Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/Sdxu3y-FvmSr2r-YmwKVOk-Sukw.roa
File:                     Sdxu3y-FvmSr2r-YmwKVOk-Sukw.roa (raw, json)
Hash identifier:          J6J6UQFDDCEguTZGT98dMDKh075kMapCvUS3olyowCI=
Subject key identifier:   49:DC:6E:DF:2F:85:BE:64:AB:DA:BF:98:9B:02:95:3A:4F:92:BA:4C
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       018D687C59C485DE6EFF01358DE1E9C6C986
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/Sdxu3y-FvmSr2r-YmwKVOk-Sukw.roa
Signing time:             Fri 02 Feb 2024 06:23:16 +0000
ROA not before:           Fri 02 Feb 2024 06:23:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203446
IP address blocks:        2.56.246.0/24 maxlen: 24
                          45.13.226.0/24 maxlen: 24
                          45.67.139.0/24 maxlen: 24
                          45.90.96.0/24 maxlen: 24
                          45.90.97.0/24 maxlen: 24
                          45.131.65.0/24 maxlen: 24
                          45.134.39.0/24 maxlen: 24
                          45.137.70.0/24 maxlen: 24
                          45.145.226.0/24 maxlen: 24
                          185.117.0.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 28 Feb 2024 13:04:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:68:7c:59:c4:85:de:6e:ff:01:35:8d:e1:e9:c6:c9:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Feb  2 06:23:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=49dc6edf2f85be64abdabf989b02953a4f92ba4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:51:1e:d8:6b:8b:1e:3b:e1:54:ed:3c:76:22:
                    b9:94:bd:1f:1e:ed:69:73:a8:55:a2:a0:48:38:69:
                    3a:86:df:c8:aa:35:af:6b:e0:ae:b2:b8:75:83:67:
                    6c:44:71:d2:ff:9b:0b:42:f8:b8:43:dc:bd:c3:7c:
                    0d:27:f4:60:c6:b6:45:3c:eb:10:ee:53:f0:28:8b:
                    b1:4c:38:36:18:fc:5b:e2:ed:94:9b:a1:bf:72:f8:
                    6c:30:e6:85:39:19:05:a0:ef:0e:95:49:f5:c6:65:
                    89:80:4e:f9:13:bd:35:ee:68:0a:e2:2a:ff:5e:d5:
                    19:8e:67:86:eb:84:d9:37:b5:91:31:6a:54:06:26:
                    08:94:b5:d8:84:53:a5:66:77:76:fa:b7:3e:f4:0d:
                    93:70:66:78:1c:4c:0d:07:08:82:73:b0:48:73:2d:
                    cc:3e:29:6c:05:91:cf:5b:da:f2:ef:3d:15:ea:47:
                    7f:2d:ee:7d:d8:8e:ad:40:cd:57:44:03:94:c1:ce:
                    33:7c:fb:ca:bb:a1:a9:82:62:5c:30:ea:16:44:6a:
                    8a:09:92:5e:43:84:a3:d9:67:b9:b3:28:73:28:3e:
                    cf:1c:fe:73:4b:7c:80:e5:66:f5:87:72:dd:c9:2a:
                    f2:89:b6:e7:3c:2f:89:f0:96:89:a6:7c:2e:80:0c:
                    49:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:DC:6E:DF:2F:85:BE:64:AB:DA:BF:98:9B:02:95:3A:4F:92:BA:4C
