 maxlen: 23
                          45.141.206.0/23 maxlen: 23
                          45.141.204.0/23 maxlen: 23
                          195.88.190.0/23 maxlen: 24
                          195.88.210.0/23 maxlen: 24
                          45.148.64.0/23 maxlen: 23
                          45.148.66.0/23 maxlen: 23
                          45.152.58.0/23 maxlen: 23
                          45.152.56.0/23 maxlen: 24
                          45.148.51.0/24 maxlen: 24
                          45.152.8.0/23 maxlen: 23
                          45.152.36.0/23 maxlen: 23

Validation:               Failed, certificate revoked on Wed 11 Jan 2023 10:59:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:9c:93:a1:9d:65:e5:7a:cd:29:4e:ce:d6:18:c1:be:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b557ccd43afe816e4953228bf14a75dc29014b8d
        Validity
            Not Before: Jan 10 16:46:38 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=db421e791b6a5da4056daa5fc3770a2ea43599e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:8a:84:c9:70:89:42:06:d7:72:df:2e:83:59:
                    57:cc:38:ae:04:89:da:01:08:82:83:db:33:28:eb:
                    11:ab:45:c5:68:c6:ab:ad:b9:ed:22:9d:be:f7:41:
                    3f:05:69:44:96:62:72:87:18:c4:2f:35:e6:79:05:
                    4a:b4:8b:14:1c:29:d4:02:b7:34:d1:75:c2:f9:8b:
                    a5:2e:9f:e0:a4:65:05:dd:1e:81:ea:bc:4e:af:5f:
                    3c:23:b7:b8:82:d5:77:0a:56:df:97:81:94:24:50:
                    22:8e:03:30:7b:33:60:cd:0f:b7:01:0c:e8:b5:19:
                    99:eb:44:6e:b1:fb:c9:a0:f9:b3:8f:2d:8f:14:24:
                    b3:97:bd:64:00:14:c4:b1:6e:4d:8b:9a:2b:62:43:
                    7b:4c:97:5b:b3:59:12:11:b6:82:ba:74:d4:02:af:
                    f1:a9:1a:67:5c:19:aa:db:e8:0e:3b:3e:12:c9:cb:
                    3d:d3:1b:0c:88:3e:5e:8e:bb:8f:7c:4a:97:6b:ca:
                    3e:ad:7d:ee:3a:99:d9:90:07:b7:36:ea:d6:8f:ec:
                    6d:f1:87:d0:c5:8f:41:52:40:19:87:31:68:b4:8d:
                    3f:38:16:6e:92:df:03:55:ad:78:81:6b:e9:03:21:
                    2c:9e:6e:a0:3c:2e:e9:3b:1f:89:ad:37:a3:2a:b2:
                    72:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:42:1E:79:1B:6A:5D:A4:05:6D:AA:5F:C3:77:0A:2E:A4:35:99:E9
            X509v3 Authority Key Identifier:
                keyid:B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/20IeeRtqXaQFbapfw3cKLqQ1mek.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.204.0/22
                  45.148.51.0/24
                  45.148.64.0/22
                  45.149.88.0/22
                  45.152.8.0/23
                  45.152.36.0/23
                  45.152.56.0/22
                  195.88.190.0/23
                  195.88.210.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5c:25:62:a1:2a:b6:27:f6:09:c4:ac:f9:d5:a4:47:5d:b4:67:
         d5:36:73:5e:a6:28:58:d9:09:68:02:11:71:67:8d:39:c9:a5:
         36:b9:82:80:0d:50:1e:de:de:e3:59:d9:c4:f7:64:fe:12:76:
         7f:85:54:75:61:26:24:e9:f0:f0:15:07:e1:ad:9c:cd:be:d8:
         3a:31:ac:50:d3:61:e5:b5:c9:f3:35:d1:85:4b:0a:f4:d3:7b:
         59:22:72:da:d9:cb:ba:b8:5d:b1:a3:01:36:d5:e5:f8:de:f2:
         3d:31:f1:9e:3f:b7:11:18:96:fd:fb:ef:b3:30:b0:fd:58:04:
         33:03:61:85:04:2a:cc:25:8a:de:ad:ec:93:84:8a:a9:45:14:
         82:4f:5a:d3:b6:28:80:fc:e4:54:30:b0:f0:2e:64:f8:df:11:
         0c:7f:a9:2b:cc:9a:37:cb:3d:98:3d:c8:85:5a:6e:ba:4d:33:
         2a:b2:f4:3b:e5:07:f4:5c:7e:cb:4b:e3:5b:af:48:ec:8d:4d:
         86:64:e3:80:da:4b:a6:b8:b0:11:b5:31:42:54:f8:43:d8:76:
         2c:2d:1e:f9:bd:2e:6a:3e:f6:e7:9c:ff:3d:77:b7:a1:38:28:
         e6:b9:93:9b:30:08:c5:b0:98:54:b4:01:d8:f5:1d:bf:ea:a5:
         b4:a3:2d:38
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYWck6GdZeV6zSlOztYYwb64MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTdjY2Q0M2FmZTgxNmU0OTUzMjI4YmYxNGE3NWRjMjkw
MTRiOGQwHhcNMjMwMTEwMTY0NjM4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjQyMWU3OTFiNmE1ZGE0MDU2ZGFhNWZjMzc3MGEyZWE0MzU5OWU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkoqEyXCJQgbXct8ug1lXzDiuBIna
AQiCg9szKOsRq0XFaMarrbntIp2+90E/BWlElmJyhxjELzXmeQVKtIsUHCnUArc0
0XXC+YulLp/gpGUF3R6B6rxOr188I7e4gtV3Clbfl4GUJFAijgMwezNgzQ+3AQzo
tRmZ60RusfvJoPmzjy2PFCSzl71kABTEsW5Ni5orYkN7TJdbs1kSEbaCunTUAq/x
qRpnXBmq2+gOOz4Sycs90xsMiD5ejruPfEqXa8o+rX3uOpnZkAe3NurWj+xt8YfQ
xY9BUkAZhzFotI0/OBZukt8DVa14gWvpAyEsnm6gPC7pOx+JrTejKrJykQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFNtCHnkbal2kBW2qX8N3Ci6kNZnpMB8GA1UdIwQY
MBaAFLVXzNQ6/oFuSVMii/FKddwpAUuNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUt
NmJjNzU1NzhiNGMzLzEvMjBJZWVSdHFYYVFGYmFwZnczY0tMcVExbWVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUtNmJjNzU1NzhiNGMz
LzEvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQCLY3MAwQA
LZQzAwQCLZRAAwQCLZVYAwQBLZgIAwQBLZgkAwQCLZg4AwQBw1i+AwQBw1jSMA0G
CSqGSIb3DQEBCwUAA4IBAQBcJWKhKrYn9gnErPnVpEddtGfVNnNepihY2QloAhFx
Z405yaU2uYKADVAe3t7jWdnE92T+EnZ/hVR1YSYk6fDwFQfhrZzNvtg6MaxQ02Hl
tcnzNdGFSwr003tZInLa2cu6uF2xowE21eX43vI9MfGeP7cRGJb9+++zMLD9WAQz
A2GFBCrMJYrereyThIqpRRSCT1rTtiiA/ORUMLDwLmT43xEMf6krzJo3yz2YPciF
Wm66TTMqsvQ75Qf0XH7LS+Nbr0jsjU2GZOOA2kumuLARtTFCVPhD2HYsLR75vS5q
PvbnnP89d7ehOCjmuZObMAjFsJhUtAHY9R2/6qW0oy04
-----END CERTIFICATE-----