Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/83df5b-d153-4cb6-baf3-4cd38b758d5c/1/I_a41Z9fFdpUpkhk-KoDCvBlZM0.roa
File:                     I_a41Z9fFdpUpkhk-KoDCvBlZM0.roa (raw, json)
Hash identifier:          YtzCRg9yVJ9SDPscJxtveAp0LbiB4wNvzjYbeUojLD4=
Subject key identifier:   23:F6:B8:D5:9F:5F:15:DA:54:A6:48:64:F8:AA:03:0A:F0:65:64:CD
Certificate issuer:       /CN=1e5aaf3d0683dc8a0d58c643826e166d3c28cca9
Certificate serial:       018E1D9756902CCBC151F691370449064E02
Authority key identifier: 1E:5A:AF:3D:06:83:DC:8A:0D:58:C6:43:82:6E:16:6D:3C:28:CC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HlqvPQaD3IoNWMZDgm4WbTwozKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/83df5b-d153-4cb6-baf3-4cd38b758d5c/1/I_a41Z9fFdpUpkhk-KoDCvBlZM0.roa
Signing time:             Fri 08 Mar 2024 10:24:01 +0000
ROA not before:           Fri 08 Mar 2024 10:24:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57910
IP address blocks:        45.149.228.0/22 maxlen: 24
                          46.18.72.0/21 maxlen: 24
                          109.69.48.0/21 maxlen: 24
                          185.11.236.0/22 maxlen: 24
                          185.161.12.0/22 maxlen: 24
                          185.226.236.0/22 maxlen: 24
                          193.57.36.0/22 maxlen: 24
                          194.56.236.0/22 maxlen: 24
                          194.127.158.0/23 maxlen: 24
                          194.127.162.0/23 maxlen: 24
                          2a00:b5c0::/32 maxlen: 32
                          2a02:2110::/32 maxlen: 32
                          2a0c:7a00::/29 maxlen: 29

Validation:               Failed, certificate revoked on Fri 08 Mar 2024 17:15:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:1d:97:56:90:2c:cb:c1:51:f6:91:37:04:49:06:4e:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e5aaf3d0683dc8a0d58c643826e166d3c28cca9
        Validity
            Not Before: Mar  8 10:24:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=23f6b8d59f5f15da54a64864f8aa030af06564cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:92:fd:85:cd:96:41:ec:3b:3c:be:eb:bf:7d:
                    e2:11:c6:93:77:e3:54:05:9b:f9:8e:c8:3a:2e:e7:
                    e0:15:26:e0:13:68:22:c0:99:74:7b:c5:fd:97:30:
                    a6:06:ca:21:67:1b:ec:1d:64:95:95:c2:91:d7:31:
                    8d:61:14:13:93:22:3c:c7:be:f6:f6:cb:4b:eb:06:
                    1b:6f:b8:36:a0:c2:26:98:66:82:aa:e8:cd:76:e9:
                    10:5a:a1:1d:e9:10:a5:fb:d7:3c:5f:b5:03:e3:c5:
                    d5:ce:03:3e:1d:09:9a:8b:99:aa:c7:65:90:64:e7:
                    c2:d0:ec:45:58:55:c7:a8:30:db:6b:59:0e:f6:74:
                    7a:88:b2:48:9d:31:37:52:91:9c:bf:ed:00:19:16:
                    0d:af:2c:71:a9:dc:13:27:56:b2:cf:e5:f9:fb:6f:
                    f2:66:97:f4:b1:47:e2:8d:72:36:da:55:78:37:65:
                    71:44:20:2b:7a:ea:b8:c7:cb:e6:b9:59:c0:80:52:
                    d5:c3:00:b6:2f:a2:ae:8f:be:80:72:9b:c8:08:90:
                    92:0c:7e:22:93:15:01:5a:c0:85:8c:75:5e:af:f0:
                    6a:db:43:4d:1e:13:2b:5c:f6:ab:ed:2c:45:58:30:
                    3d:62:b0:64:37:26:44:22:a7:14:cb:6a:da:83:e2:
                    4e:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:F6:B8:D5:9F:5F:15:DA:54:A6:48:64:F8:AA:03:0A:F0:65:64:CD
            X509v3 Authority Key Identifier:
