Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/qYtCT4TE7mrbLf5xz1a0asoX-20.roa
File:                     qYtCT4TE7mrbLf5xz1a0asoX-20.roa (raw, json)
Hash identifier:          ddInHew3wnh6Ip0i+mog2wdcovzLoOrNAMlm0DCMSRo=
Subject key identifier:   A9:8B:42:4F:84:C4:EE:6A:DB:2D:FE:71:CF:56:B4:6A:CA:17:FB:6D
Certificate issuer:       /CN=e754c347d68d15493de71bb962f0a567e134d603
Certificate serial:       018997FB0C1D37C91B7AEF448674D18D878C
Authority key identifier: E7:54:C3:47:D6:8D:15:49:3D:E7:1B:B9:62:F0:A5:67:E1:34:D6:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/51TDR9aNFUk95xu5YvClZ-E01gM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/qYtCT4TE7mrbLf5xz1a0asoX-20.roa
Signing time:             Thu 27 Jul 2023 15:32:39 +0000
ROA not before:           Thu 27 Jul 2023 15:32:39 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     64080
IP address blocks:        45.43.64.0/19 maxlen: 24
                          45.43.68.0/22 maxlen: 24
                          45.43.84.0/23 maxlen: 24
                          45.43.80.0/22 maxlen: 24
                          198.105.96.0/19 maxlen: 24
                          198.105.100.0/22 maxlen: 24
                          89.33.6.0/23 maxlen: 24
                          155.254.32.0/19 maxlen: 24
                          155.254.48.0/23 maxlen: 24
                          107.181.132.0/23 maxlen: 24
                          107.181.128.0/19 maxlen: 24
                          107.181.140.0/22 maxlen: 24
                          107.181.148.0/23 maxlen: 24
                          2a05:9f40:1f::/48 maxlen: 48
                          2a05:9f44:2a05::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 21 Aug 2023 12:44:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:97:fb:0c:1d:37:c9:1b:7a:ef:44:86:74:d1:8d:87:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e754c347d68d15493de71bb962f0a567e134d603
        Validity
            Not Before: Jul 27 15:32:39 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a98b424f84c4ee6adb2dfe71cf56b46aca17fb6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:88:74:19:bc:97:9e:68:f5:71:4f:8b:4a:43:
                    af:0c:53:e3:aa:9a:33:af:3a:77:25:55:6d:81:d5:
                    fd:4a:22:fb:8b:39:4a:13:0e:d9:71:14:95:c4:37:
                    36:f3:3e:90:bc:70:d8:1c:8a:3f:46:e2:11:29:d1:
                    55:c4:29:eb:c8:23:cc:51:98:66:4a:0a:4e:83:3d:
                    ad:8f:5c:85:a3:f6:9a:78:4f:33:42:ed:8c:d5:4e:
                    11:af:0c:bf:e0:35:7c:5a:c3:e1:68:01:8c:8f:9e:
                    5c:56:f7:0d:84:d1:40:42:6e:9b:aa:01:e1:fa:15:
                    21:55:c6:87:74:6c:ed:8d:02:d5:10:6e:9f:1d:a3:
                    44:96:ec:7e:a2:e7:28:e0:1b:bd:fe:50:98:e0:8c:
                    8c:34:52:67:ad:ec:c0:a9:d1:70:3c:06:53:30:7a:
                    f9:ec:7f:2d:1e:fa:25:f0:b6:01:88:c5:22:ad:9d:
                    f6:a4:f1:69:eb:13:4b:d7:2b:46:ba:71:54:41:41:
                    84:fa:df:54:4b:b2:b9:45:5b:41:ba:ed:d6:bb:0c:
                    93:0c:ee:66:c2:4c:de:6f:0d:10:07:58:61:b4:35:
                    02:2f:e3:f1:6a:b3:50:19:78:e3:5c:04:df:bb:52:
                    40:dc:6f:d5:fe:29:bf:e9:80:22:54:58:7b:f4:4a:
                    32:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:8B:42:4F:84:C4:EE:6A:DB:2D:FE:71:CF:56:B4:6A:CA:17:FB:6D
