Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/80c387-b20b-430a-a5e6-6e3074c6c663/1/c0XU94hSEsi5LjZjnp3xxTOqT7g.roa
File:                     c0XU94hSEsi5LjZjnp3xxTOqT7g.roa (raw, json)
Hash identifier:          +JL5VPkCu/i8ZQjRSZcoomRj8L3Mt8nxLle45N3GEKo=
Subject key identifier:   73:45:D4:F7:88:52:12:C8:B9:2E:36:63:9E:9D:F1:C5:33:AA:4F:B8
Certificate issuer:       /CN=4722aea0ef4c0667db819f5d5a3daea6399f038c
Certificate serial:       018D60F26A82F724128F8BDF24345EC78139
Authority key identifier: 47:22:AE:A0:EF:4C:06:67:DB:81:9F:5D:5A:3D:AE:A6:39:9F:03:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RyKuoO9MBmfbgZ9dWj2upjmfA4w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/80c387-b20b-430a-a5e6-6e3074c6c663/1/c0XU94hSEsi5LjZjnp3xxTOqT7g.roa
Signing time:             Wed 31 Jan 2024 19:15:16 +0000
ROA not before:           Wed 31 Jan 2024 19:15:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206892
IP address blocks:        45.95.44.0/22 maxlen: 24
                          94.199.178.0/23 maxlen: 24
                          94.199.179.0/24 maxlen: 24
                          95.140.32.0/24 maxlen: 24
                          95.140.38.0/23 maxlen: 24
                          185.161.72.0/22 maxlen: 24
                          185.199.28.0/22 maxlen: 24
                          185.234.181.0/24 maxlen: 24
                          185.234.182.0/23 maxlen: 24
                          194.39.44.0/22 maxlen: 24
                          195.200.232.0/23 maxlen: 24
                          2a07:c280::/32 maxlen: 33

Validation:               Failed, certificate revoked on Fri 12 Jul 2024 07:37:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:60:f2:6a:82:f7:24:12:8f:8b:df:24:34:5e:c7:81:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4722aea0ef4c0667db819f5d5a3daea6399f038c
        Validity
            Not Before: Jan 31 19:15:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7345d4f7885212c8b92e36639e9df1c533aa4fb8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:39:6a:5e:d1:e7:c9:89:c4:1c:d8:1b:bf:d7:
                    78:73:fd:b3:23:bb:48:f7:37:3f:a6:d1:82:a1:aa:
                    09:db:05:33:92:54:f5:6d:ee:89:92:c8:fd:8b:c8:
                    e2:77:7f:a7:da:a0:99:20:c7:14:d1:9e:c9:18:f2:
                    60:c5:36:b8:3a:cb:76:b2:32:82:8d:62:ad:ac:f0:
                    f3:82:2c:e0:1b:0c:21:1f:45:78:cb:54:70:36:bc:
                    e9:fd:7d:be:9a:df:1d:7a:13:02:95:01:77:b5:21:
                    16:ee:06:ce:bc:f8:bb:4e:de:02:23:42:35:68:1a:
                    96:8a:f4:3f:d1:ae:59:48:21:c2:13:63:2d:6b:f4:
                    d5:4c:cb:0b:28:7f:6d:64:83:1a:af:c3:78:4d:b9:
                    38:57:4c:7d:46:cb:bd:9f:45:76:ca:16:ab:82:26:
                    14:ed:68:0b:87:74:34:19:d1:b6:bc:0d:e8:a6:09:
                    0e:e4:36:55:7c:c3:95:0d:ff:ed:75:0e:35:7e:38:
                    ae:a3:20:7a:8b:7e:ed:05:62:63:67:d7:1e:65:17:
                    63:27:96:00:53:b5:e2:54:f9:ee:46:4e:9d:64:7e:
                    21:67:20:6e:14:d2:98:55:0f:a9:56:d2:ae:2e:0e:
                    c8:c9:2d:2e:03:a6:29:31:80:5e:93:a0:1a:61:01:
                    2c:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:45:D4:F7:88:52:12:C8:B9:2E:36:63:9E:9D:F1:C5:33:AA:4F:B8
            X509v3 Authority Key Identifier:
                keyid:47:22:AE:A0:EF:4C:06:67:DB:81:9F:5D:5A:3D:AE:A6:39:9F:03:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RyKuoO9MBmfbgZ9dWj2upjmfA4w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/80c387-b20b-430a-a5e6-6e3074c6c663/1/c0XU94hSEsi5LjZjnp3xxTOqT7g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/80c387-b20b-430a-a5e6-6e3074c6c663/1/RyKuoO9MBmfbgZ9dWj2upjmfA4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.44.0/22
                  94.199.178.0/23
                  95.140.32.0/24
                  95.140.38.0/23
                  185.161.72.0/22
                  185.199.28.0/22
                  185.234.181.0-185.234.183.255
                  194.39.44.0/22
                  195.200.232.0/23
                IPv6:
                  2a07:c280::/32

    Signature Algorithm: sha256WithRSAEncryption
         74:fc:fa:70:4b:45:da:31:50:0f:f1:e3:00:eb:c9:3a:b6:42:
         79:68:ac:d1:fe:1d:f7:0a:e5:f8:78:f0:d3:ee:ae:53:c4:52:
         8b:69:de:08:4c:87:69:08:e0:57:50:22:6e:5a:2c:87:65:8d:
         b3:84:be:6b:dc:50:59:f8:7a:f0:05:53:2e:89:f4:3d:23:ea:
         94:1a:31:d0:58:75:a6:1b:8a:85:2b:31:d3:ca:da:16:41:9a:
         a4:83:83:1d:0e:d2:c9:b3:7a:3d:72:86:83:62:66:64:22:0a:
         1d:08:42:ec:8d:c1:37:5b:e5:cb:94:8f:3a:9c:01:17:2e:03:
         ff:12:0c:a5:69:2a:11:46:57:08:cd:83:85:57:6f:2d:dd:cc:
         8e:2d:8c:a9:c8:d8:0c:c5:56:46:bc:49:73:bd:ef:b1:30:82:
         e3:85:b8:fc:bb:d7:ad:c3:98:dc:a3:19:4c:c9:09:b3:5c:7b:
         cf:4c:1a:78:91:b8:51:f0:12:80:33:cf:f8:df:17:be:be:65:
         92:63:bd:29:69:01:d7:ee:b7:c4:dc:d9:0f:b1:1a:dc:13:bf:
         3a:99:c3:5e:bb:68:70:22:02:6f:eb:a6:ba:c1:bd:75:8e:54:
         1d:01:29:d1:9d:c2:89:f1:16:6a:be:dc:09:ba:b3:db:67:48:
         c1:e4:2b:b4
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAY1g8mqC9yQSj4vfJDRex4E5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3MjJhZWEwZWY0YzA2NjdkYjgxOWY1ZDVhM2RhZWE2Mzk5
ZjAzOGMwHhcNMjQwMTMxMTkxNTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzQ1ZDRmNzg4NTIxMmM4YjkyZTM2NjM5ZTlkZjFjNTMzYWE0ZmI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgzlqXtHnyYnEHNgbv9d4c/2zI7tI
9zc/ptGCoaoJ2wUzklT1be6Jksj9i8jid3+n2qCZIMcU0Z7JGPJgxTa4Ost2sjKC
jWKtrPDzgizgGwwhH0V4y1RwNrzp/X2+mt8dehMClQF3tSEW7gbOvPi7Tt4CI0I1
aBqWivQ/0a5ZSCHCE2Mta/TVTMsLKH9tZIMar8N4Tbk4V0x9Rsu9n0V2yhargiYU
7WgLh3Q0GdG2vA3opgkO5DZVfMOVDf/tdQ41fjiuoyB6i37tBWJjZ9ceZRdjJ5YA
U7XiVPnuRk6dZH4hZyBuFNKYVQ+pVtKuLg7IyS0uA6YpMYBek6AaYQEsCwIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFHNF1PeIUhLIuS42Y56d8cUzqk+4MB8GA1UdIwQY
MBaAFEcirqDvTAZn24GfXVo9rqY5nwOMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnlLdW9POU1CbWZiZ1o5ZFdqMnVwam1mQTR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi84MGMzODctYjIwYi00MzBhLWE1ZTYt
NmUzMDc0YzZjNjYzLzEvYzBYVTk0aFNFc2k1TGpaam5wM3h4VE9xVDdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi84MGMzODctYjIwYi00MzBhLWE1ZTYtNmUzMDc0YzZjNjYz
LzEvUnlLdW9POU1CbWZiZ1o5ZFdqMnVwam1mQTR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTBEBAIAATA+AwQCLV8sAwQB
XseyAwQAX4wgAwQBX4wmAwQCuaFIAwQCucccMAwDBAC56rUDBAO56rADBALCJywD
BAHDyOgwDQQCAAIwBwMFACoHwoAwDQYJKoZIhvcNAQELBQADggEBAHT8+nBLRdox
UA/x4wDryTq2QnlorNH+HfcK5fh48NPurlPEUotp3ghMh2kI4FdQIm5aLIdljbOE
vmvcUFn4evAFUy6J9D0j6pQaMdBYdaYbioUrMdPK2hZBmqSDgx0O0smzej1yhoNi
ZmQiCh0IQuyNwTdb5cuUjzqcARcuA/8SDKVpKhFGVwjNg4VXby3dzI4tjKnI2AzF
Vka8SXO977EwguOFuPy7163DmNyjGUzJCbNce89MGniRuFHwEoAzz/jfF76+ZZJj
vSlpAdfut8Tc2Q+xGtwTvzqZw167aHAiAm/rprrBvXWOVB0BKdGdwonxFmq+3Am6
s9tnSMHkK7Q=
-----END CERTIFICATE-----