Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/83df5b-d153-4cb6-baf3-4cd38b758d5c/1/tF94s_Ux91U-Elrjso-qsId7j9s.roa
File:                     tF94s_Ux91U-Elrjso-qsId7j9s.roa (raw, json)
Hash identifier:          sarwMNYAKG28foLyfKtusI6Q9iPwAsKKxZvRWqixgoo=
Subject key identifier:   B4:5F:78:B3:F5:31:F7:55:3E:12:5A:E3:B2:8F:AA:B0:87:7B:8F:DB
Certificate issuer:       /CN=1e5aaf3d0683dc8a0d58c643826e166d3c28cca9
Certificate serial:       018E19B7D20EB105EB53B3E978DB1C1C49D1
Authority key identifier: 1E:5A:AF:3D:06:83:DC:8A:0D:58:C6:43:82:6E:16:6D:3C:28:CC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HlqvPQaD3IoNWMZDgm4WbTwozKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/83df5b-d153-4cb6-baf3-4cd38b758d5c/1/tF94s_Ux91U-Elrjso-qsId7j9s.roa
Signing time:             Thu 07 Mar 2024 16:21:00 +0000
ROA not before:           Thu 07 Mar 2024 16:21:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57910
IP address blocks:        46.18.72.0/21 maxlen: 24
                          185.11.236.0/22 maxlen: 24
                          185.161.12.0/22 maxlen: 24
                          185.226.236.0/22 maxlen: 24
                          193.57.36.0/22 maxlen: 24
                          194.56.236.0/22 maxlen: 24
                          194.127.158.0/23 maxlen: 24
                          194.127.162.0/23 maxlen: 24
                          2a00:b5c0::/32 maxlen: 32
                          2a02:2110::/32 maxlen: 32
                          2a0c:7a00::/29 maxlen: 29
Validation:               Failed, certificate revoked on Fri 08 Mar 2024 09:13:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:19:b7:d2:0e:b1:05:eb:53:b3:e9:78:db:1c:1c:49:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e5aaf3d0683dc8a0d58c643826e166d3c28cca9
        Validity
            Not Before: Mar  7 16:21:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b45f78b3f531f7553e125ae3b28faab0877b8fdb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:f8:da:e4:7e:b1:6b:04:8e:74:71:79:f0:b6:
                    04:bd:f2:81:4f:a5:e9:7b:d6:b9:18:96:0a:dc:e0:
                    5b:c8:86:67:61:dd:20:1a:c2:8b:42:83:6f:c8:d5:
                    b5:e4:45:50:2f:3d:2f:ee:6b:02:cc:96:cc:b3:9f:
                    07:63:b5:4b:4d:50:ef:ab:4f:f0:cf:c6:fb:f3:f6:
                    5b:ce:f2:fe:ac:43:83:fa:96:62:d6:0a:0c:c5:af:
                    f0:a4:aa:31:27:cb:42:f9:f9:1e:6a:e6:fc:e2:1c:
                    b6:62:58:a6:87:cb:fe:d8:bf:d6:b6:d6:ac:b1:ab:
                    59:de:63:15:51:40:72:56:00:2b:00:00:f5:f9:26:
                    0a:a8:35:93:e0:98:e3:8a:4c:d4:0f:87:d0:d1:ef:
                    7b:66:32:3f:04:f8:f3:cb:7e:ac:7b:32:c7:50:37:
                    ec:97:6f:74:f1:06:f5:1c:b1:7c:12:1a:98:77:dc:
                    c0:70:fa:de:60:7c:35:b5:18:57:d4:91:90:73:67:
                    73:c0:f8:c3:57:e3:b6:84:6e:06:e2:37:da:2f:03:
                    c5:4d:82:08:46:33:75:01:32:2f:19:10:b9:9b:c5:
                    34:83:8d:b9:d3:a4:07:b9:49:95:3c:ec:9d:a5:40:
                    7a:52:04:b4:91:46:37:50:27:3c:7b:8a:9c:db:37:
                    84:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:5F:78:B3:F5:31:F7:55:3E:12:5A:E3:B2:8F:AA:B0:87:7B:8F:DB
            X509v3 Authority Key Identifier:
