Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/v-4-2eG-3uyDfqUZcvqsQ2oVAAc.roa
File:                     v-4-2eG-3uyDfqUZcvqsQ2oVAAc.roa (raw, json)
Hash identifier:          tQQukwBKIovPWiuRfiYaa1uMSdR6hH6EKpS+TKua/FQ=
Subject key identifier:   BF:EE:3E:D9:E1:BE:DE:EC:83:7E:A5:19:72:FA:AC:43:6A:15:00:07
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       018EA31152B2C3BF6B4AC004473ADF9AE90C
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/v-4-2eG-3uyDfqUZcvqsQ2oVAAc.roa
Signing time:             Wed 03 Apr 2024 08:26:45 +0000
ROA not before:           Wed 03 Apr 2024 08:26:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34665
IP address blocks:        147.45.34.0/24 maxlen: 24
                          147.45.36.0/24 maxlen: 24
                          147.45.65.0/24 maxlen: 24
                          147.45.192.0/24 maxlen: 24
                          147.45.207.0/24 maxlen: 24
                          193.233.16.0/24 maxlen: 24
                          193.233.30.0/24 maxlen: 24
                          193.233.61.0/24 maxlen: 24
                          193.233.85.0/24 maxlen: 24
                          193.233.171.0/24 maxlen: 24
                          193.233.175.0/24 maxlen: 24
                          193.233.197.0/24 maxlen: 24
                          193.233.234.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 30 May 2024 15:13:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a3:11:52:b2:c3:bf:6b:4a:c0:04:47:3a:df:9a:e9:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Apr  3 08:26:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bfee3ed9e1bedeec837ea51972faac436a150007
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:54:7a:d5:e2:ca:82:da:fe:f6:d5:17:f2:cb:
                    88:a4:1b:1a:87:25:d4:94:b9:30:67:d9:8d:81:f6:
                    87:79:62:37:07:8b:50:54:12:d4:9a:a1:d1:10:c9:
                    8f:9c:a5:d4:6f:c3:27:8e:34:23:b7:bc:5b:01:37:
                    ee:f8:f3:6e:c9:4b:10:f6:f7:8c:91:eb:9f:12:56:
                    f2:af:f3:66:c2:fc:5d:f5:1c:ac:4d:29:95:e6:c4:
                    4c:9e:d0:be:b8:31:75:49:a1:ce:aa:ed:1c:72:2d:
                    cc:b1:28:c8:7c:2c:bf:24:00:6b:00:46:61:01:b3:
                    92:80:78:7e:d9:e0:a7:94:bf:82:05:fe:51:14:a3:
                    b6:2c:10:81:ae:75:68:fc:86:97:62:0f:6d:e6:5b:
                    c4:ae:96:af:fe:6c:f1:81:d3:53:03:03:e0:b1:96:
                    bc:65:f6:dd:fd:8a:04:28:a2:8d:f8:46:be:d9:83:
                    4a:b2:c2:e9:47:f6:75:ae:14:2a:35:41:f6:4f:79:
                    14:2d:03:d6:6f:38:b0:13:cc:e8:16:12:d5:70:11:
                    81:a8:ef:79:da:77:d4:91:f0:30:e0:dd:0c:8c:39:
                    9d:1a:cc:e8:27:d4:9b:b7:69:e9:cd:91:56:92:d1:
                    04:5d:4c:20:18:19:78:47:1b:f2:84:8b:f0:82:07:
                    4e:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:EE:3E:D9:E1:BE:DE:EC:83:7E:A5:19:72:FA:AC:43:6A:15:00:07
