Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/3db08b-01a8-4016-b240-035078ad19ae/1/Ee9CGuqobqgyS8w5JsRgWjlnQc0.roa
File:                     Ee9CGuqobqgyS8w5JsRgWjlnQc0.roa (raw, json)
Hash identifier:          IhldSc1q3RbalFy3jv8DsaIn7AS3xttG7wPoEjqQ2bA=
Subject key identifier:   11:EF:42:1A:EA:A8:6E:A8:32:4B:CC:39:26:C4:60:5A:39:67:41:CD
Certificate issuer:       /CN=54aa31a9f74bb8552d714a0d185d13c7040644ee
Certificate serial:       018570028CFB23B89922E11580B4FFB1B9CE
Authority key identifier: 54:AA:31:A9:F7:4B:B8:55:2D:71:4A:0D:18:5D:13:C7:04:06:44:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VKoxqfdLuFUtcUoNGF0TxwQGRO4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/3db08b-01a8-4016-b240-035078ad19ae/1/Ee9CGuqobqgyS8w5JsRgWjlnQc0.roa
Signing time:             Mon 02 Jan 2023 01:04:53 +0000
ROA not before:           Mon 02 Jan 2023 01:04:53 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     39233
IP address blocks:        193.202.90.0/24 maxlen: 24
                          193.202.112.0/24 maxlen: 24
                          193.202.114.0/24 maxlen: 24
                          194.213.29.0/24 maxlen: 24
                          193.203.4.0/24 maxlen: 24
                          45.155.28.0/22 maxlen: 22
                          45.155.28.0/24 maxlen: 24
                          45.155.29.0/24 maxlen: 24
                          185.237.53.0/24 maxlen: 24
                          185.237.52.0/22 maxlen: 22
                          185.237.54.0/24 maxlen: 24
                          185.237.55.0/24 maxlen: 24
                          2a02:1600::/29 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 02:29:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:02:8c:fb:23:b8:99:22:e1:15:80:b4:ff:b1:b9:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54aa31a9f74bb8552d714a0d185d13c7040644ee
        Validity
            Not Before: Jan  2 01:04:53 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=11ef421aeaa86ea8324bcc3926c4605a396741cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:77:26:80:9a:94:86:49:49:7f:11:35:cb:78:
                    61:20:b9:98:02:42:4b:bc:45:e1:fd:73:7d:90:69:
                    98:a3:ac:2d:7d:41:7d:88:c0:a1:fc:be:93:12:8f:
                    86:2f:23:dd:4a:a2:80:fa:ae:35:d3:35:21:ef:a6:
                    d5:92:0a:be:89:c7:06:5a:07:5d:58:29:18:c8:0f:
                    32:e4:94:d5:d5:ee:8d:be:cf:3a:67:df:76:c1:ed:
                    78:ff:7e:71:1e:43:69:1f:d6:4a:7a:19:f1:b6:12:
                    97:98:27:6e:6b:c0:22:1e:79:9e:3e:72:59:df:ce:
                    9c:ab:4e:f3:e0:f9:5a:15:e2:f4:87:49:32:ea:80:
                    24:0b:43:8b:12:38:02:3e:20:01:b4:09:71:83:50:
                    39:14:fb:71:2a:12:8e:36:d0:6d:ae:6d:c3:a6:9a:
                    95:31:41:97:d5:4e:5d:ea:61:79:c9:95:d5:ad:56:
                    d2:1a:cc:4b:1f:8d:02:03:0e:e6:90:5e:de:93:70:
                    b3:63:8a:15:c2:18:f6:c8:f7:2e:f4:b6:11:48:1f:
                    57:d1:8c:38:78:2c:a5:ba:92:a6:f9:d6:6d:fe:e2:
                    d0:03:84:a0:18:bb:3c:18:e5:17:a8:1d:9c:27:02:
                    36:29:83:85:89:38:92:28:8e:7b:29:07:e3:ea:f4:
                    08:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:EF:42:1A:EA:A8:6E:A8:32:4B:CC:39:26:C4:60:5A:39:67:41:CD
            X509v3 Authority Key Identifier:
