Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/TYr5QSIyjfEg2ftx2J_qdknQTT4.roa
File:                     TYr5QSIyjfEg2ftx2J_qdknQTT4.roa (raw, json)
Hash identifier:          Mm/3uZlRu5bO/XXDEhGlW8bSyvexS3aC6oaPswDsDHo=
Subject key identifier:   4D:8A:F9:41:22:32:8D:F1:20:D9:FB:71:D8:9F:EA:76:49:D0:4D:3E
Certificate issuer:       /CN=b557ccd43afe816e4953228bf14a75dc29014b8d
Certificate serial:       018D89498E30D31A0BCD33A643A1A890B8FD
Authority key identifier: B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/TYr5QSIyjfEg2ftx2J_qdknQTT4.roa
Signing time:             Thu 08 Feb 2024 15:15:15 +0000
ROA not before:           Thu 08 Feb 2024 15:15:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        45.141.204.0/23 maxlen: 23
                          45.148.51.0/24 maxlen: 24
                          45.148.66.0/23 maxlen: 23
                          45.149.90.0/23 maxlen: 23
                          45.152.56.0/23 maxlen: 23
                          195.88.190.0/23 maxlen: 24
                          195.88.210.0/23 maxlen: 24
                          2a0f:3b80::/32 maxlen: 32
                          2a0f:3b81::/32 maxlen: 32
                          2a0f:3b82::/32 maxlen: 32
                          2a0f:3b83::/32 maxlen: 32

Validation:               Failed, certificate revoked on Thu 21 Mar 2024 14:04:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:89:49:8e:30:d3:1a:0b:cd:33:a6:43:a1:a8:90:b8:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b557ccd43afe816e4953228bf14a75dc29014b8d
        Validity
            Not Before: Feb  8 15:15:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4d8af94122328df120d9fb71d89fea7649d04d3e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:5f:d9:60:5f:ae:6d:e2:38:a9:ac:68:17:a0:
                    88:ca:39:1b:d2:4d:b1:5c:81:fe:72:ae:04:db:bf:
                    3e:77:00:69:3a:dc:3d:67:0a:69:54:32:a9:40:56:
                    b0:29:f1:05:2b:4a:73:05:20:57:14:da:82:9d:c8:
                    2b:db:9c:32:e4:99:f8:b5:15:34:c2:4b:45:2f:2b:
                    56:7b:87:55:ea:ad:e7:9d:7a:1e:2c:89:94:30:db:
                    2c:91:df:1b:cb:31:04:86:8f:33:fc:39:c9:a1:c7:
                    fa:3f:59:0c:ec:44:ae:bb:ee:16:13:e8:f5:1b:af:
                    a4:af:51:ca:7a:a8:0d:0a:9f:ac:7b:53:b1:fc:62:
                    8d:fb:23:78:de:b8:b1:9e:e1:ac:a4:be:49:93:e3:
                    47:e1:b0:7e:41:71:93:74:6b:5e:0f:d3:5c:4d:bd:
                    99:60:f8:7f:ee:81:39:90:25:36:01:58:69:7a:4c:
                    39:63:04:13:fc:50:ed:3e:89:3a:7e:0e:84:48:77:
                    dd:fc:73:7f:b2:41:b9:5b:2e:f5:52:55:4a:bc:ca:
                    d5:76:ba:08:d5:54:a9:7e:f1:69:ab:15:c2:5a:e0:
                    c9:ba:10:98:9a:b8:61:93:78:04:c1:e9:98:de:48:
                    90:02:f9:39:89:58:1a:26:32:5b:99:64:41:b1:2b:
                    67:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:8A:F9:41:22:32:8D:F1:20:D9:FB:71:D8:9F:EA:76:49:D0:4D:3E
