Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/Devitrwf-V8swW9-YQIN1Fdmnfc.roa
File:                     Devitrwf-V8swW9-YQIN1Fdmnfc.roa (raw, json)
Hash identifier:          /3MrrMAH4bQkP3GhGJjaivOioldOexstlNiFBqWuVgU=
Subject key identifier:   0D:EB:E2:B6:BC:1F:F9:5F:2C:C1:6F:7E:61:02:0D:D4:57:66:9D:F7
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       0193493832AF5E92C85E352215351E2C7881
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/Devitrwf-V8swW9-YQIN1Fdmnfc.roa
Signing time:             Wed 20 Nov 2024 10:57:20 +0000
ROA not before:           Wed 20 Nov 2024 10:57:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        45.139.6.0/23 maxlen: 24
                          46.249.110.0/24 maxlen: 24
                          82.115.9.0/24 maxlen: 24
                          82.115.28.0/23 maxlen: 24
                          89.251.10.0/24 maxlen: 24
                          159.255.32.0/22 maxlen: 22
                          159.255.36.0/22 maxlen: 22
                          185.231.172.0/22 maxlen: 24
                          188.209.156.0/22 maxlen: 24
                          188.253.8.0/21 maxlen: 24
                          202.133.90.0/23 maxlen: 24
                          213.173.32.0/22 maxlen: 24

Validation:               Failed, certificate revoked on Wed 20 Nov 2024 12:45:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:49:38:32:af:5e:92:c8:5e:35:22:15:35:1e:2c:78:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Nov 20 10:57:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0debe2b6bc1ff95f2cc16f7e61020dd457669df7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:13:27:73:60:72:a5:b7:f6:5e:6b:bf:ad:d2:
                    61:ee:6d:99:0d:a9:d0:59:fe:fe:0d:48:d7:f7:df:
                    6c:6b:78:3a:c1:06:cf:72:9a:3d:c5:03:49:9e:9b:
                    fe:bb:6f:94:28:9d:0e:3d:b7:36:2a:bd:37:7a:65:
                    34:a1:c6:ea:36:5c:6e:e4:bf:01:50:63:7a:29:85:
                    90:8d:f7:8c:2b:53:13:ab:d0:c4:82:26:8c:32:61:
                    60:cf:fd:49:62:85:27:d0:1d:21:16:9d:28:b3:0b:
                    22:76:bc:26:50:fd:13:0b:e1:61:13:12:9e:1c:89:
                    ea:84:5c:a8:0a:91:ad:8e:f1:58:38:af:3f:0e:c2:
                    11:55:e8:97:9f:dc:d9:49:1f:70:9a:aa:82:cb:02:
                    fd:ae:30:0a:d2:2a:2d:75:03:22:e9:63:a2:92:d7:
                    40:a8:13:9c:14:cf:e4:2e:d0:da:a1:99:d1:1b:36:
                    3c:d0:43:33:0b:08:56:5a:2b:a5:d3:df:42:46:9b:
                    be:3d:85:f2:79:b4:76:7f:39:61:77:94:4a:2c:28:
                    12:9a:53:65:bf:e3:c1:2d:5b:6d:42:1b:65:4d:65:
                    ad:b9:10:2a:d8:af:dd:a9:13:41:39:1b:b8:d7:bc:
                    ce:4d:d4:52:eb:55:ea:af:d2:c2:bf:e3:53:37:48:
                    30:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:EB:E2:B6:BC:1F:F9:5F:2C:C1:6F:7E:61:02:0D:D4:57:66:9D:F7