                keyid:54:AA:31:A9:F7:4B:B8:55:2D:71:4A:0D:18:5D:13:C7:04:06:44:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VKoxqfdLuFUtcUoNGF0TxwQGRO4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/3db08b-01a8-4016-b240-035078ad19ae/1/Ee9CGuqobqgyS8w5JsRgWjlnQc0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/3db08b-01a8-4016-b240-035078ad19ae/1/VKoxqfdLuFUtcUoNGF0TxwQGRO4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.28.0/22
                  185.237.52.0/22
                  193.202.90.0/24
                  193.202.112.0/24
                  193.202.114.0/24
                  193.203.4.0/24
                  194.213.29.0/24
                IPv6:
                  2a02:1600::/29

    Signature Algorithm: sha256WithRSAEncryption
         bb:45:c8:d6:2e:99:65:f5:a8:81:9d:24:f1:f0:e1:da:36:23:
         97:67:47:fc:aa:ef:0b:0d:cd:b4:81:8a:c9:dc:a0:e2:a0:83:
         6c:5c:b1:01:79:5f:3a:18:3e:3a:6b:9f:22:9f:c1:8b:8f:ef:
         c9:c9:d0:b8:a1:0d:3a:7e:e4:ae:7d:b4:db:ad:a2:d5:e4:e4:
         22:ec:56:82:ac:ba:6e:f8:5f:e9:1c:88:92:8e:dc:6c:28:c8:
         a8:67:1b:2f:23:cd:e8:65:4b:9b:60:89:14:90:64:44:90:14:
         e8:31:5c:10:15:a3:fe:09:78:be:a2:ce:ba:25:12:bf:e4:7f:
         c8:84:e6:35:be:c2:7a:61:d1:0f:d1:a1:6a:d5:c1:08:0b:d4:
         37:b9:0b:71:a4:e6:68:58:b2:58:f1:16:c8:5b:32:7f:74:2a:
         ae:7f:b3:94:77:25:46:2a:c1:a1:32:9b:a9:3a:80:b2:0f:22:
         7b:c3:7c:5d:bb:aa:df:83:82:1a:4a:40:b5:29:62:21:43:f8:
         a9:a3:a0:58:77:84:0d:2f:e6:cb:07:eb:9c:22:82:11:84:2f:
         99:a9:b1:79:59:3a:31:f1:d5:23:82:f0:b3:7d:80:07:9a:41:
         df:ed:1d:a1:8a:b3:2d:eb:4c:02:15:ba:80:1c:90:d6:50:1e:
         32:a1:13:45
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAYVwAoz7I7iZIuEVgLT/sbnOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0YWEzMWE5Zjc0YmI4NTUyZDcxNGEwZDE4NWQxM2M3MDQw
NjQ0ZWUwHhcNMjMwMTAyMDEwNDUzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWVmNDIxYWVhYTg2ZWE4MzI0YmNjMzkyNmM0NjA1YTM5Njc0MWNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwncmgJqUhklJfxE1y3hhILmYAkJL
vEXh/XN9kGmYo6wtfUF9iMCh/L6TEo+GLyPdSqKA+q410zUh76bVkgq+iccGWgdd
WCkYyA8y5JTV1e6Nvs86Z992we14/35xHkNpH9ZKehnxthKXmCdua8AiHnmePnJZ
386cq07z4PlaFeL0h0ky6oAkC0OLEjgCPiABtAlxg1A5FPtxKhKONtBtrm3DppqV
MUGX1U5d6mF5yZXVrVbSGsxLH40CAw7mkF7ek3CzY4oVwhj2yPcu9LYRSB9X0Yw4
eCylupKm+dZt/uLQA4SgGLs8GOUXqB2cJwI2KYOFiTiSKI57KQfj6vQInwIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFBHvQhrqqG6oMkvMOSbEYFo5Z0HNMB8GA1UdIwQY
MBaAFFSqMan3S7hVLXFKDRhdE8cEBkTuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVktveHFmZEx1RlV0Y1VvTkdGMFR4d1FHUk80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi8zZGIwOGItMDFhOC00MDE2LWIyNDAt
MDM1MDc4YWQxOWFlLzEvRWU5Q0d1cW9icWd5Uzh3NUpzUmdXamxuUWMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi8zZGIwOGItMDFhOC00MDE2LWIyNDAtMDM1MDc4YWQxOWFl
LzEvVktveHFmZEx1RlV0Y1VvTkdGMFR4d1FHUk80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQCLZscAwQC
ue00AwQAwcpaAwQAwcpwAwQAwcpyAwQAwcsEAwQAwtUdMA0EAgACMAcDBQMqAhYA
MA0GCSqGSIb3DQEBCwUAA4IBAQC7RcjWLpll9aiBnSTx8OHaNiOXZ0f8qu8LDc20
gYrJ3KDioINsXLEBeV86GD46a58in8GLj+/JydC4oQ06fuSufbTbraLV5OQi7FaC
rLpu+F/pHIiSjtxsKMioZxsvI83oZUubYIkUkGREkBToMVwQFaP+CXi+os66JRK/
5H/IhOY1vsJ6YdEP0aFq1cEIC9Q3uQtxpOZoWLJY8RbIWzJ/dCquf7OUdyVGKsGh
MpupOoCyDyJ7w3xdu6rfg4IaSkC1KWIhQ/ipo6BYd4QNL+bLB+ucIoIRhC+ZqbF5
WTox8dUjgvCzfYAHmkHf7R2hirMt60wCFbqAHJDWUB4yoRNF
-----END CERTIFICATE-----