Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/iEVLWxGuLfMtwORp1V7CoSjBT2k.roa
File:                     iEVLWxGuLfMtwORp1V7CoSjBT2k.roa (raw, json)
Hash identifier:          Ym1SeSFYQXvFiB6KgmWJn+wRmehSVBxzcDndP66RxnU=
Subject key identifier:   88:45:4B:5B:11:AE:2D:F3:2D:C0:E4:69:D5:5E:C2:A1:28:C1:4F:69
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       018683D4EDA658C8FFD536635AA81B04BEB8
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/iEVLWxGuLfMtwORp1V7CoSjBT2k.roa
Signing time:             Fri 24 Feb 2023 14:30:14 +0000
ROA not before:           Fri 24 Feb 2023 14:30:14 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     35913
IP address blocks:        2.56.164.0/24 maxlen: 24
                          193.105.177.0/24 maxlen: 24
                          178.218.145.0/24 maxlen: 24
                          194.56.226.0/24 maxlen: 24
                          194.56.224.0/24 maxlen: 24
                          194.56.225.0/24 maxlen: 24
                          45.90.145.0/24 maxlen: 24
                          45.90.146.0/24 maxlen: 24
                          185.186.67.0/24 maxlen: 24
                          185.234.74.0/24 maxlen: 24
                          185.234.75.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 14 Mar 2023 12:02:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:83:d4:ed:a6:58:c8:ff:d5:36:63:5a:a8:1b:04:be:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Feb 24 14:30:14 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=88454b5b11ae2df32dc0e469d55ec2a128c14f69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:a6:8f:cf:5f:63:64:11:50:1a:57:67:3f:5d:
                    cd:70:59:87:9a:c6:2d:d4:bb:1f:ef:48:5a:fb:6f:
                    24:1f:f1:50:a7:ba:2c:f4:27:b9:20:15:67:96:68:
                    4d:49:df:e2:49:b0:31:bc:85:0b:89:42:06:47:7c:
                    96:3d:59:0b:6e:f3:a1:00:e1:8b:1c:a9:dd:95:2a:
                    e5:2e:9d:43:be:66:ca:70:bd:42:df:56:b2:5d:ce:
                    98:a4:fc:53:ab:d7:08:ef:66:e6:dc:25:8c:e6:89:
                    94:b5:c2:de:30:44:50:f1:4e:7a:35:fb:cc:d2:63:
                    d3:c9:7c:c4:5c:da:99:f7:f3:1b:91:39:7f:b7:6d:
                    f0:6c:47:ee:59:ab:e0:99:31:f5:eb:5d:96:c0:71:
                    d1:82:13:de:5e:d1:e3:01:77:1e:20:13:41:61:00:
                    8a:ef:5a:92:b5:e2:75:6d:81:ea:07:8f:d2:89:4f:
                    7a:74:e5:a4:af:e5:32:b5:36:a1:9c:83:4b:be:78:
                    ec:59:db:ac:c6:eb:73:89:8f:64:85:b9:9e:8c:58:
                    8a:e8:bd:01:23:7e:c1:3f:14:39:f1:b1:3b:af:ca:
                    f7:75:74:b2:63:3d:d6:c7:29:97:d2:78:ec:9f:65:
                    28:31:fa:bf:76:c6:d2:4d:5f:77:9e:90:ca:93:9d:
