Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/41a843-7524-455b-be22-2b170e95c2b7/1/MqVeMP3ER_GjauQTLeO2NjK16bo.roa
File:                     MqVeMP3ER_GjauQTLeO2NjK16bo.roa (raw, json)
Hash identifier:          9M0M47t6kCsqVwM/64Aq/c9Dt+HbqyhhibA7YK5Se4A=
Subject key identifier:   32:A5:5E:30:FD:C4:47:F1:A3:6A:E4:13:2D:E3:B6:36:32:B5:E9:BA
Certificate issuer:       /CN=2dc291b8db6cfddf6dd2a1d55b226d49492a2705
Certificate serial:       018CC3495B3D8FDA9DD6E4405E50D01C605A
Authority key identifier: 2D:C2:91:B8:DB:6C:FD:DF:6D:D2:A1:D5:5B:22:6D:49:49:2A:27:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LcKRuNts_d9t0qHVWyJtSUkqJwU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/41a843-7524-455b-be22-2b170e95c2b7/1/MqVeMP3ER_GjauQTLeO2NjK16bo.roa
Signing time:             Mon 01 Jan 2024 04:30:13 +0000
ROA not before:           Mon 01 Jan 2024 04:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211393
IP address blocks:        45.9.23.0/24 maxlen: 24
                          2a0b:6dc1:1::/48 maxlen: 48
                          2a0b:6dc3::/48 maxlen: 48
                          2a0b:6dc0:123::/48 maxlen: 48
                          2a0b:6dc0::/46 maxlen: 46
                          2a0b:6dc0:6::/48 maxlen: 48
                          2a0b:6dc1:2::/48 maxlen: 48
                          2a0b:6dc2::/45 maxlen: 45
                          2a0b:6dc7::/32 maxlen: 32
                          2a0b:6dc3:a::/47 maxlen: 47
                          2a0b:6dc3:c::/48 maxlen: 48

Validation:               Failed, certificate revoked on Wed 28 Feb 2024 14:24:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:5b:3d:8f:da:9d:d6:e4:40:5e:50:d0:1c:60:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2dc291b8db6cfddf6dd2a1d55b226d49492a2705
        Validity
            Not Before: Jan  1 04:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=32a55e30fdc447f1a36ae4132de3b63632b5e9ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:df:3c:cb:e2:cf:f8:b7:22:c8:6e:3b:d5:97:
                    09:f3:dc:0f:99:76:23:32:06:ad:69:3e:4e:93:e0:
                    0e:09:d2:2e:89:76:cd:69:d0:12:a6:e3:7c:49:ea:
                    4c:c1:69:b2:02:c8:10:d8:f6:1a:b6:70:61:65:54:
                    0d:e0:13:f6:56:d5:3e:d6:0d:c2:cc:9a:13:a3:09:
                    a5:92:06:c8:8a:55:55:e5:ce:13:56:9e:06:b9:ca:
                    ce:d5:9a:10:84:44:7f:61:87:68:3b:fb:f3:22:8f:
                    08:fe:84:01:32:bd:fe:5b:cc:6d:0f:04:0f:55:0c:
                    5c:f8:b2:aa:a0:07:02:32:b3:78:c3:6d:4a:d7:0a:
                    55:ec:e7:a5:5b:6b:4e:1f:73:2a:89:23:a5:92:63:
                    31:ca:1b:c9:49:e2:af:35:14:8a:25:fe:8c:6d:9f:
                    c9:6d:cb:44:1f:e5:74:52:94:a9:22:c8:2f:16:9c:
                    54:23:ad:89:cd:4d:54:d1:a0:2f:f2:4a:ff:28:1a:
                    bd:cd:ae:40:99:f3:9d:53:b3:0d:59:cb:f4:cc:13:
                    03:05:c4:b9:cb:8e:e2:c8:0a:13:d9:4d:4d:ec:50:
                    d5:7d:70:44:d6:a0:46:5f:70:3d:d5:c4:4f:ff:1e:
                    c7:ec:2d:42:c4:1f:e0:9b:7f:0c:aa:9a:aa:eb:3e:
                    e5:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:A5:5E:30:FD:C4:47:F1:A3:6A:E4:13:2D:E3:B6:36:32:B5:E9:BA
            X509v3 Authority Key Identifier:
                keyid:2D:C2:91:B8:DB:6C:FD:DF:6D:D2:A1:D5:5B:22:6D:49:49:2A:27:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LcKRuNts_d9t0qHVWyJtSUkqJwU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/41a843-7524-455b-be22-2b170e95c2b7/1/MqVeMP3ER_GjauQTLeO2NjK16bo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/41a843-7524-455b-be22-2b170e95c2b7/1/LcKRuNts_d9t0qHVWyJtSUkqJwU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.23.0/24
                IPv6:
                  2a0b:6dc0::/46
                  2a0b:6dc0:6::/48
                  2a0b:6dc0:123::/48
                  2a0b:6dc1:1::-2a0b:6dc1:2:ffff:ffff:ffff:ffff:ffff
                  2a0b:6dc2::/45
                  2a0b:6dc3::/48
                  2a0b:6dc3:a::-2a0b:6dc3:c:ffff:ffff:ffff:ffff:ffff
                  2a0b:6dc7::/32

    Signature Algorithm: sha256WithRSAEncryption
         3e:69:60:9f:4d:05:bc:23:0b:3a:e1:1b:e6:02:b2:4d:38:ad:
         42:ce:f2:1c:b8:a3:20:8e:c3:79:72:93:58:21:85:93:c3:f1:
         f2:7d:2f:bd:81:dc:94:a6:30:fa:b3:f8:55:95:d4:fe:20:b4:
         41:44:82:08:bd:40:be:bf:32:db:88:f5:ab:84:64:c6:a5:0c:
         13:c9:77:33:77:a7:f2:61:64:fd:a7:23:3a:e1:f6:9e:45:38:
         c5:75:f8:fc:3f:f7:9d:87:bb:5f:9e:17:50:e2:6c:ef:21:ee:
         3d:10:8d:dd:f9:48:0a:61:d8:0b:2d:30:2a:bb:ec:57:7c:ea:
         bf:a0:86:e1:20:9d:1d:6e:c1:5d:0d:8f:fc:d3:2f:db:b5:5b:
         98:b9:bb:f7:e2:44:49:15:74:7c:22:a9:3c:2a:6e:7b:02:16:
         5b:c8:8e:30:3d:10:d0:4d:3b:03:3d:6d:bf:68:57:79:f9:f9:
         a4:32:19:0f:ff:6e:b5:b4:62:c5:71:13:d0:ac:b3:8c:ca:b4:
         22:3d:40:1a:69:fc:e6:6b:f7:1a:da:d5:55:20:d2:9e:17:d7:
         4b:56:71:c7:84:bc:63:43:ce:e8:70:57:8c:1e:57:5e:29:86:
         dd:ff:de:2b:af:d4:a4:58:35:45:19:47:55:5b:e5:ec:7e:a8:
         14:fe:15:d9
-----BEGIN CERTIFICATE-----
MIIFYjCCBEqgAwIBAgISAYzDSVs9j9qd1uRAXlDQHGBaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkYzI5MWI4ZGI2Y2ZkZGY2ZGQyYTFkNTViMjI2ZDQ5NDky
YTI3MDUwHhcNMjQwMTAxMDQzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMmE1NWUzMGZkYzQ0N2YxYTM2YWU0MTMyZGUzYjYzNjMyYjVlOWJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyd88y+LP+LciyG471ZcJ89wPmXYj
MgataT5Ok+AOCdIuiXbNadASpuN8SepMwWmyAsgQ2PYatnBhZVQN4BP2VtU+1g3C
zJoTowmlkgbIilVV5c4TVp4GucrO1ZoQhER/YYdoO/vzIo8I/oQBMr3+W8xtDwQP
VQxc+LKqoAcCMrN4w21K1wpV7OelW2tOH3MqiSOlkmMxyhvJSeKvNRSKJf6MbZ/J
bctEH+V0UpSpIsgvFpxUI62JzU1U0aAv8kr/KBq9za5AmfOdU7MNWcv0zBMDBcS5
y47iyAoT2U1N7FDVfXBE1qBGX3A91cRP/x7H7C1CxB/gm38Mqpqq6z7l7QIDAQAB
o4ICbjCCAmowHQYDVR0OBBYEFDKlXjD9xEfxo2rkEy3jtjYytem6MB8GA1UdIwQY
MBaAFC3CkbjbbP3fbdKh1VsibUlJKicFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGNLUnVOdHNfZDl0MHFIVld5SnRTVWtxSndVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC80MWE4NDMtNzUyNC00NTViLWJlMjIt
MmIxNzBlOTVjMmI3LzEvTXFWZU1QM0VSX0dqYXVRVExlTzJOaksxNmJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC80MWE4NDMtNzUyNC00NTViLWJlMjItMmIxNzBlOTVjMmI3
LzEvTGNLUnVOdHNfZDl0MHFIVld5SnRTVWtxSndVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGDBggrBgEFBQcBBwEB/wR0MHIwDAQCAAEwBgMEAC0JFzBi
BAIAAjBcAwcCKgttwAAAAwcAKgttwAAGAwcAKgttwAEjMBIDBwAqC23BAAEDBwAq
C23BAAIDBwMqC23CAAADBwAqC23DAAAwEgMHASoLbcMACgMHACoLbcMADAMFACoL
bccwDQYJKoZIhvcNAQELBQADggEBAD5pYJ9NBbwjCzrhG+YCsk04rULO8hy4oyCO
w3lyk1ghhZPD8fJ9L72B3JSmMPqz+FWV1P4gtEFEggi9QL6/MtuI9auEZMalDBPJ
dzN3p/JhZP2nIzrh9p5FOMV1+Pw/952Hu1+eF1DibO8h7j0Qjd35SAph2AstMCq7
7Fd86r+ghuEgnR1uwV0Nj/zTL9u1W5i5u/fiREkVdHwiqTwqbnsCFlvIjjA9ENBN
OwM9bb9oV3n5+aQyGQ//brW0YsVxE9Css4zKtCI9QBpp/OZr9xra1VUg0p4X10tW
cceEvGNDzuhwV4weV14pht3/3iuv1KRYNUUZR1Vb5ex+qBT+Fdk=
-----END CERTIFICATE-----