Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/DW4vaynFnj7BHRtMVVsBfFR3xVM.roa
File:                     DW4vaynFnj7BHRtMVVsBfFR3xVM.roa (raw, json)
Hash identifier:          ZjxxfxDJUDmf6j6r0Zy/XbX2zSoeHQSJyWN8G/yqz6M=
Subject key identifier:   0D:6E:2F:6B:29:C5:9E:3E:C1:1D:1B:4C:55:5B:01:7C:54:77:C5:53
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       01927BD46D5229CF64C7A36C1DABB5E60492
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/DW4vaynFnj7BHRtMVVsBfFR3xVM.roa
Signing time:             Fri 11 Oct 2024 13:46:11 +0000
ROA not before:           Fri 11 Oct 2024 13:46:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        45.139.6.0/23 maxlen: 24
                          46.249.110.0/24 maxlen: 24
                          82.115.9.0/24 maxlen: 24
                          82.115.28.0/23 maxlen: 24
                          89.251.10.0/24 maxlen: 24
                          91.132.57.0/24 maxlen: 24
                          159.255.32.0/22 maxlen: 22
                          159.255.36.0/22 maxlen: 22
                          185.231.172.0/22 maxlen: 24
                          188.209.156.0/22 maxlen: 24
                          188.214.236.0/22 maxlen: 22
                          188.253.8.0/21 maxlen: 24
                          193.36.72.0/24 maxlen: 24
                          202.133.90.0/23 maxlen: 24
                          213.173.32.0/22 maxlen: 24

Validation:               Failed, certificate revoked on Wed 16 Oct 2024 12:30:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:7b:d4:6d:52:29:cf:64:c7:a3:6c:1d:ab:b5:e6:04:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Oct 11 13:46:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0d6e2f6b29c59e3ec11d1b4c555b017c5477c553
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:ec:58:1b:e9:e5:de:11:65:ac:8f:b9:fe:0d:
                    c2:2f:10:0d:2e:c9:22:a9:82:37:18:91:88:85:be:
                    cd:47:81:59:b0:d4:47:1c:01:0f:69:67:14:af:4b:
                    54:de:97:c2:22:89:df:39:1e:8b:e5:aa:90:e6:09:
                    62:ce:05:8f:61:a0:26:50:94:65:2b:2a:02:3d:6e:
                    66:be:39:84:db:c0:be:d2:36:40:1c:28:94:f1:88:
                    bb:a3:f2:80:4a:f5:69:f0:8c:9b:ad:ee:5d:66:b9:
                    c0:9b:8c:69:66:45:a3:cb:45:73:4f:bf:ff:bb:44:
                    57:fb:40:0e:eb:cd:bf:2c:f9:d6:b4:4c:f3:99:f2:
                    6d:e8:bf:c3:fe:19:92:43:61:c9:e9:45:86:6e:78:
                    a9:75:59:46:06:cf:1f:a9:54:45:dc:26:5e:88:a3:
                    07:f1:be:e8:11:9f:11:68:97:31:bf:33:94:b9:d3:
                    ff:be:70:9d:0c:71:32:d1:e4:cd:b4:ce:fa:97:e5:
                    4e:59:3e:61:04:1e:4d:7f:a2:c0:51:90:23:df:99:
                    bf:76:9a:13:76:20:2a:33:e0:5f:95:a4:bd:46:cf:
                    9a:ee:8b:62:c1:5d:8e:6e:80:0f:d8:d5:9b:3b:bf:
                    05:73:eb:27:29:86:e8:f7:62:8d:39:d7:36:a0:86:
                    6a:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:6E:2F:6B:29:C5:9E:3E:C1:1D:1B:4C:55:5B:01:7C:54:77:C5:53
