Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/kb1MaZft1Og4FwA0dH8T-KBinV4.roa
File:                     kb1MaZft1Og4FwA0dH8T-KBinV4.roa (raw, json)
Hash identifier:          uB3t/eHzira1/vvEbwIBNzrw8GFIDIYLUkcmCleA+Ss=
Subject key identifier:   91:BD:4C:69:97:ED:D4:E8:38:17:00:34:74:7F:13:F8:A0:62:9D:5E
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018E802448B288B1D305F8CF6A76224B44E2
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/kb1MaZft1Og4FwA0dH8T-KBinV4.roa
Signing time:             Wed 27 Mar 2024 13:40:45 +0000
ROA not before:           Wed 27 Mar 2024 13:40:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        192.124.172.0/24 maxlen: 24
                          193.124.7.0/24 maxlen: 24
                          194.87.169.0/24 maxlen: 24
                          194.87.201.0/24 maxlen: 24
                          194.87.245.0/24 maxlen: 24
                          195.133.25.0/24 maxlen: 24
                          212.192.1.0/24 maxlen: 24
                          212.192.208.0/24 maxlen: 24
                          2a01:57c0::/29 maxlen: 29
                          2a0c:ff40::/29 maxlen: 29

Validation:               Failed, certificate revoked on Tue 02 Apr 2024 15:05:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:80:24:48:b2:88:b1:d3:05:f8:cf:6a:76:22:4b:44:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Mar 27 13:40:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=91bd4c6997edd4e838170034747f13f8a0629d5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:ad:e6:45:64:a3:09:0a:c3:c2:3f:98:3c:47:
                    24:be:92:06:ad:73:37:4d:a7:38:88:e4:13:77:89:
                    b7:c7:5c:fd:6d:73:48:e2:1e:99:44:d0:3f:cc:75:
                    df:54:10:39:5f:37:1a:43:7e:4b:44:ee:32:8a:3e:
                    f8:a8:e4:5e:d8:2f:7b:8d:91:2d:91:86:ea:b7:c8:
                    87:00:9c:11:58:3a:66:00:30:fe:48:06:b3:62:fc:
                    7c:ac:84:0a:b5:95:04:cd:13:a0:7a:67:6d:98:af:
                    fd:61:5f:0e:59:1f:8e:ca:35:f3:d1:ac:71:e6:62:
                    87:49:5c:93:1b:c8:d8:d3:cb:5f:48:4e:67:2e:c2:
                    41:f1:5f:4a:e5:3b:92:dd:7f:7b:83:ce:6d:c3:1b:
                    f2:b8:f8:23:19:f4:64:ca:3c:f0:80:ad:3f:a6:c4:
                    86:10:f0:bd:02:e2:25:42:51:7e:26:c3:ea:83:94:
                    43:3a:17:86:5e:db:5e:8c:21:9c:7f:3c:8f:26:69:
                    a6:6b:c8:a2:bf:fd:ea:73:16:91:43:81:0e:bb:fd:
                    ee:be:6d:f5:d1:41:7f:ee:7c:1a:50:8a:67:fa:95:
                    9b:d7:a1:ae:d9:dd:59:0d:68:88:f7:8e:ca:40:b6:
                    e6:3a:69:3e:a8:6c:05:73:02:1d:ba:bf:36:52:0d:
                    78:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:BD:4C:69:97:ED:D4:E8:38:17:00:34:74:7F:13:F8:A0:62:9D:5E
