Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/ik1bvt4bcuOXaD82l3lq3z16Li0.roa
File:                     ik1bvt4bcuOXaD82l3lq3z16Li0.roa (raw, json)
Hash identifier:          xeMR7j3l0mDv/XMlZx+vSWFf9hyDA9/8mBYOdwA6OSg=
Subject key identifier:   8A:4D:5B:BE:DE:1B:72:E3:97:68:3F:36:97:79:6A:DF:3D:7A:2E:2D
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       018A5F5A3F94FBF517E3FBC78E02F8FB79FB
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/ik1bvt4bcuOXaD82l3lq3z16Li0.roa
Signing time:             Mon 04 Sep 2023 08:41:04 +0000
ROA not before:           Mon 04 Sep 2023 08:41:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     35913
IP address blocks:        45.128.59.0/24 maxlen: 24
                          45.88.180.0/24 maxlen: 24
                          45.86.66.0/24 maxlen: 24
                          45.15.143.0/24 maxlen: 24
                          45.86.73.0/24 maxlen: 24
                          171.22.108.0/22 maxlen: 22
                          45.15.177.0/24 maxlen: 24
                          45.89.104.0/24 maxlen: 24
                          45.92.195.0/24 maxlen: 24
                          92.118.235.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 06 Sep 2023 13:05:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:5f:5a:3f:94:fb:f5:17:e3:fb:c7:8e:02:f8:fb:79:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Sep  4 08:41:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8a4d5bbede1b72e397683f3697796adf3d7a2e2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:5d:a0:14:74:17:b0:0f:97:c1:c8:4b:93:f3:
                    f9:c9:ef:af:28:d3:7e:e0:7f:ef:de:68:fa:82:ae:
                    d5:b8:31:08:19:82:3e:74:0d:75:77:e1:52:98:78:
                    da:ab:54:17:5b:87:cb:4d:41:1f:22:0d:0f:94:7c:
                    16:1f:5e:d9:0b:42:1a:c7:9d:c8:9c:16:43:00:f4:
                    29:39:70:ee:fc:8c:66:3f:6c:52:2e:b6:84:fb:f5:
                    77:81:51:d5:c7:e8:d8:2c:cc:de:dd:65:3a:bd:38:
                    d8:be:73:db:1a:12:7e:5d:58:2d:d8:98:a2:21:d4:
                    ff:df:11:71:90:15:8e:57:96:68:52:f9:54:37:57:
                    85:ea:46:7e:b2:55:ef:ef:f1:0b:7c:ec:25:fb:62:
                    cb:55:20:a5:2f:fb:df:fe:e5:ee:1c:a9:a3:a4:9a:
                    09:4a:a0:d2:71:a1:ef:e3:3c:1b:db:30:96:e1:69:
                    c2:ac:f6:d8:cf:ae:30:1c:13:d3:e1:69:f9:33:11:
                    27:29:c5:6d:3f:20:13:73:26:32:eb:8a:85:03:b6:
                    51:11:ba:29:8a:46:18:0a:f5:f4:95:f4:26:ee:0b:
                    40:c7:c3:d5:6d:39:fe:cd:45:4a:3f:d9:df:f9:01:
                    83:28:d4:3b:f6:53:73:41:60:7d:3d:13:1e:12:fc:
                    3b:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:4D:5B:BE:DE:1B:72:E3:97:68:3F:36:97:79:6A:DF:3D:7A:2E:2D
