Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/bc1d14-15c8-48fd-9ec3-969c94de89a5/1/ixNFHuvDapB_dhMJ1KmNHK2cRgo.roa
File:                     ixNFHuvDapB_dhMJ1KmNHK2cRgo.roa (raw, json)
Hash identifier:          J/04W0AMZO4bJGWnGKg4gewuG/N4X0iFJRGNbDPoY1Q=
Subject key identifier:   8B:13:45:1E:EB:C3:6A:90:7F:76:13:09:D4:A9:8D:1C:AD:9C:46:0A
Certificate issuer:       /CN=2452ab1d2d29bac9d52eb479de64c0700fc6724f
Certificate serial:       01856B6EA8FD2412B7E637E9A645AC43D50F
Authority key identifier: 24:52:AB:1D:2D:29:BA:C9:D5:2E:B4:79:DE:64:C0:70:0F:C6:72:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JFKrHS0pusnVLrR53mTAcA_Gck8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/bc1d14-15c8-48fd-9ec3-969c94de89a5/1/ixNFHuvDapB_dhMJ1KmNHK2cRgo.roa
Signing time:             Sun 01 Jan 2023 03:44:52 +0000
ROA not before:           Sun 01 Jan 2023 03:44:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     202024
IP address blocks:        185.54.16.0/24 maxlen: 24
                          185.54.16.0/23 maxlen: 23
                          185.54.16.0/22 maxlen: 22
                          185.54.17.0/24 maxlen: 24
                          185.54.19.0/24 maxlen: 24
                          185.54.18.0/23 maxlen: 23
                          185.54.18.0/24 maxlen: 24
                          185.141.15.0/24 maxlen: 24
                          185.141.14.0/23 maxlen: 23
                          185.141.14.0/24 maxlen: 24
                          185.141.12.0/24 maxlen: 24
                          185.141.12.0/23 maxlen: 23
                          185.141.12.0/22 maxlen: 22
                          185.141.13.0/24 maxlen: 24
                          2a00:d30:16::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 06 Nov 2023 03:31:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6b:6e:a8:fd:24:12:b7:e6:37:e9:a6:45:ac:43:d5:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2452ab1d2d29bac9d52eb479de64c0700fc6724f
        Validity
            Not Before: Jan  1 03:44:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8b13451eebc36a907f761309d4a98d1cad9c460a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:8e:8f:59:4a:17:f4:91:7c:fa:bb:80:23:f4:
                    e6:70:02:e9:7f:c1:04:5d:d5:4b:2f:f0:fb:65:4b:
                    fa:38:5d:a1:17:73:92:95:7c:ae:cf:1c:fd:b7:d7:
                    89:6a:c8:64:8f:16:27:c8:32:cd:e4:e3:80:e7:34:
                    e7:a9:6d:59:20:60:64:32:04:a7:37:45:7a:8c:92:
                    65:f6:f7:19:16:89:f7:8e:12:70:1c:e4:22:0d:42:
                    2a:f8:5a:b8:67:d3:48:1c:eb:33:fb:cb:37:38:0c:
                    e8:8b:b1:ba:8e:7e:b5:5d:6e:3d:ba:a4:b0:dc:c8:
                    41:0e:03:0a:3b:d6:d7:fb:42:cb:e8:2a:aa:47:fd:
                    cc:ed:e7:b9:57:27:f9:91:df:48:ca:b2:c1:74:97:
                    50:6d:3c:3d:d6:c7:06:97:67:a2:75:c1:4b:04:59:
                    82:fd:49:30:23:28:ec:63:fe:8e:a5:13:b3:8b:0c:
                    30:1d:3a:64:c2:ba:2f:0b:8c:c0:36:da:f1:07:40:
                    a4:39:bd:ee:3e:94:01:90:27:77:1d:ae:d2:3a:ff:
                    bf:7d:2a:7d:c9:5c:c8:f4:a9:aa:ee:9e:77:99:26:
                    ce:5e:ef:01:cd:29:fe:95:ff:40:98:9d:91:80:22:
                    69:56:48:99:a4:e9:30:3c:e5:8b:a8:4e:72:22:3d:
                    ca:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:13:45:1E:EB:C3:6A:90:7F:76:13:09:D4:A9:8D:1C:AD:9C:46:0A
            X509v3 Authority Key Identifier:
                keyid:24:52:AB:1D:2D:29:BA:C9:D5:2E:B4:79:DE:64:C0:70:0F:C6:72:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JFKrHS0pusnVLrR53mTAcA_Gck8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/bc1d14-15c8-48fd-9ec3-969c94de89a5/1/ixNFHuvDapB_dhMJ1KmNHK2cRgo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/bc1d14-15c8-48fd-9ec3-969c94de89a5/1/JFKrHS0pusnVLrR53mTAcA_Gck8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.54.16.0/22
                  185.141.12.0/22
                IPv6:
                  2a00:d30:16::/48

    Signature Algorithm: sha256WithRSAEncryption
         04:13:31:96:c1:64:ca:63:64:1a:46:b6:01:44:ed:90:8e:28:
         c0:a2:53:12:5f:09:1e:d5:35:32:27:98:20:d7:9f:f4:2b:4c:
         78:c2:9c:e1:50:4d:90:db:58:94:25:0f:fc:3a:dd:6a:49:0c:
         c8:76:ff:9b:68:b3:40:5a:e3:b3:e0:8b:f2:aa:b8:d8:f7:a6:
         5c:ea:94:ec:77:85:49:10:6e:81:de:76:54:aa:f0:4f:4b:3e:
         47:2d:1a:b5:d7:a4:ff:9a:fb:e4:dd:db:f5:0a:b3:96:93:bb:
         bd:34:52:f9:1d:ff:4b:db:f5:85:73:5c:91:db:88:d6:a9:46:
         2f:12:0a:8e:fe:d1:2c:96:b2:78:9d:8b:9a:49:b6:b7:e8:02:
         fb:f1:c2:de:a0:b8:30:6d:bf:f2:45:eb:45:d6:4f:95:34:7f:
         7e:13:0a:ee:b8:78:f9:bd:e4:3e:e0:99:26:82:dc:3d:ea:8a:
         5a:54:b0:dc:29:9e:e5:30:52:19:52:89:67:e3:fa:00:c1:3a:
         f0:16:de:69:a9:6e:94:ad:a7:50:31:95:5f:3f:56:e5:04:36:
         b1:b0:2b:eb:9f:b5:2f:b2:bc:12:88:94:67:34:5f:93:96:b6:
         dd:52:32:d6:e7:55:73:76:82:5d:53:06:ce:ff:8e:e0:eb:98:
         98:e4:f9:02
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYVrbqj9JBK35jfppkWsQ9UPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0NTJhYjFkMmQyOWJhYzlkNTJlYjQ3OWRlNjRjMDcwMGZj
NjcyNGYwHhcNMjMwMTAxMDM0NDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjEzNDUxZWViYzM2YTkwN2Y3NjEzMDlkNGE5OGQxY2FkOWM0NjBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlY6PWUoX9JF8+ruAI/TmcALpf8EE
XdVLL/D7ZUv6OF2hF3OSlXyuzxz9t9eJashkjxYnyDLN5OOA5zTnqW1ZIGBkMgSn
N0V6jJJl9vcZFon3jhJwHOQiDUIq+Fq4Z9NIHOsz+8s3OAzoi7G6jn61XW49uqSw
3MhBDgMKO9bX+0LL6CqqR/3M7ee5Vyf5kd9IyrLBdJdQbTw91scGl2eidcFLBFmC
/UkwIyjsY/6OpROziwwwHTpkwrovC4zANtrxB0CkOb3uPpQBkCd3Ha7SOv+/fSp9
yVzI9Kmq7p53mSbOXu8BzSn+lf9AmJ2RgCJpVkiZpOkwPOWLqE5yIj3K+QIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFIsTRR7rw2qQf3YTCdSpjRytnEYKMB8GA1UdIwQY
MBaAFCRSqx0tKbrJ1S60ed5kwHAPxnJPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkZLckhTMHB1c25WTHJSNTNtVEFjQV9HY2s4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9iYzFkMTQtMTVjOC00OGZkLTllYzMt
OTY5Yzk0ZGU4OWE1LzEvaXhORkh1dkRhcEJfZGhNSjFLbU5ISzJjUmdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9iYzFkMTQtMTVjOC00OGZkLTllYzMtOTY5Yzk0ZGU4OWE1
LzEvSkZLckhTMHB1c25WTHJSNTNtVEFjQV9HY2s4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQCuTYQAwQC
uY0MMA8EAgACMAkDBwAqAA0wABYwDQYJKoZIhvcNAQELBQADggEBAAQTMZbBZMpj
ZBpGtgFE7ZCOKMCiUxJfCR7VNTInmCDXn/QrTHjCnOFQTZDbWJQlD/w63WpJDMh2
/5tos0Ba47Pgi/KquNj3plzqlOx3hUkQboHedlSq8E9LPkctGrXXpP+a++Td2/UK
s5aTu700Uvkd/0vb9YVzXJHbiNapRi8SCo7+0SyWsnidi5pJtrfoAvvxwt6guDBt
v/JF60XWT5U0f34TCu64ePm95D7gmSaC3D3qilpUsNwpnuUwUhlSiWfj+gDBOvAW
3mmpbpStp1AxlV8/VuUENrGwK+uftS+yvBKIlGc0X5OWtt1SMtbnVXN2gl1TBs7/
juDrmJjk+QI=
-----END CERTIFICATE-----