Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/sGn9twB99Fx_n-boIUI44vTxAqA.roa
File:                     sGn9twB99Fx_n-boIUI44vTxAqA.roa (raw, json)
Hash identifier:          3tEJ/cHDuHmcirBFkBxlVT1K+jFs0shRs9czEYQPRxo=
Subject key identifier:   B0:69:FD:B7:00:7D:F4:5C:7F:9F:E6:E8:21:42:38:E2:F4:F1:02:A0
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       018E61CB1DBCB53C3B11702F62D152C0E032
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/sGn9twB99Fx_n-boIUI44vTxAqA.roa
Signing time:             Thu 21 Mar 2024 16:14:45 +0000
ROA not before:           Thu 21 Mar 2024 16:14:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3257
IP address blocks:        45.90.145.0/24 maxlen: 24
                          45.90.146.0/24 maxlen: 24
                          45.140.220.0/24 maxlen: 24
                          45.140.221.0/24 maxlen: 24
                          83.143.119.0/24 maxlen: 24
                          178.218.145.0/24 maxlen: 24
                          185.227.71.0/24 maxlen: 24
                          185.234.75.0/24 maxlen: 24
                          185.242.225.0/24 maxlen: 24
                          193.105.177.0/24 maxlen: 24
                          194.56.224.0/24 maxlen: 24
                          194.56.226.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 26 Mar 2024 18:01:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:61:cb:1d:bc:b5:3c:3b:11:70:2f:62:d1:52:c0:e0:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Mar 21 16:14:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b069fdb7007df45c7f9fe6e8214238e2f4f102a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:96:39:38:21:e6:58:cc:0d:f6:c5:02:cf:d4:
                    0d:f3:94:0f:9a:d4:cb:1a:23:7e:1c:69:d4:9c:76:
                    16:b7:10:87:3d:00:8d:e9:8e:8b:ce:32:78:97:c5:
                    2f:2f:6c:b9:21:24:9e:4b:24:5c:c6:45:4c:f2:fd:
                    4a:9c:ee:f4:af:c1:ea:b2:28:dc:2b:37:49:10:37:
                    69:22:79:60:40:7d:27:4d:d7:ea:92:09:cd:33:66:
                    bd:ab:96:c0:0b:33:41:0b:6f:2f:64:ae:85:7a:0e:
                    0b:46:64:97:39:fb:b6:6b:d2:72:48:e5:a1:13:04:
                    11:c3:54:e2:f4:1b:10:87:41:12:f4:7b:3b:cf:00:
                    99:75:98:a1:c3:59:cd:2d:bc:88:fe:35:03:9e:d3:
                    d3:28:fa:03:e5:50:3c:5a:8c:ce:13:c8:6f:3f:64:
                    c3:0e:2e:0d:ef:55:94:23:a0:d8:1a:e5:5b:d1:3e:
                    db:65:3f:c4:7b:33:c2:03:54:4f:ae:d1:95:ac:7d:
                    4e:cb:2c:80:14:6d:b3:d5:bb:d8:7c:76:87:97:0d:
                    62:7b:89:4d:a1:75:75:8f:35:1b:a1:24:6f:fc:6e:
                    82:36:0a:3d:f2:3d:06:3c:23:4d:e7:2e:3c:85:67:
                    ee:2d:fb:30:fc:71:d9:ee:69:64:ab:ca:1b:c2:b7:
                    22:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:69:FD:B7:00:7D:F4:5C:7F:9F:E6:E8:21:42:38:E2:F4:F1:02:A0
