Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/0li6HD-RpwEzqY4RAKZNMo6sKxY.roa
File:                     0li6HD-RpwEzqY4RAKZNMo6sKxY.roa (raw, json)
Hash identifier:          tLQ+R8gw1JEDY7eFj9gdqLFxQ0dVtf5neYa67lD22OA=
Subject key identifier:   D2:58:BA:1C:3F:91:A7:01:33:A9:8E:11:00:A6:4D:32:8E:AC:2B:16
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       018CC4255EE8FF3413B581D7953303A0BFD5
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/0li6HD-RpwEzqY4RAKZNMo6sKxY.roa
Signing time:             Mon 01 Jan 2024 08:30:32 +0000
ROA not before:           Mon 01 Jan 2024 08:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49870
IP address blocks:        45.140.222.0/23 maxlen: 23
                          45.81.21.0/24 maxlen: 24
                          2.56.167.0/24 maxlen: 24
                          45.81.22.0/23 maxlen: 23
                          89.190.159.0/24 maxlen: 24
                          89.190.156.0/24 maxlen: 24
                          185.242.226.0/24 maxlen: 24
                          194.50.16.0/23 maxlen: 24
                          212.107.12.0/24 maxlen: 24
                          77.83.240.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 31 Jan 2024 12:47:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:5e:e8:ff:34:13:b5:81:d7:95:33:03:a0:bf:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  1 08:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d258ba1c3f91a70133a98e1100a64d328eac2b16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:eb:55:ff:8f:20:47:f1:80:83:1b:e1:54:88:
                    25:50:88:e2:ee:31:d0:9d:97:62:e6:c5:1a:6b:76:
                    93:3b:4e:56:3c:7e:a5:87:7f:9f:27:bb:5e:5f:99:
                    54:a8:50:af:2e:5a:ef:f7:9c:6b:27:0f:f6:0f:b3:
                    d9:dd:de:c6:00:06:b0:9e:ef:d5:57:cc:e6:96:e1:
                    09:1b:f5:59:a4:ce:83:7a:db:d9:78:66:3d:35:81:
                    74:c6:9f:fa:05:b3:8a:03:ed:a8:00:e9:53:aa:aa:
                    68:e2:37:5d:21:9c:c5:0a:7b:92:3d:2e:c1:f4:e7:
                    7d:cc:8d:1f:3e:81:d5:3c:c9:a6:87:c4:31:0d:da:
                    63:af:fb:29:17:a8:e3:48:e9:16:01:6a:78:fb:3e:
                    f8:3e:72:9c:f3:21:65:40:85:8e:54:23:20:70:ae:
                    b8:01:ab:1e:6c:5b:9c:fa:a1:8e:c5:90:10:80:7d:
                    ff:3a:4c:b1:32:cc:3d:cc:ca:b6:a9:1e:45:0a:c7:
                    9f:63:c1:16:d5:df:76:88:eb:76:84:ab:ee:38:65:
                    d9:d6:05:94:8d:e5:dc:a1:1d:ba:17:47:f4:3e:63:
                    89:02:20:dd:e2:79:ca:d1:cf:a3:5a:34:0d:35:3b:
                    55:6f:3c:fe:e1:f6:69:c4:00:ba:35:64:7d:65:5d:
                    66:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:58:BA:1C:3F:91:A7:01:33:A9:8E:11:00:A6:4D:32:8E:AC:2B:16
