Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Hx4KGNUWtSqMKVSqpe1mM7Igjfw.roa
File:                     Hx4KGNUWtSqMKVSqpe1mM7Igjfw.roa (raw, json)
Hash identifier:          6ifLdHwDDDrJlLZIGtil6GuUx7ykTTACIkug8Q3KhGA=
Subject key identifier:   1F:1E:0A:18:D5:16:B5:2A:8C:29:54:AA:A5:ED:66:33:B2:20:8D:FC
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0187C36C867C46DFBCDAE727DE1D138698EE
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Hx4KGNUWtSqMKVSqpe1mM7Igjfw.roa
Signing time:             Thu 27 Apr 2023 15:54:42 +0000
ROA not before:           Thu 27 Apr 2023 15:54:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     203790
IP address blocks:        45.148.117.0/24 maxlen: 24
                          45.148.118.0/24 maxlen: 24
                          45.148.116.0/22 maxlen: 24
                          45.148.116.0/24 maxlen: 24
                          45.148.119.0/24 maxlen: 24
                          194.50.111.0/24 maxlen: 24
                          2a0e:97c0:460::/44 maxlen: 48
                          2a0e:b107:12a0::/44 maxlen: 48
                          2a10:cc40:1d0::/44 maxlen: 48
                          2a0e:b101::/32 maxlen: 48
                          2a10:cc41:110::/44 maxlen: 48

Validation:               Failed, certificate revoked on Tue 02 May 2023 01:47:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:c3:6c:86:7c:46:df:bc:da:e7:27:de:1d:13:86:98:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Apr 27 15:54:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1f1e0a18d516b52a8c2954aaa5ed6633b2208dfc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:aa:8b:a4:b2:1a:80:c5:79:3a:e0:1d:14:c5:
                    b6:b1:3a:ca:9a:6a:1e:8d:3d:f1:de:db:6a:4b:46:
                    ed:c7:f4:dc:d9:a4:41:a3:9a:9f:74:4e:f4:57:2c:
                    ef:fb:2b:6d:c8:10:3f:5b:ef:9e:89:2f:31:73:f2:
                    04:cb:4f:98:d3:bc:ee:5a:17:ea:6a:9d:42:50:90:
                    72:4b:87:48:0c:eb:f9:00:78:aa:13:9b:f8:0d:8a:
                    2b:7c:9f:a3:56:ee:07:a8:df:8f:dc:71:3b:de:44:
                    1f:3b:34:79:67:b9:4b:6d:97:38:bc:40:36:b2:4a:
                    c7:70:0b:12:0e:37:98:fd:a3:fe:81:84:70:40:3e:
                    24:f0:47:e3:b8:9b:6f:16:3b:b4:7a:c2:f0:0e:75:
                    05:1f:26:74:97:b1:c4:81:d7:7b:43:d5:21:f8:e0:
                    7a:07:c5:be:cf:10:06:68:c9:69:70:da:aa:9e:32:
                    fa:cc:58:1b:9a:0a:3b:ab:14:c9:e8:10:47:99:71:
                    10:28:ec:d5:ac:19:a6:ed:7b:90:c9:7a:42:aa:94:
                    a4:60:62:c0:fb:ac:c3:64:9d:32:e4:43:e2:71:3a:
                    94:6f:30:96:a8:0d:d0:a6:56:6b:19:7a:1c:f7:d1:
                    ff:51:9b:ce:cd:b3:7d:5a:e8:07:32:f7:12:95:a8:
                    73:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:1E:0A:18:D5:16:B5:2A:8C:29:54:AA:A5:ED:66:33:B2:20:8D:FC
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Hx4KGNUWtSqMKVSqpe1mM7Igjfw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.148.116.0/22
                  194.50.111.0/24
                IPv6:
                  2a0e:97c0:460::/44
                  2a0e:b101::/32
                  2a0e:b107:12a0::/44
                  2a10:cc40:1d0::/44
                  2a10:cc41:110::/44

    Signature Algorithm: sha256WithRSAEncryption
         7f:67:8d:8b:2a:b9:24:e9:63:e8:62:62:c2:95:68:12:e3:59:
         24:57:a6:86:d3:df:ee:f3:70:e2:f0:5f:fe:8d:51:18:e4:4d:
         a5:9f:5c:6a:19:37:8b:69:0b:06:5e:c9:4f:31:c9:7a:31:9f:
         80:85:7e:b6:fe:44:3e:1a:b3:a5:02:0c:1a:0b:4f:d8:88:30:
         8b:c7:de:72:b2:49:78:59:3a:1f:ed:21:a7:e7:db:80:db:ab:
         b4:b0:76:ee:89:fa:69:6e:55:b4:09:3d:73:a8:a5:cd:f3:cb:
         b3:94:41:7a:85:12:ef:61:ce:34:47:d2:6a:93:8d:5f:8c:08:
         c6:55:98:32:1d:36:68:70:1a:1c:7a:e8:c2:32:81:e3:69:a3:
         de:27:72:10:9b:eb:a3:06:2c:10:42:b2:32:ee:5f:17:a5:2a:
         cf:7f:b3:ad:81:39:18:31:76:32:ba:08:40:45:24:88:23:8e:
         b8:b4:be:72:eb:49:67:52:3d:a3:2f:b6:96:5f:9a:9e:dc:72:
         6a:5a:5f:3d:37:0e:82:dc:57:20:01:5b:f4:a4:5c:7d:77:55:
         d7:aa:2c:99:52:03:44:b2:01:cd:ba:af:9d:78:f9:67:c0:ce:
         37:91:d4:4f:61:b4:f6:e9:58:10:67:a2:d0:67:9b:30:cf:cb:
         59:0b:99:f8
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAYfDbIZ8Rt+82ucn3h0ThpjuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjMwNDI3MTU1NDQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjFlMGExOGQ1MTZiNTJhOGMyOTU0YWFhNWVkNjYzM2IyMjA4ZGZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhqqLpLIagMV5OuAdFMW2sTrKmmoe
jT3x3ttqS0btx/Tc2aRBo5qfdE70Vyzv+yttyBA/W++eiS8xc/IEy0+Y07zuWhfq
ap1CUJByS4dIDOv5AHiqE5v4DYorfJ+jVu4HqN+P3HE73kQfOzR5Z7lLbZc4vEA2
skrHcAsSDjeY/aP+gYRwQD4k8EfjuJtvFju0esLwDnUFHyZ0l7HEgdd7Q9Uh+OB6
B8W+zxAGaMlpcNqqnjL6zFgbmgo7qxTJ6BBHmXEQKOzVrBmm7XuQyXpCqpSkYGLA
+6zDZJ0y5EPicTqUbzCWqA3QplZrGXoc99H/UZvOzbN9WugHMvcSlahzdwIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFB8eChjVFrUqjClUqqXtZjOyII38MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvSHg0S0dOVVd0U3FNS1ZTcXBlMW1NN0lnamZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzASBAIAATAMAwQCLZR0AwQA
wjJvMDEEAgACMCsDBwQqDpfABGADBQAqDrEBAwcEKg6xBxKgAwcEKhDMQAHQAwcE
KhDMQQEQMA0GCSqGSIb3DQEBCwUAA4IBAQB/Z42LKrkk6WPoYmLClWgS41kkV6aG
09/u83Di8F/+jVEY5E2ln1xqGTeLaQsGXslPMcl6MZ+AhX62/kQ+GrOlAgwaC0/Y
iDCLx95yskl4WTof7SGn59uA26u0sHbuifppblW0CT1zqKXN88uzlEF6hRLvYc40
R9Jqk41fjAjGVZgyHTZocBoceujCMoHjaaPeJ3IQm+ujBiwQQrIy7l8XpSrPf7Ot
gTkYMXYyughARSSII464tL5y60lnUj2jL7aWX5qe3HJqWl89Nw6C3FcgAVv0pFx9
d1XXqiyZUgNEsgHNuq+dePlnwM43kdRPYbT26VgQZ6LQZ5swz8tZC5n4
-----END CERTIFICATE-----