Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/JXwr-NtsvguqHlOJi6cgiGUQeYM.roa
File:                     JXwr-NtsvguqHlOJi6cgiGUQeYM.roa (raw, json)
Hash identifier:          92YKO6XmxYYXHNxZtyT50DUWPTG8d/GXvt1MDlEwe1c=
Subject key identifier:   25:7C:2B:F8:DB:6C:BE:0B:AA:1E:53:89:8B:A7:20:88:65:10:79:83
Certificate issuer:       /CN=d5637692ff5c45486d1053b149dc1420026cd733
Certificate serial:       018B7075962572CEB542CE5FCBBE96409B10
Authority key identifier: D5:63:76:92:FF:5C:45:48:6D:10:53:B1:49:DC:14:20:02:6C:D7:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/JXwr-NtsvguqHlOJi6cgiGUQeYM.roa
Signing time:             Fri 27 Oct 2023 09:27:15 +0000
ROA not before:           Fri 27 Oct 2023 09:27:15 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        45.149.92.0/23 maxlen: 24
                          80.246.225.0/24 maxlen: 24
                          80.246.229.0/24 maxlen: 24
                          80.246.231.0/24 maxlen: 24
                          80.246.232.0/24 maxlen: 24
                          80.246.233.0/24 maxlen: 24
                          80.246.236.0/24 maxlen: 24
                          80.246.236.0/22 maxlen: 24
                          80.246.237.0/24 maxlen: 24
                          80.246.238.0/24 maxlen: 24
                          80.246.239.0/24 maxlen: 24
                          80.246.234.0/24 maxlen: 24
                          80.246.235.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 31 Oct 2023 09:26:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:70:75:96:25:72:ce:b5:42:ce:5f:cb:be:96:40:9b:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5637692ff5c45486d1053b149dc1420026cd733
        Validity
            Not Before: Oct 27 09:27:15 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=257c2bf8db6cbe0baa1e53898ba7208865107983
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:12:77:0b:38:ae:a7:7f:f0:eb:64:cf:ec:41:
                    8f:84:dc:4e:c2:3e:ef:cd:8c:e6:37:bb:d5:1a:58:
                    b3:55:36:e4:f6:33:93:d6:6e:67:22:85:5b:d0:ec:
                    92:a8:54:52:5d:c5:ca:16:7f:7c:fd:a7:07:22:7e:
                    64:cc:01:e5:ee:96:48:8b:e7:4e:0d:be:f9:89:6a:
                    ef:83:9f:3a:15:fe:a7:f9:ec:52:2d:ed:d2:5f:35:
                    a2:3b:97:d8:7e:ae:bf:3c:97:c0:7d:86:ea:50:b9:
                    e1:0d:d1:a4:0e:90:0b:7a:15:0c:20:9f:37:70:ba:
                    0c:c1:a1:8b:64:ed:2a:43:92:fb:c9:d5:a1:d1:d5:
                    87:8d:6d:88:8f:2f:ff:db:fa:1b:18:78:78:aa:0e:
                    ed:55:21:78:f3:0f:49:e7:b6:4b:39:30:7c:0d:b1:
                    ac:c9:da:f2:64:a1:60:37:30:67:ae:17:41:53:9a:
                    6e:01:cf:2f:bd:83:47:e3:b5:94:13:97:e3:16:ae:
                    80:fe:c9:40:a2:d9:d8:41:09:d2:f7:17:94:f2:f9:
                    59:e5:00:51:9b:6b:76:c7:44:9a:ab:66:75:50:78:
                    60:ba:a7:88:ca:c6:53:8f:73:55:bc:16:a9:eb:d8:
                    1d:2e:bb:db:88:d4:50:28:fd:d8:4e:13:fe:1f:0a:
                    cf:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:7C:2B:F8:DB:6C:BE:0B:AA:1E:53:89:8B:A7:20:88:65:10:79:83
