Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/a453fe-a664-47a2-8b8a-ce5e01e71c91/1/BkhroGrpv8jSXF55NI-El0EftFM.roa
File:                     BkhroGrpv8jSXF55NI-El0EftFM.roa (raw, json)
Hash identifier:          h73s2a8q5K0/tNzBBlnzBC/aXtDZg1LMmp+xTXOld84=
Subject key identifier:   06:48:6B:A0:6A:E9:BF:C8:D2:5C:5E:79:34:8F:84:97:41:1F:B4:53
Certificate issuer:       /CN=c6e1c8c65c86e8d26ddbeb68658a39a7a8e27866
Certificate serial:       018FFC386E0278063E8C48192052E25CDF6B
Authority key identifier: C6:E1:C8:C6:5C:86:E8:D2:6D:DB:EB:68:65:8A:39:A7:A8:E2:78:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xuHIxlyG6NJt2-toZYo5p6jieGY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/a453fe-a664-47a2-8b8a-ce5e01e71c91/1/BkhroGrpv8jSXF55NI-El0EftFM.roa
Signing time:             Sun 09 Jun 2024 08:58:27 +0000
ROA not before:           Sun 09 Jun 2024 08:58:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202391
IP address blocks:        46.34.160.0/22 maxlen: 24
                          89.42.136.0/22 maxlen: 24
                          89.42.196.0/22 maxlen: 22
                          89.42.196.0/24 maxlen: 24
                          89.47.196.0/22 maxlen: 24
                          89.47.197.0/24 maxlen: 24
                          89.47.198.0/24 maxlen: 24
                          89.47.200.0/22 maxlen: 22
                          89.47.200.0/24 maxlen: 24
                          89.47.201.0/24 maxlen: 24
                          89.47.202.0/24 maxlen: 24
                          92.114.48.0/24 maxlen: 24
                          92.114.49.0/24 maxlen: 24
                          92.114.50.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 12 Jun 2024 11:24:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:fc:38:6e:02:78:06:3e:8c:48:19:20:52:e2:5c:df:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c6e1c8c65c86e8d26ddbeb68658a39a7a8e27866
        Validity
            Not Before: Jun  9 08:58:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=06486ba06ae9bfc8d25c5e79348f8497411fb453
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:bf:16:a4:8c:58:da:4c:78:db:d6:a8:74:5e:
                    0a:36:c5:57:46:d2:a9:96:96:ca:8d:39:88:ee:7d:
                    4d:44:a8:42:50:36:80:01:ca:71:78:26:53:49:45:
                    ce:43:66:ea:2c:0f:8c:0d:ae:5d:20:16:a6:a7:a3:
                    01:e2:33:6b:ad:2d:ef:a7:69:d0:c5:23:e4:44:00:
                    21:c4:b8:3e:ff:d9:be:64:95:53:67:51:20:6e:07:
                    32:41:fa:ed:bf:21:1c:fc:34:86:fa:4e:ee:4f:29:
                    b9:56:ba:b3:9b:fd:d8:96:90:b5:fb:69:8c:99:c6:
                    06:d5:c0:e1:3d:ac:17:d9:81:9e:46:28:98:43:22:
                    e1:dc:da:85:ba:f7:20:c1:53:10:1d:e1:74:48:ec:
                    f2:bb:b7:56:b0:a2:94:58:63:bf:66:23:92:c5:44:
                    2c:b3:1e:5f:41:02:0e:93:fa:c3:f7:30:31:8f:46:
                    f2:bd:6d:93:8d:a4:a8:49:80:2f:5a:ed:81:3f:2b:
                    99:8f:70:82:1a:e4:af:86:24:57:d6:58:ab:a5:88:
                    65:d8:79:0e:62:e9:5e:21:79:ab:dd:7b:7c:e1:fa:
                    92:93:67:0a:ee:f5:13:6d:f6:4e:e2:7b:10:c9:07:
                    16:a4:67:06:e3:3d:ed:cd:b0:0f:14:f6:ee:38:40:
                    63:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:48:6B:A0:6A:E9:BF:C8:D2:5C:5E:79:34:8F:84:97:41:1F:B4:53
