Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/ZSyX9OXXV_vAXZQ5sjCfSIUt2H8.roa
File:                     ZSyX9OXXV_vAXZQ5sjCfSIUt2H8.roa (raw, json)
Hash identifier:          dtz7f2EFErf1/TzSRS/1CQTIYvYuD6Z8RitP2o9lr0k=
Subject key identifier:   65:2C:97:F4:E5:D7:57:FB:C0:5D:94:39:B2:30:9F:48:85:2D:D8:7F
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       01927606869714E9B4411CF3F0112798C25C
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/ZSyX9OXXV_vAXZQ5sjCfSIUt2H8.roa
Signing time:             Thu 10 Oct 2024 10:43:11 +0000
ROA not before:           Thu 10 Oct 2024 10:43:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        45.139.6.0/23 maxlen: 24
                          46.249.110.0/24 maxlen: 24
                          82.115.9.0/24 maxlen: 24
                          82.115.28.0/23 maxlen: 24
                          89.251.10.0/24 maxlen: 24
                          91.132.57.0/24 maxlen: 24
                          159.255.32.0/22 maxlen: 22
                          159.255.36.0/22 maxlen: 22
                          185.231.172.0/22 maxlen: 24
                          188.209.156.0/22 maxlen: 24
                          188.214.236.0/22 maxlen: 22
                          188.253.8.0/21 maxlen: 24
                          193.36.72.0/24 maxlen: 24
                          193.36.73.0/24 maxlen: 24
                          202.133.90.0/23 maxlen: 24
                          213.173.32.0/22 maxlen: 24

Validation:               Failed, certificate revoked on Fri 11 Oct 2024 13:46:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:76:06:86:97:14:e9:b4:41:1c:f3:f0:11:27:98:c2:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Oct 10 10:43:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=652c97f4e5d757fbc05d9439b2309f48852dd87f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:65:64:dc:da:86:86:7e:39:10:58:00:81:96:
                    c6:04:d8:0e:58:a6:6e:f2:18:66:21:4f:0f:82:c8:
                    46:78:80:38:c8:8e:57:30:a5:5d:19:34:34:0c:2d:
                    11:36:3b:63:33:c3:61:1a:43:c1:78:9a:01:3a:05:
                    c9:71:94:b3:dd:c0:99:3a:e9:6e:fd:38:69:72:86:
                    af:e9:79:7b:f8:e7:0b:fe:8b:05:bd:e6:04:2d:0b:
                    d4:a6:16:a3:13:0c:2e:0c:ff:40:04:5d:1a:7e:e1:
                    d7:40:77:51:03:6e:98:d1:ff:cc:85:e5:b8:4e:2d:
                    44:86:9a:31:d0:20:d3:e8:8e:0b:82:f2:e3:e7:0e:
                    c6:17:36:e9:71:22:40:b4:09:14:cc:c0:46:d4:28:
                    ef:fc:43:de:6e:be:9c:84:ce:e0:d7:39:67:10:eb:
                    87:b1:51:f1:14:5d:1d:32:34:42:6e:6b:98:8f:4f:
                    da:e9:66:ae:f5:e4:93:ea:3a:e3:e7:11:83:15:0f:
                    d6:66:ac:68:54:5e:f9:aa:ff:b0:0a:02:f3:2b:a6:
                    2b:f9:b3:f5:e8:9b:c0:b8:1f:ce:14:1d:16:eb:e2:
                    f9:78:02:4a:a3:62:c8:2b:14:6d:a7:b9:d1:d3:c4:
                    11:32:23:99:43:19:c1:ce:c7:d5:dd:b1:8d:6c:eb:
                    f4:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:2C:97:F4:E5:D7:57:FB:C0:5D:94:39:B2:30:9F:48:85:2D:D8:7F
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/ZSyX9OXXV_vAXZQ5sjCfSIUt2H8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.139.6.0/23
                  46.249.110.0/24
                  82.115.9.0/24
                  82.115.28.0/23
                  89.251.10.0/24
                  91.132.57.0/24
                  159.255.32.0/21
                  185.231.172.0/22
                  188.209.156.0/22
                  188.214.236.0/22
                  188.253.8.0/21
                  193.36.72.0/23
                  202.133.90.0/23
                  213.173.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4f:9c:ba:25:19:3c:ed:2a:0c:8a:8d:89:16:da:63:5e:58:93:
         e5:ac:2c:56:cd:76:7f:19:e1:b8:80:82:0d:56:b0:8e:d9:e1:
         d3:63:58:77:ba:26:4e:0e:af:7e:98:8f:5e:fb:41:46:f9:9b:
         60:28:bf:b0:0d:e2:2d:3d:e4:49:4f:5d:3d:1a:30:eb:80:87:
         55:76:a8:0e:53:88:28:fe:1e:e5:30:22:04:2e:f0:b1:30:8b:
         d1:30:25:a7:f2:26:06:62:fa:b0:2b:d3:ea:c6:76:79:c4:4d:
         60:77:f0:59:96:1f:54:33:69:94:32:cb:d1:dc:06:0c:10:b3:
         dd:7a:f8:77:3b:05:e7:13:07:04:28:05:36:bd:cf:64:25:e0:
         94:4d:1f:69:e3:9c:12:24:d6:b8:47:1b:eb:45:c8:19:4a:01:
         5c:ab:71:2f:05:2c:8e:f0:a8:aa:9b:0f:7a:0c:a0:a0:29:d1:
         29:77:ea:33:24:d2:cc:21:a2:a3:07:16:ba:eb:74:cb:39:59:
         e7:83:41:f8:70:cb:e0:7a:98:d9:8c:0d:10:cb:b1:84:78:f5:
         37:4f:93:e7:ac:bb:4a:e8:35:66:20:59:c0:9d:6b:8e:82:5e:
         3a:1d:1e:3d:e8:2a:49:84:88:c5:db:3d:7d:56:4a:88:b5:2a:
         09:ae:5d:af
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAZJ2BoaXFOm0QRzz8BEnmMJcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjQxMDEwMTA0MzExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTJjOTdmNGU1ZDc1N2ZiYzA1ZDk0MzliMjMwOWY0ODg1MmRkODdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2Vk3NqGhn45EFgAgZbGBNgOWKZu
8hhmIU8PgshGeIA4yI5XMKVdGTQ0DC0RNjtjM8NhGkPBeJoBOgXJcZSz3cCZOulu
/Thpcoav6Xl7+OcL/osFveYELQvUphajEwwuDP9ABF0afuHXQHdRA26Y0f/MheW4
Ti1Ehpox0CDT6I4LgvLj5w7GFzbpcSJAtAkUzMBG1Cjv/EPebr6chM7g1zlnEOuH
sVHxFF0dMjRCbmuYj0/a6Wau9eST6jrj5xGDFQ/WZqxoVF75qv+wCgLzK6Yr+bP1
6JvAuB/OFB0W6+L5eAJKo2LIKxRtp7nR08QRMiOZQxnBzsfV3bGNbOv0YwIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFGUsl/Tl11f7wF2UObIwn0iFLdh/MB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvWlN5WDlPWFhWX3ZBWFpRNXNqQ2ZTSVV0Mkg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBaBAIAATBUAwQBLYsGAwQA
LvluAwQAUnMJAwQBUnMcAwQAWfsKAwQAW4Q5AwQDn/8gAwQCueesAwQCvNGcAwQC
vNbsAwQDvP0IAwQBwSRIAwQByoVaAwQC1a0gMA0GCSqGSIb3DQEBCwUAA4IBAQBP
nLolGTztKgyKjYkW2mNeWJPlrCxWzXZ/GeG4gIINVrCO2eHTY1h3uiZODq9+mI9e
+0FG+ZtgKL+wDeItPeRJT109GjDrgIdVdqgOU4go/h7lMCIELvCxMIvRMCWn8iYG
YvqwK9PqxnZ5xE1gd/BZlh9UM2mUMsvR3AYMELPdevh3OwXnEwcEKAU2vc9kJeCU
TR9p45wSJNa4RxvrRcgZSgFcq3EvBSyO8Kiqmw96DKCgKdEpd+ozJNLMIaKjBxa6
63TLOVnng0H4cMvgepjZjA0Qy7GEePU3T5PnrLtK6DVmIFnAnWuOgl46HR496CpJ
hIjF2z19VkqItSoJrl2v
-----END CERTIFICATE-----