Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/776681-b5ee-430f-8693-101abd7391a6/1/2IlDa6gRZAQsNexVKlz6SqW3F70.roa
File:                     2IlDa6gRZAQsNexVKlz6SqW3F70.roa (raw, json)
Hash identifier:          knNLO0y3Nns1Ig9vJqAEsouIlCpj9RTlCQPDqpdp1vw=
Subject key identifier:   D8:89:43:6B:A8:11:64:04:2C:35:EC:55:2A:5C:FA:4A:A5:B7:17:BD
Certificate issuer:       /CN=8bb1308c6a977d5cb903bf25a96308b0e8ce3b46
Certificate serial:       01893051BC911489DB735EA638E85357D30D
Authority key identifier: 8B:B1:30:8C:6A:97:7D:5C:B9:03:BF:25:A9:63:08:B0:E8:CE:3B:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i7EwjGqXfVy5A78lqWMIsOjOO0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/776681-b5ee-430f-8693-101abd7391a6/1/2IlDa6gRZAQsNexVKlz6SqW3F70.roa
Signing time:             Fri 07 Jul 2023 12:26:50 +0000
ROA not before:           Fri 07 Jul 2023 12:26:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     41155
IP address blocks:        45.158.139.0/24 maxlen: 24
                          45.158.136.0/24 maxlen: 24
                          45.158.137.0/24 maxlen: 24
                          45.158.138.0/24 maxlen: 24
                          194.0.193.0/24 maxlen: 24
                          194.0.221.0/24 maxlen: 24
                          194.0.223.0/24 maxlen: 24
                          45.156.74.0/24 maxlen: 24
                          45.156.75.0/24 maxlen: 24
                          45.156.72.0/24 maxlen: 24
                          45.156.73.0/24 maxlen: 24
                          2a0d:8e80::/29 maxlen: 29

Validation:               Failed, certificate revoked on Thu 24 Aug 2023 09:53:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:30:51:bc:91:14:89:db:73:5e:a6:38:e8:53:57:d3:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bb1308c6a977d5cb903bf25a96308b0e8ce3b46
        Validity
            Not Before: Jul  7 12:26:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d889436ba81164042c35ec552a5cfa4aa5b717bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:49:29:52:74:53:24:36:e8:57:84:e4:c1:7a:
                    fe:5a:83:f9:51:e9:a7:40:13:db:5b:ff:f2:b4:7b:
                    f4:45:49:2a:85:6e:9c:49:bb:f1:04:92:33:5c:9d:
                    77:a2:52:9d:7a:ee:1b:b8:36:2d:3b:0a:75:ad:69:
                    8a:46:48:07:a7:e9:a5:a3:00:0a:07:59:e1:e5:17:
                    c1:5f:44:19:b8:62:16:53:eb:07:32:cf:96:d1:3f:
                    da:42:5f:60:d9:11:74:a0:2e:37:bd:74:dc:08:6e:
                    87:86:72:68:c3:3d:25:c1:93:4c:06:41:94:cb:2b:
                    8c:a3:c0:f4:c0:7d:b8:c7:08:3c:42:a2:a9:88:24:
                    2e:22:15:55:3f:bd:f3:8e:25:78:4d:59:85:15:69:
                    9d:61:13:c7:8b:9e:87:75:e4:7d:7c:09:90:0f:78:
                    23:c3:32:55:6c:18:3b:53:d2:eb:e1:ee:6c:be:a8:
                    0c:ac:8f:95:05:3b:8c:a7:a5:dd:bc:18:3b:e1:82:
                    bb:7a:e3:cf:fc:f5:36:8d:0e:94:6f:81:14:57:16:
                    0d:73:d0:4a:9e:4d:da:92:31:75:6d:42:8e:2e:c6:
                    40:46:8c:59:cd:7b:b4:85:72:89:2b:dd:18:0f:ed:
                    dc:eb:ec:e0:f9:f5:44:22:62:bc:1b:68:79:59:36:
                    c9:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:89:43:6B:A8:11:64:04:2C:35:EC:55:2A:5C:FA:4A:A5:B7:17:BD
            X509v3 Authority Key Identifier:
