Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/1dKjq-UnU11D_zTHG6QgM5pfg6A.roa
File:                     1dKjq-UnU11D_zTHG6QgM5pfg6A.roa (raw, json)
Hash identifier:          FYnplBS45nVWFEF1gLgsPSD0TXcWnmANBiEX8EugLyk=
Subject key identifier:   D5:D2:A3:AB:E5:27:53:5D:43:FF:34:C7:1B:A4:20:33:9A:5F:83:A0
Certificate issuer:       /CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Certificate serial:       018964895BECC208C80E64B7A551004AA219
Authority key identifier: 62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/1dKjq-UnU11D_zTHG6QgM5pfg6A.roa
Signing time:             Mon 17 Jul 2023 15:47:50 +0000
ROA not before:           Mon 17 Jul 2023 15:47:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     62240
IP address blocks:        45.149.80.0/24 maxlen: 24
                          45.149.82.0/24 maxlen: 24
                          45.149.81.0/24 maxlen: 24
                          45.150.63.0/24 maxlen: 24
                          45.150.62.0/24 maxlen: 24
                          195.245.111.0/24 maxlen: 24
                          185.179.198.0/24 maxlen: 24
                          45.145.2.0/24 maxlen: 24
                          213.139.192.0/24 maxlen: 24
                          45.145.161.0/24 maxlen: 24
                          45.133.219.0/24 maxlen: 24
                          213.139.195.0/24 maxlen: 24
                          213.139.193.0/24 maxlen: 24
                          77.83.4.0/24 maxlen: 24
                          77.83.7.0/24 maxlen: 24
                          77.83.6.0/24 maxlen: 24
                          77.83.5.0/24 maxlen: 24
                          45.145.90.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 17 Jul 2023 16:05:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:64:89:5b:ec:c2:08:c8:0e:64:b7:a5:51:00:4a:a2:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
        Validity
            Not Before: Jul 17 15:47:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d5d2a3abe527535d43ff34c71ba420339a5f83a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:0d:86:95:29:0d:38:3c:6b:e0:2b:18:5f:ba:
                    28:a1:82:a7:b7:63:13:f9:cb:bd:2c:b3:99:a9:60:
                    a9:31:8e:e3:eb:7a:d4:3f:36:d1:f1:d4:66:22:11:
                    da:d4:01:25:60:d0:12:dc:a3:73:16:ba:36:41:a0:
                    6e:fb:76:da:4c:3b:68:e8:89:fe:18:5a:9d:5e:6d:
                    2d:87:fe:7e:b3:a3:56:aa:7d:a8:27:2c:49:03:ff:
                    14:7c:86:da:f1:6c:30:ff:cf:96:48:66:48:50:08:
                    c1:b9:f2:7d:cb:a6:76:7b:b6:98:80:90:09:3c:35:
                    c4:7c:40:73:b1:40:e1:d2:bf:59:51:8c:85:3a:3d:
                    62:9e:0d:b6:61:f0:1a:75:38:f1:8c:91:02:0a:94:
                    86:96:91:25:db:61:db:da:7f:e9:17:4e:ad:e6:97:
                    04:32:bf:5c:ba:bb:07:e7:03:dd:bb:bb:bd:e0:cb:
                    d1:9f:94:dd:c7:e3:1c:c3:49:95:57:b9:58:60:f8:
                    70:64:e3:35:bd:2f:bf:c8:d9:79:d1:c1:5e:d0:94:
                    85:e9:ee:b1:31:85:f8:6a:8c:4c:c1:4b:27:b1:f4:
                    85:f0:17:05:86:fe:43:4b:e5:c5:81:de:b9:8d:39:
                    01:78:a4:df:af:94:c0:8d:b5:a5:af:3f:43:f1:dc:
                    dc:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:D2:A3:AB:E5:27:53:5D:43:FF:34:C7:1B:A4:20:33:9A:5F:83:A0
            X509v3 Authority Key Identifier:
                keyid:62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/1dKjq-UnU11D_zTHG6QgM5pfg6A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.219.0/24
                  45.145.2.0/24
                  45.145.90.0/24
                  45.145.161.0/24
                  45.149.80.0-45.149.82.255
                  45.150.62.0/23
                  77.83.4.0/22
                  185.179.198.0/24
                  195.245.111.0/24
                  213.139.192.0/23
                  213.139.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:d6:61:bf:e4:c8:2b:9c:87:d6:67:e7:38:bb:08:fd:7e:c8:
         30:9d:15:46:9e:8e:4c:d3:ce:1b:5a:6b:7f:7a:01:ce:40:00:
         13:28:20:3a:e3:62:30:01:8e:36:9b:80:67:5f:1d:cf:dc:2c:
         ec:38:57:23:7a:fb:cb:eb:74:fc:64:03:58:ec:6d:d2:81:f6:
         0f:ff:4d:77:4e:82:c4:ed:fc:0a:74:ae:b6:76:6f:bb:a4:ae:
         23:0e:39:54:0e:dd:9d:52:e8:66:67:49:c2:9d:c5:4d:27:af:
         65:12:ed:05:91:94:7e:41:ff:dc:32:2f:ed:76:2c:dd:de:27:
         0f:0a:a5:7d:dd:03:10:5d:48:5d:97:5e:07:53:ff:0d:e6:40:
         75:dd:42:58:3f:cd:bd:b7:bc:9d:32:68:97:40:ed:78:91:46:
         cc:07:d4:9e:53:37:99:3e:65:44:6c:20:7c:74:61:a9:2a:57:
         2c:cc:4f:23:71:78:f7:35:83:d1:42:d5:d4:70:24:f9:c2:30:
         91:91:42:53:7e:b9:39:f0:bc:99:86:48:26:77:10:86:37:bc:
         8f:67:33:1c:54:3d:8a:3c:cf:91:a4:31:c9:c9:80:00:fa:d7:
         6c:dc:3e:dd:9d:6b:44:08:f7:65:5c:c9:5c:18:f2:10:95:44:
         25:0a:d2:8e
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYlkiVvswgjIDmS3pVEASqIZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjJlMWMyYTUzMTUzMzRiNjZkODBmNzhkNWI1MGI0MmU0
ODBiOWMwHhcNMjMwNzE3MTU0NzUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWQyYTNhYmU1Mjc1MzVkNDNmZjM0YzcxYmE0MjAzMzlhNWY4M2EwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkw2GlSkNODxr4CsYX7oooYKnt2MT
+cu9LLOZqWCpMY7j63rUPzbR8dRmIhHa1AElYNAS3KNzFro2QaBu+3baTDto6In+
GFqdXm0th/5+s6NWqn2oJyxJA/8UfIba8Www/8+WSGZIUAjBufJ9y6Z2e7aYgJAJ
PDXEfEBzsUDh0r9ZUYyFOj1ing22YfAadTjxjJECCpSGlpEl22Hb2n/pF06t5pcE
Mr9cursH5wPdu7u94MvRn5Tdx+Mcw0mVV7lYYPhwZOM1vS+/yNl50cFe0JSF6e6x
MYX4aoxMwUsnsfSF8BcFhv5DS+XFgd65jTkBeKTfr5TAjbWlrz9D8dzc2QIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFNXSo6vlJ1NdQ/80xxukIDOaX4OgMB8GA1UdIwQY
MBaAFGIi4cKlMVM0tm2A941bULQuSAucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEt
NTczNzAxYzg0ODMzLzEvMWRLanEtVW5VMTFEX3pUSEc2UWdNNXBmZzZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEtNTczNzAxYzg0ODMz
LzEvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQALYXbAwQA
LZECAwQALZFaAwQALZGhMAwDBAQtlVADBAAtlVIDBAEtlj4DBAJNUwQDBAC5s8YD
BADD9W8DBAHVi8ADBADVi8MwDQYJKoZIhvcNAQELBQADggEBAG7WYb/kyCuch9Zn
5zi7CP1+yDCdFUaejkzTzhtaa396Ac5AABMoIDrjYjABjjabgGdfHc/cLOw4VyN6
+8vrdPxkA1jsbdKB9g//TXdOgsTt/Ap0rrZ2b7ukriMOOVQO3Z1S6GZnScKdxU0n
r2US7QWRlH5B/9wyL+12LN3eJw8KpX3dAxBdSF2XXgdT/w3mQHXdQlg/zb23vJ0y
aJdA7XiRRswH1J5TN5k+ZURsIHx0YakqVyzMTyNxePc1g9FC1dRwJPnCMJGRQlN+
uTnwvJmGSCZ3EIY3vI9nMxxUPYo8z5GkMcnJgAD612zcPt2da0QI92VcyVwY8hCV
RCUK0o4=
-----END CERTIFICATE-----