Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/1-PGDBN4ypnTH_9QOc52ZvtWB0Z0.roa
File:                     1-PGDBN4ypnTH_9QOc52ZvtWB0Z0.roa (raw, json)
Hash identifier:          pF0BcbRUVZuTt5CLfwj524Nk6vj3IGY6lPOpFuT0b/Q=
Subject key identifier:   F8:F1:83:04:DE:32:A6:74:C7:FF:D4:0E:73:9D:99:BE:D5:81:D1:9D
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       018E991AE569EF2B4FA5A335E3588FA4AD95
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/1-PGDBN4ypnTH_9QOc52ZvtWB0Z0.roa
Signing time:             Mon 01 Apr 2024 10:01:00 +0000
ROA not before:           Mon 01 Apr 2024 10:01:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34665
IP address blocks:        147.45.34.0/24 maxlen: 24
                          147.45.36.0/24 maxlen: 24
                          147.45.65.0/24 maxlen: 24
                          147.45.192.0/24 maxlen: 24
                          147.45.193.0/24 maxlen: 24
                          147.45.207.0/24 maxlen: 24
                          193.233.16.0/24 maxlen: 24
                          193.233.30.0/24 maxlen: 24
                          193.233.61.0/24 maxlen: 24
                          193.233.85.0/24 maxlen: 24
                          193.233.171.0/24 maxlen: 24
                          193.233.175.0/24 maxlen: 24
                          193.233.197.0/24 maxlen: 24
                          193.233.234.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 03 Apr 2024 08:26:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:99:1a:e5:69:ef:2b:4f:a5:a3:35:e3:58:8f:a4:ad:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Apr  1 10:01:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f8f18304de32a674c7ffd40e739d99bed581d19d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:72:a2:11:2b:57:3e:7b:10:ba:d8:ee:3f:4d:
                    41:d4:c8:e2:7a:38:eb:7b:87:b6:89:76:76:84:da:
                    ef:11:95:08:66:6f:cc:7c:f8:c4:85:20:a4:f6:e1:
                    ee:9b:b2:b6:e4:10:7f:0a:69:20:46:23:10:ed:e5:
                    52:e8:ad:6a:1f:9a:07:0c:2c:13:04:01:1a:46:c2:
                    6f:8a:01:ca:75:ba:84:6b:f9:70:6d:23:c5:eb:c9:
                    a8:19:78:95:5d:96:b8:c3:05:6f:af:75:ac:e2:2e:
                    04:b2:58:34:dc:04:24:74:eb:f3:16:5d:2e:5b:64:
                    90:f7:c1:36:a8:e5:22:83:74:5d:2d:6c:1a:a4:4f:
                    ca:f1:fa:58:d3:c0:37:cb:fb:75:f2:94:5c:e1:1d:
                    e1:b1:ee:bd:9d:b1:04:00:4f:9a:d2:06:fa:28:ed:
                    b2:4f:82:99:ce:b8:67:a3:63:8d:a7:dd:fa:74:07:
                    fb:40:21:6b:82:fa:30:61:e3:22:29:fc:1c:97:63:
                    57:78:05:59:13:74:4b:ac:4f:e7:7d:61:d0:b3:6e:
                    64:c1:cb:ea:0c:ff:2f:7a:7c:fc:9a:49:c5:93:14:
                    98:9f:ca:c6:e0:eb:f7:6f:f9:80:7a:51:c6:c3:61:
                    36:ca:66:b7:e2:19:18:73:d4:6f:84:cc:1c:75:3b:
                    f0:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:F1:83:04:DE:32:A6:74:C7:FF:D4:0E:73:9D:99:BE:D5:81:D1:9D