                keyid:8B:B1:30:8C:6A:97:7D:5C:B9:03:BF:25:A9:63:08:B0:E8:CE:3B:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i7EwjGqXfVy5A78lqWMIsOjOO0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/776681-b5ee-430f-8693-101abd7391a6/1/2IlDa6gRZAQsNexVKlz6SqW3F70.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/776681-b5ee-430f-8693-101abd7391a6/1/i7EwjGqXfVy5A78lqWMIsOjOO0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.72.0/22
                  45.158.136.0/22
                  194.0.193.0/24
                  194.0.221.0/24
                  194.0.223.0/24
                IPv6:
                  2a0d:8e80::/29

    Signature Algorithm: sha256WithRSAEncryption
         3d:3b:0d:64:ad:0e:d0:5a:e5:3a:d9:dc:0b:7a:68:80:19:42:
         2e:f1:92:3b:d2:f3:1f:04:af:5a:18:a9:7a:24:9c:35:cd:c3:
         59:f3:dc:bd:e7:0c:1f:d6:39:88:ef:7f:d0:dc:35:6d:26:88:
         f7:bf:21:19:e8:95:a0:bb:ab:07:0c:0f:ac:b0:32:c2:0b:63:
         65:9c:7f:fe:98:3d:f7:70:60:0b:07:88:43:12:e6:fc:a7:7a:
         cd:e6:bc:81:9f:ce:ef:e4:2a:2f:bb:d7:c6:0a:67:77:cf:e2:
         04:bd:3d:f5:39:e2:41:1c:77:6f:58:66:a3:de:f0:36:f4:46:
         1d:e6:b7:4b:29:f7:6f:52:93:09:f6:1a:8e:b4:a6:e1:d3:a4:
         71:95:72:6f:b1:99:9c:ac:64:cf:b3:0c:f6:b7:d4:95:83:8a:
         d7:57:50:a5:84:f3:5f:27:14:8e:d1:f9:51:e4:38:8b:a4:0c:
         08:85:c7:a4:b3:c1:9e:b1:95:a7:96:f0:bf:df:93:63:cf:73:
         3c:f2:08:f9:91:b4:70:48:54:5d:0e:02:ee:fe:39:9d:02:df:
         2e:80:8d:4a:86:ae:65:49:65:be:c9:03:13:fd:6a:ef:e1:64:
         b2:8c:cd:e2:d3:bf:45:3f:5b:e7:b1:a0:6e:ed:4d:71:23:8c:
         87:fd:96:3e
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYkwUbyRFInbc16mOOhTV9MNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYjEzMDhjNmE5NzdkNWNiOTAzYmYyNWE5NjMwOGIwZThj
ZTNiNDYwHhcNMjMwNzA3MTIyNjUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODg5NDM2YmE4MTE2NDA0MmMzNWVjNTUyYTVjZmE0YWE1YjcxN2JkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm0kpUnRTJDboV4TkwXr+WoP5Uemn
QBPbW//ytHv0RUkqhW6cSbvxBJIzXJ13olKdeu4buDYtOwp1rWmKRkgHp+mlowAK
B1nh5RfBX0QZuGIWU+sHMs+W0T/aQl9g2RF0oC43vXTcCG6HhnJowz0lwZNMBkGU
yyuMo8D0wH24xwg8QqKpiCQuIhVVP73zjiV4TVmFFWmdYRPHi56HdeR9fAmQD3gj
wzJVbBg7U9Lr4e5svqgMrI+VBTuMp6XdvBg74YK7euPP/PU2jQ6Ub4EUVxYNc9BK
nk3akjF1bUKOLsZARoxZzXu0hXKJK90YD+3c6+zg+fVEImK8G2h5WTbJ2QIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFNiJQ2uoEWQELDXsVSpc+kqltxe9MB8GA1UdIwQY
MBaAFIuxMIxql31cuQO/JaljCLDozjtGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTdFd2pHcVhmVnk1QTc4bHFXTUlzT2pPTzBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy83NzY2ODEtYjVlZS00MzBmLTg2OTMt
MTAxYWJkNzM5MWE2LzEvMklsRGE2Z1JaQVFzTmV4VktsejZTcVczRjcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy83NzY2ODEtYjVlZS00MzBmLTg2OTMtMTAxYWJkNzM5MWE2
LzEvaTdFd2pHcVhmVnk1QTc4bHFXTUlzT2pPTzBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQCLZxIAwQC
LZ6IAwQAwgDBAwQAwgDdAwQAwgDfMA0EAgACMAcDBQMqDY6AMA0GCSqGSIb3DQEB
CwUAA4IBAQA9Ow1krQ7QWuU62dwLemiAGUIu8ZI70vMfBK9aGKl6JJw1zcNZ89y9
5wwf1jmI73/Q3DVtJoj3vyEZ6JWgu6sHDA+ssDLCC2NlnH/+mD33cGALB4hDEub8
p3rN5ryBn87v5Covu9fGCmd3z+IEvT31OeJBHHdvWGaj3vA29EYd5rdLKfdvUpMJ
9hqOtKbh06RxlXJvsZmcrGTPswz2t9SVg4rXV1ClhPNfJxSO0flR5DiLpAwIhcek
s8GesZWnlvC/35Njz3M88gj5kbRwSFRdDgLu/jmdAt8ugI1Khq5lSWW+yQMT/Wrv
4WSyjM3i079FP1vnsaBu7U1xI4yH/ZY+
-----END CERTIFICATE-----