Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/1-Qu5nje0LZ8ojr6VkQaS184cVo8.roa
File:                     1-Qu5nje0LZ8ojr6VkQaS184cVo8.roa (raw, json)
Hash identifier:          SXhBVFLCo9LfBcRR/3lPi1xhqj9ESwIoJ767sf0rC+8=
Subject key identifier:   F9:0B:B9:9E:37:B4:2D:9F:28:8E:BE:95:91:06:92:D7:CE:1C:56:8F
Certificate issuer:       /CN=b557ccd43afe816e4953228bf14a75dc29014b8d
Certificate serial:       019362B242D11ED8630D5DB6D48118FBC10D
Authority key identifier: B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/1-Qu5nje0LZ8ojr6VkQaS184cVo8.roa
Signing time:             Mon 25 Nov 2024 09:41:09 +0000
ROA not before:           Mon 25 Nov 2024 09:41:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        45.141.204.0/23 maxlen: 23
                          45.148.51.0/24 maxlen: 24
                          45.149.90.0/23 maxlen: 23
                          194.39.216.0/24 maxlen: 24
                          195.88.191.0/24 maxlen: 24
                          195.88.210.0/24 maxlen: 24
                          2a0c:9e06::/32 maxlen: 32
                          2a0e:a944::/32 maxlen: 32
                          2a0e:a945::/32 maxlen: 32
                          2a0e:a946::/32 maxlen: 32
                          2a0e:a947::/32 maxlen: 32
                          2a0f:3b80::/32 maxlen: 32
                          2a0f:3b81::/32 maxlen: 32
                          2a0f:3b82::/32 maxlen: 32
                          2a0f:3b83::/32 maxlen: 32
Validation:               Failed, certificate revoked on Wed 01 Jan 2025 05:47:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:62:b2:42:d1:1e:d8:63:0d:5d:b6:d4:81:18:fb:c1:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b557ccd43afe816e4953228bf14a75dc29014b8d
        Validity
            Not Before: Nov 25 09:41:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f90bb99e37b42d9f288ebe95910692d7ce1c568f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:35:11:a8:e5:ff:48:66:28:5e:62:d8:95:56:
                    45:a3:55:48:13:2c:50:ec:3e:fd:db:2d:e2:d9:5f:
                    9e:89:19:c3:13:a7:4a:a1:61:42:72:c0:eb:8f:55:
                    5c:b4:b7:02:fc:d0:59:77:e3:1f:9f:d3:87:47:2e:
                    54:ab:3a:e1:ef:38:5c:8f:7b:bc:f5:46:88:e0:f1:
                    b2:3f:53:e4:53:3c:54:70:0a:a7:8f:49:21:64:a1:
                    fc:89:eb:cc:56:57:c8:a7:8e:39:41:8c:79:23:d6:
                    d3:c8:06:f3:fb:9e:3e:0e:4f:9a:cf:57:1e:e8:0a:
                    47:41:33:63:87:bb:62:5b:60:b0:c6:07:91:22:6d:
                    8a:14:6b:30:44:3a:6b:1f:74:d0:ad:13:ff:c4:94:
                    91:a0:fa:c2:08:01:73:62:68:b0:6a:5b:03:d8:00:
                    d9:4b:4a:5d:34:1c:53:b0:47:7d:72:52:76:cb:86:
                    a6:d3:7f:d1:34:a6:5f:4e:63:b1:0a:e5:8d:27:f9:
                    93:d3:91:f6:2f:ff:b8:17:fa:35:8f:85:a0:d4:c5:
                    9a:b9:57:cc:b0:32:19:5e:f9:e7:ef:50:c0:9c:49:
                    f0:24:f8:fd:55:e3:58:fe:0e:55:18:5f:56:e2:9c:
                    76:d2:13:de:e0:22:3d:0d:c7:da:43:23:82:22:52:
                    e3:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:0B:B9:9E:37:B4:2D:9F:28:8E:BE:95:91:06:92:D7:CE:1C:56:8F