                keyid:1E:5A:AF:3D:06:83:DC:8A:0D:58:C6:43:82:6E:16:6D:3C:28:CC:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HlqvPQaD3IoNWMZDgm4WbTwozKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/83df5b-d153-4cb6-baf3-4cd38b758d5c/1/tF94s_Ux91U-Elrjso-qsId7j9s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/83df5b-d153-4cb6-baf3-4cd38b758d5c/1/HlqvPQaD3IoNWMZDgm4WbTwozKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.18.72.0/21
                  185.11.236.0/22
                  185.161.12.0/22
                  185.226.236.0/22
                  193.57.36.0/22
                  194.56.236.0/22
                  194.127.158.0/23
                  194.127.162.0/23
                IPv6:
                  2a00:b5c0::/32
                  2a02:2110::/32
                  2a0c:7a00::/29

    Signature Algorithm: sha256WithRSAEncryption
         41:83:ff:43:e5:d8:0f:e4:08:21:f6:59:62:20:3c:74:56:5b:
         2b:b7:3d:d4:8e:f1:06:ce:2e:4f:02:51:55:d0:52:a1:27:f6:
         70:fe:d8:dc:c0:dc:d8:dc:60:82:f4:c7:5b:a9:fa:79:88:b1:
         28:81:83:1e:37:d3:6d:7f:b1:60:d5:d7:5e:21:66:da:ed:fd:
         2e:88:ad:bf:5f:b5:b4:35:db:27:6e:3f:67:69:88:34:d1:72:
         66:23:89:99:80:9c:7d:51:30:8a:11:54:08:bc:42:7d:b5:51:
         a5:81:c9:e4:d7:c5:e8:2e:c2:cd:5f:b6:e0:5a:21:b9:3d:01:
         52:63:64:27:19:93:86:86:a2:ff:0e:30:6b:5e:c9:06:d0:56:
         f6:2f:0d:83:67:8c:28:f3:46:fb:75:80:f4:2c:f0:83:63:e7:
         bc:e6:01:c5:12:2f:4c:2f:6b:d9:b5:f2:a5:06:85:fe:8d:84:
         9e:86:48:bd:1a:12:9f:48:2c:27:7c:c7:17:3b:94:85:7c:15:
         67:8b:d2:77:21:f3:a0:de:d1:e2:7f:b4:8f:1c:c7:1f:45:8e:
         42:52:1a:a9:1e:6d:ad:5a:4d:1f:14:3b:37:96:9c:46:dd:1c:
         ef:b2:a2:4b:4e:aa:c7:08:59:a7:ee:e3:fb:ff:ae:f1:ef:2e:
         2e:15:3b:7b
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAY4Zt9IOsQXrU7PpeNscHEnRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNWFhZjNkMDY4M2RjOGEwZDU4YzY0MzgyNmUxNjZkM2My
OGNjYTkwHhcNMjQwMzA3MTYyMTAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDVmNzhiM2Y1MzFmNzU1M2UxMjVhZTNiMjhmYWFiMDg3N2I4ZmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtvja5H6xawSOdHF58LYEvfKBT6Xp
e9a5GJYK3OBbyIZnYd0gGsKLQoNvyNW15EVQLz0v7msCzJbMs58HY7VLTVDvq0/w
z8b78/ZbzvL+rEOD+pZi1goMxa/wpKoxJ8tC+fkeaub84hy2Ylimh8v+2L/Wttas
satZ3mMVUUByVgArAAD1+SYKqDWT4JjjikzUD4fQ0e97ZjI/BPjzy36sezLHUDfs
l2908Qb1HLF8EhqYd9zAcPreYHw1tRhX1JGQc2dzwPjDV+O2hG4G4jfaLwPFTYII
RjN1ATIvGRC5m8U0g42506QHuUmVPOydpUB6UgS0kUY3UCc8e4qc2zeErQIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFLRfeLP1MfdVPhJa47KPqrCHe4/bMB8GA1UdIwQY
MBaAFB5arz0Gg9yKDVjGQ4JuFm08KMypMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGxxdlBRYUQzSW9OV01aRGdtNFdiVHdvektrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi84M2RmNWItZDE1My00Y2I2LWJhZjMt
NGNkMzhiNzU4ZDVjLzEvdEY5NHNfVXg5MVUtRWxyanNvLXFzSWQ3ajlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi84M2RmNWItZDE1My00Y2I2LWJhZjMtNGNkMzhiNzU4ZDVj
LzEvSGxxdlBRYUQzSW9OV01aRGdtNFdiVHdvektrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTA2BAIAATAwAwQDLhJIAwQC
uQvsAwQCuaEMAwQCueLsAwQCwTkkAwQCwjjsAwQBwn+eAwQBwn+iMBsEAgACMBUD
BQAqALXAAwUAKgIhEAMFAyoMegAwDQYJKoZIhvcNAQELBQADggEBAEGD/0Pl2A/k
CCH2WWIgPHRWWyu3PdSO8QbOLk8CUVXQUqEn9nD+2NzA3NjcYIL0x1up+nmIsSiB
gx43021/sWDV114hZtrt/S6Irb9ftbQ12yduP2dpiDTRcmYjiZmAnH1RMIoRVAi8
Qn21UaWByeTXxeguws1ftuBaIbk9AVJjZCcZk4aGov8OMGteyQbQVvYvDYNnjCjz
Rvt1gPQs8INj57zmAcUSL0wva9m18qUGhf6NhJ6GSL0aEp9ILCd8xxc7lIV8FWeL
0nch86De0eJ/tI8cxx9FjkJSGqkeba1aTR8UOzeWnEbdHO+yoktOqscIWafu4/v/
rvHvLi4VO3s=
-----END CERTIFICATE-----