Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/db0PaTmANoY7PMmmBpkun0RaQIg.roa
File:                     db0PaTmANoY7PMmmBpkun0RaQIg.roa (raw, json)
Hash identifier:          qjIdfnN6m00k095lI7sR2S3YvQ0AqV6aTSQ1JjSjFVU=
Subject key identifier:   75:BD:0F:69:39:80:36:86:3B:3C:C9:A6:06:99:2E:9F:44:5A:40:88
Certificate issuer:       /CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
Certificate serial:       01856D0ADFC217D8B9D9933A2C8A15F0CB38
Authority key identifier: D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/db0PaTmANoY7PMmmBpkun0RaQIg.roa
Signing time:             Sun 01 Jan 2023 11:15:07 +0000
ROA not before:           Sun 01 Jan 2023 11:15:07 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61317
IP address blocks:        46.37.100.0/24 maxlen: 24
                          46.37.105.0/24 maxlen: 24
                          46.37.102.0/24 maxlen: 24
                          46.37.104.0/24 maxlen: 24
                          46.37.110.0/24 maxlen: 24
                          185.92.44.0/24 maxlen: 24
                          46.37.106.0/24 maxlen: 24
                          185.92.47.0/24 maxlen: 24
                          185.92.46.0/24 maxlen: 24
                          46.37.119.0/24 maxlen: 24
                          46.37.126.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 02 Jan 2023 05:15:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:0a:df:c2:17:d8:b9:d9:93:3a:2c:8a:15:f0:cb:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
        Validity
            Not Before: Jan  1 11:15:07 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=75bd0f69398036863b3cc9a606992e9f445a4088
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:8a:3b:c1:57:ea:f7:0b:99:4c:2c:4d:46:29:
                    97:f3:e6:59:0f:2b:be:07:69:e6:80:c4:6a:8f:d9:
                    19:01:6d:13:a6:2a:12:4c:34:fb:e4:26:dc:2c:ff:
                    db:57:43:ee:2c:77:37:0c:6d:7a:dd:71:56:f9:d8:
                    39:dd:72:28:8b:e1:08:b4:ab:24:48:52:d9:5f:22:
                    c5:48:22:a1:cd:65:86:2e:30:64:c2:dc:e6:f6:44:
                    1e:54:7f:74:3b:40:01:20:8b:eb:fd:ba:2a:e8:17:
                    93:3b:39:19:d6:9e:d1:81:71:e7:75:f9:46:87:ac:
                    f7:9c:e8:73:d3:e4:8a:b1:0c:cc:bf:16:0e:7e:2f:
                    8d:b9:dd:1d:03:f6:63:b6:b3:12:26:4e:f0:62:c9:
                    22:21:2a:2d:13:d9:7b:ea:1a:f7:b9:93:5c:e2:08:
                    4c:c6:f8:3e:66:36:df:34:a3:1a:fc:77:43:fd:e6:
                    a6:0b:ee:f5:fa:ef:48:ef:1f:18:ff:85:b2:30:c8:
                    4e:15:dd:47:73:ef:ed:38:34:d1:92:fc:d3:13:a7:
                    9a:5a:01:24:a3:64:f4:18:3b:2c:2e:28:dd:17:a6:
                    f5:1d:f1:d3:26:43:b5:d2:4a:02:43:12:70:ca:db:
                    a2:9f:1f:00:d7:0a:2b:a4:fc:f0:7c:81:ed:c6:0d:
                    e6:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:BD:0F:69:39:80:36:86:3B:3C:C9:A6:06:99:2E:9F:44:5A:40:88
