Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/IxpEO5JKV0BFbrwqCfbNY-3H1fU.roa
File:                     IxpEO5JKV0BFbrwqCfbNY-3H1fU.roa (raw, json)
Hash identifier:          aOK0hMlm3/PmRWYeYKK4N3DI2fZrBKu6on9WPChQQR8=
Subject key identifier:   23:1A:44:3B:92:4A:57:40:45:6E:BC:2A:09:F6:CD:63:ED:C7:D5:F5
Certificate issuer:       /CN=c45c683cb1eb9c0f49b967e3bd9b8b84cf099bb8
Certificate serial:       018D16C5BC6D12EA69CC7E36C7067D9C1191
Authority key identifier: C4:5C:68:3C:B1:EB:9C:0F:49:B9:67:E3:BD:9B:8B:84:CF:09:9B:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/IxpEO5JKV0BFbrwqCfbNY-3H1fU.roa
Signing time:             Wed 17 Jan 2024 09:34:34 +0000
ROA not before:           Wed 17 Jan 2024 09:34:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33845
IP address blocks:        131.102.0.0/16 maxlen: 16
                          149.126.48.0/21 maxlen: 24
                          162.23.0.0/16 maxlen: 16
                          162.23.22.0/24 maxlen: 24
                          162.23.112.0/22 maxlen: 24
                          162.23.128.0/22 maxlen: 24
                          162.23.132.0/22 maxlen: 24
                          162.23.136.0/22 maxlen: 24
                          162.23.146.0/23 maxlen: 24
                          162.23.174.0/23 maxlen: 24
                          162.23.235.0/24 maxlen: 24
                          162.23.237.0/24 maxlen: 24
                          193.5.216.0/21 maxlen: 21
                          2a07:2900::/32 maxlen: 32

Validation:               Failed, certificate revoked on Thu 04 Apr 2024 13:33:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:16:c5:bc:6d:12:ea:69:cc:7e:36:c7:06:7d:9c:11:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c45c683cb1eb9c0f49b967e3bd9b8b84cf099bb8
        Validity
            Not Before: Jan 17 09:34:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=231a443b924a5740456ebc2a09f6cd63edc7d5f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:72:b4:6e:0e:b2:2f:36:c4:7f:00:9a:7c:87:
                    22:6f:12:96:f1:7a:9d:6a:ef:33:b9:9d:6d:d8:38:
                    52:79:2e:cf:ae:6f:94:f5:79:3d:af:45:97:6c:a7:
                    89:be:47:97:83:9c:e6:44:1c:5e:8d:61:f6:0c:31:
                    3e:99:3f:65:91:cd:22:a9:34:42:f4:8e:6d:2b:6f:
                    3d:1e:9b:24:4f:0f:42:7a:c2:18:7d:bf:d0:f0:05:
                    1e:f2:88:21:96:49:d3:df:8d:c8:cc:95:6c:3d:e8:
                    00:80:b4:61:26:98:35:98:6c:fb:9c:be:58:a4:1b:
                    b1:d8:b6:5b:f5:98:43:98:14:9e:07:64:8f:4e:d1:
                    d5:66:0c:f4:33:5c:9f:e7:d3:1c:83:fa:dd:83:79:
                    8c:4e:a8:33:84:b9:1b:00:61:68:c7:ae:2a:af:31:
                    5f:c1:42:56:c2:2e:6f:59:de:7f:03:b8:7b:0f:ea:
                    2b:75:a0:50:05:10:bf:e3:8a:45:55:a8:a1:4e:89:
                    d4:b9:ae:f5:a8:38:5b:d3:a4:75:12:af:8d:eb:58:
                    c7:ba:27:2d:24:a1:d2:a1:ae:fb:e8:33:88:e1:3f:
                    e1:39:1c:1d:b0:72:63:24:ce:44:f3:7e:fa:90:9e:
                    54:d9:06:5b:a2:de:e6:1c:86:9c:07:66:95:52:89:
                    69:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:1A:44:3B:92:4A:57:40:45:6E:BC:2A:09:F6:CD:63:ED:C7:D5:F5
