Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/2a942a-f1bf-43e2-b92a-1dec40584806/1/MhxLo5XE2mvZ2QrDjktJbNNFNX4.roa
File:                     MhxLo5XE2mvZ2QrDjktJbNNFNX4.roa (raw, json)
Hash identifier:          m9Usn1zfk+vTvWNW+7wZR3N0EFiHIDPSg0FtIAeVNuM=
Subject key identifier:   32:1C:4B:A3:95:C4:DA:6B:D9:D9:0A:C3:8E:4B:49:6C:D3:45:35:7E
Certificate issuer:       /CN=3691d2950145dceac00c0ca4eb536d92867b38d3
Certificate serial:       018D329CC6405919B0D806A226F6AF6D80DD
Authority key identifier: 36:91:D2:95:01:45:DC:EA:C0:0C:0C:A4:EB:53:6D:92:86:7B:38:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NpHSlQFF3OrADAyk61NtkoZ7ONM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/2a942a-f1bf-43e2-b92a-1dec40584806/1/MhxLo5XE2mvZ2QrDjktJbNNFNX4.roa
Signing time:             Mon 22 Jan 2024 19:19:11 +0000
ROA not before:           Mon 22 Jan 2024 19:19:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206924
IP address blocks:        91.198.241.0/24 maxlen: 24
                          185.230.223.0/24 maxlen: 24
                          2a0c:2f05:3512::/48 maxlen: 48
                          2a0c:2f07::/48 maxlen: 48
                          2a0c:2f07::/64 maxlen: 64
                          2a0c:2f07:d::/48 maxlen: 48
                          2a0c:2f07:f::/48 maxlen: 48
                          2a0c:2f07:29::/48 maxlen: 48
                          2a0c:2f07:384::/48 maxlen: 48
                          2a0c:2f07:ac1::/48 maxlen: 48
                          2a0c:2f07:4663::/48 maxlen: 48
                          2a0c:2f07:4896::/48 maxlen: 48
                          2a0c:2f07:9459::/48 maxlen: 48

Validation:               Failed, certificate revoked on Fri 01 Mar 2024 12:32:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:32:9c:c6:40:59:19:b0:d8:06:a2:26:f6:af:6d:80:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3691d2950145dceac00c0ca4eb536d92867b38d3
        Validity
            Not Before: Jan 22 19:19:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=321c4ba395c4da6bd9d90ac38e4b496cd345357e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:f7:70:25:49:43:11:49:c3:15:c4:8c:00:30:
                    c6:36:e2:4b:5d:a8:38:12:74:29:cf:ad:73:e5:35:
                    9e:99:67:0a:7b:6e:bf:6b:da:d5:44:f4:39:d4:5a:
                    d1:b1:b2:1a:d8:85:d0:3b:7e:07:63:5f:c5:6e:2b:
                    fe:b7:59:35:5c:61:0d:cb:23:1c:98:11:94:3b:46:
                    c8:af:4e:b6:5e:f9:c3:58:83:18:f1:9c:5b:18:5d:
                    77:cf:ab:89:18:fc:a7:58:bc:1b:76:10:d3:a8:0b:
                    cc:34:fa:38:5d:71:ca:14:d7:9b:35:5d:3e:f2:23:
                    4d:43:06:11:0e:cc:8b:f3:b2:66:9c:e5:8c:2f:a9:
                    67:2e:aa:8a:7c:46:03:c7:17:36:83:fa:80:7f:56:
                    d7:9d:2b:e1:be:ee:79:5b:7e:72:59:bd:da:7f:33:
                    9b:ce:cc:db:2d:3b:8c:eb:0e:99:da:87:0a:57:71:
                    3f:29:55:99:f5:5a:ea:95:ed:48:91:58:19:56:c0:
                    3a:d9:35:5a:d8:9e:3f:cb:6e:f0:30:48:b1:d4:48:
                    eb:da:9c:ac:25:d9:9f:26:58:38:5d:a3:0c:e1:20:
                    a2:dd:14:ed:88:83:37:08:c6:4f:0a:0c:bb:61:29:
                    da:2d:f9:9e:03:a9:5e:a6:6d:e1:ff:70:cd:16:98:
                    f7:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:1C:4B:A3:95:C4:DA:6B:D9:D9:0A:C3:8E:4B:49:6C:D3:45:35:7E
            X509v3 Authority Key Identifier:
