Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/00c6c4-ab28-4405-b694-c3d57e2387ca/1/FtKbR38G8zatlZU3bEqhJNlvMZY.roa
File:                     FtKbR38G8zatlZU3bEqhJNlvMZY.roa (raw, json)
Hash identifier:          seqC6Q/fAoPvtv/t2Lje0QFCf3pzBIWjSudnn/oCCfo=
Subject key identifier:   16:D2:9B:47:7F:06:F3:36:AD:95:95:37:6C:4A:A1:24:D9:6F:31:96
Certificate issuer:       /CN=3fe14329b6c1e695011a82406f7af48f4bb10ad4
Certificate serial:       018CC64B206C3295919D0BFB072724CAE742
Authority key identifier: 3F:E1:43:29:B6:C1:E6:95:01:1A:82:40:6F:7A:F4:8F:4B:B1:0A:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-FDKbbB5pUBGoJAb3r0j0uxCtQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/00c6c4-ab28-4405-b694-c3d57e2387ca/1/FtKbR38G8zatlZU3bEqhJNlvMZY.roa
Signing time:             Mon 01 Jan 2024 18:31:01 +0000
ROA not before:           Mon 01 Jan 2024 18:31:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202543
IP address blocks:        185.246.170.0/24 maxlen: 24
                          185.246.169.0/24 maxlen: 24
                          185.246.168.0/24 maxlen: 24
                          45.154.178.0/24 maxlen: 24
                          45.154.177.0/24 maxlen: 24
                          45.154.176.0/24 maxlen: 24
                          45.154.179.0/24 maxlen: 24
                          2a14:2984::/30 maxlen: 30
                          2a0f:3980::/30 maxlen: 30
                          2a14:2980::/30 maxlen: 30
                          2a0f:3984::/30 maxlen: 30
                          2a0f:c300::/30 maxlen: 30
                          2a0f:c304::/30 maxlen: 30

Validation:               Failed, certificate revoked on Thu 22 Feb 2024 11:25:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:20:6c:32:95:91:9d:0b:fb:07:27:24:ca:e7:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fe14329b6c1e695011a82406f7af48f4bb10ad4
        Validity
            Not Before: Jan  1 18:31:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=16d29b477f06f336ad9595376c4aa124d96f3196
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:01:3c:68:0f:26:aa:d8:f9:04:75:be:f0:02:
                    04:42:d6:ae:af:70:46:a9:00:a1:e1:28:7c:7c:75:
                    59:a9:a9:84:4e:97:3f:10:85:89:a2:66:fd:42:fb:
                    df:ee:a5:f3:e1:d5:d7:ca:c6:39:9b:83:f8:66:a6:
                    a2:cd:14:0d:9e:65:6c:08:d9:cf:a7:14:68:5d:6a:
                    78:f9:fa:68:1a:17:81:d2:0b:65:c4:37:f3:97:df:
                    dd:7b:71:db:1a:83:9c:b1:58:81:3b:ec:ab:4d:03:
                    1c:7b:31:f5:d8:24:56:80:26:43:bc:18:0b:5b:82:
                    e6:bb:5d:44:1e:c9:64:1e:67:3d:21:ec:c1:db:ab:
                    9d:9b:00:d5:84:a0:d0:56:1e:2b:3f:9f:b6:17:97:
                    16:9d:1f:12:a2:9d:4e:bd:43:18:6b:7f:cb:f3:ed:
                    da:29:38:ed:95:5b:a5:3c:0c:4e:2b:e1:6c:3a:c3:
                    06:62:02:ce:8c:f0:b5:fa:ac:ed:b7:0c:e0:e5:43:
                    70:fc:90:4a:37:ba:6b:1a:c4:26:00:f3:2a:05:09:
                    6a:fc:58:e6:1c:14:63:48:02:b5:5f:fb:93:2e:69:
                    46:19:2a:8f:2b:3f:82:06:62:54:43:3e:91:d0:e8:
                    fe:37:52:4d:c9:87:16:86:23:7a:be:7a:fa:f4:63:
                    ed:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:D2:9B:47:7F:06:F3:36:AD:95:95:37:6C:4A:A1:24:D9:6F:31:96
            X509v3 Authority Key Identifier:
