Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/B8XB3QJBF4xdShlNPAkyM-3jb6A.roa
File:                     B8XB3QJBF4xdShlNPAkyM-3jb6A.roa (raw, json)
Hash identifier:          RMAi7OfZHZDvRND6iTiTbPgTa+eU9UFhxfayrjF+b30=
Subject key identifier:   07:C5:C1:DD:02:41:17:8C:5D:4A:19:4D:3C:09:32:33:ED:E3:6F:A0
Certificate issuer:       /CN=bf84113545d9000760f66062a4221933a2e959d8
Certificate serial:       01896EE719D48AC17E6F592ED571706B34E6
Authority key identifier: BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/B8XB3QJBF4xdShlNPAkyM-3jb6A.roa
Signing time:             Wed 19 Jul 2023 16:06:26 +0000
ROA not before:           Wed 19 Jul 2023 16:06:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     44477
IP address blocks:        45.155.52.0/22 maxlen: 32
                          45.91.52.0/22 maxlen: 32
                          45.150.64.0/24 maxlen: 32
                          45.150.67.0/24 maxlen: 32
                          45.150.65.0/24 maxlen: 32
                          45.140.166.0/24 maxlen: 32
                          5.181.20.0/24 maxlen: 32
                          5.181.22.0/24 maxlen: 32
                          5.181.21.0/24 maxlen: 32
                          185.234.247.0/24 maxlen: 32
                          5.181.23.0/24 maxlen: 32
                          45.144.29.0/24 maxlen: 32
                          45.144.28.0/24 maxlen: 32
                          45.144.31.0/24 maxlen: 32
                          45.144.30.0/24 maxlen: 32
                          45.140.147.0/24 maxlen: 32
                          45.140.146.0/24 maxlen: 32

Validation:               Failed, certificate revoked on Mon 24 Jul 2023 13:24:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:6e:e7:19:d4:8a:c1:7e:6f:59:2e:d5:71:70:6b:34:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf84113545d9000760f66062a4221933a2e959d8
        Validity
            Not Before: Jul 19 16:06:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=07c5c1dd0241178c5d4a194d3c093233ede36fa0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:f1:16:f4:a4:ee:b2:05:be:e9:37:e7:6b:38:
                    c6:2a:dc:0b:6b:0e:10:d3:07:b8:6d:39:db:2e:45:
                    8b:d8:c5:50:27:9f:cd:14:05:54:83:d0:2e:a9:8d:
                    24:69:8b:55:c6:05:bc:5b:23:01:06:65:8a:b9:78:
                    5a:cd:aa:89:9a:e9:e8:63:ef:b0:28:11:30:63:3c:
                    92:ed:62:9d:17:2d:10:6c:ce:02:3e:4b:f8:3d:e3:
                    04:d3:bb:b3:98:c2:cc:fa:23:b7:b5:df:b6:6b:73:
                    de:d5:2e:4f:c8:36:c8:eb:69:62:91:3d:52:2b:85:
                    33:6d:0e:14:3a:bb:2b:52:f7:03:6a:bf:84:3c:e3:
                    c2:3b:cb:86:39:4e:35:fe:7b:8a:0e:26:d0:56:04:
                    50:2d:35:ce:e6:aa:ed:68:27:25:b0:e9:14:e4:3f:
                    37:c0:d9:fa:d6:79:24:07:77:12:3c:90:ad:90:ba:
                    63:b0:c7:01:54:05:74:51:74:e0:2f:7a:4d:7d:f6:
                    92:db:a5:eb:d1:7a:9c:5e:8b:b5:1b:a9:54:35:6c:
                    ef:77:2a:fe:68:af:35:ff:02:e9:bf:13:cd:dd:22:
                    23:90:a3:ed:e8:c2:05:fe:90:49:3e:74:d6:82:96:
                    69:69:e2:62:4f:52:dd:eb:5b:1c:c0:05:10:e0:e6:
                    52:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:C5:C1:DD:02:41:17:8C:5D:4A:19:4D:3C:09:32:33:ED:E3:6F:A0
            X509v3 Authority Key Identifier:
                keyid:BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/B8XB3QJBF4xdShlNPAkyM-3jb6A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.20.0/22
                  45.91.52.0/22
                  45.140.146.0/23
                  45.140.166.0/24
                  45.144.28.0/22
                  45.150.64.0/23
                  45.150.67.0/24
                  45.155.52.0/22
                  185.234.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:46:e1:8f:54:d0:b7:f8:68:80:c6:0a:2e:d5:5c:7f:61:fe:
         9d:95:bf:45:ad:2d:ee:bb:3d:65:04:9a:ac:a6:39:44:f3:8a:
         8c:32:61:a8:71:2b:09:a7:3b:08:b9:ac:8e:67:ed:dc:7d:92:
         bd:79:a0:72:b3:52:ea:11:d5:27:d2:8e:db:82:91:88:96:6f:
         90:2e:66:f9:c6:a5:e1:7d:10:81:04:30:de:e1:1b:3f:f8:82:
         2d:6c:49:70:a6:e9:26:f3:d1:87:fc:93:3c:dc:4c:a7:ec:9f:
         82:49:57:4a:fd:2e:6b:d3:d4:09:37:e5:95:33:b6:0a:9f:d4:
         d3:9d:2e:fb:45:1a:b6:78:d5:86:44:3d:8b:3a:30:ab:35:e6:
         75:ab:83:77:a3:75:41:28:14:88:41:33:29:61:fa:2a:83:48:
         ab:bf:0b:36:ff:7f:a6:83:99:ba:53:2c:4f:06:db:3d:e2:6b:
         bd:8d:0f:be:84:b8:50:a5:8b:25:9a:a2:90:12:c7:13:32:dc:
         d6:15:7a:7b:bc:12:73:39:3c:15:3f:56:2f:78:fe:f1:05:8b:
         67:b0:97:06:5c:d7:fc:9c:8a:45:23:0d:fe:23:48:dd:a4:59:
         25:df:2c:84:bf:48:34:c5:7f:de:7e:2d:91:1d:e5:e1:a1:18:
         6f:5d:a7:1e
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYlu5xnUisF+b1ku1XFwazTmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmODQxMTM1NDVkOTAwMDc2MGY2NjA2MmE0MjIxOTMzYTJl
OTU5ZDgwHhcNMjMwNzE5MTYwNjI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2M1YzFkZDAyNDExNzhjNWQ0YTE5NGQzYzA5MzIzM2VkZTM2ZmEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAifEW9KTusgW+6TfnazjGKtwLaw4Q
0we4bTnbLkWL2MVQJ5/NFAVUg9AuqY0kaYtVxgW8WyMBBmWKuXhazaqJmunoY++w
KBEwYzyS7WKdFy0QbM4CPkv4PeME07uzmMLM+iO3td+2a3Pe1S5PyDbI62likT1S
K4UzbQ4UOrsrUvcDar+EPOPCO8uGOU41/nuKDibQVgRQLTXO5qrtaCclsOkU5D83
wNn61nkkB3cSPJCtkLpjsMcBVAV0UXTgL3pNffaS26Xr0XqcXou1G6lUNWzvdyr+
aK81/wLpvxPN3SIjkKPt6MIF/pBJPnTWgpZpaeJiT1Ld61scwAUQ4OZSJwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFAfFwd0CQReMXUoZTTwJMjPt42+gMB8GA1UdIwQY
MBaAFL+EETVF2QAHYPZgYqQiGTOi6VnYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEt
NGJkNjNhZGM3MzU0LzEvQjhYQjNRSkJGNHhkU2hsTlBBa3lNLTNqYjZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEtNGJkNjNhZGM3MzU0
LzEvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQCBbUUAwQC
LVs0AwQBLYySAwQALYymAwQCLZAcAwQBLZZAAwQALZZDAwQCLZs0AwQAuer3MA0G
CSqGSIb3DQEBCwUAA4IBAQB2RuGPVNC3+GiAxgou1Vx/Yf6dlb9FrS3uuz1lBJqs
pjlE84qMMmGocSsJpzsIuayOZ+3cfZK9eaBys1LqEdUn0o7bgpGIlm+QLmb5xqXh
fRCBBDDe4Rs/+IItbElwpukm89GH/JM83Eyn7J+CSVdK/S5r09QJN+WVM7YKn9TT
nS77RRq2eNWGRD2LOjCrNeZ1q4N3o3VBKBSIQTMpYfoqg0irvws2/3+mg5m6UyxP
Bts94mu9jQ++hLhQpYslmqKQEscTMtzWFXp7vBJzOTwVP1YveP7xBYtnsJcGXNf8
nIpFIw3+I0jdpFkl3yyEv0g0xX/efi2RHeXhoRhvXace
-----END CERTIFICATE-----