Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/TJuSkuEBQwNQQRUCmW1oG1pv9P0.roa
File:                     TJuSkuEBQwNQQRUCmW1oG1pv9P0.roa (raw, json)
Hash identifier:          Blz/MbuS01tLem9i+RXjEF0p42xIGFqu64Z8yGhNvx0=
Subject key identifier:   4C:9B:92:92:E1:01:43:03:50:41:15:02:99:6D:68:1B:5A:6F:F4:FD
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       018E44599513EB41ECFF502750DA664031C5
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/TJuSkuEBQwNQQRUCmW1oG1pv9P0.roa
Signing time:             Fri 15 Mar 2024 23:01:45 +0000
ROA not before:           Fri 15 Mar 2024 23:01:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9123
IP address blocks:        147.45.101.0/24 maxlen: 24
                          147.45.102.0/24 maxlen: 24
                          147.45.103.0/24 maxlen: 24
                          147.45.104.0/24 maxlen: 24
                          147.45.105.0/24 maxlen: 24
                          147.45.106.0/24 maxlen: 24
                          147.45.107.0/24 maxlen: 24
                          147.45.108.0/24 maxlen: 24
                          147.45.109.0/24 maxlen: 24
                          147.45.110.0/24 maxlen: 24
                          147.45.111.0/24 maxlen: 24
                          147.45.132.0/24 maxlen: 24
                          147.45.133.0/24 maxlen: 24
                          147.45.134.0/24 maxlen: 24
                          147.45.135.0/24 maxlen: 24
                          147.45.144.0/20 maxlen: 24
                          147.45.189.0/24 maxlen: 24
                          147.45.190.0/24 maxlen: 24
                          147.45.191.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 03 Apr 2024 10:34:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:44:59:95:13:eb:41:ec:ff:50:27:50:da:66:40:31:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Mar 15 23:01:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c9b9292e101430350411502996d681b5a6ff4fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:3c:bd:91:3f:a6:c3:2a:97:14:ad:a3:b9:bf:
                    96:fa:02:e5:39:a9:dd:52:11:9a:01:a6:46:34:c3:
                    17:ce:30:7f:ac:ec:a5:0e:08:b9:f4:55:bb:c4:79:
                    e2:5f:a4:5b:52:25:ca:48:5e:92:f1:95:69:28:65:
                    cd:e2:76:73:28:51:bd:53:c9:f4:e2:fc:c1:77:0b:
                    e2:d4:22:5b:91:39:bd:b2:c1:99:28:b1:04:6f:da:
                    56:9a:1e:29:c1:81:1d:1a:a4:f9:b8:8f:75:bd:fa:
                    71:2e:8c:94:95:d3:cc:7f:0e:2a:52:f0:41:80:51:
                    a5:1b:33:93:36:1b:84:3b:07:38:2b:9a:2f:6d:61:
                    ab:fa:a4:b3:53:c1:2c:b1:a5:ad:2c:6c:f2:d5:0e:
                    d3:b6:35:25:5c:d5:17:6f:67:b6:93:21:52:c3:db:
                    05:a5:0b:d8:a8:9f:c1:ae:c9:1e:84:57:bb:df:87:
                    c1:e0:af:6c:55:f7:f2:92:86:5f:63:9d:47:a3:94:
                    47:dd:86:7b:99:d2:b0:89:10:ef:ce:bb:09:a2:e8:
