Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/5edf7a-ab9a-45e7-a612-d169c088b412/1/Dxq9NOgPjIqrJaH_RcWOf9pfnxs.roa
File:                     Dxq9NOgPjIqrJaH_RcWOf9pfnxs.roa (raw, json)
Hash identifier:          jqym2Yl879hB8UsEC5yhqUV8lcMzdM0htgva3eDLxqY=
Subject key identifier:   0F:1A:BD:34:E8:0F:8C:8A:AB:25:A1:FF:45:C5:8E:7F:DA:5F:9F:1B
Certificate issuer:       /CN=11b69b59d19f2987e49f1852d60bb1777f80a301
Certificate serial:       018CCA2B132963E073B2F7D18EB0B4BFFD7B
Authority key identifier: 11:B6:9B:59:D1:9F:29:87:E4:9F:18:52:D6:0B:B1:77:7F:80:A3:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EbabWdGfKYfknxhS1guxd3-AowE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/5edf7a-ab9a-45e7-a612-d169c088b412/1/Dxq9NOgPjIqrJaH_RcWOf9pfnxs.roa
Signing time:             Tue 02 Jan 2024 12:34:29 +0000
ROA not before:           Tue 02 Jan 2024 12:34:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50149
IP address blocks:        62.122.216.0/22 maxlen: 22
                          94.154.128.0/22 maxlen: 22
                          45.150.188.0/22 maxlen: 22
                          89.104.107.0/24 maxlen: 24
                          89.104.125.0/24 maxlen: 24
                          89.104.119.0/24 maxlen: 24
                          185.228.90.0/23 maxlen: 23
                          185.228.88.0/23 maxlen: 23
                          185.240.48.0/22 maxlen: 22
                          2a00:ab01::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 15 Jul 2024 10:01:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:13:29:63:e0:73:b2:f7:d1:8e:b0:b4:bf:fd:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11b69b59d19f2987e49f1852d60bb1777f80a301
        Validity
            Not Before: Jan  2 12:34:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0f1abd34e80f8c8aab25a1ff45c58e7fda5f9f1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:35:7f:8c:8a:32:6b:46:56:42:86:90:30:d7:
                    ff:97:85:31:46:33:1f:6d:d1:d8:9a:c1:bd:b7:59:
                    f1:4c:53:66:6f:81:c4:55:e4:23:e0:99:1a:2a:5e:
                    72:36:54:d2:3b:bc:a7:be:70:05:df:8d:a7:9e:5e:
                    46:38:f7:47:c3:9a:0b:2c:2e:72:be:1e:1c:a1:9f:
                    e1:d2:50:64:1e:80:28:3d:71:38:70:ff:a6:e9:f4:
                    9e:be:12:9f:1d:cb:b0:b0:b2:1f:08:45:b5:2c:73:
                    9b:d5:75:1d:40:69:54:54:6d:3c:51:e1:50:8a:f9:
                    3d:ec:15:7b:29:d8:86:09:ca:94:7b:84:25:49:7f:
                    af:f6:dc:fb:9e:dc:cd:58:61:9a:a4:e9:db:79:3c:
                    1b:69:66:7a:5d:16:32:25:cf:8d:be:28:f5:8d:a5:
                    62:1f:ec:9a:b7:3e:64:45:71:f0:f2:c1:e0:2c:47:
                    68:7a:d1:f8:62:a6:5b:78:95:23:ca:9c:8c:d7:a1:
                    fe:80:67:a1:5d:cb:df:11:22:3e:dd:6c:76:3b:14:
                    3d:8a:89:bb:54:e1:9c:dc:8d:a0:f5:1d:00:7c:9e:
                    45:a0:25:d4:4b:1c:54:6a:7d:67:5f:e3:e1:4b:31:
                    66:51:b7:32:d5:aa:f4:47:1d:af:38:02:60:15:4d:
                    72:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:1A:BD:34:E8:0F:8C:8A:AB:25:A1:FF:45:C5:8E:7F:DA:5F:9F:1B
            X509v3 Authority Key Identifier:
                keyid:11:B6:9B:59:D1:9F:29:87:E4:9F:18:52:D6:0B:B1:77:7F:80:A3:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EbabWdGfKYfknxhS1guxd3-AowE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/5edf7a-ab9a-45e7-a612-d169c088b412/1/Dxq9NOgPjIqrJaH_RcWOf9pfnxs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/5edf7a-ab9a-45e7-a612-d169c088b412/1/EbabWdGfKYfknxhS1guxd3-AowE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.188.0/22
                  62.122.216.0/22
                  89.104.107.0/24
                  89.104.119.0/24
                  89.104.125.0/24
                  94.154.128.0/22
                  185.228.88.0/22
                  185.240.48.0/22
                IPv6:
                  2a00:ab01::/32

    Signature Algorithm: sha256WithRSAEncryption
         73:49:31:3e:5d:73:b7:27:6a:18:be:26:e0:e7:e1:7d:57:ab:
         4a:8e:1d:da:b8:b8:fa:ac:7d:0c:19:bd:f0:18:2f:75:fa:ea:
         75:6c:b2:7f:ba:4d:43:55:6e:8d:84:0e:fb:1c:53:ae:67:3e:
         b0:cb:a9:07:8e:e5:70:55:c8:83:e6:65:e0:cf:d9:af:f5:ef:
         10:98:5c:3d:d7:ee:c5:94:a2:e0:1e:97:d5:a0:a3:c0:f7:33:
         17:16:9f:0c:aa:d6:7c:03:f9:a0:4f:aa:fa:99:09:9a:a7:72:
         fd:76:de:81:69:c6:30:d2:0d:4f:31:83:48:66:43:a8:13:62:
         d3:00:c5:d1:d4:38:f5:93:ee:df:02:f8:eb:a7:76:73:eb:dc:
         f5:6e:a2:fd:a1:a6:6b:7c:73:3f:d6:39:5a:21:c5:ee:d0:f5:
         3f:ed:04:31:9e:ee:f3:d6:a8:75:5c:22:c3:42:48:29:7c:ab:
         44:36:60:e8:6c:98:ce:82:c2:66:37:69:11:e4:f1:63:b4:28:
         87:03:e8:d0:53:0d:2c:4d:e7:a6:d0:7c:bd:93:b9:0d:38:61:
         8e:6b:48:04:40:bb:db:79:41:30:8f:a4:aa:c7:f7:39:be:68:
         25:bd:b3:34:b4:9d:5d:1a:fa:35:7c:df:62:89:70:8c:b5:fd:
         1a:60:5c:1e
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAYzKKxMpY+BzsvfRjrC0v/17MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExYjY5YjU5ZDE5ZjI5ODdlNDlmMTg1MmQ2MGJiMTc3N2Y4
MGEzMDEwHhcNMjQwMTAyMTIzNDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjFhYmQzNGU4MGY4YzhhYWIyNWExZmY0NWM1OGU3ZmRhNWY5ZjFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnjV/jIoya0ZWQoaQMNf/l4UxRjMf
bdHYmsG9t1nxTFNmb4HEVeQj4JkaKl5yNlTSO7ynvnAF342nnl5GOPdHw5oLLC5y
vh4coZ/h0lBkHoAoPXE4cP+m6fSevhKfHcuwsLIfCEW1LHOb1XUdQGlUVG08UeFQ
ivk97BV7KdiGCcqUe4QlSX+v9tz7ntzNWGGapOnbeTwbaWZ6XRYyJc+Nvij1jaVi
H+yatz5kRXHw8sHgLEdoetH4YqZbeJUjypyM16H+gGehXcvfESI+3Wx2OxQ9iom7
VOGc3I2g9R0AfJ5FoCXUSxxUan1nX+PhSzFmUbcy1ar0Rx2vOAJgFU1yYQIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFA8avTToD4yKqyWh/0XFjn/aX58bMB8GA1UdIwQY
MBaAFBG2m1nRnymH5J8YUtYLsXd/gKMBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWJhYldkR2ZLWWZrbnhoUzFndXhkMy1Bb3dFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC81ZWRmN2EtYWI5YS00NWU3LWE2MTIt
ZDE2OWMwODhiNDEyLzEvRHhxOU5PZ1BqSXFySmFIX1JjV09mOXBmbnhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC81ZWRmN2EtYWI5YS00NWU3LWE2MTItZDE2OWMwODhiNDEy
LzEvRWJhYldkR2ZLWWZrbnhoUzFndXhkMy1Bb3dFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQCLZa8AwQC
PnrYAwQAWWhrAwQAWWh3AwQAWWh9AwQCXpqAAwQCueRYAwQCufAwMA0EAgACMAcD
BQAqAKsBMA0GCSqGSIb3DQEBCwUAA4IBAQBzSTE+XXO3J2oYvibg5+F9V6tKjh3a
uLj6rH0MGb3wGC91+up1bLJ/uk1DVW6NhA77HFOuZz6wy6kHjuVwVciD5mXgz9mv
9e8QmFw91+7FlKLgHpfVoKPA9zMXFp8MqtZ8A/mgT6r6mQmap3L9dt6BacYw0g1P
MYNIZkOoE2LTAMXR1Dj1k+7fAvjrp3Zz69z1bqL9oaZrfHM/1jlaIcXu0PU/7QQx
nu7z1qh1XCLDQkgpfKtENmDobJjOgsJmN2kR5PFjtCiHA+jQUw0sTeem0Hy9k7kN
OGGOa0gEQLvbeUEwj6Sqx/c5vmglvbM0tJ1dGvo1fN9iiXCMtf0aYFwe
-----END CERTIFICATE-----