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/Sdxu3y-FvmSr2r-YmwKVOk-Sukw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.246.0/24
                  45.13.226.0/24
                  45.67.139.0/24
                  45.90.96.0/23
                  45.131.65.0/24
                  45.134.39.0/24
                  45.137.70.0/24
                  45.145.226.0/24
                  185.117.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:54:ec:2d:43:fb:4e:81:47:f4:e1:79:ad:93:67:3e:0c:dc:
         3f:4b:dc:63:e0:49:de:02:5d:81:5b:5f:b0:d8:91:e9:dd:0d:
         35:a0:ed:5d:5f:51:fd:be:46:8a:49:2a:19:44:66:bc:ff:65:
         f3:47:ff:8a:59:a7:00:b7:16:12:ba:f3:2b:c9:26:17:50:46:
         a2:2d:c7:84:9a:d9:15:cf:e3:18:1c:dc:0f:6c:cb:40:ba:9d:
         da:94:b2:bd:51:54:e9:f4:a7:38:24:ee:7f:f5:37:58:9f:b5:
         bf:f7:f3:02:37:64:ea:7e:f0:27:6f:51:95:80:ac:cc:22:36:
         8d:42:9b:8d:52:de:3e:08:2e:15:37:f0:71:ee:2c:ff:22:55:
         72:8d:d0:55:c5:cd:16:24:6e:c6:41:ef:e2:9c:11:89:33:5f:
         14:40:40:1b:83:35:d0:7c:c9:ac:ab:dd:2b:af:e5:79:03:c4:
         f9:7a:1c:21:6b:44:3d:93:0e:25:aa:6f:1b:69:0e:80:1f:b3:
         49:fb:71:10:af:36:eb:28:1d:49:80:59:04:ff:54:76:ba:42:
         a5:57:c5:34:03:39:2c:00:d9:0a:08:53:3d:fa:7a:0e:2e:b5:
         2b:75:bb:2c:f5:7c:d6:f9:ae:8a:14:27:46:30:d3:57:b0:9d:
         4d:1d:ad:58
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAY1ofFnEhd5u/wE1jeHpxsmGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjQwMjAyMDYyMzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OWRjNmVkZjJmODViZTY0YWJkYWJmOTg5YjAyOTUzYTRmOTJiYTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkVEe2GuLHjvhVO08diK5lL0fHu1p
c6hVoqBIOGk6ht/IqjWva+Cusrh1g2dsRHHS/5sLQvi4Q9y9w3wNJ/RgxrZFPOsQ
7lPwKIuxTDg2GPxb4u2Um6G/cvhsMOaFORkFoO8OlUn1xmWJgE75E7017mgK4ir/
XtUZjmeG64TZN7WRMWpUBiYIlLXYhFOlZnd2+rc+9A2TcGZ4HEwNBwiCc7BIcy3M
PilsBZHPW9ry7z0V6kd/Le592I6tQM1XRAOUwc4zfPvKu6GpgmJcMOoWRGqKCZJe
Q4Sj2We5syhzKD7PHP5zS3yA5Wb1h3LdySryibbnPC+J8JaJpnwugAxJJwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFEncbt8vhb5kq9q/mJsClTpPkrpMMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvU2R4dTN5LUZ2bVNyMnItWW13S1ZPay1TdWt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAAjj2AwQA
LQ3iAwQALUOLAwQBLVpgAwQALYNBAwQALYYnAwQALYlGAwQALZHiAwQAuXUAMA0G
CSqGSIb3DQEBCwUAA4IBAQApVOwtQ/tOgUf04Xmtk2c+DNw/S9xj4EneAl2BW1+w
2JHp3Q01oO1dX1H9vkaKSSoZRGa8/2XzR/+KWacAtxYSuvMrySYXUEaiLceEmtkV
z+MYHNwPbMtAup3alLK9UVTp9Kc4JO5/9TdYn7W/9/MCN2TqfvAnb1GVgKzMIjaN
QpuNUt4+CC4VN/Bx7iz/IlVyjdBVxc0WJG7GQe/inBGJM18UQEAbgzXQfMmsq90r
r+V5A8T5ehwha0Q9kw4lqm8baQ6AH7NJ+3EQrzbrKB1JgFkE/1R2ukKlV8U0Azks
ANkKCFM9+noOLrUrdbss9XzW+a6KFCdGMNNXsJ1NHa1Y
-----END CERTIFICATE-----