                    fb:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:45:4B:5B:11:AE:2D:F3:2D:C0:E4:69:D5:5E:C2:A1:28:C1:4F:69
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/iEVLWxGuLfMtwORp1V7CoSjBT2k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.164.0/24
                  45.90.145.0-45.90.146.255
                  178.218.145.0/24
                  185.186.67.0/24
                  185.234.74.0/23
                  193.105.177.0/24
                  194.56.224.0-194.56.226.255

    Signature Algorithm: sha256WithRSAEncryption
         d0:14:2c:0e:e3:20:7c:99:f7:ca:21:80:fe:94:5e:5a:1c:9b:
         ac:60:04:11:a8:6a:c0:8e:02:2f:5d:d6:32:56:f4:19:c9:88:
         cc:a4:f7:a6:cc:f5:29:19:8e:52:c9:0d:92:fe:98:06:77:d7:
         4a:4a:c6:ec:00:30:6e:6b:f8:48:fd:a6:06:c7:c4:06:f6:85:
         a0:e8:66:39:4e:ac:37:8f:89:a8:e1:fd:25:b8:63:0f:8c:09:
         a4:44:3d:c4:34:c8:af:cb:69:e9:47:2c:33:13:45:16:7c:0e:
         f3:96:6c:63:75:d0:d6:3c:2e:b8:d7:96:b4:f7:00:ee:0e:d9:
         77:d4:28:09:1c:58:12:04:11:db:89:ba:28:e6:25:98:e8:0e:
         eb:d6:08:d0:88:9b:25:be:cd:b9:17:3f:5d:1e:c7:c5:3a:17:
         30:1b:56:93:83:e7:d5:34:cd:a2:9e:79:c0:e5:26:52:70:e3:
         65:f1:53:6d:80:50:ef:85:71:e6:dd:13:11:37:74:d7:e4:b8:
         26:3c:2c:b9:77:00:fe:eb:44:62:fb:7a:94:d9:f0:03:6c:99:
         b9:c8:d4:68:68:41:d6:1c:71:63:88:38:a3:43:e2:0f:06:ae:
         7e:a4:f7:53:52:8c:8a:93:c5:46:c0:32:78:0a:fe:99:40:61:
         59:03:37:2f
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAYaD1O2mWMj/1TZjWqgbBL64MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjMwMjI0MTQzMDE0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODQ1NGI1YjExYWUyZGYzMmRjMGU0NjlkNTVlYzJhMTI4YzE0ZjY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgqaPz19jZBFQGldnP13NcFmHmsYt
1Lsf70ha+28kH/FQp7os9Ce5IBVnlmhNSd/iSbAxvIULiUIGR3yWPVkLbvOhAOGL
HKndlSrlLp1DvmbKcL1C31ayXc6YpPxTq9cI72bm3CWM5omUtcLeMERQ8U56NfvM
0mPTyXzEXNqZ9/MbkTl/t23wbEfuWavgmTH1612WwHHRghPeXtHjAXceIBNBYQCK
71qSteJ1bYHqB4/SiU96dOWkr+UytTahnINLvnjsWdusxutziY9khbmejFiK6L0B
I37BPxQ58bE7r8r3dXSyYz3WxymX0njsn2UoMfq/dsbSTV93npDKk537ywIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFIhFS1sRri3zLcDkadVewqEowU9pMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvaUVWTFd4R3VMZk10d09ScDFWN0NvU2pCVDJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjBABAIAATA6AwQAAjikMAwD
BAAtWpEDBAAtWpIDBACy2pEDBAC5ukMDBAG56koDBADBabEwDAMEBcI44AMEAMI4
4jANBgkqhkiG9w0BAQsFAAOCAQEA0BQsDuMgfJn3yiGA/pReWhybrGAEEahqwI4C
L13WMlb0GcmIzKT3psz1KRmOUskNkv6YBnfXSkrG7AAwbmv4SP2mBsfEBvaFoOhm
OU6sN4+JqOH9JbhjD4wJpEQ9xDTIr8tp6UcsMxNFFnwO85ZsY3XQ1jwuuNeWtPcA
7g7Zd9QoCRxYEgQR24m6KOYlmOgO69YI0IibJb7NuRc/XR7HxToXMBtWk4Pn1TTN
op55wOUmUnDjZfFTbYBQ74Vx5t0TETd01+S4JjwsuXcA/utEYvt6lNnwA2yZucjU
aGhB1hxxY4g4o0PiDwaufqT3U1KMipPFRsAyeAr+mUBhWQM3Lw==
-----END CERTIFICATE-----