            X509v3 Authority Key Identifier:
                keyid:B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/1-Qu5nje0LZ8ojr6VkQaS184cVo8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.204.0/23
                  45.148.51.0/24
                  45.149.90.0/23
                  194.39.216.0/24
                  195.88.191.0/24
                  195.88.210.0/24
                IPv6:
                  2a0c:9e06::/32
                  2a0e:a944::/30
                  2a0f:3b80::/30

    Signature Algorithm: sha256WithRSAEncryption
         30:7b:0b:3c:17:18:f0:1f:c4:44:17:1a:56:1d:46:aa:2a:27:
         57:2d:78:ac:b5:01:4f:80:df:ff:93:81:e9:09:c6:a5:04:9f:
         46:51:82:97:ed:d5:55:ee:c6:23:3e:89:52:5a:38:cf:a4:ea:
         54:9b:01:4f:2c:46:85:34:c6:bb:f6:7e:89:74:ef:6e:c1:78:
         a8:7f:dc:d3:78:57:0d:ec:1f:fa:1b:e2:a1:15:39:62:f7:43:
         ac:ea:26:b1:a1:25:bb:f0:cb:27:47:5a:a1:82:24:ef:6c:ab:
         f8:3b:36:be:fd:87:4f:8b:5d:09:00:ae:03:7c:0c:68:b2:e2:
         2a:d3:96:c3:a4:0c:68:4b:64:fd:89:99:7b:9e:fd:f4:82:6a:
         9e:24:47:26:f3:f8:d0:16:de:67:f7:20:c6:83:37:54:75:49:
         dc:8b:99:52:c6:c8:9c:e9:c3:cf:a7:a9:5c:88:1d:a9:72:66:
         4e:e4:4d:f3:5b:48:33:b3:d6:0b:24:5d:f8:aa:63:97:de:92:
         06:17:53:3a:0c:27:d0:5c:d3:73:f5:24:08:5c:23:7b:bf:ca:
         6e:10:fb:9e:de:aa:18:c8:e8:e5:f7:7d:dc:b5:fd:00:49:38:
         47:5f:bc:f0:41:79:24:17:7d:5b:65:ae:fc:da:06:01:d7:bb:
         5c:9f:cb:09
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAZNiskLRHthjDV221IEY+8ENMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTdjY2Q0M2FmZTgxNmU0OTUzMjI4YmYxNGE3NWRjMjkw
MTRiOGQwHhcNMjQxMTI1MDk0MTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTBiYjk5ZTM3YjQyZDlmMjg4ZWJlOTU5MTA2OTJkN2NlMWM1NjhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArDURqOX/SGYoXmLYlVZFo1VIEyxQ
7D792y3i2V+eiRnDE6dKoWFCcsDrj1VctLcC/NBZd+Mfn9OHRy5Uqzrh7zhcj3u8
9UaI4PGyP1PkUzxUcAqnj0khZKH8ievMVlfIp445QYx5I9bTyAbz+54+Dk+az1ce
6ApHQTNjh7tiW2CwxgeRIm2KFGswRDprH3TQrRP/xJSRoPrCCAFzYmiwalsD2ADZ
S0pdNBxTsEd9clJ2y4am03/RNKZfTmOxCuWNJ/mT05H2L/+4F/o1j4Wg1MWauVfM
sDIZXvnn71DAnEnwJPj9VeNY/g5VGF9W4px20hPe4CI9DcfaQyOCIlLjMwIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFPkLuZ43tC2fKI6+lZEGktfOHFaPMB8GA1UdIwQY
MBaAFLVXzNQ6/oFuSVMii/FKddwpAUuNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUt
NmJjNzU1NzhiNGMzLzEvMS1RdTVuamUwTFo4b2pyNlZrUWFTMTg0Y1ZvOC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMGIvMTkwODQzLTE4MDMtNDQ2Mi1hNzk1LTZiYzc1NTc4YjRj
My8xL3RWZk0xRHItZ1c1SlV5S0w4VXAxM0NrQlM0MC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjBaBggrBgEFBQcBBwEB/wRLMEkwKgQCAAEwJAMEAS2NzAME
AC2UMwMEAS2VWgMEAMIn2AMEAMNYvwMEAMNY0jAbBAIAAjAVAwUAKgyeBgMFAioO
qUQDBQIqDzuAMA0GCSqGSIb3DQEBCwUAA4IBAQAwews8FxjwH8REFxpWHUaqKidX
LXistQFPgN//k4HpCcalBJ9GUYKX7dVV7sYjPolSWjjPpOpUmwFPLEaFNMa79n6J
dO9uwXiof9zTeFcN7B/6G+KhFTli90Os6iaxoSW78MsnR1qhgiTvbKv4Oza+/YdP
i10JAK4DfAxosuIq05bDpAxoS2T9iZl7nv30gmqeJEcm8/jQFt5n9yDGgzdUdUnc
i5lSxsic6cPPp6lciB2pcmZO5E3zW0gzs9YLJF34qmOX3pIGF1M6DCfQXNNz9SQI
XCN7v8puEPue3qoYyOjl933ctf0ASThHX7zwQXkkF31bZa782gYB17tcn8sJ
-----END CERTIFICATE-----