Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/H2DkrRvnUdcz79zRvtGelzByTMc.roa
File:                     H2DkrRvnUdcz79zRvtGelzByTMc.roa (raw, json)
Hash identifier:          X/AH8Cy/743z2FZTF1jweSaiSWUoPnCn2/rrcGi0b3k=
Subject key identifier:   1F:60:E4:AD:1B:E7:51:D7:33:EF:DC:D1:BE:D1:9E:97:30:72:4C:C7
Certificate issuer:       /CN=b557ccd43afe816e4953228bf14a75dc29014b8d
Certificate serial:       0187283CDB50B99E28D3180837A722E20D20
Authority key identifier: B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/H2DkrRvnUdcz79zRvtGelzByTMc.roa
Signing time:             Tue 28 Mar 2023 12:41:29 +0000
ROA not before:           Tue 28 Mar 2023 12:41:29 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     212826
IP address blocks:        185.232.84.0/23 maxlen: 24
                          45.154.237.0/24 maxlen: 24
                          45.154.238.0/23 maxlen: 24
                          45.152.11.0/24 maxlen: 24
                          45.157.32.0/23 maxlen: 24
                          213.185.86.0/23 maxlen: 24
                          45.130.52.0/24 maxlen: 24
                          194.40.246.0/23 maxlen: 24
                          46.161.208.0/23 maxlen: 23
                          45.128.158.0/23 maxlen: 24

Validation:               Failed, certificate revoked on Thu 30 Mar 2023 14:04:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:28:3c:db:50:b9:9e:28:d3:18:08:37:a7:22:e2:0d:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b557ccd43afe816e4953228bf14a75dc29014b8d
        Validity
            Not Before: Mar 28 12:41:29 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1f60e4ad1be751d733efdcd1bed19e9730724cc7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:8c:a4:64:b4:eb:d0:94:b6:0a:84:f8:a8:56:
                    97:a7:77:97:82:8a:ea:45:56:8f:34:09:39:78:1d:
                    77:ff:a0:88:16:4f:ea:42:2f:bf:bd:bc:a7:49:f4:
                    05:e2:e0:47:37:b8:d9:68:bb:5b:1f:11:0c:08:cb:
                    41:01:bc:3e:5c:bf:67:3e:0f:06:87:c9:97:6c:a3:
                    fd:19:e0:98:09:25:e0:76:0c:07:63:eb:0c:2c:27:
                    1a:7a:9f:c4:38:24:7e:d2:db:9d:16:31:cc:6d:9f:
                    fe:97:b9:45:21:af:d0:ce:da:bf:2e:08:b7:84:6b:
                    58:31:2a:44:c8:ba:b8:51:75:52:71:bf:3a:52:52:
                    4a:f6:eb:de:b3:60:76:00:4a:1e:80:13:8f:ed:a1:
                    9c:ac:01:96:f9:14:cc:65:6e:4a:55:ff:f4:ce:ee:
                    c1:52:3b:5c:5a:1d:c4:be:7e:aa:8c:b4:c2:d8:e8:
                    0a:6b:df:68:f9:6b:88:2b:e8:d8:c3:de:38:bb:e1:
                    38:71:f0:8f:45:dd:fa:bc:93:25:bf:76:50:de:58:
                    ba:6d:e4:b3:41:0e:af:69:45:67:0c:fa:03:90:81:
                    d3:a6:c4:f8:57:46:1b:df:7f:7c:8c:c9:2c:f0:a3:
                    3a:f3:94:a3:42:12:45:1d:67:97:46:19:67:55:bd:
                    13:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:60:E4:AD:1B:E7:51:D7:33:EF:DC:D1:BE:D1:9E:97:30:72:4C:C7
            X509v3 Authority Key Identifier:
                keyid:B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/H2DkrRvnUdcz79zRvtGelzByTMc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.158.0/23
                  45.130.52.0/24
                  45.152.11.0/24
                  45.154.237.0-45.154.239.255
                  45.157.32.0/23
                  46.161.208.0/23
                  185.232.84.0/23
                  194.40.246.0/23
                  213.185.86.0/23

    Signature Algorithm: sha256WithRSAEncryption
         aa:6f:ba:b5:1c:20:61:c5:9f:1e:9a:aa:e0:80:dc:c6:d2:99:
         4f:62:2e:a9:42:72:5c:e3:73:4f:52:b1:f9:54:3e:f3:af:05:
         12:2e:51:d1:1c:dd:bb:10:6e:cf:ee:a5:c7:69:5a:b7:eb:d4:
         80:b8:35:4e:4e:85:05:30:70:5c:cc:7b:12:71:2f:b6:99:0f:
         e9:97:35:d7:f3:39:7c:b2:40:c3:37:cd:71:8e:f6:06:92:2f:
         8e:60:e7:d3:e7:f2:ce:42:37:ab:8d:52:2a:8a:3d:8d:ae:0e:
         ac:0a:fa:71:fc:a2:9c:80:bd:36:64:43:25:97:a8:dc:19:73:
         f1:36:cd:98:8f:97:22:e8:ca:0c:e6:dd:97:40:e3:4b:e2:30:
         f6:bf:a8:c0:01:2d:c5:b5:21:44:84:ca:36:74:94:04:cf:15:
         81:61:1c:63:fe:de:f2:bd:b2:85:b2:57:f1:9c:98:ac:8e:c2:
         4b:c6:90:1e:d3:a5:d4:07:d0:1f:20:41:b7:7c:b2:a5:06:dd:
         b6:a4:65:12:a2:82:8f:b0:0f:05:7d:6b:76:da:34:f1:ce:f9:
         b9:8e:6d:fd:79:8a:41:1a:84:fd:22:8c:f8:72:6b:d6:1c:74:
         63:90:b1:91:f4:84:21:72:14:39:36:bb:a7:2a:a2:aa:aa:16:
         52:75:39:12
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYcoPNtQuZ4o0xgIN6ci4g0gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTdjY2Q0M2FmZTgxNmU0OTUzMjI4YmYxNGE3NWRjMjkw
MTRiOGQwHhcNMjMwMzI4MTI0MTI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjYwZTRhZDFiZTc1MWQ3MzNlZmRjZDFiZWQxOWU5NzMwNzI0Y2M3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhoykZLTr0JS2CoT4qFaXp3eXgorq
RVaPNAk5eB13/6CIFk/qQi+/vbynSfQF4uBHN7jZaLtbHxEMCMtBAbw+XL9nPg8G
h8mXbKP9GeCYCSXgdgwHY+sMLCcaep/EOCR+0tudFjHMbZ/+l7lFIa/Qztq/Lgi3
hGtYMSpEyLq4UXVScb86UlJK9uves2B2AEoegBOP7aGcrAGW+RTMZW5KVf/0zu7B
UjtcWh3Evn6qjLTC2OgKa99o+WuIK+jYw944u+E4cfCPRd36vJMlv3ZQ3li6beSz
QQ6vaUVnDPoDkIHTpsT4V0Yb3398jMks8KM685SjQhJFHWeXRhlnVb0TPwIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFB9g5K0b51HXM+/c0b7RnpcwckzHMB8GA1UdIwQY
MBaAFLVXzNQ6/oFuSVMii/FKddwpAUuNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUt
NmJjNzU1NzhiNGMzLzEvSDJEa3JSdm5VZGN6Nzl6UnZ0R2VsekJ5VE1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUtNmJjNzU1NzhiNGMz
LzEvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQBLYCeAwQA
LYI0AwQALZgLMAwDBAAtmu0DBAQtmuADBAEtnSADBAEuodADBAG56FQDBAHCKPYD
BAHVuVYwDQYJKoZIhvcNAQELBQADggEBAKpvurUcIGHFnx6aquCA3MbSmU9iLqlC
clzjc09SsflUPvOvBRIuUdEc3bsQbs/upcdpWrfr1IC4NU5OhQUwcFzMexJxL7aZ
D+mXNdfzOXyyQMM3zXGO9gaSL45g59Pn8s5CN6uNUiqKPY2uDqwK+nH8opyAvTZk
QyWXqNwZc/E2zZiPlyLoygzm3ZdA40viMPa/qMABLcW1IUSEyjZ0lATPFYFhHGP+
3vK9soWyV/GcmKyOwkvGkB7TpdQH0B8gQbd8sqUG3bakZRKigo+wDwV9a3baNPHO
+bmObf15ikEahP0ijPhya9YcdGOQsZH0hCFyFDk2u6cqoqqqFlJ1ORI=
-----END CERTIFICATE-----