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/0li6HD-RpwEzqY4RAKZNMo6sKxY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.167.0/24
                  45.81.21.0-45.81.23.255
                  45.140.222.0/23
                  77.83.240.0/24
                  89.190.156.0/24
                  89.190.159.0/24
                  185.242.226.0/24
                  194.50.16.0/23
                  212.107.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:7d:70:a2:53:67:ce:0c:07:69:ce:fe:2a:b2:30:88:91:fa:
         1f:bd:86:57:20:69:04:eb:e6:fa:19:fa:59:72:b5:f5:b9:f8:
         41:84:66:5f:f5:85:3c:a7:cf:4d:ff:16:45:73:cf:04:45:77:
         8d:02:1d:02:62:e7:68:a5:e0:3d:48:6c:42:32:5b:81:c2:af:
         eb:cd:8b:61:53:1b:5c:08:42:90:cd:7e:96:c0:01:7f:8c:c4:
         37:48:8e:f9:e2:f1:5e:4a:b6:9c:b0:8b:c7:15:d5:f2:34:47:
         e8:66:13:57:5c:76:66:7d:56:74:3c:66:22:20:52:ab:c9:8f:
         f0:12:89:8d:a6:40:ed:b2:3a:48:26:52:82:69:ad:47:a7:a4:
         69:a4:3b:e7:9a:dc:27:a7:d4:f1:0e:56:7a:1a:ab:0a:f5:57:
         03:ce:48:64:29:33:30:c5:97:04:21:67:86:dc:0d:b5:d3:fc:
         6c:c3:1c:af:8f:e7:d0:85:00:76:36:84:a5:5d:77:63:4c:5f:
         aa:10:91:df:be:4c:1f:5a:d9:9c:59:5f:c3:af:97:59:ea:29:
         4e:b4:80:16:bf:e7:e7:52:ec:0f:b7:0c:05:9a:85:af:8c:5d:
         9d:af:68:f4:38:22:72:11:12:8a:62:41:22:1e:03:ca:44:fb:
         32:42:c5:e2
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYzEJV7o/zQTtYHXlTMDoL/VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjQwMTAxMDgzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjU4YmExYzNmOTFhNzAxMzNhOThlMTEwMGE2NGQzMjhlYWMyYjE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvOtV/48gR/GAgxvhVIglUIji7jHQ
nZdi5sUaa3aTO05WPH6lh3+fJ7teX5lUqFCvLlrv95xrJw/2D7PZ3d7GAAawnu/V
V8zmluEJG/VZpM6DetvZeGY9NYF0xp/6BbOKA+2oAOlTqqpo4jddIZzFCnuSPS7B
9Od9zI0fPoHVPMmmh8QxDdpjr/spF6jjSOkWAWp4+z74PnKc8yFlQIWOVCMgcK64
AasebFuc+qGOxZAQgH3/OkyxMsw9zMq2qR5FCsefY8EW1d92iOt2hKvuOGXZ1gWU
jeXcoR26F0f0PmOJAiDd4nnK0c+jWjQNNTtVbzz+4fZpxAC6NWR9ZV1mZwIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFNJYuhw/kacBM6mOEQCmTTKOrCsWMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvMGxpNkhELVJwd0V6cVk0UkFLWk5NbzZzS3hZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQAAjinMAwD
BAAtURUDBAMtURADBAEtjN4DBABNU/ADBABZvpwDBABZvp8DBAC58uIDBAHCMhAD
BADUawwwDQYJKoZIhvcNAQELBQADggEBAJR9cKJTZ84MB2nO/iqyMIiR+h+9hlcg
aQTr5voZ+llytfW5+EGEZl/1hTynz03/FkVzzwRFd40CHQJi52il4D1IbEIyW4HC
r+vNi2FTG1wIQpDNfpbAAX+MxDdIjvni8V5Ktpywi8cV1fI0R+hmE1dcdmZ9VnQ8
ZiIgUqvJj/ASiY2mQO2yOkgmUoJprUenpGmkO+ea3Cen1PEOVnoaqwr1VwPOSGQp
MzDFlwQhZ4bcDbXT/GzDHK+P59CFAHY2hKVdd2NMX6oQkd++TB9a2ZxZX8Ovl1nq
KU60gBa/5+dS7A+3DAWaha+MXZ2vaPQ4InIREopiQSIeA8pE+zJCxeI=
-----END CERTIFICATE-----