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/sGn9twB99Fx_n-boIUI44vTxAqA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.90.145.0-45.90.146.255
                  45.140.220.0/23
                  83.143.119.0/24
                  178.218.145.0/24
                  185.227.71.0/24
                  185.234.75.0/24
                  185.242.225.0/24
                  193.105.177.0/24
                  194.56.224.0/24
                  194.56.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:ed:3d:3f:0f:4b:bc:ce:d9:94:06:b0:66:7d:a7:52:e7:be:
         95:e7:35:c5:32:2b:4f:6d:f8:e7:92:d6:15:c1:23:79:8d:08:
         5c:cc:60:c3:16:a6:51:42:57:24:c9:ca:db:7c:8e:35:4c:53:
         85:6a:e9:85:74:6d:57:59:34:0d:8c:1f:07:b9:ba:28:74:c0:
         e8:d5:e1:4a:64:0e:8e:5e:64:b7:20:df:c3:ae:20:29:e3:0f:
         77:db:28:d5:6f:a3:68:fd:33:78:3d:03:24:df:49:59:12:35:
         70:f4:a2:f9:9b:8b:a0:cd:79:57:89:c6:fa:60:fe:28:49:a9:
         e4:1d:c6:81:18:23:37:36:b4:e4:2d:42:fe:bc:13:1b:10:38:
         d0:19:50:57:21:3b:da:a2:e4:3d:e6:9e:6a:a6:0c:2c:5a:ee:
         1c:f0:7d:32:92:f6:61:5a:49:21:b5:8d:46:93:53:d7:38:b6:
         a3:a7:b0:20:d9:4a:82:65:c4:a4:8b:32:fb:5e:8f:a0:b1:81:
         17:37:10:bd:64:a2:cf:c3:9a:a8:ce:5d:d4:56:bd:db:2c:72:
         20:1d:7a:47:25:4d:13:08:63:36:09:a3:71:54:81:16:1d:6a:
         e7:85:3a:9f:2e:1b:50:8f:3d:52:3d:65:62:fe:67:7f:17:ec:
         f2:d1:6b:28
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAY5hyx28tTw7EXAvYtFSwOAyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjQwMzIxMTYxNDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDY5ZmRiNzAwN2RmNDVjN2Y5ZmU2ZTgyMTQyMzhlMmY0ZjEwMmEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzJY5OCHmWMwN9sUCz9QN85QPmtTL
GiN+HGnUnHYWtxCHPQCN6Y6LzjJ4l8UvL2y5ISSeSyRcxkVM8v1KnO70r8Hqsijc
KzdJEDdpInlgQH0nTdfqkgnNM2a9q5bACzNBC28vZK6Feg4LRmSXOfu2a9JySOWh
EwQRw1Ti9BsQh0ES9Hs7zwCZdZihw1nNLbyI/jUDntPTKPoD5VA8WozOE8hvP2TD
Di4N71WUI6DYGuVb0T7bZT/EezPCA1RPrtGVrH1OyyyAFG2z1bvYfHaHlw1ie4lN
oXV1jzUboSRv/G6CNgo98j0GPCNN5y48hWfuLfsw/HHZ7mlkq8obwrciowIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFLBp/bcAffRcf5/m6CFCOOL08QKgMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvc0duOXR3Qjk5Rnhfbi1ib0lVSTQ0dlR4QXFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEMAwDBAAtWpED
BAAtWpIDBAEtjNwDBABTj3cDBACy2pEDBAC540cDBAC56ksDBAC58uEDBADBabED
BADCOOADBADCOOIwDQYJKoZIhvcNAQELBQADggEBAAPtPT8PS7zO2ZQGsGZ9p1Ln
vpXnNcUyK09t+OeS1hXBI3mNCFzMYMMWplFCVyTJytt8jjVMU4Vq6YV0bVdZNA2M
Hwe5uih0wOjV4UpkDo5eZLcg38OuICnjD3fbKNVvo2j9M3g9AyTfSVkSNXD0ovmb
i6DNeVeJxvpg/ihJqeQdxoEYIzc2tOQtQv68ExsQONAZUFchO9qi5D3mnmqmDCxa
7hzwfTKS9mFaSSG1jUaTU9c4tqOnsCDZSoJlxKSLMvtej6CxgRc3EL1kos/DmqjO
XdRWvdssciAdekclTRMIYzYJo3FUgRYdaueFOp8uG1CPPVI9ZWL+Z38X7PLRayg=
-----END CERTIFICATE-----