            X509v3 Authority Key Identifier:
                keyid:D5:63:76:92:FF:5C:45:48:6D:10:53:B1:49:DC:14:20:02:6C:D7:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/JXwr-NtsvguqHlOJi6cgiGUQeYM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.92.0/23
                  80.246.225.0/24
                  80.246.229.0/24
                  80.246.231.0-80.246.239.255

    Signature Algorithm: sha256WithRSAEncryption
         6c:a6:40:6b:86:62:ff:07:8a:62:04:02:5e:e3:8c:d3:c3:a0:
         b7:ff:8c:3c:1f:64:5c:43:65:6b:ca:14:44:fa:1a:c0:30:04:
         ff:28:d2:e4:b7:ab:dc:a7:09:8f:7e:99:d1:b9:96:f5:41:3e:
         6c:01:88:92:3a:92:09:96:b7:a0:0f:fa:2f:da:67:83:78:04:
         45:a9:46:3d:9d:a7:bd:5a:53:89:6f:15:b5:36:ba:cc:69:19:
         74:f5:3c:5b:ae:10:26:12:27:b4:b4:72:a4:eb:16:14:7a:08:
         1b:ef:30:5f:e9:72:cf:75:98:1a:2e:9f:0d:51:d2:e1:7d:f4:
         e1:68:94:b2:0b:f8:12:a7:b5:94:6b:69:15:ba:08:e3:ef:44:
         12:d1:a1:73:61:29:af:aa:9c:9c:41:72:d9:2e:b9:5f:91:6f:
         a4:9a:f1:81:bb:76:81:1d:3c:99:28:a8:86:8b:7a:4e:66:20:
         cc:c3:ef:61:1b:0e:56:92:71:3a:fa:1b:f3:ea:b3:2c:40:16:
         c1:6d:18:45:ed:76:6e:1a:c6:9f:92:45:c2:bd:26:53:37:f1:
         30:2d:22:51:9a:1d:b1:4c:ef:c7:6a:13:61:d7:66:50:1d:25:
         8e:e3:20:a8:2a:9a:9e:ba:d5:eb:4a:e8:6c:e4:4c:ed:2a:e5:
         97:ff:8a:3e
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAYtwdZYlcs61Qs5fy76WQJsQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NjM3NjkyZmY1YzQ1NDg2ZDEwNTNiMTQ5ZGMxNDIwMDI2
Y2Q3MzMwHhcNMjMxMDI3MDkyNzE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTdjMmJmOGRiNmNiZTBiYWExZTUzODk4YmE3MjA4ODY1MTA3OTgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoBJ3Cziup3/w62TP7EGPhNxOwj7v
zYzmN7vVGlizVTbk9jOT1m5nIoVb0OySqFRSXcXKFn98/acHIn5kzAHl7pZIi+dO
Db75iWrvg586Ff6n+exSLe3SXzWiO5fYfq6/PJfAfYbqULnhDdGkDpALehUMIJ83
cLoMwaGLZO0qQ5L7ydWh0dWHjW2Ijy//2/obGHh4qg7tVSF48w9J57ZLOTB8DbGs
ydryZKFgNzBnrhdBU5puAc8vvYNH47WUE5fjFq6A/slAotnYQQnS9xeU8vlZ5QBR
m2t2x0Saq2Z1UHhguqeIysZTj3NVvBap69gdLrvbiNRQKP3YThP+HwrPSwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFCV8K/jbbL4Lqh5TiYunIIhlEHmDMB8GA1UdIwQY
MBaAFNVjdpL/XEVIbRBTsUncFCACbNczMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVdOMmt2OWNSVWh0RUZPeFNkd1VJQUpzMXpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi85OGUxMTMtZTAwMi00ZDkzLTlhNDkt
YWRlYWRlMjg2NWMxLzEvSlh3ci1OdHN2Z3VxSGxPSmk2Y2dpR1VRZVlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi85OGUxMTMtZTAwMi00ZDkzLTlhNDktYWRlYWRlMjg2NWMx
LzEvMVdOMmt2OWNSVWh0RUZPeFNkd1VJQUpzMXpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQBLZVcAwQA
UPbhAwQAUPblMAwDBABQ9ucDBARQ9uAwDQYJKoZIhvcNAQELBQADggEBAGymQGuG
Yv8HimIEAl7jjNPDoLf/jDwfZFxDZWvKFET6GsAwBP8o0uS3q9ynCY9+mdG5lvVB
PmwBiJI6kgmWt6AP+i/aZ4N4BEWpRj2dp71aU4lvFbU2usxpGXT1PFuuECYSJ7S0
cqTrFhR6CBvvMF/pcs91mBounw1R0uF99OFolLIL+BKntZRraRW6COPvRBLRoXNh
Ka+qnJxBctkuuV+Rb6Sa8YG7doEdPJkoqIaLek5mIMzD72EbDlaScTr6G/PqsyxA
FsFtGEXtdm4axp+SRcK9JlM38TAtIlGaHbFM78dqE2HXZlAdJY7jIKgqmp661etK
6GzkTO0q5Zf/ij4=
-----END CERTIFICATE-----