            X509v3 Authority Key Identifier:
                keyid:B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/TYr5QSIyjfEg2ftx2J_qdknQTT4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.204.0/23
                  45.148.51.0/24
                  45.148.66.0/23
                  45.149.90.0/23
                  45.152.56.0/23
                  195.88.190.0/23
                  195.88.210.0/23
                IPv6:
                  2a0f:3b80::/30

    Signature Algorithm: sha256WithRSAEncryption
         9b:b8:f8:ec:75:e3:e8:90:47:da:13:08:16:07:fa:7a:b8:a9:
         f4:39:bb:f6:ac:1c:86:86:7f:0d:ce:50:92:2e:08:a3:28:94:
         73:c1:8a:dc:66:ef:9a:7c:79:9e:9b:c6:1c:7b:0f:82:73:e2:
         50:b2:0b:60:4e:71:25:98:28:5b:4f:4b:c2:09:eb:5c:52:47:
         2e:2e:24:f4:61:e9:2f:74:3e:b1:e6:bc:ca:75:0e:cc:82:35:
         ec:57:8a:1a:5a:64:a5:38:79:d5:fa:29:f6:cb:d9:bd:b7:c6:
         c8:01:61:99:bf:33:36:7c:f5:28:72:64:c4:fe:72:06:00:23:
         7d:36:20:e4:0a:fc:5d:c0:77:ef:e2:3e:02:ff:33:c9:38:99:
         1b:b8:c5:2c:96:d9:ea:9e:41:e9:c4:b1:ec:88:2b:4a:ce:0f:
         81:16:f7:4f:d2:d0:70:c1:79:2e:4b:14:ca:c5:7d:28:2d:98:
         7f:a9:53:49:70:54:18:cd:b7:18:d2:26:31:4a:a5:e8:ed:99:
         92:6a:32:f3:e2:ae:74:8a:b9:56:c5:c6:34:3e:d7:78:db:25:
         d0:31:19:5d:20:b4:53:22:51:b8:b9:87:d5:a5:1e:f6:0e:17:
         83:8f:cb:44:05:b5:fc:41:d4:02:f7:e3:bc:aa:a1:b1:aa:35:
         ff:96:5a:be
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAY2JSY4w0xoLzTOmQ6GokLj9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTdjY2Q0M2FmZTgxNmU0OTUzMjI4YmYxNGE3NWRjMjkw
MTRiOGQwHhcNMjQwMjA4MTUxNTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDhhZjk0MTIyMzI4ZGYxMjBkOWZiNzFkODlmZWE3NjQ5ZDA0ZDNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo1/ZYF+ubeI4qaxoF6CIyjkb0k2x
XIH+cq4E278+dwBpOtw9ZwppVDKpQFawKfEFK0pzBSBXFNqCncgr25wy5Jn4tRU0
wktFLytWe4dV6q3nnXoeLImUMNsskd8byzEEho8z/DnJocf6P1kM7ESuu+4WE+j1
G6+kr1HKeqgNCp+se1Ox/GKN+yN43rixnuGspL5Jk+NH4bB+QXGTdGteD9NcTb2Z
YPh/7oE5kCU2AVhpekw5YwQT/FDtPok6fg6ESHfd/HN/skG5Wy71UlVKvMrVdroI
1VSpfvFpqxXCWuDJuhCYmrhhk3gEwemY3kiQAvk5iVgaJjJbmWRBsStntQIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFE2K+UEiMo3xINn7cdif6nZJ0E0+MB8GA1UdIwQY
MBaAFLVXzNQ6/oFuSVMii/FKddwpAUuNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUt
NmJjNzU1NzhiNGMzLzEvVFlyNVFTSXlqZkVnMmZ0eDJKX3Fka25RVFQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUtNmJjNzU1NzhiNGMz
LzEvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQBLY3MAwQA
LZQzAwQBLZRCAwQBLZVaAwQBLZg4AwQBw1i+AwQBw1jSMA0EAgACMAcDBQIqDzuA
MA0GCSqGSIb3DQEBCwUAA4IBAQCbuPjsdePokEfaEwgWB/p6uKn0Obv2rByGhn8N
zlCSLgijKJRzwYrcZu+afHmem8Ycew+Cc+JQsgtgTnElmChbT0vCCetcUkcuLiT0
YekvdD6x5rzKdQ7MgjXsV4oaWmSlOHnV+in2y9m9t8bIAWGZvzM2fPUocmTE/nIG
ACN9NiDkCvxdwHfv4j4C/zPJOJkbuMUsltnqnkHpxLHsiCtKzg+BFvdP0tBwwXku
SxTKxX0oLZh/qVNJcFQYzbcY0iYxSqXo7ZmSajLz4q50irlWxcY0Ptd42yXQMRld
ILRTIlG4uYfVpR72DheDj8tEBbX8QdQC9+O8qqGxqjX/llq+
-----END CERTIFICATE-----