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/Devitrwf-V8swW9-YQIN1Fdmnfc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.139.6.0/23
                  46.249.110.0/24
                  82.115.9.0/24
                  82.115.28.0/23
                  89.251.10.0/24
                  159.255.32.0/21
                  185.231.172.0/22
                  188.209.156.0/22
                  188.253.8.0/21
                  202.133.90.0/23
                  213.173.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         32:4b:98:a4:78:1e:f5:38:e1:05:e9:68:05:5f:7d:7d:c1:f4:
         b2:28:94:9c:5f:46:69:c1:55:2d:69:9c:95:cd:b3:9b:e9:bf:
         0a:79:ef:d0:cb:a7:65:3a:62:d4:84:e9:ee:9b:f8:db:dd:1e:
         b7:5d:c3:ee:e6:0a:e8:67:20:de:f4:16:4a:d0:f8:c5:f3:59:
         97:90:51:cc:6a:0d:8b:19:44:bb:0a:a9:3e:07:84:d5:03:b1:
         72:1e:c3:b9:10:af:a0:1b:98:c7:ae:7b:7a:c9:ee:d9:66:b3:
         fe:ef:d8:00:8a:48:91:3d:84:6f:41:fe:b2:58:0a:1a:36:06:
         13:83:86:58:a8:3e:49:71:fe:d6:fc:ec:6d:ae:84:e3:b6:1c:
         53:07:62:8f:b4:78:b9:b2:23:da:83:41:36:a7:31:27:6c:7e:
         fc:b2:f7:ab:ba:f4:ea:aa:e7:a1:d4:c3:32:06:0a:49:b6:c7:
         68:9c:bc:5d:bf:03:71:6c:e2:73:e1:bb:9e:0b:d6:c5:79:7a:
         9f:4c:42:9f:7f:c2:7f:81:18:b8:16:6c:85:a2:67:11:b4:c2:
         10:a7:d7:76:ac:55:73:08:69:31:72:3b:74:f8:07:4c:cc:82:
         4a:2a:13:13:8c:6d:5e:45:ba:38:b9:01:b9:2c:9a:05:e9:be:
         32:35:b5:db
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAZNJODKvXpLIXjUiFTUeLHiBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjQxMTIwMTA1NzIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGViZTJiNmJjMWZmOTVmMmNjMTZmN2U2MTAyMGRkNDU3NjY5ZGY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvhMnc2Bypbf2Xmu/rdJh7m2ZDanQ
Wf7+DUjX999sa3g6wQbPcpo9xQNJnpv+u2+UKJ0OPbc2Kr03emU0ocbqNlxu5L8B
UGN6KYWQjfeMK1MTq9DEgiaMMmFgz/1JYoUn0B0hFp0oswsidrwmUP0TC+FhExKe
HInqhFyoCpGtjvFYOK8/DsIRVeiXn9zZSR9wmqqCywL9rjAK0iotdQMi6WOiktdA
qBOcFM/kLtDaoZnRGzY80EMzCwhWWiul099CRpu+PYXyebR2fzlhd5RKLCgSmlNl
v+PBLVttQhtlTWWtuRAq2K/dqRNBORu417zOTdRS61Xqr9LCv+NTN0gwrwIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFA3r4ra8H/lfLMFvfmECDdRXZp33MB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvRGV2aXRyd2YtVjhzd1c5LVlRSU4xRmRtbmZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQBLYsGAwQA
LvluAwQAUnMJAwQBUnMcAwQAWfsKAwQDn/8gAwQCueesAwQCvNGcAwQDvP0IAwQB
yoVaAwQC1a0gMA0GCSqGSIb3DQEBCwUAA4IBAQAyS5ikeB71OOEF6WgFX319wfSy
KJScX0ZpwVUtaZyVzbOb6b8Kee/Qy6dlOmLUhOnum/jb3R63XcPu5groZyDe9BZK
0PjF81mXkFHMag2LGUS7Cqk+B4TVA7FyHsO5EK+gG5jHrnt6ye7ZZrP+79gAikiR
PYRvQf6yWAoaNgYTg4ZYqD5Jcf7W/OxtroTjthxTB2KPtHi5siPag0E2pzEnbH78
sveruvTqqueh1MMyBgpJtsdonLxdvwNxbOJz4bueC9bFeXqfTEKff8J/gRi4FmyF
omcRtMIQp9d2rFVzCGkxcjt0+AdMzIJKKhMTjG1eRbo4uQG5LJoF6b4yNbXb
-----END CERTIFICATE-----