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/DW4vaynFnj7BHRtMVVsBfFR3xVM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.139.6.0/23
                  46.249.110.0/24
                  82.115.9.0/24
                  82.115.28.0/23
                  89.251.10.0/24
                  91.132.57.0/24
                  159.255.32.0/21
                  185.231.172.0/22
                  188.209.156.0/22
                  188.214.236.0/22
                  188.253.8.0/21
                  193.36.72.0/24
                  202.133.90.0/23
                  213.173.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         37:90:08:12:cd:54:95:99:02:05:c9:38:b1:ed:08:6b:b9:8c:
         71:0c:1c:8f:25:95:92:32:34:1e:85:41:ba:5c:98:d0:79:c8:
         2b:e9:ce:3e:df:6c:3f:d0:1e:63:46:f7:49:f6:3d:74:1a:81:
         97:32:e6:b3:32:da:07:f2:be:8f:be:f2:19:58:1c:67:8b:e1:
         e2:8b:38:10:ba:35:6e:21:ac:77:c4:ed:ea:4c:da:d6:d0:8a:
         35:9f:78:ee:ed:79:56:e2:d6:21:59:11:8f:c0:af:7f:44:0e:
         e6:49:c5:bb:bb:21:e4:b7:1f:b9:55:76:16:b0:ed:4f:7b:d9:
         0f:37:66:fe:c0:34:4f:16:e7:a8:56:1e:36:38:d0:a1:f8:15:
         eb:ed:5c:41:fe:81:38:6b:77:1a:62:a8:a3:a6:0c:c4:e3:7a:
         61:ee:ba:be:2a:07:1a:e5:24:59:e0:fa:39:7d:11:8a:c7:20:
         f1:dd:63:0b:22:d8:dd:3e:2e:06:a5:9b:2a:40:cc:2e:92:e9:
         63:21:b7:50:93:0b:30:55:46:f1:67:06:a5:55:ff:a9:aa:4d:
         a6:b2:c6:28:44:dc:95:7a:06:32:55:13:d7:78:cb:47:2f:9a:
         9a:fb:48:7f:fc:ff:22:13:13:5a:9e:d1:29:ba:0c:44:46:74:
         c2:a4:c9:76
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAZJ71G1SKc9kx6NsHau15gSSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjQxMDExMTM0NjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDZlMmY2YjI5YzU5ZTNlYzExZDFiNGM1NTViMDE3YzU0NzdjNTUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg+xYG+nl3hFlrI+5/g3CLxANLski
qYI3GJGIhb7NR4FZsNRHHAEPaWcUr0tU3pfCIonfOR6L5aqQ5glizgWPYaAmUJRl
KyoCPW5mvjmE28C+0jZAHCiU8Yi7o/KASvVp8Iybre5dZrnAm4xpZkWjy0VzT7//
u0RX+0AO682/LPnWtEzzmfJt6L/D/hmSQ2HJ6UWGbnipdVlGBs8fqVRF3CZeiKMH
8b7oEZ8RaJcxvzOUudP/vnCdDHEy0eTNtM76l+VOWT5hBB5Nf6LAUZAj35m/dpoT
diAqM+BflaS9Rs+a7otiwV2OboAP2NWbO78Fc+snKYbo92KNOdc2oIZqrQIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFA1uL2spxZ4+wR0bTFVbAXxUd8VTMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvRFc0dmF5bkZuajdCSFJ0TVZWc0JmRlIzeFZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBaBAIAATBUAwQBLYsGAwQA
LvluAwQAUnMJAwQBUnMcAwQAWfsKAwQAW4Q5AwQDn/8gAwQCueesAwQCvNGcAwQC
vNbsAwQDvP0IAwQAwSRIAwQByoVaAwQC1a0gMA0GCSqGSIb3DQEBCwUAA4IBAQA3
kAgSzVSVmQIFyTix7QhruYxxDByPJZWSMjQehUG6XJjQecgr6c4+32w/0B5jRvdJ
9j10GoGXMuazMtoH8r6PvvIZWBxni+HiizgQujVuIax3xO3qTNrW0Io1n3ju7XlW
4tYhWRGPwK9/RA7mScW7uyHktx+5VXYWsO1Pe9kPN2b+wDRPFueoVh42ONCh+BXr
7VxB/oE4a3caYqijpgzE43ph7rq+Kgca5SRZ4Po5fRGKxyDx3WMLItjdPi4GpZsq
QMwukuljIbdQkwswVUbxZwalVf+pqk2mssYoRNyVegYyVRPXeMtHL5qa+0h//P8i
ExNantEpugxERnTCpMl2
-----END CERTIFICATE-----