            X509v3 Authority Key Identifier:
                keyid:D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/db0PaTmANoY7PMmmBpkun0RaQIg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.37.100.0/24
                  46.37.102.0/24
                  46.37.104.0-46.37.106.255
                  46.37.110.0/24
                  46.37.119.0/24
                  46.37.126.0/24
                  185.92.44.0/24
                  185.92.46.0/23

    Signature Algorithm: sha256WithRSAEncryption
         09:c5:8f:87:94:36:ab:74:82:21:04:d1:7e:7f:0a:92:f9:50:
         df:8b:f2:9a:24:c3:a7:0f:42:a4:4e:34:52:90:24:9e:b6:e7:
         21:bb:89:a2:b5:19:37:9e:74:68:5d:4c:30:3b:42:02:99:64:
         e0:29:6d:47:5c:7b:b0:4f:f3:d8:49:26:75:2c:c3:ef:4f:bb:
         ca:ee:3f:9e:7b:5a:7e:f1:a8:18:2a:af:f8:cd:95:cb:0c:3c:
         cc:97:2c:92:7a:69:a1:25:4e:7c:8b:4b:b0:75:69:4c:4b:cb:
         2a:36:55:67:94:6d:f0:0b:d9:06:c6:ac:7c:30:93:f5:a6:74:
         68:63:1d:3a:0a:1d:66:80:46:5a:b8:c3:80:e2:cb:f0:55:fc:
         1f:bc:95:5d:86:7c:d5:ca:c1:bb:d8:ec:69:35:49:d1:5c:f4:
         f1:cb:18:2b:6d:71:5a:47:95:6c:5d:b5:95:60:9f:99:f9:f3:
         33:99:51:48:17:41:19:d4:bc:9d:fb:58:22:5f:59:2a:5b:c7:
         cf:5a:ac:7a:6d:0b:ec:81:83:21:fa:09:f5:90:0b:d2:5f:d2:
         9a:d5:dd:0c:94:7c:03:a6:1b:0e:5b:10:67:5b:14:36:c9:1d:
         1d:bd:4c:97:44:d3:c5:66:a2:21:aa:04:cb:29:70:25:d3:b4:
         07:44:e7:e5
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYVtCt/CF9i52ZM6LIoV8Ms4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2YwODg0OTE4YTUwMjM5ZWY3MDUxOGVlOWZjMDRmMWFh
ZTE5MjkwHhcNMjMwMTAxMTExNTA3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWJkMGY2OTM5ODAzNjg2M2IzY2M5YTYwNjk5MmU5ZjQ0NWE0MDg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj4o7wVfq9wuZTCxNRimX8+ZZDyu+
B2nmgMRqj9kZAW0TpioSTDT75CbcLP/bV0PuLHc3DG163XFW+dg53XIoi+EItKsk
SFLZXyLFSCKhzWWGLjBkwtzm9kQeVH90O0ABIIvr/boq6BeTOzkZ1p7RgXHndflG
h6z3nOhz0+SKsQzMvxYOfi+Nud0dA/ZjtrMSJk7wYskiISotE9l76hr3uZNc4ghM
xvg+ZjbfNKMa/HdD/eamC+71+u9I7x8Y/4WyMMhOFd1Hc+/tODTRkvzTE6eaWgEk
o2T0GDssLijdF6b1HfHTJkO10koCQxJwytuinx8A1worpPzwfIHtxg3moQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFHW9D2k5gDaGOzzJpgaZLp9EWkCIMB8GA1UdIwQY
MBaAFNPPCISRilAjnvcFGO6fwE8arhkpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEt
MjMxNTQ5NDA5NzIwLzEvZGIwUGFUbUFOb1k3UE1tbUJwa3VuMFJhUUlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEtMjMxNTQ5NDA5NzIw
LzEvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQALiVkAwQA
LiVmMAwDBAMuJWgDBAAuJWoDBAAuJW4DBAAuJXcDBAAuJX4DBAC5XCwDBAG5XC4w
DQYJKoZIhvcNAQELBQADggEBAAnFj4eUNqt0giEE0X5/CpL5UN+L8pokw6cPQqRO
NFKQJJ625yG7iaK1GTeedGhdTDA7QgKZZOApbUdce7BP89hJJnUsw+9Pu8ruP557
Wn7xqBgqr/jNlcsMPMyXLJJ6aaElTnyLS7B1aUxLyyo2VWeUbfAL2QbGrHwwk/Wm
dGhjHToKHWaARlq4w4Diy/BV/B+8lV2GfNXKwbvY7Gk1SdFc9PHLGCttcVpHlWxd
tZVgn5n58zOZUUgXQRnUvJ37WCJfWSpbx89arHptC+yBgyH6CfWQC9Jf0prV3QyU
fAOmGw5bEGdbFDbJHR29TJdE08VmoiGqBMspcCXTtAdE5+U=
-----END CERTIFICATE-----