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/kb1MaZft1Og4FwA0dH8T-KBinV4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.124.172.0/24
                  193.124.7.0/24
                  194.87.169.0/24
                  194.87.201.0/24
                  194.87.245.0/24
                  195.133.25.0/24
                  212.192.1.0/24
                  212.192.208.0/24
                IPv6:
                  2a01:57c0::/29
                  2a0c:ff40::/29

    Signature Algorithm: sha256WithRSAEncryption
         70:dc:9c:33:bd:50:b4:41:f2:49:76:6a:19:bb:33:6e:0d:db:
         91:79:ca:b3:77:6d:71:d2:bb:2f:1d:69:37:19:d2:09:72:bd:
         ad:4a:79:97:d7:19:18:90:3c:30:75:d8:9c:8e:56:23:0b:99:
         a7:3d:37:83:28:7b:1e:b4:ad:7a:8f:49:17:ea:3d:ed:d4:92:
         b7:17:03:7f:3f:9d:bc:24:61:35:5a:5d:32:cc:89:e4:51:bb:
         d0:ed:93:5a:09:31:f9:2d:3c:92:d6:6b:a1:c2:89:76:f1:11:
         ff:17:bf:7e:ba:a5:ba:0a:f7:8b:c9:57:1a:80:b5:2e:1a:a2:
         55:ec:c3:0f:ac:44:43:9d:83:f0:38:90:12:26:c4:a1:cf:ab:
         79:2f:f0:48:a5:29:3d:06:39:47:84:b9:de:3e:d4:1f:7c:9b:
         5e:df:ca:2b:fe:48:d7:d1:d5:d6:bc:b6:9c:1b:a8:d2:5a:f1:
         8e:4b:3e:78:31:dc:f2:ac:cc:d6:f7:96:44:80:bc:43:f2:c1:
         72:9c:28:ea:f4:52:15:a0:f3:5f:53:3b:65:ce:27:96:7a:e4:
         ac:77:ec:d0:fc:dc:43:e1:6f:60:f6:0f:83:6a:53:15:95:17:
         98:ae:d3:ac:25:63:e9:c4:f2:a8:46:29:4d:44:8a:82:06:56:
         01:65:38:6b
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAY6AJEiyiLHTBfjPanYiS0TiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwMzI3MTM0MDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWJkNGM2OTk3ZWRkNGU4MzgxNzAwMzQ3NDdmMTNmOGEwNjI5ZDVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgK3mRWSjCQrDwj+YPEckvpIGrXM3
Tac4iOQTd4m3x1z9bXNI4h6ZRNA/zHXfVBA5XzcaQ35LRO4yij74qORe2C97jZEt
kYbqt8iHAJwRWDpmADD+SAazYvx8rIQKtZUEzROgemdtmK/9YV8OWR+OyjXz0axx
5mKHSVyTG8jY08tfSE5nLsJB8V9K5TuS3X97g85twxvyuPgjGfRkyjzwgK0/psSG
EPC9AuIlQlF+JsPqg5RDOheGXttejCGcfzyPJmmma8iiv/3qcxaRQ4EOu/3uvm31
0UF/7nwaUIpn+pWb16Gu2d1ZDWiI947KQLbmOmk+qGwFcwIdur82Ug14BwIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFJG9TGmX7dToOBcANHR/E/igYp1eMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEva2IxTWFaZnQxT2c0RndBMGRIOFQtS0JpblY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjA2BAIAATAwAwQAwHysAwQA
wXwHAwQAwlepAwQAwlfJAwQAwlf1AwQAw4UZAwQA1MABAwQA1MDQMBQEAgACMA4D
BQMqAVfAAwUDKgz/QDANBgkqhkiG9w0BAQsFAAOCAQEAcNycM71QtEHySXZqGbsz
bg3bkXnKs3dtcdK7Lx1pNxnSCXK9rUp5l9cZGJA8MHXYnI5WIwuZpz03gyh7HrSt
eo9JF+o97dSStxcDfz+dvCRhNVpdMsyJ5FG70O2TWgkx+S08ktZrocKJdvER/xe/
frqlugr3i8lXGoC1LhqiVezDD6xEQ52D8DiQEibEoc+reS/wSKUpPQY5R4S53j7U
H3ybXt/KK/5I19HV1ry2nBuo0lrxjks+eDHc8qzM1veWRIC8Q/LBcpwo6vRSFaDz
X1M7Zc4nlnrkrHfs0PzcQ+FvYPYPg2pTFZUXmK7TrCVj6cTyqEYpTUSKggZWAWU4
aw==
-----END CERTIFICATE-----