            X509v3 Authority Key Identifier:
                keyid:C6:E1:C8:C6:5C:86:E8:D2:6D:DB:EB:68:65:8A:39:A7:A8:E2:78:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xuHIxlyG6NJt2-toZYo5p6jieGY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/a453fe-a664-47a2-8b8a-ce5e01e71c91/1/BkhroGrpv8jSXF55NI-El0EftFM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/a453fe-a664-47a2-8b8a-ce5e01e71c91/1/xuHIxlyG6NJt2-toZYo5p6jieGY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.34.160.0/22
                  89.42.136.0/22
                  89.42.196.0/22
                  89.47.196.0-89.47.203.255
                  92.114.48.0-92.114.50.255

    Signature Algorithm: sha256WithRSAEncryption
         3b:73:5e:84:de:43:79:f6:f0:bf:97:8d:51:d3:2b:7f:ff:5b:
         e0:f4:41:d9:dd:ad:0f:01:d0:96:cb:76:10:fd:28:1e:41:82:
         33:4f:85:e2:a1:0b:34:c6:d9:cc:d1:51:12:8b:0d:d0:7d:ca:
         dd:17:3d:32:cc:6c:27:32:01:d0:7e:b1:97:fc:ab:f8:43:47:
         49:11:e3:5f:bc:7b:7e:ee:cc:a0:32:2f:ee:ab:ad:9d:30:25:
         f9:fb:ca:93:73:66:a8:6c:56:d2:37:d5:ee:53:a2:95:07:f2:
         c4:fa:a5:8e:e9:b0:cc:b0:14:7f:ee:c6:a5:e5:9c:a3:72:fc:
         01:a9:0c:6b:c7:fa:00:27:c7:f6:79:6c:4b:86:53:a3:ac:67:
         fe:11:71:bf:34:9e:16:31:8d:c4:fb:98:a1:81:6c:20:e5:06:
         6c:88:65:0e:a0:22:e4:c4:c9:2d:13:d0:69:74:cc:b7:df:51:
         cd:f3:4f:35:90:e8:16:73:7a:09:f0:55:1c:c5:dc:10:02:5e:
         39:19:57:81:c5:31:6f:b3:4d:14:3a:06:df:e3:3f:8f:22:ee:
         a9:53:9d:bf:c8:de:9e:ad:17:37:89:d3:59:dd:d0:46:c6:d4:
         0b:22:10:64:7a:4c:cf:09:ec:e5:e1:4e:62:3d:a7:d1:7d:c6:
         c4:b1:94:c8
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAY/8OG4CeAY+jEgZIFLiXN9rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2ZTFjOGM2NWM4NmU4ZDI2ZGRiZWI2ODY1OGEzOWE3YThl
Mjc4NjYwHhcNMjQwNjA5MDg1ODI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjQ4NmJhMDZhZTliZmM4ZDI1YzVlNzkzNDhmODQ5NzQxMWZiNDUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArr8WpIxY2kx429aodF4KNsVXRtKp
lpbKjTmI7n1NRKhCUDaAAcpxeCZTSUXOQ2bqLA+MDa5dIBamp6MB4jNrrS3vp2nQ
xSPkRAAhxLg+/9m+ZJVTZ1EgbgcyQfrtvyEc/DSG+k7uTym5Vrqzm/3YlpC1+2mM
mcYG1cDhPawX2YGeRiiYQyLh3NqFuvcgwVMQHeF0SOzyu7dWsKKUWGO/ZiOSxUQs
sx5fQQIOk/rD9zAxj0byvW2TjaSoSYAvWu2BPyuZj3CCGuSvhiRX1lirpYhl2HkO
YuleIXmr3Xt84fqSk2cK7vUTbfZO4nsQyQcWpGcG4z3tzbAPFPbuOEBjNQIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFAZIa6Bq6b/I0lxeeTSPhJdBH7RTMB8GA1UdIwQY
MBaAFMbhyMZchujSbdvraGWKOaeo4nhmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHVISXhseUc2Tkp0Mi10b1pZbzVwNmppZUdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9hNDUzZmUtYTY2NC00N2EyLThiOGEt
Y2U1ZTAxZTcxYzkxLzEvQmtocm9HcnB2OGpTWEY1NU5JLUVsMEVmdEZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9hNDUzZmUtYTY2NC00N2EyLThiOGEtY2U1ZTAxZTcxYzkx
LzEveHVISXhseUc2Tkp0Mi10b1pZbzVwNmppZUdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAATAuAwQCLiKgAwQC
WSqIAwQCWSrEMAwDBAJZL8QDBAJZL8gwDAMEBFxyMAMEAFxyMjANBgkqhkiG9w0B
AQsFAAOCAQEAO3NehN5Defbwv5eNUdMrf/9b4PRB2d2tDwHQlst2EP0oHkGCM0+F
4qELNMbZzNFREosN0H3K3Rc9MsxsJzIB0H6xl/yr+ENHSRHjX7x7fu7MoDIv7qut
nTAl+fvKk3NmqGxW0jfV7lOilQfyxPqljumwzLAUf+7GpeWco3L8AakMa8f6ACfH
9nlsS4ZTo6xn/hFxvzSeFjGNxPuYoYFsIOUGbIhlDqAi5MTJLRPQaXTMt99RzfNP
NZDoFnN6CfBVHMXcEAJeORlXgcUxb7NNFDoG3+M/jyLuqVOdv8jenq0XN4nTWd3Q
RsbUCyIQZHpMzwns5eFOYj2n0X3GxLGUyA==