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/1-PGDBN4ypnTH_9QOc52ZvtWB0Z0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.45.34.0/24
                  147.45.36.0/24
                  147.45.65.0/24
                  147.45.192.0/23
                  147.45.207.0/24
                  193.233.16.0/24
                  193.233.30.0/24
                  193.233.61.0/24
                  193.233.85.0/24
                  193.233.171.0/24
                  193.233.175.0/24
                  193.233.197.0/24
                  193.233.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:2e:94:bf:88:29:a4:7c:27:f1:f8:34:60:7c:cb:c3:4d:26:
         d4:06:7e:07:b2:63:a5:e2:77:0d:5d:49:bf:6d:fe:67:c5:1e:
         2a:2d:ca:59:c8:db:f3:05:42:2b:8b:75:b8:68:c0:9c:57:5a:
         ac:5c:f4:c7:0e:7e:54:5b:75:98:a9:bb:4c:50:d7:71:2f:d6:
         7f:3d:49:89:52:08:97:9e:1c:17:8e:66:1c:f8:5e:20:ae:4a:
         a2:2b:90:13:37:b2:ba:55:60:bd:93:0f:27:6a:15:e0:5f:5b:
         84:0c:cc:d7:80:56:4c:f6:0d:89:68:e9:3b:a3:1f:b3:47:78:
         2d:0e:2b:61:d7:29:65:45:a6:94:b5:aa:29:06:56:fb:9e:b4:
         ab:1a:1f:58:ad:64:91:06:e5:c4:ac:bc:7d:f6:c1:cc:1b:ca:
         13:cb:73:7c:d3:71:5d:62:85:78:fa:59:da:f1:94:19:d1:51:
         3a:11:9d:b5:e7:d2:56:da:79:97:ef:fe:3b:cb:c0:d5:f1:d2:
         ff:04:dc:e2:ed:cb:3f:e9:14:bf:37:9a:4e:91:59:ec:a3:13:
         42:7c:af:f0:8d:67:d9:d0:6c:ff:ce:57:fe:b1:66:bb:ba:67:
         f8:46:90:fd:75:a0:5b:f4:a1:9b:52:68:5c:17:c2:3c:3c:fd:
         9e:bb:b4:aa
-----BEGIN CERTIFICATE-----
MIIFRjCCBC6gAwIBAgISAY6ZGuVp7ytPpaM141iPpK2VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjQwNDAxMTAwMTAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGYxODMwNGRlMzJhNjc0YzdmZmQ0MGU3MzlkOTliZWQ1ODFkMTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjXKiEStXPnsQutjuP01B1Mjiejjr
e4e2iXZ2hNrvEZUIZm/MfPjEhSCk9uHum7K25BB/CmkgRiMQ7eVS6K1qH5oHDCwT
BAEaRsJvigHKdbqEa/lwbSPF68moGXiVXZa4wwVvr3Ws4i4Eslg03AQkdOvzFl0u
W2SQ98E2qOUig3RdLWwapE/K8fpY08A3y/t18pRc4R3hse69nbEEAE+a0gb6KO2y
T4KZzrhno2ONp936dAf7QCFrgvowYeMiKfwcl2NXeAVZE3RLrE/nfWHQs25kwcvq
DP8venz8mknFkxSYn8rG4Ov3b/mAelHGw2E2yma34hkYc9RvhMwcdTvwTwIDAQAB
o4ICUjCCAk4wHQYDVR0OBBYEFPjxgwTeMqZ0x//UDnOdmb7VgdGdMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvMS1QR0RCTjR5cG5USF85UU9jNTJadnRXQjBaMC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMGMvYWM1OGVhLWM0NTktNDhjYS1iODJiLTRkZWM0ZGFmZWU0
OS8xL2h0Wkl2YnFXVkdHeDZNRWJuZFEyeGhPQ2h6dy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjBnBggrBgEFBQcBBwEB/wRYMFYwVAQCAAEwTgMEAJMtIgME
AJMtJAMEAJMtQQMEAZMtwAMEAJMtzwMEAMHpEAMEAMHpHgMEAMHpPQMEAMHpVQME
AMHpqwMEAMHprwMEAMHpxQMEAMHp6jANBgkqhkiG9w0BAQsFAAOCAQEAYS6Uv4gp
pHwn8fg0YHzLw00m1AZ+B7JjpeJ3DV1Jv23+Z8UeKi3KWcjb8wVCK4t1uGjAnFda
rFz0xw5+VFt1mKm7TFDXcS/Wfz1JiVIIl54cF45mHPheIK5KoiuQEzeyulVgvZMP
J2oV4F9bhAzM14BWTPYNiWjpO6Mfs0d4LQ4rYdcpZUWmlLWqKQZW+560qxofWK1k
kQblxKy8ffbBzBvKE8tzfNNxXWKFePpZ2vGUGdFROhGdtefSVtp5l+/+O8vA1fHS
/wTc4u3LP+kUvzeaTpFZ7KMTQnyv8I1n2dBs/85X/rFmu7pn+EaQ/XWgW/Shm1Jo
XBfCPDz9nru0qg==
-----END CERTIFICATE-----