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/v-4-2eG-3uyDfqUZcvqsQ2oVAAc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.45.34.0/24
                  147.45.36.0/24
                  147.45.65.0/24
                  147.45.192.0/24
                  147.45.207.0/24
                  193.233.16.0/24
                  193.233.30.0/24
                  193.233.61.0/24
                  193.233.85.0/24
                  193.233.171.0/24
                  193.233.175.0/24
                  193.233.197.0/24
                  193.233.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:4d:9d:fa:b2:24:84:80:ac:e8:43:a3:eb:6b:a1:ad:b9:73:
         7a:7b:eb:c9:0e:a5:52:7c:48:0f:c0:17:8d:43:3b:25:99:7c:
         65:e5:f3:5c:13:55:db:c2:6e:e9:8d:dc:59:4f:f0:bd:70:45:
         df:ce:7c:36:f2:b8:4b:27:87:85:25:03:46:48:76:69:05:12:
         12:7d:e4:e9:15:0e:b7:32:e1:58:2c:35:15:13:54:d4:df:a2:
         18:aa:99:d6:e6:87:3c:a5:17:a3:2a:fa:fa:ad:6d:e4:cc:c4:
         65:f8:87:4b:31:5c:9d:4e:83:e3:86:21:b4:5b:f4:9f:cd:6d:
         39:66:a3:33:ff:ec:26:c8:84:46:58:97:bb:5b:60:92:4b:c0:
         db:ec:65:94:b4:0d:c1:fe:54:7f:7f:9a:ed:59:42:32:a5:26:
         86:e9:18:a4:8c:45:fe:0b:26:92:7b:d9:41:44:e8:14:34:66:
         d4:55:96:5e:29:e7:7e:0e:a9:9f:b2:53:27:79:87:55:2b:78:
         e2:b3:0c:0f:15:1f:86:ed:17:b5:58:90:64:2e:3c:06:e0:69:
         65:e2:11:4d:2c:29:ab:b4:b1:f4:06:8f:80:f1:01:dd:9c:50:
         d3:c2:c6:d9:54:c0:33:2d:7f:f2:fe:f1:67:09:5d:d8:a1:40:
         23:6d:03:24
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAY6jEVKyw79rSsAERzrfmukMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjQwNDAzMDgyNjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZmVlM2VkOWUxYmVkZWVjODM3ZWE1MTk3MmZhYWM0MzZhMTUwMDA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqFR61eLKgtr+9tUX8suIpBsahyXU
lLkwZ9mNgfaHeWI3B4tQVBLUmqHREMmPnKXUb8MnjjQjt7xbATfu+PNuyUsQ9veM
keufElbyr/Nmwvxd9RysTSmV5sRMntC+uDF1SaHOqu0cci3MsSjIfCy/JABrAEZh
AbOSgHh+2eCnlL+CBf5RFKO2LBCBrnVo/IaXYg9t5lvErpav/mzxgdNTAwPgsZa8
Zfbd/YoEKKKN+Ea+2YNKssLpR/Z1rhQqNUH2T3kULQPWbziwE8zoFhLVcBGBqO95
2nfUkfAw4N0MjDmdGszoJ9Sbt2npzZFWktEEXUwgGBl4RxvyhIvwggdOWwIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFL/uPtnhvt7sg36lGXL6rENqFQAHMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvdi00LTJlRy0zdXlEZnFVWmN2cXNRMm9WQUFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOAwQAky0iAwQA
ky0kAwQAky1BAwQAky3AAwQAky3PAwQAwekQAwQAwekeAwQAwek9AwQAwelVAwQA
wemrAwQAwemvAwQAwenFAwQAwenqMA0GCSqGSIb3DQEBCwUAA4IBAQAJTZ36siSE
gKzoQ6Pra6GtuXN6e+vJDqVSfEgPwBeNQzslmXxl5fNcE1Xbwm7pjdxZT/C9cEXf
znw28rhLJ4eFJQNGSHZpBRISfeTpFQ63MuFYLDUVE1TU36IYqpnW5oc8pRejKvr6
rW3kzMRl+IdLMVydToPjhiG0W/SfzW05ZqMz/+wmyIRGWJe7W2CSS8Db7GWUtA3B
/lR/f5rtWUIypSaG6RikjEX+CyaSe9lBROgUNGbUVZZeKed+DqmfslMneYdVK3ji
swwPFR+G7Re1WJBkLjwG4Gll4hFNLCmrtLH0Bo+A8QHdnFDTwsbZVMAzLX/y/vFn
CV3YoUAjbQMk
-----END CERTIFICATE-----