                keyid:1E:5A:AF:3D:06:83:DC:8A:0D:58:C6:43:82:6E:16:6D:3C:28:CC:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HlqvPQaD3IoNWMZDgm4WbTwozKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/83df5b-d153-4cb6-baf3-4cd38b758d5c/1/I_a41Z9fFdpUpkhk-KoDCvBlZM0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/83df5b-d153-4cb6-baf3-4cd38b758d5c/1/HlqvPQaD3IoNWMZDgm4WbTwozKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.228.0/22
                  46.18.72.0/21
                  109.69.48.0/21
                  185.11.236.0/22
                  185.161.12.0/22
                  185.226.236.0/22
                  193.57.36.0/22
                  194.56.236.0/22
                  194.127.158.0/23
                  194.127.162.0/23
                IPv6:
                  2a00:b5c0::/32
                  2a02:2110::/32
                  2a0c:7a00::/29

    Signature Algorithm: sha256WithRSAEncryption
         66:ad:49:ae:9d:33:31:c0:08:63:c1:59:e0:40:fa:55:c3:b3:
         c5:92:7a:7d:ee:8e:ca:08:3a:6f:14:3a:58:b7:8a:99:f7:e8:
         2e:e0:ec:fa:fc:6e:d1:8c:63:4a:07:b2:78:75:ed:30:08:3b:
         b4:bb:52:1f:b6:d0:d3:5d:53:63:8f:ec:e6:5b:d3:0a:de:92:
         ac:c5:ae:94:7a:75:a3:d4:ae:21:d0:a0:f0:e8:0b:df:0f:04:
         ed:93:15:ed:c1:05:5f:55:7b:e7:e7:3f:b9:d8:07:f4:ec:b1:
         85:8d:77:28:f9:76:9c:21:ed:e3:e4:4d:35:aa:3f:12:b8:d0:
         c1:d7:14:94:65:20:c5:0a:9d:f4:73:fe:6f:0f:c5:10:30:f3:
         ad:7a:11:53:f6:03:c3:c1:9d:8e:ae:0f:87:b8:b5:e6:c4:05:
         65:d9:1d:3f:23:89:2a:fc:94:be:5c:73:36:09:e5:cc:0f:28:
         6c:fd:61:d5:a6:11:1d:e2:67:ba:fd:ef:fd:3d:db:a9:c9:73:
         1f:2e:d5:09:fd:57:cd:52:81:c6:93:f8:1b:bb:1a:e6:39:23:
         d5:b4:db:86:7c:2e:ab:bc:db:83:6c:27:25:16:d3:c0:3c:a2:
         2d:13:85:64:49:ff:47:05:04:8c:16:83:55:c3:46:33:05:6a:
         bd:e4:76:9e
-----BEGIN CERTIFICATE-----
MIIFUDCCBDigAwIBAgISAY4dl1aQLMvBUfaRNwRJBk4CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNWFhZjNkMDY4M2RjOGEwZDU4YzY0MzgyNmUxNjZkM2My
OGNjYTkwHhcNMjQwMzA4MTAyNDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2Y2YjhkNTlmNWYxNWRhNTRhNjQ4NjRmOGFhMDMwYWYwNjU2NGNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtpL9hc2WQew7PL7rv33iEcaTd+NU
BZv5jsg6LufgFSbgE2giwJl0e8X9lzCmBsohZxvsHWSVlcKR1zGNYRQTkyI8x772
9stL6wYbb7g2oMImmGaCqujNdukQWqEd6RCl+9c8X7UD48XVzgM+HQmai5mqx2WQ
ZOfC0OxFWFXHqDDba1kO9nR6iLJInTE3UpGcv+0AGRYNryxxqdwTJ1ayz+X5+2/y
Zpf0sUfijXI22lV4N2VxRCAreuq4x8vmuVnAgFLVwwC2L6Kuj76AcpvICJCSDH4i
kxUBWsCFjHVer/Bq20NNHhMrXPar7SxFWDA9YrBkNyZEIqcUy2rag+JOXwIDAQAB
o4ICXDCCAlgwHQYDVR0OBBYEFCP2uNWfXxXaVKZIZPiqAwrwZWTNMB8GA1UdIwQY
MBaAFB5arz0Gg9yKDVjGQ4JuFm08KMypMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGxxdlBRYUQzSW9OV01aRGdtNFdiVHdvektrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi84M2RmNWItZDE1My00Y2I2LWJhZjMt
NGNkMzhiNzU4ZDVjLzEvSV9hNDFaOWZGZHBVcGtoay1Lb0RDdkJsWk0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi84M2RmNWItZDE1My00Y2I2LWJhZjMtNGNkMzhiNzU4ZDVj
LzEvSGxxdlBRYUQzSW9OV01aRGdtNFdiVHdvektrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHIGCCsGAQUFBwEHAQH/BGMwYTBCBAIAATA8AwQCLZXkAwQD
LhJIAwQDbUUwAwQCuQvsAwQCuaEMAwQCueLsAwQCwTkkAwQCwjjsAwQBwn+eAwQB
wn+iMBsEAgACMBUDBQAqALXAAwUAKgIhEAMFAyoMegAwDQYJKoZIhvcNAQELBQAD
ggEBAGatSa6dMzHACGPBWeBA+lXDs8WSen3ujsoIOm8UOli3ipn36C7g7Pr8btGM
Y0oHsnh17TAIO7S7Uh+20NNdU2OP7OZb0wrekqzFrpR6daPUriHQoPDoC98PBO2T
Fe3BBV9Ve+fnP7nYB/TssYWNdyj5dpwh7ePkTTWqPxK40MHXFJRlIMUKnfRz/m8P
xRAw8616EVP2A8PBnY6uD4e4tebEBWXZHT8jiSr8lL5cczYJ5cwPKGz9YdWmER3i
Z7r97/0926nJcx8u1Qn9V81SgcaT+Bu7GuY5I9W024Z8Lqu824NsJyUW08A8oi0T
hWRJ/0cFBIwWg1XDRjMFar3kdp4=
-----END CERTIFICATE-----