Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/8VC4tvlzA8HiLkLQEQdTlfXlguo.roa
File:                     8VC4tvlzA8HiLkLQEQdTlfXlguo.roa (raw, json)
Hash identifier:          gTmy19iJI4XwXzz3qSXT2kbqS+6jpgJfsPqvfdflPoA=
Subject key identifier:   F1:50:B8:B6:F9:73:03:C1:E2:2E:42:D0:11:07:53:95:F5:E5:82:EA
Certificate issuer:       /CN=1773db17795d2bf1b4b5345c5b29390dbaf4523e
Certificate serial:       018571955E6B17CCCCFDB602EE1243C902B8
Authority key identifier: 17:73:DB:17:79:5D:2B:F1:B4:B5:34:5C:5B:29:39:0D:BA:F4:52:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/8VC4tvlzA8HiLkLQEQdTlfXlguo.roa
Signing time:             Mon 02 Jan 2023 08:24:52 +0000
ROA not before:           Mon 02 Jan 2023 08:24:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     1136
IP address blocks:        145.119.0.0/18 maxlen: 18
                          145.15.111.0/24 maxlen: 24
                          145.15.110.0/24 maxlen: 24
                          145.15.109.0/24 maxlen: 24
                          145.15.108.0/24 maxlen: 24
                          145.15.108.0/22 maxlen: 22
                          145.15.115.0/24 maxlen: 24
                          145.15.114.0/24 maxlen: 24
                          145.119.160.0/19 maxlen: 19
                          145.119.199.0/24 maxlen: 24
                          145.119.192.0/18 maxlen: 18
                          145.15.208.0/21 maxlen: 21
                          145.4.224.0/20 maxlen: 20
                          145.119.128.0/18 maxlen: 18
                          145.119.64.0/19 maxlen: 19
                          145.119.64.0/18 maxlen: 18
                          145.78.0.0/16 maxlen: 16

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 10:33:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:95:5e:6b:17:cc:cc:fd:b6:02:ee:12:43:c9:02:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1773db17795d2bf1b4b5345c5b29390dbaf4523e
        Validity
            Not Before: Jan  2 08:24:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f150b8b6f97303c1e22e42d011075395f5e582ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:23:57:9d:3b:65:42:46:7b:0c:d8:d1:73:42:
                    ad:1f:b9:0d:09:a0:b0:d3:ec:9f:c8:b5:8e:4d:78:
                    23:33:4c:81:26:34:e9:20:9a:d7:e5:5d:72:b1:85:
                    86:a7:56:7a:09:a6:e9:0b:99:55:41:31:aa:e0:f8:
                    06:bd:b7:f5:ef:6a:d3:39:da:e3:17:d4:93:ec:84:
                    ec:37:c7:91:36:59:c8:d1:68:d7:d7:60:b3:85:0c:
                    c0:76:e9:9a:bf:fd:17:86:ea:7e:a1:94:72:25:2d:
                    ba:ee:0c:50:89:1a:e9:86:36:27:59:68:be:fc:4f:
                    af:7c:85:dc:54:a3:9f:cb:bb:5d:7b:26:83:64:ee:
                    0a:10:2a:f5:ab:29:65:b4:ab:9c:5f:3e:f8:59:1b:
                    11:b2:e5:43:3b:46:ce:6d:a2:aa:12:9c:8f:a1:1f:
                    82:c4:15:8d:75:44:bd:7f:85:40:f5:13:de:2a:ac:
                    fe:b8:2c:24:48:6b:65:2f:ae:12:1a:52:0b:dc:bf:
                    e4:6e:a4:bd:1d:39:39:6c:13:75:60:9a:7d:57:0f:
                    db:78:5f:ee:8b:c6:10:f4:19:12:4f:83:bd:6b:b4:
                    15:21:71:3c:af:cf:61:61:b8:a8:5c:f5:af:d9:8f:
                    86:ed:96:6d:6b:7c:54:73:07:3a:81:bd:d0:51:34:
                    ce:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:50:B8:B6:F9:73:03:C1:E2:2E:42:D0:11:07:53:95:F5:E5:82:EA
            X509v3 Authority Key Identifier:
                keyid:17:73:DB:17:79:5D:2B:F1:B4:B5:34:5C:5B:29:39:0D:BA:F4:52:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/8VC4tvlzA8HiLkLQEQdTlfXlguo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.4.224.0/20
                  145.15.108.0/22
                  145.15.114.0/23
                  145.15.208.0/21
                  145.78.0.0/16
                  145.119.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         6d:28:d2:9a:d7:b8:38:88:50:a1:45:69:aa:8e:80:54:7b:79:
         f4:e5:6e:c9:1c:6b:dc:1f:0b:f2:99:82:57:78:54:9e:5b:cf:
         ed:7d:19:30:ee:d3:fb:a3:6d:7b:2e:ef:c7:0e:d9:6b:65:da:
         ab:25:15:28:5d:d9:2e:93:c1:52:13:54:e4:0d:e9:af:be:2f:
         b2:48:be:49:29:26:b4:bc:a1:95:97:3a:3f:d7:33:36:ea:33:
         82:a5:1e:82:a4:04:65:94:b3:83:b1:7a:46:fd:bf:42:2c:48:
         c0:58:3d:d5:fa:86:6c:15:1f:ac:b6:d5:ac:8f:69:76:94:a0:
         f4:fb:7d:ca:17:93:98:d8:a2:66:81:ee:4c:b0:7a:ea:15:95:
         ae:e3:23:a9:4d:05:fe:ac:09:7f:e2:ab:f8:24:d0:dc:06:62:
         36:5d:72:5c:0c:44:af:24:c6:7b:b1:b6:53:52:59:64:7d:e1:
         8b:e1:40:f8:c6:a4:64:bd:23:b1:d5:43:4a:e0:5a:fb:2c:f3:
         93:8d:a6:62:b4:b4:49:84:0d:12:dc:8d:e0:28:eb:ef:7a:14:
         fb:04:77:7b:c6:26:0b:94:1b:94:31:ef:6a:84:0b:43:2a:f2:
         56:cd:b3:3a:d6:ed:fe:10:d9:96:39:88:0c:34:51:42:dd:48:
         e3:27:bd:bf
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAYVxlV5rF8zM/bYC7hJDyQK4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3NzNkYjE3Nzk1ZDJiZjFiNGI1MzQ1YzViMjkzOTBkYmFm
NDUyM2UwHhcNMjMwMTAyMDgyNDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTUwYjhiNmY5NzMwM2MxZTIyZTQyZDAxMTA3NTM5NWY1ZTU4MmVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhSNXnTtlQkZ7DNjRc0KtH7kNCaCw
0+yfyLWOTXgjM0yBJjTpIJrX5V1ysYWGp1Z6CabpC5lVQTGq4PgGvbf172rTOdrj
F9ST7ITsN8eRNlnI0WjX12CzhQzAdumav/0Xhup+oZRyJS267gxQiRrphjYnWWi+
/E+vfIXcVKOfy7tdeyaDZO4KECr1qylltKucXz74WRsRsuVDO0bObaKqEpyPoR+C
xBWNdUS9f4VA9RPeKqz+uCwkSGtlL64SGlIL3L/kbqS9HTk5bBN1YJp9Vw/beF/u
i8YQ9BkST4O9a7QVIXE8r89hYbioXPWv2Y+G7ZZta3xUcwc6gb3QUTTOLQIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFPFQuLb5cwPB4i5C0BEHU5X15YLqMB8GA1UdIwQY
MBaAFBdz2xd5XSvxtLU0XFspOQ269FI+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjNQYkYzbGRLX0cwdFRSY1d5azVEYnIwVWo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9mNzdjYmQtODkzYi00NjE2LTlkNzYt
NTQ4NjFmMjMyNDlkLzEvOFZDNHR2bHpBOEhpTGtMUUVRZFRsZlhsZ3VvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9mNzdjYmQtODkzYi00NjE2LTlkNzYtNTQ4NjFmMjMyNDlk
LzEvRjNQYkYzbGRLX0cwdFRSY1d5azVEYnIwVWo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAoBAIAATAiAwQEkQTgAwQC
kQ9sAwQBkQ9yAwQDkQ/QAwMAkU4DAwCRdzANBgkqhkiG9w0BAQsFAAOCAQEAbSjS
mte4OIhQoUVpqo6AVHt59OVuyRxr3B8L8pmCV3hUnlvP7X0ZMO7T+6Ntey7vxw7Z
a2XaqyUVKF3ZLpPBUhNU5A3pr74vski+SSkmtLyhlZc6P9czNuozgqUegqQEZZSz
g7F6Rv2/QixIwFg91fqGbBUfrLbVrI9pdpSg9Pt9yheTmNiiZoHuTLB66hWVruMj
qU0F/qwJf+Kr+CTQ3AZiNl1yXAxEryTGe7G2U1JZZH3hi+FA+MakZL0jsdVDSuBa
+yzzk42mYrS0SYQNEtyN4Cjr73oU+wR3e8YmC5QblDHvaoQLQyryVs2zOtbt/hDZ
ljmIDDRRQt1I4ye9vw==
-----END CERTIFICATE-----