Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/5edf7a-ab9a-45e7-a612-d169c088b412/1/QRqlgfeFuxRs8BOXePhedxymEPY.roa
File:                     QRqlgfeFuxRs8BOXePhedxymEPY.roa (raw, json)
Hash identifier:          8x7MhjeR5rVoQAg6sl1FxYxfl2/vTc6XCHgh+uQrcmI=
Subject key identifier:   41:1A:A5:81:F7:85:BB:14:6C:F0:13:97:78:F8:5E:77:1C:A6:10:F6
Certificate issuer:       /CN=11b69b59d19f2987e49f1852d60bb1777f80a301
Certificate serial:       018BA8FA959402E8C5C9878E449034D9B71F
Authority key identifier: 11:B6:9B:59:D1:9F:29:87:E4:9F:18:52:D6:0B:B1:77:7F:80:A3:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EbabWdGfKYfknxhS1guxd3-AowE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/5edf7a-ab9a-45e7-a612-d169c088b412/1/QRqlgfeFuxRs8BOXePhedxymEPY.roa
Signing time:             Tue 07 Nov 2023 08:51:16 +0000
ROA not before:           Tue 07 Nov 2023 08:51:16 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     50149
IP address blocks:        62.122.216.0/22 maxlen: 22
                          94.154.128.0/22 maxlen: 22
                          45.150.188.0/22 maxlen: 22
                          89.104.107.0/24 maxlen: 24
                          89.104.125.0/24 maxlen: 24
                          89.104.119.0/24 maxlen: 24
                          185.228.90.0/23 maxlen: 23
                          185.228.88.0/23 maxlen: 23
                          185.240.48.0/22 maxlen: 22
                          2a00:ab01::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 12:34:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:a8:fa:95:94:02:e8:c5:c9:87:8e:44:90:34:d9:b7:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11b69b59d19f2987e49f1852d60bb1777f80a301
        Validity
            Not Before: Nov  7 08:51:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=411aa581f785bb146cf0139778f85e771ca610f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:6b:f2:d4:7f:34:d1:24:6f:36:78:c2:62:1f:
                    80:a7:17:bb:3a:4f:b2:50:db:57:54:e4:d1:1a:a4:
                    04:7b:41:0a:a5:8e:ad:ab:e4:4d:6c:66:6d:a9:b2:
                    54:38:8f:f4:ae:82:19:69:3c:96:ba:23:be:1f:56:
                    07:41:e3:23:86:55:76:02:13:83:1f:35:7f:49:82:
                    ec:be:18:e4:65:65:74:7a:36:a2:4b:24:34:d6:94:
                    8a:35:7f:ca:b0:a5:bf:43:46:89:f3:3d:eb:74:41:
                    62:35:bd:66:71:37:e2:a5:5f:c9:ee:b9:fd:d3:76:
                    ff:17:88:da:14:84:bb:80:b2:bc:92:b9:78:4c:9f:
                    2d:fa:4f:be:40:fa:85:34:5f:39:f4:0f:a4:ab:67:
                    9b:12:bd:41:a3:4d:31:bb:e8:a1:f3:f7:b4:2c:6f:
                    e7:77:b2:60:30:af:c9:1b:aa:7a:a9:87:67:6d:e6:
                    d5:85:ec:4c:4e:82:b9:ab:b4:6e:d0:8f:29:43:fb:
                    76:9e:00:4d:97:f9:ab:f0:5e:47:96:5a:fd:d3:56:
                    db:58:9b:8e:7a:e9:77:09:25:33:73:e6:cf:9f:af:
                    3c:89:32:d9:41:49:35:ec:0a:6e:d8:83:b0:5b:cb:
                    e3:3b:97:bf:7c:bc:4e:48:75:e7:d9:ee:54:e5:7f:
                    31:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:1A:A5:81:F7:85:BB:14:6C:F0:13:97:78:F8:5E:77:1C:A6:10:F6
            X509v3 Authority Key Identifier:
                keyid:11:B6:9B:59:D1:9F:29:87:E4:9F:18:52:D6:0B:B1:77:7F:80:A3:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EbabWdGfKYfknxhS1guxd3-AowE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/5edf7a-ab9a-45e7-a612-d169c088b412/1/QRqlgfeFuxRs8BOXePhedxymEPY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/5edf7a-ab9a-45e7-a612-d169c088b412/1/EbabWdGfKYfknxhS1guxd3-AowE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.188.0/22
                  62.122.216.0/22
                  89.104.107.0/24
                  89.104.119.0/24
                  89.104.125.0/24
                  94.154.128.0/22
                  185.228.88.0/22
                  185.240.48.0/22
                IPv6:
                  2a00:ab01::/32

    Signature Algorithm: sha256WithRSAEncryption
         0d:fe:09:7d:bc:c0:59:08:b8:c3:6e:95:ad:95:a5:f8:73:f2:
         34:a4:95:28:d1:f2:7f:97:6a:0d:31:e0:43:06:60:45:c3:4f:
         28:40:cb:d6:ce:0b:2e:41:df:8a:9f:02:e8:4c:55:19:e7:1b:
         0c:8a:db:e4:fd:3a:08:1c:c8:68:f7:5d:82:7b:c6:f3:07:26:
         00:98:60:28:26:ba:cf:cb:db:2d:3f:41:3c:4b:7a:2c:46:4d:
         54:1f:55:00:34:f3:bd:41:f5:22:3e:07:9e:6d:57:29:b3:f7:
         e5:11:87:87:1f:8c:dc:29:a8:01:3f:b0:8b:78:cf:03:4b:3c:
         9b:c4:20:05:80:ae:53:63:40:7d:9f:23:c4:c1:e3:b7:9f:53:
         65:a5:ed:19:71:9c:cd:6b:e5:a0:f8:b2:be:b1:7b:93:c5:7e:
         81:77:eb:d2:50:d9:7a:ee:7c:da:de:7b:42:63:46:65:13:f0:
         ef:50:ae:31:58:7a:f5:12:a4:4a:a3:04:62:43:5a:b0:8e:ab:
         34:f9:1b:49:9b:7c:89:6c:fa:d9:bf:cd:91:13:b5:d5:49:e3:
         76:55:93:8b:11:22:36:89:ef:18:27:0a:9f:13:17:93:33:fe:
         40:75:e2:8b:12:a2:6b:fd:a7:76:c5:6c:80:74:11:31:22:1e:
         7a:13:e3:05
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAYuo+pWUAujFyYeORJA02bcfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExYjY5YjU5ZDE5ZjI5ODdlNDlmMTg1MmQ2MGJiMTc3N2Y4
MGEzMDEwHhcNMjMxMTA3MDg1MTE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTFhYTU4MWY3ODViYjE0NmNmMDEzOTc3OGY4NWU3NzFjYTYxMGY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjGvy1H800SRvNnjCYh+Apxe7Ok+y
UNtXVOTRGqQEe0EKpY6tq+RNbGZtqbJUOI/0roIZaTyWuiO+H1YHQeMjhlV2AhOD
HzV/SYLsvhjkZWV0ejaiSyQ01pSKNX/KsKW/Q0aJ8z3rdEFiNb1mcTfipV/J7rn9
03b/F4jaFIS7gLK8krl4TJ8t+k++QPqFNF859A+kq2ebEr1Bo00xu+ih8/e0LG/n
d7JgMK/JG6p6qYdnbebVhexMToK5q7Ru0I8pQ/t2ngBNl/mr8F5Hllr901bbWJuO
eul3CSUzc+bPn688iTLZQUk17Apu2IOwW8vjO5e/fLxOSHXn2e5U5X8xDQIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFEEapYH3hbsUbPATl3j4XnccphD2MB8GA1UdIwQY
MBaAFBG2m1nRnymH5J8YUtYLsXd/gKMBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWJhYldkR2ZLWWZrbnhoUzFndXhkMy1Bb3dFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC81ZWRmN2EtYWI5YS00NWU3LWE2MTIt
ZDE2OWMwODhiNDEyLzEvUVJxbGdmZUZ1eFJzOEJPWGVQaGVkeHltRVBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC81ZWRmN2EtYWI5YS00NWU3LWE2MTItZDE2OWMwODhiNDEy
LzEvRWJhYldkR2ZLWWZrbnhoUzFndXhkMy1Bb3dFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQCLZa8AwQC
PnrYAwQAWWhrAwQAWWh3AwQAWWh9AwQCXpqAAwQCueRYAwQCufAwMA0EAgACMAcD
BQAqAKsBMA0GCSqGSIb3DQEBCwUAA4IBAQAN/gl9vMBZCLjDbpWtlaX4c/I0pJUo
0fJ/l2oNMeBDBmBFw08oQMvWzgsuQd+KnwLoTFUZ5xsMitvk/ToIHMho912Ce8bz
ByYAmGAoJrrPy9stP0E8S3osRk1UH1UANPO9QfUiPgeebVcps/flEYeHH4zcKagB
P7CLeM8DSzybxCAFgK5TY0B9nyPEweO3n1Nlpe0ZcZzNa+Wg+LK+sXuTxX6Bd+vS
UNl67nza3ntCY0ZlE/DvUK4xWHr1EqRKowRiQ1qwjqs0+RtJm3yJbPrZv82RE7XV
SeN2VZOLESI2ie8YJwqfExeTM/5AdeKLEqJr/ad2xWyAdBExIh56E+MF
-----END CERTIFICATE-----