Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/bokBR17JLilpxEHb4ASHNjdp5Q4.roa
File:                     bokBR17JLilpxEHb4ASHNjdp5Q4.roa (raw, json)
Hash identifier:          PEOpW+G53D4u30kH4y/VXr4dBk/ILx9iM0ZbrRuKuRw=
Subject key identifier:   6E:89:01:47:5E:C9:2E:29:69:C4:41:DB:E0:04:87:36:37:69:E5:0E
Certificate issuer:       /CN=73f210f1299a1e0aee71dc1d79e5fb12092d30a9
Certificate serial:       018D579FFF1FFB8B6D0F4FD3D3B3C6543DA7
Authority key identifier: 73:F2:10:F1:29:9A:1E:0A:EE:71:DC:1D:79:E5:FB:12:09:2D:30:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c_IQ8SmaHgrucdwdeeX7EgktMKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/bokBR17JLilpxEHb4ASHNjdp5Q4.roa
Signing time:             Mon 29 Jan 2024 23:48:39 +0000
ROA not before:           Mon 29 Jan 2024 23:48:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39521
IP address blocks:        45.10.16.0/23 maxlen: 23
                          45.10.18.0/23 maxlen: 23
                          45.88.5.0/24 maxlen: 24
                          45.88.6.0/24 maxlen: 24
                          45.88.7.0/24 maxlen: 24
                          45.95.40.0/22 maxlen: 22
                          45.130.100.0/22 maxlen: 22
                          83.229.23.0/24 maxlen: 24
                          83.229.34.0/24 maxlen: 24
                          95.178.107.0/24 maxlen: 24
                          185.90.223.0/24 maxlen: 24
                          185.144.56.0/22 maxlen: 24
                          188.191.48.0/22 maxlen: 22
                          217.194.153.0/24 maxlen: 24
                          2a05:e4c0::/29 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Apr 2024 20:37:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:57:9f:ff:1f:fb:8b:6d:0f:4f:d3:d3:b3:c6:54:3d:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73f210f1299a1e0aee71dc1d79e5fb12092d30a9
        Validity
            Not Before: Jan 29 23:48:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6e8901475ec92e2969c441dbe00487363769e50e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:6d:ac:92:cb:fc:ef:30:94:67:f8:5e:df:9c:
                    5f:f9:8d:aa:20:f9:c4:2a:4e:bf:33:2f:e0:77:50:
                    7e:c7:b4:af:1c:53:4a:e7:cf:74:63:9a:8f:65:a6:
                    6c:b6:df:52:de:65:0c:38:7f:f9:b1:2c:38:0a:bf:
                    1a:f1:78:02:a2:21:e6:ab:3d:69:a9:da:6f:76:4a:
                    c9:98:03:01:c1:c3:1b:0f:06:11:7c:ef:4d:b1:20:
                    f1:63:9c:66:23:57:64:b3:c1:3c:d8:98:b6:13:66:
                    d0:13:e5:fe:d1:a7:57:6f:6a:1b:0a:89:f7:be:6d:
                    ec:dd:b9:6c:22:57:9f:b6:89:94:98:55:18:62:a2:
                    eb:e3:3d:3e:0d:1f:53:4f:09:58:54:b3:1d:cd:04:
                    d7:e9:b3:d2:1e:a7:34:d9:6e:83:d1:11:e9:b9:21:
                    fe:1d:cf:d5:36:d2:8a:56:61:23:6a:83:ab:a5:5b:
                    7b:fb:55:53:69:7c:b0:df:94:bf:6a:93:e7:12:b5:
                    56:93:3e:6a:27:89:19:55:53:5c:10:e2:55:b7:02:
                    f1:74:9e:94:35:dc:9d:46:a2:eb:7e:ab:be:61:98:
                    15:6f:a8:41:4e:8b:4f:2f:d4:dc:75:03:da:b9:36:
                    3c:60:4d:76:d4:ff:91:8b:35:2b:3d:86:ef:4f:67:
                    d2:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:89:01:47:5E:C9:2E:29:69:C4:41:DB:E0:04:87:36:37:69:E5:0E
            X509v3 Authority Key Identifier:
                keyid:73:F2:10:F1:29:9A:1E:0A:EE:71:DC:1D:79:E5:FB:12:09:2D:30:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c_IQ8SmaHgrucdwdeeX7EgktMKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/bokBR17JLilpxEHb4ASHNjdp5Q4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/c_IQ8SmaHgrucdwdeeX7EgktMKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.16.0/22
                  45.88.5.0-45.88.7.255
                  45.95.40.0/22
                  45.130.100.0/22
                  83.229.23.0/24
                  83.229.34.0/24
                  95.178.107.0/24
                  185.90.223.0/24
                  185.144.56.0/22
                  188.191.48.0/22
                  217.194.153.0/24
                IPv6:
                  2a05:e4c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         7e:9a:df:50:b4:aa:15:33:be:b3:38:95:19:70:d9:83:53:06:
         ee:1d:84:48:ad:59:08:8f:08:25:76:77:6e:cf:1a:78:f5:25:
         01:0f:e8:8f:48:95:33:92:dc:20:1d:07:03:5b:00:76:09:bb:
         31:67:fc:94:8c:9e:33:d3:f6:11:c2:13:28:4d:c4:d8:53:2d:
         1f:9e:2f:2c:66:6a:ff:51:26:da:9a:f9:4d:cd:06:3a:db:03:
         78:d4:35:ab:5c:18:5b:9f:f2:06:73:e3:9f:17:0a:15:7e:83:
         da:b1:80:64:13:85:62:7b:a7:b6:c2:34:85:36:f4:6e:e9:e2:
         e1:f3:95:09:a2:0f:91:fc:e2:62:23:11:4b:a2:eb:c9:c9:6f:
         af:9c:26:3f:fe:81:fe:97:5f:54:15:84:bc:b5:39:8a:19:38:
         3f:97:b7:c1:6b:0c:3c:9b:4f:f4:ef:1c:ff:37:4a:63:f7:b5:
         bf:17:8e:df:08:08:34:9c:05:2a:e6:6b:8c:ec:86:52:8a:99:
         bd:06:28:91:c5:39:79:66:25:8b:bf:ab:67:e9:1d:46:6f:da:
         0f:f0:93:03:36:50:76:2b:f5:2e:24:54:d3:d0:bf:88:6e:18:
         6d:66:60:db:75:f9:90:f9:9e:a2:d4:14:93:c3:11:6c:97:60:
         56:7d:a4:5a
-----BEGIN CERTIFICATE-----
MIIFUDCCBDigAwIBAgISAY1Xn/8f+4ttD0/T07PGVD2nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczZjIxMGYxMjk5YTFlMGFlZTcxZGMxZDc5ZTVmYjEyMDky
ZDMwYTkwHhcNMjQwMTI5MjM0ODM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTg5MDE0NzVlYzkyZTI5NjljNDQxZGJlMDA0ODczNjM3NjllNTBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmm2sksv87zCUZ/he35xf+Y2qIPnE
Kk6/My/gd1B+x7SvHFNK5890Y5qPZaZstt9S3mUMOH/5sSw4Cr8a8XgCoiHmqz1p
qdpvdkrJmAMBwcMbDwYRfO9NsSDxY5xmI1dks8E82Ji2E2bQE+X+0adXb2obCon3
vm3s3blsIleftomUmFUYYqLr4z0+DR9TTwlYVLMdzQTX6bPSHqc02W6D0RHpuSH+
Hc/VNtKKVmEjaoOrpVt7+1VTaXyw35S/apPnErVWkz5qJ4kZVVNcEOJVtwLxdJ6U
NdydRqLrfqu+YZgVb6hBTotPL9TcdQPauTY8YE121P+RizUrPYbvT2fSnwIDAQAB
o4ICXDCCAlgwHQYDVR0OBBYEFG6JAUdeyS4pacRB2+AEhzY3aeUOMB8GA1UdIwQY
MBaAFHPyEPEpmh4K7nHcHXnl+xIJLTCpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY19JUThTbWFIZ3J1Y2R3ZGVlWDdFZ2t0TUtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kYjFiNDgtMWNjNS00ODMzLTkzZDkt
Yjk0NjQ3MThiYTM3LzEvYm9rQlIxN0pMaWxweEVIYjRBU0hOamRwNVE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kYjFiNDgtMWNjNS00ODMzLTkzZDktYjk0NjQ3MThiYTM3
LzEvY19JUThTbWFIZ3J1Y2R3ZGVlWDdFZ2t0TUtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHIGCCsGAQUFBwEHAQH/BGMwYTBQBAIAATBKAwQCLQoQMAwD
BAAtWAUDBAMtWAADBAItXygDBAItgmQDBABT5RcDBABT5SIDBABfsmsDBAC5Wt8D
BAK5kDgDBAK8vzADBADZwpkwDQQCAAIwBwMFAyoF5MAwDQYJKoZIhvcNAQELBQAD
ggEBAH6a31C0qhUzvrM4lRlw2YNTBu4dhEitWQiPCCV2d27PGnj1JQEP6I9IlTOS
3CAdBwNbAHYJuzFn/JSMnjPT9hHCEyhNxNhTLR+eLyxmav9RJtqa+U3NBjrbA3jU
NatcGFuf8gZz458XChV+g9qxgGQThWJ7p7bCNIU29G7p4uHzlQmiD5H84mIjEUui
68nJb6+cJj/+gf6XX1QVhLy1OYoZOD+Xt8FrDDybT/TvHP83SmP3tb8Xjt8ICDSc
BSrma4zshlKKmb0GKJHFOXlmJYu/q2fpHUZv2g/wkwM2UHYr9S4kVNPQv4huGG1m
YNt1+ZD5nqLUFJPDEWyXYFZ9pFo=
-----END CERTIFICATE-----