            X509v3 Authority Key Identifier:
                keyid:C4:5C:68:3C:B1:EB:9C:0F:49:B9:67:E3:BD:9B:8B:84:CF:09:9B:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/IxpEO5JKV0BFbrwqCfbNY-3H1fU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  131.102.0.0/16
                  149.126.48.0/21
                  162.23.0.0/16
                  193.5.216.0/21
                IPv6:
                  2a07:2900::/32

    Signature Algorithm: sha256WithRSAEncryption
         33:d8:05:84:27:9c:d3:09:f1:bb:d3:91:52:c3:27:6b:23:4f:
         b6:c2:d7:31:f9:5f:9b:a1:ea:24:d5:84:b5:32:72:52:68:dc:
         a2:e9:7f:16:ff:5e:dd:e4:aa:91:49:89:23:05:2c:73:1c:6b:
         35:2f:a4:d8:8c:47:12:e4:6b:9b:18:b9:17:1e:91:8b:13:6e:
         84:34:52:1e:94:2e:9a:94:06:f3:fd:d4:8e:be:23:b2:a5:ea:
         cb:d3:09:12:2e:95:bf:0a:98:5e:36:2a:23:a2:c3:5f:5a:ab:
         21:aa:31:af:88:e8:a9:3f:e5:6c:70:fb:08:c0:7a:94:d0:33:
         64:f7:89:f1:ea:5c:a2:5d:50:a7:f2:55:b6:64:6b:58:9f:94:
         ca:0b:f5:56:60:d4:e7:16:f2:ab:bf:15:c9:dc:3c:58:f6:f4:
         75:f3:19:df:c0:1d:c7:e7:8e:a0:77:cb:9d:eb:3c:fa:38:69:
         fe:ed:18:fc:de:3d:dd:e6:0d:1c:d1:57:6b:15:c0:a2:ff:a1:
         5e:20:39:5d:52:96:ae:e3:09:37:5e:f1:c3:77:1e:b9:0b:35:
         99:d1:cb:de:fa:16:d6:0b:60:7a:ea:98:3b:ca:04:fa:b8:37:
         74:10:73:92:51:a8:d2:bf:dc:4e:30:f1:6d:87:c4:3f:77:b3:
         b1:b7:9a:25
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgISAY0WxbxtEuppzH42xwZ9nBGRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0NWM2ODNjYjFlYjljMGY0OWI5NjdlM2JkOWI4Yjg0Y2Yw
OTliYjgwHhcNMjQwMTE3MDkzNDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzFhNDQzYjkyNGE1NzQwNDU2ZWJjMmEwOWY2Y2Q2M2VkYzdkNWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjnK0bg6yLzbEfwCafIcibxKW8Xqd
au8zuZ1t2DhSeS7Prm+U9Xk9r0WXbKeJvkeXg5zmRBxejWH2DDE+mT9lkc0iqTRC
9I5tK289HpskTw9CesIYfb/Q8AUe8oghlknT343IzJVsPegAgLRhJpg1mGz7nL5Y
pBux2LZb9ZhDmBSeB2SPTtHVZgz0M1yf59Mcg/rdg3mMTqgzhLkbAGFox64qrzFf
wUJWwi5vWd5/A7h7D+ordaBQBRC/44pFVaihTonUua71qDhb06R1Eq+N61jHuict
JKHSoa776DOI4T/hORwdsHJjJM5E8376kJ5U2QZbot7mHIacB2aVUolpQwIDAQAB
o4ICKDCCAiQwHQYDVR0OBBYEFCMaRDuSSldARW68Kgn2zWPtx9X1MB8GA1UdIwQY
MBaAFMRcaDyx65wPSbln472bi4TPCZu4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEZ4b1BMSHJuQTlKdVdmanZadUxoTThKbTdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC80MzlhMTAtNjBjNC00YzI4LTkxYmYt
ODhkMmRmMTBkMTViLzEvSXhwRU81SktWMEJGYnJ3cUNmYk5ZLTNIMWZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC80MzlhMTAtNjBjNC00YzI4LTkxYmYtODhkMmRmMTBkMTVi
LzEveEZ4b1BMSHJuQTlKdVdmanZadUxoTThKbTdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD4GCCsGAQUFBwEHAQH/BC8wLTAcBAIAATAWAwMAg2YDBAOV
fjADAwCiFwMEA8EF2DANBAIAAjAHAwUAKgcpADANBgkqhkiG9w0BAQsFAAOCAQEA
M9gFhCec0wnxu9ORUsMnayNPtsLXMflfm6HqJNWEtTJyUmjcoul/Fv9e3eSqkUmJ
IwUscxxrNS+k2IxHEuRrmxi5Fx6RixNuhDRSHpQumpQG8/3Ujr4jsqXqy9MJEi6V
vwqYXjYqI6LDX1qrIaoxr4joqT/lbHD7CMB6lNAzZPeJ8epcol1Qp/JVtmRrWJ+U
ygv1VmDU5xbyq78Vydw8WPb0dfMZ38Adx+eOoHfLnes8+jhp/u0Y/N493eYNHNFX
axXAov+hXiA5XVKWruMJN17xw3ceuQs1mdHL3voW1gtgeuqYO8oE+rg3dBBzklGo
0r/cTjDxbYfEP3ezsbeaJQ==
-----END CERTIFICATE-----