            X509v3 Authority Key Identifier:
                keyid:E7:54:C3:47:D6:8D:15:49:3D:E7:1B:B9:62:F0:A5:67:E1:34:D6:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/51TDR9aNFUk95xu5YvClZ-E01gM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/qYtCT4TE7mrbLf5xz1a0asoX-20.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/51TDR9aNFUk95xu5YvClZ-E01gM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.43.64.0/19
                  89.33.6.0/23
                  107.181.128.0/19
                  155.254.32.0/19
                  198.105.96.0/19
                IPv6:
                  2a05:9f40:1f::/48
                  2a05:9f44:2a05::/48

    Signature Algorithm: sha256WithRSAEncryption
         12:e4:61:24:df:90:82:15:d5:2d:9e:04:7d:d1:4b:23:2d:21:
         1d:98:97:0f:52:1d:55:08:0b:79:9a:da:4d:d5:49:ff:7b:98:
         90:67:34:98:57:21:fe:e6:4c:bc:62:03:00:4f:9e:14:df:3c:
         0a:85:99:1e:14:6f:7e:9d:b0:70:a5:34:17:d5:b7:89:07:32:
         8d:88:d4:d3:93:d0:1e:57:cd:e5:d9:70:52:79:04:1b:49:58:
         c9:8e:ef:d4:f6:2c:79:f9:57:12:1d:96:68:9f:5e:72:dd:01:
         0f:d1:f3:c6:d2:34:f9:23:14:93:a1:95:6e:53:da:32:0e:e5:
         31:e1:12:46:9e:6b:61:25:c2:fc:7e:58:74:25:71:00:37:0e:
         0d:57:df:3d:72:e5:79:8e:fd:92:b4:93:77:c8:e5:b5:ac:90:
         68:6a:06:e1:cc:aa:ec:3b:cb:d9:f0:16:87:d2:49:a6:da:ff:
         2a:c6:0a:dd:62:7c:4c:ee:7c:3d:d8:df:08:0b:b0:b9:8f:2f:
         e8:9e:2a:49:07:b4:2c:fc:99:16:76:bc:3e:cf:fc:fe:94:44:
         07:15:3c:a7:9a:4d:5b:77:16:e5:20:28:01:a5:5c:3a:2d:d9:
         6b:a7:29:c8:db:2e:3c:ec:36:14:63:49:3c:cc:a4:b9:07:ff:
         47:19:d9:4e
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYmX+wwdN8kbeu9EhnTRjYeMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NTRjMzQ3ZDY4ZDE1NDkzZGU3MWJiOTYyZjBhNTY3ZTEz
NGQ2MDMwHhcNMjMwNzI3MTUzMjM5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOThiNDI0Zjg0YzRlZTZhZGIyZGZlNzFjZjU2YjQ2YWNhMTdmYjZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgYh0GbyXnmj1cU+LSkOvDFPjqpoz
rzp3JVVtgdX9SiL7izlKEw7ZcRSVxDc28z6QvHDYHIo/RuIRKdFVxCnryCPMUZhm
SgpOgz2tj1yFo/aaeE8zQu2M1U4Rrwy/4DV8WsPhaAGMj55cVvcNhNFAQm6bqgHh
+hUhVcaHdGztjQLVEG6fHaNElux+ouco4Bu9/lCY4IyMNFJnrezAqdFwPAZTMHr5
7H8tHvol8LYBiMUirZ32pPFp6xNL1ytGunFUQUGE+t9US7K5RVtBuu3WuwyTDO5m
wkzebw0QB1hhtDUCL+PxarNQGXjjXATfu1JA3G/V/im/6YAiVFh79EoyKwIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFKmLQk+ExO5q2y3+cc9WtGrKF/ttMB8GA1UdIwQY
MBaAFOdUw0fWjRVJPecbuWLwpWfhNNYDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTFURFI5YU5GVWs5NXh1NVl2Q2xaLUUwMWdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80NmRiM2EtYTU3My00ZjI4LWI0M2It
MzdiNjJkMjIzOTI0LzEvcVl0Q1Q0VEU3bXJiTGY1eHoxYTBhc29YLTIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80NmRiM2EtYTU3My00ZjI4LWI0M2ItMzdiNjJkMjIzOTI0
LzEvNTFURFI5YU5GVWs5NXh1NVl2Q2xaLUUwMWdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDAkBAIAATAeAwQFLStAAwQB
WSEGAwQFa7WAAwQFm/4gAwQFxmlgMBgEAgACMBIDBwAqBZ9AAB8DBwAqBZ9EKgUw
DQYJKoZIhvcNAQELBQADggEBABLkYSTfkIIV1S2eBH3RSyMtIR2Ylw9SHVUIC3ma
2k3VSf97mJBnNJhXIf7mTLxiAwBPnhTfPAqFmR4Ub36dsHClNBfVt4kHMo2I1NOT
0B5XzeXZcFJ5BBtJWMmO79T2LHn5VxIdlmifXnLdAQ/R88bSNPkjFJOhlW5T2jIO
5THhEkaea2Elwvx+WHQlcQA3Dg1X3z1y5XmO/ZK0k3fI5bWskGhqBuHMquw7y9nw
FofSSaba/yrGCt1ifEzufD3Y3wgLsLmPL+ieKkkHtCz8mRZ2vD7P/P6URAcVPKea
TVt3FuUgKAGlXDot2WunKcjbLjzsNhRjSTzMpLkH/0cZ2U4=
-----END CERTIFICATE-----