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/ik1bvt4bcuOXaD82l3lq3z16Li0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.15.143.0/24
                  45.15.177.0/24
                  45.86.66.0/24
                  45.86.73.0/24
                  45.88.180.0/24
                  45.89.104.0/24
                  45.92.195.0/24
                  45.128.59.0/24
                  92.118.235.0/24
                  171.22.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0d:1e:d9:a7:6d:2e:2e:cb:d4:f1:11:d0:81:d8:cf:04:b8:a2:
         f6:c3:af:fb:08:a0:a5:8d:35:88:28:48:6b:0f:ba:d4:ab:02:
         b8:36:75:a0:82:58:55:c5:ce:02:a3:29:b9:11:90:a8:f7:37:
         8e:94:42:c8:7a:e5:bc:84:4c:52:ab:40:e7:4c:ff:a8:1b:12:
         87:c1:72:0a:4f:82:16:78:84:d3:a0:c8:f6:b8:0f:7a:1e:5b:
         f4:5b:ad:1a:e2:ac:92:98:bb:67:d3:54:1a:83:b4:09:4b:ac:
         43:69:e4:d8:83:ea:c2:4a:3a:44:00:f9:75:1d:e4:d1:b4:09:
         d2:c5:b8:27:97:24:97:9d:1c:38:9b:e2:6a:08:20:91:00:24:
         14:0d:b1:c0:c8:21:06:e3:0c:b3:f3:2e:41:f4:54:72:56:7c:
         ef:7c:1b:af:7c:5d:39:04:1e:8b:e7:d8:65:de:4b:43:7e:50:
         71:4f:71:9b:2f:6d:8b:e4:52:26:17:cb:e7:5b:a8:c7:3f:53:
         00:fb:31:59:1c:66:9d:8d:b9:64:72:ee:a1:3d:c3:cd:17:69:
         1a:1c:60:33:41:44:e5:7d:c0:39:14:3f:7a:e5:c7:ee:3f:7c:
         a3:40:c3:b8:a4:1e:2f:83:49:e1:20:97:42:a9:08:d0:9d:f5:
         1f:02:e1:3c
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYpfWj+U+/UX4/vHjgL4+3n7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjMwOTA0MDg0MTA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTRkNWJiZWRlMWI3MmUzOTc2ODNmMzY5Nzc5NmFkZjNkN2EyZTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArl2gFHQXsA+XwchLk/P5ye+vKNN+
4H/v3mj6gq7VuDEIGYI+dA11d+FSmHjaq1QXW4fLTUEfIg0PlHwWH17ZC0Iax53I
nBZDAPQpOXDu/IxmP2xSLraE+/V3gVHVx+jYLMze3WU6vTjYvnPbGhJ+XVgt2Jii
IdT/3xFxkBWOV5ZoUvlUN1eF6kZ+slXv7/ELfOwl+2LLVSClL/vf/uXuHKmjpJoJ
SqDScaHv4zwb2zCW4WnCrPbYz64wHBPT4Wn5MxEnKcVtPyATcyYy64qFA7ZREbop
ikYYCvX0lfQm7gtAx8PVbTn+zUVKP9nf+QGDKNQ79lNzQWB9PRMeEvw7LQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFIpNW77eG3Ljl2g/Npd5at89ei4tMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvaWsxYnZ0NGJjdU9YYUQ4MmwzbHEzejE2TGkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQALQ+PAwQA
LQ+xAwQALVZCAwQALVZJAwQALVi0AwQALVloAwQALVzDAwQALYA7AwQAXHbrAwQC
qxZsMA0GCSqGSIb3DQEBCwUAA4IBAQANHtmnbS4uy9TxEdCB2M8EuKL2w6/7CKCl
jTWIKEhrD7rUqwK4NnWgglhVxc4Coym5EZCo9zeOlELIeuW8hExSq0DnTP+oGxKH
wXIKT4IWeITToMj2uA96Hlv0W60a4qySmLtn01Qag7QJS6xDaeTYg+rCSjpEAPl1
HeTRtAnSxbgnlySXnRw4m+JqCCCRACQUDbHAyCEG4wyz8y5B9FRyVnzvfBuvfF05
BB6L59hl3ktDflBxT3GbL22L5FImF8vnW6jHP1MA+zFZHGadjblkcu6hPcPNF2ka
HGAzQUTlfcA5FD965cfuP3yjQMO4pB4vg0nhIJdCqQjQnfUfAuE8
-----END CERTIFICATE-----