Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/IQu0MOvFiH7usONQ9EsYaHhlivI.roa
File:                     IQu0MOvFiH7usONQ9EsYaHhlivI.roa (raw, json)
Hash identifier:          pe2pKsEx7vG1OZgqVBJcrVG+n0rZyzsqS0ntRUG5vZA=
Subject key identifier:   21:0B:B4:30:EB:C5:88:7E:EE:B0:E3:50:F4:4B:18:68:78:65:8A:F2
Certificate issuer:       /CN=4456c14cd8724f9a909627b94e006cf69d12307b
Certificate serial:       0190BD98EE8C05A07F3F509B9D9902E37F34
Authority key identifier: 44:56:C1:4C:D8:72:4F:9A:90:96:27:B9:4E:00:6C:F6:9D:12:30:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/IQu0MOvFiH7usONQ9EsYaHhlivI.roa
Signing time:             Tue 16 Jul 2024 22:10:34 +0000
ROA not before:           Tue 16 Jul 2024 22:10:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44654
IP address blocks:        37.252.208.0/23 maxlen: 23
                          37.252.208.0/24 maxlen: 24
                          37.252.209.0/24 maxlen: 24
                          37.252.210.0/23 maxlen: 23
                          37.252.210.0/24 maxlen: 24
                          37.252.211.0/24 maxlen: 24
                          37.252.212.0/23 maxlen: 23
                          37.252.212.0/24 maxlen: 24
                          37.252.213.0/24 maxlen: 24
                          37.252.215.0/24 maxlen: 24
                          109.205.8.0/21 maxlen: 24
                          109.205.8.0/24 maxlen: 24
                          185.36.124.0/22 maxlen: 24
                          185.36.124.0/23 maxlen: 23
                          185.36.124.0/24 maxlen: 24
                          185.36.125.0/24 maxlen: 24
                          2a02:d8::/32 maxlen: 48
                          2a02:d8:8::/48 maxlen: 48
                          2a02:d8:9::/48 maxlen: 48
                          2a02:d8:a::/48 maxlen: 48

Validation:               Failed, certificate revoked on Fri 19 Jul 2024 20:10:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:bd:98:ee:8c:05:a0:7f:3f:50:9b:9d:99:02:e3:7f:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4456c14cd8724f9a909627b94e006cf69d12307b
        Validity
            Not Before: Jul 16 22:10:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=210bb430ebc5887eeeb0e350f44b186878658af2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:ae:04:3f:3b:38:b8:02:9d:87:ce:dd:4c:1f:
                    09:af:d0:19:37:df:a5:c9:3d:77:68:9e:5a:56:a0:
                    85:ea:25:66:3c:06:d2:47:a5:c4:ae:6a:16:73:78:
                    1f:7b:a4:3b:3f:a1:21:71:ec:ac:e0:d2:e9:60:f3:
                    f7:00:95:53:81:e5:eb:00:ae:79:9a:ee:d7:17:6a:
                    a6:c6:f8:85:5a:45:2c:8a:7b:0b:e1:af:56:75:d8:
                    42:5b:45:87:5e:5b:c0:1d:e2:41:76:6e:f8:59:ea:
                    a5:a7:f9:c0:f7:21:98:30:f4:c3:53:40:85:a4:68:
                    cf:ee:52:99:29:ea:ab:f7:49:a0:7e:4d:bd:ed:e6:
                    43:d5:d0:2e:68:ef:29:f4:8b:ec:51:e2:1c:40:e6:
                    b5:a2:74:1b:d4:37:c2:dc:b2:0f:ca:20:68:c2:14:
                    4d:c0:52:48:09:e9:1d:a0:5c:12:77:29:c1:67:18:
                    43:6f:7c:3c:6f:f7:ea:cc:b0:c0:3f:71:7a:fb:0e:
                    06:83:f7:4f:24:0b:28:49:25:36:dd:68:d7:47:3c:
                    ce:7f:17:3b:60:65:71:2d:20:31:9b:cf:85:67:4d:
                    76:d0:58:26:19:f4:36:e3:d7:6c:5d:91:18:9d:65:
                    6d:78:02:a3:e5:29:a9:22:76:8a:94:c7:de:8a:72:
                    3d:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:0B:B4:30:EB:C5:88:7E:EE:B0:E3:50:F4:4B:18:68:78:65:8A:F2
            X509v3 Authority Key Identifier:
                keyid:44:56:C1:4C:D8:72:4F:9A:90:96:27:B9:4E:00:6C:F6:9D:12:30:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/IQu0MOvFiH7usONQ9EsYaHhlivI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.252.208.0-37.252.213.255
                  37.252.215.0/24
                  109.205.8.0/21
                  185.36.124.0/22
                IPv6:
                  2a02:d8::/32

    Signature Algorithm: sha256WithRSAEncryption
         9a:f4:cc:5b:45:f5:4e:a6:1c:ad:46:be:ee:17:78:9a:05:46:
         2c:d8:2f:61:bd:7a:0f:c3:f6:b9:05:4a:9e:fe:24:d4:91:25:
         d2:fa:26:e6:8b:e5:9a:b7:87:2a:28:ce:1d:93:02:bb:bf:9e:
         52:52:05:36:b8:dd:7c:f6:c8:95:72:1b:8f:4b:82:6d:ec:74:
         b8:41:74:83:1d:bf:a7:56:fe:f5:96:cd:96:a1:88:91:6d:ab:
         33:47:89:67:4a:4f:91:98:3d:06:e2:84:bf:ae:d4:d2:2a:5f:
         8d:14:62:d9:35:9c:b0:60:5c:69:15:6b:4d:bc:0d:10:bd:c0:
         78:0b:47:b8:2d:32:d8:c9:36:11:25:d3:72:32:55:b6:87:74:
         ad:70:3f:d8:73:9b:fe:ec:ee:11:b3:dc:de:29:e0:37:d9:5d:
         9e:d4:22:e1:fb:8f:c7:7e:9b:cb:73:24:dc:d2:8b:19:58:14:
         d4:a1:42:9d:af:6a:6a:e0:70:0e:1f:5d:f9:f4:07:1e:d6:ae:
         55:89:f9:40:d4:12:f3:85:06:50:ec:a0:8b:b0:6b:4d:3f:74:
         52:64:7d:d8:2b:f4:96:34:69:44:fb:0a:34:7e:11:58:85:0e:
         44:81:4a:45:77:e7:84:61:11:72:b8:b6:de:e2:9b:67:d4:8c:
         b2:47:34:b6
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAZC9mO6MBaB/P1CbnZkC4380MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTZjMTRjZDg3MjRmOWE5MDk2MjdiOTRlMDA2Y2Y2OWQx
MjMwN2IwHhcNMjQwNzE2MjIxMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTBiYjQzMGViYzU4ODdlZWViMGUzNTBmNDRiMTg2ODc4NjU4YWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAma4EPzs4uAKdh87dTB8Jr9AZN9+l
yT13aJ5aVqCF6iVmPAbSR6XErmoWc3gfe6Q7P6Ehceys4NLpYPP3AJVTgeXrAK55
mu7XF2qmxviFWkUsinsL4a9WddhCW0WHXlvAHeJBdm74Weqlp/nA9yGYMPTDU0CF
pGjP7lKZKeqr90mgfk297eZD1dAuaO8p9IvsUeIcQOa1onQb1DfC3LIPyiBowhRN
wFJICekdoFwSdynBZxhDb3w8b/fqzLDAP3F6+w4Gg/dPJAsoSSU23WjXRzzOfxc7
YGVxLSAxm8+FZ0120FgmGfQ249dsXZEYnWVteAKj5SmpInaKlMfeinI9MwIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFCELtDDrxYh+7rDjUPRLGGh4ZYryMB8GA1UdIwQY
MBaAFERWwUzYck+akJYnuU4AbPadEjB7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZiQlROaHlUNXFRbGllNVRnQnM5cDBTTUhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS81ZWNmYzItZGE3MC00MzMzLThmOTYt
NWI4NzgyNWMwN2VlLzEvSVF1ME1PdkZpSDd1c09OUTlFc1lhSGhsaXZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS81ZWNmYzItZGE3MC00MzMzLThmOTYtNWI4NzgyNWMwN2Vl
LzEvUkZiQlROaHlUNXFRbGllNVRnQnM5cDBTTUhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzAmBAIAATAgMAwDBAQl/NAD
BAEl/NQDBAAl/NcDBANtzQgDBAK5JHwwDQQCAAIwBwMFACoCANgwDQYJKoZIhvcN
AQELBQADggEBAJr0zFtF9U6mHK1Gvu4XeJoFRizYL2G9eg/D9rkFSp7+JNSRJdL6
JuaL5Zq3hyoozh2TAru/nlJSBTa43Xz2yJVyG49Lgm3sdLhBdIMdv6dW/vWWzZah
iJFtqzNHiWdKT5GYPQbihL+u1NIqX40UYtk1nLBgXGkVa028DRC9wHgLR7gtMtjJ
NhEl03IyVbaHdK1wP9hzm/7s7hGz3N4p4DfZXZ7UIuH7j8d+m8tzJNzSixlYFNSh
Qp2vamrgcA4fXfn0Bx7WrlWJ+UDUEvOFBlDsoIuwa00/dFJkfdgr9JY0aUT7CjR+
EViFDkSBSkV354RhEXK4tt7im2fUjLJHNLY=
-----END CERTIFICATE-----