                keyid:3F:E1:43:29:B6:C1:E6:95:01:1A:82:40:6F:7A:F4:8F:4B:B1:0A:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-FDKbbB5pUBGoJAb3r0j0uxCtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/00c6c4-ab28-4405-b694-c3d57e2387ca/1/FtKbR38G8zatlZU3bEqhJNlvMZY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/00c6c4-ab28-4405-b694-c3d57e2387ca/1/P-FDKbbB5pUBGoJAb3r0j0uxCtQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.176.0/22
                  185.246.168.0-185.246.170.255
                IPv6:
                  2a0f:3980::/29
                  2a0f:c300::/29
                  2a14:2980::/29

    Signature Algorithm: sha256WithRSAEncryption
         87:56:a6:a2:d5:e6:b9:d4:e8:32:b6:5c:65:46:9a:c9:be:97:
         ae:80:14:25:d3:dd:db:4f:54:11:99:c9:f5:9f:5b:a7:4e:a7:
         d7:84:6e:de:15:8e:db:b2:c0:ca:5a:1c:1c:40:f5:8d:13:ab:
         81:a7:cb:fe:24:81:e5:2f:aa:79:a4:7e:66:6f:d7:04:4e:03:
         c3:32:10:33:db:9e:bb:39:f3:4e:e4:43:7b:8d:30:2b:3b:15:
         71:26:4d:0c:0a:46:3e:eb:d5:05:67:10:10:8f:01:9a:10:0d:
         e5:35:7a:51:cc:d3:d1:a5:17:44:88:7e:7b:46:d7:a8:49:32:
         12:e8:cd:dd:3d:15:94:f0:db:45:06:1d:c8:ca:92:84:59:f7:
         a3:ea:4f:39:04:94:1b:12:5b:0c:3e:1d:44:19:23:33:17:80:
         ec:03:01:92:d5:c8:42:a1:71:88:4d:5b:99:66:e4:1a:8e:97:
         60:19:ce:9c:0c:9a:fe:ca:b4:f5:f9:b0:93:23:ef:15:e6:86:
         03:f0:d7:c5:24:44:57:d3:40:6f:ee:52:3d:fa:45:b3:1a:22:
         38:22:54:99:d5:57:eb:66:00:4a:4a:e4:27:90:01:22:1a:e1:
         b1:dd:3a:e6:92:79:0c:38:27:af:b7:4f:ea:2b:e8:09:09:7d:
         2f:7b:4c:8f
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgISAYzGSyBsMpWRnQv7ByckyudCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZTE0MzI5YjZjMWU2OTUwMTFhODI0MDZmN2FmNDhmNGJi
MTBhZDQwHhcNMjQwMTAxMTgzMTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmQyOWI0NzdmMDZmMzM2YWQ5NTk1Mzc2YzRhYTEyNGQ5NmYzMTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkwE8aA8mqtj5BHW+8AIEQtaur3BG
qQCh4Sh8fHVZqamETpc/EIWJomb9Qvvf7qXz4dXXysY5m4P4ZqaizRQNnmVsCNnP
pxRoXWp4+fpoGheB0gtlxDfzl9/de3HbGoOcsViBO+yrTQMcezH12CRWgCZDvBgL
W4Lmu11EHslkHmc9IezB26udmwDVhKDQVh4rP5+2F5cWnR8Sop1OvUMYa3/L8+3a
KTjtlVulPAxOK+FsOsMGYgLOjPC1+qzttwzg5UNw/JBKN7prGsQmAPMqBQlq/Fjm
HBRjSAK1X/uTLmlGGSqPKz+CBmJUQz6R0Oj+N1JNyYcWhiN6vnr69GPtqQIDAQAB
o4ICNDCCAjAwHQYDVR0OBBYEFBbSm0d/BvM2rZWVN2xKoSTZbzGWMB8GA1UdIwQY
MBaAFD/hQym2weaVARqCQG969I9LsQrUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUC1GREtiYkI1cFVCR29KQWIzcjBqMHV4Q3RRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy8wMGM2YzQtYWIyOC00NDA1LWI2OTQt
YzNkNTdlMjM4N2NhLzEvRnRLYlIzOEc4emF0bFpVM2JFcWhKTmx2TVpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy8wMGM2YzQtYWIyOC00NDA1LWI2OTQtYzNkNTdlMjM4N2Nh
LzEvUC1GREtiYkI1cFVCR29KQWIzcjBqMHV4Q3RRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEoGCCsGAQUFBwEHAQH/BDswOTAaBAIAATAUAwQCLZqwMAwD
BAO59qgDBAC59qowGwQCAAIwFQMFAyoPOYADBQMqD8MAAwUDKhQpgDANBgkqhkiG
9w0BAQsFAAOCAQEAh1amotXmudToMrZcZUaayb6XroAUJdPd209UEZnJ9Z9bp06n
14Ru3hWO27LAylocHED1jROrgafL/iSB5S+qeaR+Zm/XBE4DwzIQM9ueuznzTuRD
e40wKzsVcSZNDApGPuvVBWcQEI8BmhAN5TV6UczT0aUXRIh+e0bXqEkyEujN3T0V
lPDbRQYdyMqShFn3o+pPOQSUGxJbDD4dRBkjMxeA7AMBktXIQqFxiE1bmWbkGo6X
YBnOnAya/sq09fmwkyPvFeaGA/DXxSREV9NAb+5SPfpFsxoiOCJUmdVX62YASkrk
J5ABIhrhsd065pJ5DDgnr7dP6ivoCQl9L3tMjw==
-----END CERTIFICATE-----