                keyid:36:91:D2:95:01:45:DC:EA:C0:0C:0C:A4:EB:53:6D:92:86:7B:38:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NpHSlQFF3OrADAyk61NtkoZ7ONM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/2a942a-f1bf-43e2-b92a-1dec40584806/1/MhxLo5XE2mvZ2QrDjktJbNNFNX4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/2a942a-f1bf-43e2-b92a-1dec40584806/1/NpHSlQFF3OrADAyk61NtkoZ7ONM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.241.0/24
                  185.230.223.0/24
                IPv6:
                  2a0c:2f05:3512::/48
                  2a0c:2f07::/48
                  2a0c:2f07:d::/48
                  2a0c:2f07:f::/48
                  2a0c:2f07:29::/48
                  2a0c:2f07:384::/48
                  2a0c:2f07:ac1::/48
                  2a0c:2f07:4663::/48
                  2a0c:2f07:4896::/48
                  2a0c:2f07:9459::/48

    Signature Algorithm: sha256WithRSAEncryption
         33:a8:09:5d:fe:eb:a4:0d:c0:85:c6:88:08:c1:93:63:09:11:
         08:a1:0f:bc:62:9a:05:4d:d7:2d:26:3b:25:33:1f:01:bd:bf:
         d2:fb:45:5a:2b:f3:da:94:6c:4e:e1:e0:97:33:1a:a6:79:e8:
         75:32:90:7d:0a:3d:b0:c2:55:e8:92:f2:c6:b2:87:a5:15:50:
         7f:96:fd:95:26:fc:d9:4c:b3:98:14:4d:3b:1d:87:b0:5c:a6:
         d2:d8:31:2b:58:93:71:5b:e7:87:bc:17:dc:63:84:30:22:a9:
         23:b3:22:e8:ce:27:fc:15:22:e2:46:ba:09:75:ae:c7:f4:e9:
         27:d2:42:b7:ca:03:22:2a:66:4f:89:27:59:c5:f2:5e:fa:a8:
         fd:17:0b:0e:f0:eb:2f:8b:17:fa:da:8f:f8:7d:cc:5d:6e:94:
         89:9e:1a:20:60:70:b0:08:67:a9:13:c5:16:44:b5:34:a8:f6:
         f0:e6:6c:c2:34:35:d3:4b:7c:9a:05:cd:5b:5b:11:f4:6b:c7:
         cd:02:fe:f1:6d:7e:3c:c5:c0:de:82:36:13:c4:65:69:51:d1:
         de:12:47:7f:7c:0e:2e:7d:9c:7c:9b:da:2c:39:7b:6d:8e:bc:
         bd:17:39:7b:93:ea:8c:b8:44:93:c7:a1:f4:32:ef:de:f2:0a:
         7a:4e:d4:a0
-----BEGIN CERTIFICATE-----
MIIFZjCCBE6gAwIBAgISAY0ynMZAWRmw2AaiJvavbYDdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OTFkMjk1MDE0NWRjZWFjMDBjMGNhNGViNTM2ZDkyODY3
YjM4ZDMwHhcNMjQwMTIyMTkxOTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjFjNGJhMzk1YzRkYTZiZDlkOTBhYzM4ZTRiNDk2Y2QzNDUzNTdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm/dwJUlDEUnDFcSMADDGNuJLXag4
EnQpz61z5TWemWcKe26/a9rVRPQ51FrRsbIa2IXQO34HY1/Fbiv+t1k1XGENyyMc
mBGUO0bIr062XvnDWIMY8ZxbGF13z6uJGPynWLwbdhDTqAvMNPo4XXHKFNebNV0+
8iNNQwYRDsyL87JmnOWML6lnLqqKfEYDxxc2g/qAf1bXnSvhvu55W35yWb3afzOb
zszbLTuM6w6Z2ocKV3E/KVWZ9Vrqle1IkVgZVsA62TVa2J4/y27wMEix1Ejr2pys
JdmfJlg4XaMM4SCi3RTtiIM3CMZPCgy7YSnaLfmeA6lepm3h/3DNFpj3iQIDAQAB
o4ICcjCCAm4wHQYDVR0OBBYEFDIcS6OVxNpr2dkKw45LSWzTRTV+MB8GA1UdIwQY
MBaAFDaR0pUBRdzqwAwMpOtTbZKGezjTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnBIU2xRRkYzT3JBREF5azYxTnRrb1o3T05NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi8yYTk0MmEtZjFiZi00M2UyLWI5MmEt
MWRlYzQwNTg0ODA2LzEvTWh4TG81WEUybXZaMlFyRGprdEpiTk5GTlg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi8yYTk0MmEtZjFiZi00M2UyLWI5MmEtMWRlYzQwNTg0ODA2
LzEvTnBIU2xRRkYzT3JBREF5azYxTnRrb1o3T05NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGHBggrBgEFBQcBBwEB/wR4MHYwEgQCAAEwDAMEAFvG8QME
ALnm3zBgBAIAAjBaAwcAKgwvBTUSAwcAKgwvBwAAAwcAKgwvBwANAwcAKgwvBwAP
AwcAKgwvBwApAwcAKgwvBwOEAwcAKgwvBwrBAwcAKgwvB0ZjAwcAKgwvB0iWAwcA
KgwvB5RZMA0GCSqGSIb3DQEBCwUAA4IBAQAzqAld/uukDcCFxogIwZNjCREIoQ+8
YpoFTdctJjslMx8Bvb/S+0VaK/PalGxO4eCXMxqmeeh1MpB9Cj2wwlXokvLGsoel
FVB/lv2VJvzZTLOYFE07HYewXKbS2DErWJNxW+eHvBfcY4QwIqkjsyLozif8FSLi
RroJda7H9Okn0kK3ygMiKmZPiSdZxfJe+qj9FwsO8Osvixf62o/4fcxdbpSJnhog
YHCwCGepE8UWRLU0qPbw5mzCNDXTS3yaBc1bWxH0a8fNAv7xbX48xcDegjYTxGVp
UdHeEkd/fA4ufZx8m9osOXttjry9Fzl7k+qMuESTx6H0Mu/e8gp6TtSg
-----END CERTIFICATE-----