                    e2:81:12:9b:45:0f:bd:d5:ef:29:e1:b5:83:59:b7:
                    dc:9a:14:08:58:fd:bd:f5:59:c5:7e:45:8c:cd:f3:
                    9f:59:5c:e4:9d:06:ec:e6:23:82:4c:06:ee:4e:e0:
                    52:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:9B:92:92:E1:01:43:03:50:41:15:02:99:6D:68:1B:5A:6F:F4:FD
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/TJuSkuEBQwNQQRUCmW1oG1pv9P0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.45.101.0-147.45.111.255
                  147.45.132.0/22
                  147.45.144.0/20
                  147.45.189.0-147.45.191.255

    Signature Algorithm: sha256WithRSAEncryption
         7f:ad:b3:b5:c4:a9:d8:1e:35:6c:66:01:13:05:90:7a:6a:4b:
         06:1e:d1:05:75:09:92:a0:f2:d3:61:a1:07:ef:7e:2a:1b:f9:
         0d:46:11:8b:13:b9:da:be:1f:95:b9:1c:a2:3d:db:dd:da:84:
         a9:a6:92:2c:69:4a:6d:85:e6:03:30:6a:9b:65:78:ed:de:88:
         d4:0e:ab:02:04:d5:b8:11:7b:8e:d1:a3:f8:99:e6:b4:0c:86:
         6f:79:3e:b7:97:f9:fd:1c:9d:15:da:3a:b4:9c:65:78:9b:bd:
         f0:2b:80:fc:4b:0c:a5:ab:a9:3f:e1:40:1e:87:6c:dc:e3:ca:
         32:99:cd:34:99:5b:e9:3a:4f:92:b0:52:05:31:32:23:6e:dc:
         04:fc:c0:4e:3a:b0:57:8b:75:eb:81:af:9f:53:02:10:78:45:
         1b:de:16:7e:07:f7:b5:05:7c:f6:e7:7f:4b:6a:63:7b:94:7a:
         c1:14:d7:4e:45:26:64:34:45:51:89:ec:82:90:60:37:fd:2c:
         7f:8e:a9:17:db:f2:66:0e:df:b8:a2:8d:f6:e0:9a:26:2a:63:
         9a:2b:73:1b:80:b5:30:7b:97:01:8b:c6:b7:98:7c:c1:7f:c1:
         a3:d3:2e:89:26:15:bb:7f:73:95:dd:8d:c7:8d:a1:e8:3b:89:
         35:1b:4d:8f
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAY5EWZUT60Hs/1AnUNpmQDHFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjQwMzE1MjMwMTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzliOTI5MmUxMDE0MzAzNTA0MTE1MDI5OTZkNjgxYjVhNmZmNGZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmTy9kT+mwyqXFK2jub+W+gLlOand
UhGaAaZGNMMXzjB/rOylDgi59FW7xHniX6RbUiXKSF6S8ZVpKGXN4nZzKFG9U8n0
4vzBdwvi1CJbkTm9ssGZKLEEb9pWmh4pwYEdGqT5uI91vfpxLoyUldPMfw4qUvBB
gFGlGzOTNhuEOwc4K5ovbWGr+qSzU8EssaWtLGzy1Q7TtjUlXNUXb2e2kyFSw9sF
pQvYqJ/BrskehFe734fB4K9sVffykoZfY51Ho5RH3YZ7mdKwiRDvzrsJoujigRKb
RQ+91e8p4bWDWbfcmhQIWP299VnFfkWMzfOfWVzknQbs5iOCTAbuTuBSbQIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFEybkpLhAUMDUEEVApltaBtab/T9MB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvVEp1U2t1RUJRd05RUVJVQ21XMW9HMXB2OVAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAuBAIAATAoMAwDBACTLWUD
BASTLWADBAKTLYQDBASTLZAwDAMEAJMtvQMEBpMtgDANBgkqhkiG9w0BAQsFAAOC
AQEAf62ztcSp2B41bGYBEwWQempLBh7RBXUJkqDy02GhB+9+Khv5DUYRixO52r4f
lbkcoj3b3dqEqaaSLGlKbYXmAzBqm2V47d6I1A6rAgTVuBF7jtGj+JnmtAyGb3k+
t5f5/RydFdo6tJxleJu98CuA/EsMpaupP+FAHods3OPKMpnNNJlb6TpPkrBSBTEy
I27cBPzATjqwV4t164Gvn1MCEHhFG94Wfgf3tQV89ud/S2pje5R6wRTXTkUmZDRF
UYnsgpBgN/0sf46pF9vyZg7fuKKN9uCaJipjmitzG4C1MHuXAYvGt5h8wX/Bo9Mu
iSYVu39zld2Nx42h6DuJNRtNjw==
-----END CERTIFICATE-----