Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/ab8307-5f9c-49c6-8a0b-f3b45819f2b0/1/iw3X0dmTy5iJBOSgXbIXrKl-ccw.roa
File:                     iw3X0dmTy5iJBOSgXbIXrKl-ccw.roa (raw, json)
Hash identifier:          XvG2nRaCePlUkBNJnmXTpejEbM75xP8mJ2QvzrAwRNQ=
Subject key identifier:   8B:0D:D7:D1:D9:93:CB:98:89:04:E4:A0:5D:B2:17:AC:A9:7E:71:CC
Certificate issuer:       /CN=98a987c6cd0a36f94dbef10ef2a2c66020a95611
Certificate serial:       01856D4A9452B787DCC970CDC6C6E22729F7
Authority key identifier: 98:A9:87:C6:CD:0A:36:F9:4D:BE:F1:0E:F2:A2:C6:60:20:A9:56:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mKmHxs0KNvlNvvEO8qLGYCCpVhE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/ab8307-5f9c-49c6-8a0b-f3b45819f2b0/1/iw3X0dmTy5iJBOSgXbIXrKl-ccw.roa
Signing time:             Sun 01 Jan 2023 12:24:42 +0000
ROA not before:           Sun 01 Jan 2023 12:24:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     29611
IP address blocks:        45.157.84.0/22 maxlen: 24
                          217.68.240.0/20 maxlen: 24
                          185.2.216.0/22 maxlen: 24
                          185.43.184.0/22 maxlen: 24
                          185.73.184.0/22 maxlen: 24
                          217.69.32.0/20 maxlen: 24
                          2a0f:5280::/29 maxlen: 48
                          2a03:2d20::/32 maxlen: 48
                          2a00:c20::/32 maxlen: 32
                          2a04:95c0::/29 maxlen: 29

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 18:30:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:4a:94:52:b7:87:dc:c9:70:cd:c6:c6:e2:27:29:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=98a987c6cd0a36f94dbef10ef2a2c66020a95611
        Validity
            Not Before: Jan  1 12:24:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8b0dd7d1d993cb988904e4a05db217aca97e71cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:b2:f2:2c:64:82:58:c2:ab:92:40:29:fc:ac:
                    30:15:85:08:47:d3:de:ba:21:a5:79:07:27:0f:47:
                    8b:ad:ca:28:99:e4:62:97:68:ef:e3:ed:f1:c7:da:
                    01:d1:21:86:7a:7d:0f:aa:6b:07:72:f2:e9:04:a7:
                    aa:49:9c:c3:ba:1e:24:73:f3:da:1a:41:bf:c7:1b:
                    b8:19:58:f0:88:bf:b0:46:d7:9d:c4:33:71:2b:90:
                    9c:09:63:d4:07:26:ee:66:d2:a2:50:9b:5c:e3:8c:
                    02:0b:58:6d:c6:78:9e:c7:5d:64:e1:fb:d2:9c:f3:
                    ff:b0:71:e5:13:dc:34:c7:e7:2b:01:f3:6b:0f:05:
                    de:a0:21:ab:f8:c9:f4:99:62:b8:fe:4f:e5:f6:05:
                    53:be:08:b1:b5:90:aa:c7:01:34:e4:b8:7c:f6:92:
                    1a:7c:aa:33:4f:09:f9:44:67:5d:02:2c:0c:dc:52:
                    63:96:34:b4:10:9a:f5:e6:c2:86:2b:1a:64:73:79:
                    65:30:04:9f:af:eb:9a:3d:f8:4e:38:b9:a7:cb:83:
                    b4:08:e5:dc:b1:af:7a:ae:e6:c8:17:69:e9:83:ff:
                    97:7b:5d:8c:91:bc:65:67:a2:d4:11:2c:16:00:eb:
                    b1:9c:dd:ee:ef:2d:f6:68:0b:35:2b:41:15:54:82:
                    0a:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:0D:D7:D1:D9:93:CB:98:89:04:E4:A0:5D:B2:17:AC:A9:7E:71:CC
            X509v3 Authority Key Identifier:
                keyid:98:A9:87:C6:CD:0A:36:F9:4D:BE:F1:0E:F2:A2:C6:60:20:A9:56:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mKmHxs0KNvlNvvEO8qLGYCCpVhE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/ab8307-5f9c-49c6-8a0b-f3b45819f2b0/1/iw3X0dmTy5iJBOSgXbIXrKl-ccw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/ab8307-5f9c-49c6-8a0b-f3b45819f2b0/1/mKmHxs0KNvlNvvEO8qLGYCCpVhE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.84.0/22
                  185.2.216.0/22
                  185.43.184.0/22
                  185.73.184.0/22
                  217.68.240.0/20
                  217.69.32.0/20
                IPv6:
                  2a00:c20::/32
                  2a03:2d20::/32
                  2a04:95c0::/29
                  2a0f:5280::/29

    Signature Algorithm: sha256WithRSAEncryption
         7b:22:af:03:51:09:44:f0:00:a7:80:d1:7c:44:05:d0:b9:27:
         84:70:d0:f9:b0:67:d9:d1:ef:a2:46:e8:65:0f:89:72:6a:df:
         8b:f1:18:06:8b:a4:48:53:ff:6a:fd:1b:25:7f:13:15:00:21:
         e6:0c:4c:b9:d8:ea:21:30:20:08:6a:4a:3b:bd:e7:97:cd:7c:
         6e:a2:db:74:72:e7:e0:b2:6e:29:15:84:ed:1b:6f:b8:3f:ac:
         c4:a5:75:7f:67:77:29:26:be:0b:e0:81:d6:a7:b1:0c:6d:e7:
         3b:31:04:09:a4:cf:08:92:90:c4:f8:11:f2:12:9b:bb:b3:8d:
         9e:25:d3:e5:65:3d:5d:d9:3c:21:95:9f:3f:38:49:52:59:bb:
         c9:57:e0:27:76:0c:25:c0:ba:d0:b9:89:c6:56:41:ef:d4:18:
         6c:a6:a8:0a:9c:38:e8:91:51:36:eb:4f:3f:35:b3:b4:a7:cc:
         ea:33:1d:43:5c:3f:fa:ea:9a:4b:88:0b:b8:90:59:2a:9f:d2:
         cc:4d:b1:77:5f:99:48:d8:12:e8:7c:bf:71:68:9f:3a:89:27:
         05:c2:29:ea:24:76:8b:dd:e7:be:9a:6f:48:c0:18:7c:34:f5:
         54:e9:14:34:50:58:18:06:a6:11:7b:d6:4c:52:b0:32:9c:d3:
         b2:4d:d9:80
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYVtSpRSt4fcyXDNxsbiJyn3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4YTk4N2M2Y2QwYTM2Zjk0ZGJlZjEwZWYyYTJjNjYwMjBh
OTU2MTEwHhcNMjMwMTAxMTIyNDQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjBkZDdkMWQ5OTNjYjk4ODkwNGU0YTA1ZGIyMTdhY2E5N2U3MWNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiLLyLGSCWMKrkkAp/KwwFYUIR9Pe
uiGleQcnD0eLrcoomeRil2jv4+3xx9oB0SGGen0PqmsHcvLpBKeqSZzDuh4kc/Pa
GkG/xxu4GVjwiL+wRtedxDNxK5CcCWPUBybuZtKiUJtc44wCC1htxniex11k4fvS
nPP/sHHlE9w0x+crAfNrDwXeoCGr+Mn0mWK4/k/l9gVTvgixtZCqxwE05Lh89pIa
fKozTwn5RGddAiwM3FJjljS0EJr15sKGKxpkc3llMASfr+uaPfhOOLmny4O0COXc
sa96rubIF2npg/+Xe12MkbxlZ6LUESwWAOuxnN3u7y32aAs1K0EVVIIKWwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFIsN19HZk8uYiQTkoF2yF6ypfnHMMB8GA1UdIwQY
MBaAFJiph8bNCjb5Tb7xDvKixmAgqVYRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUttSHhzMEtOdmxOdnZFTzhxTEdZQ0NwVmhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS9hYjgzMDctNWY5Yy00OWM2LThhMGIt
ZjNiNDU4MTlmMmIwLzEvaXczWDBkbVR5NWlKQk9TZ1hiSVhyS2wtY2N3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS9hYjgzMDctNWY5Yy00OWM2LThhMGItZjNiNDU4MTlmMmIw
LzEvbUttSHhzMEtOdmxOdnZFTzhxTEdZQ0NwVmhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDAqBAIAATAkAwQCLZ1UAwQC
uQLYAwQCuSu4AwQCuUm4AwQE2UTwAwQE2UUgMCIEAgACMBwDBQAqAAwgAwUAKgMt
IAMFAyoElcADBQMqD1KAMA0GCSqGSIb3DQEBCwUAA4IBAQB7Iq8DUQlE8ACngNF8
RAXQuSeEcND5sGfZ0e+iRuhlD4lyat+L8RgGi6RIU/9q/RslfxMVACHmDEy52Ooh
MCAIako7veeXzXxuott0cufgsm4pFYTtG2+4P6zEpXV/Z3cpJr4L4IHWp7EMbec7
MQQJpM8IkpDE+BHyEpu7s42eJdPlZT1d2TwhlZ8/OElSWbvJV+AndgwlwLrQuYnG
VkHv1BhspqgKnDjokVE2608/NbO0p8zqMx1DXD/66ppLiAu4kFkqn9LMTbF3X5lI
2BLofL9xaJ86iScFwinqJHaL3ee+mm9IwBh8NPVU6RQ0UFgYBqYRe9ZMUrAynNOy
TdmA
-----END CERTIFICATE-----