Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/AzCix5Oy0KmMasykxQTGgd7IWEI.roa
File:                     AzCix5Oy0KmMasykxQTGgd7IWEI.roa (raw, json)
Hash identifier:          C7187ocSSiKjljL4NFprZaKV0zinXeFjaQVBpw0nECM=
Subject key identifier:   03:30:A2:C7:93:B2:D0:A9:8C:6A:CC:A4:C5:04:C6:81:DE:C8:58:42
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       018CC8012BF7FB9C6AD91DABB50C41286E5D
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/AzCix5Oy0KmMasykxQTGgd7IWEI.roa
Signing time:             Tue 02 Jan 2024 02:29:29 +0000
ROA not before:           Tue 02 Jan 2024 02:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47814
IP address blocks:        80.81.44.0/24 maxlen: 24
                          80.81.46.0/23 maxlen: 23
                          83.223.139.0/24 maxlen: 24
                          46.19.204.251/32 maxlen: 32
                          46.19.205.0/24 maxlen: 24
                          46.19.206.0/24 maxlen: 24
                          83.223.149.0/24 maxlen: 24
                          94.101.238.0/24 maxlen: 24
                          185.176.116.0/22 maxlen: 22
                          94.101.233.206/32 maxlen: 32
                          2001:1bf8::/29 maxlen: 29

Validation:               Failed, certificate revoked on Mon 25 Mar 2024 19:23:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:2b:f7:fb:9c:6a:d9:1d:ab:b5:0c:41:28:6e:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Jan  2 02:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0330a2c793b2d0a98c6acca4c504c681dec85842
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:31:2d:cc:25:d8:a7:30:88:31:ef:71:44:e9:
                    88:9b:b6:5e:c7:ed:7d:8e:f5:b2:1c:30:ce:26:fb:
                    35:e4:6f:17:70:a3:ab:f6:d6:42:37:62:e0:fb:e6:
                    42:fa:49:3b:cb:81:ad:c7:27:e0:db:bc:a5:f6:40:
                    ef:6c:2a:d1:d8:fe:17:d0:97:a7:b4:28:16:43:7e:
                    4f:c9:7c:c0:73:6b:67:3f:25:a0:87:64:d0:61:7b:
                    37:08:d3:57:1d:6d:ec:91:ac:0a:1b:a3:2a:8c:b4:
                    d8:56:d7:08:b0:4a:36:f5:ef:1e:56:32:aa:ba:cb:
                    f6:7b:a9:7b:cc:d4:52:6b:af:6c:65:a2:d9:55:21:
                    54:b2:0d:1e:74:8c:83:95:7b:0c:2e:4e:ab:39:0c:
                    1b:24:78:fb:c8:e4:54:ac:29:fc:30:38:3a:96:d1:
                    c7:0f:81:ed:4c:52:b9:6b:49:42:8d:5c:42:60:73:
                    46:16:4c:67:59:cc:f3:9f:df:43:61:52:d2:d2:7f:
                    7b:04:07:46:69:32:af:20:8c:52:7f:e8:ef:5a:fc:
                    a5:4d:64:92:a3:b4:28:4e:d4:1f:83:93:86:8a:c1:
                    9a:27:ab:2c:de:ee:04:84:b0:97:3a:c9:76:02:3b:
                    db:07:df:7d:96:0c:d3:6f:a4:34:e7:02:cf:6c:28:
                    39:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:30:A2:C7:93:B2:D0:A9:8C:6A:CC:A4:C5:04:C6:81:DE:C8:58:42
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/AzCix5Oy0KmMasykxQTGgd7IWEI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.19.204.251/32
                  46.19.205.0-46.19.206.255
                  80.81.44.0/24
                  80.81.46.0/23
                  83.223.139.0/24
                  83.223.149.0/24
                  94.101.233.206/32
                  94.101.238.0/24
                  185.176.116.0/22
                IPv6:
                  2001:1bf8::/29

    Signature Algorithm: sha256WithRSAEncryption
         a5:a0:bb:06:f9:0d:a2:a2:e7:15:c1:fe:52:22:aa:18:14:00:
         7c:81:59:a8:4b:a9:8b:15:66:16:bd:0d:a8:26:4c:89:66:67:
         47:a8:cc:94:92:b7:10:18:3b:9f:8e:b6:ba:e8:1c:f6:d9:5e:
         47:53:46:c6:6a:87:69:da:cf:75:3e:3d:22:0b:4b:68:53:57:
         95:10:a0:2c:e3:46:26:87:51:53:bb:d0:81:7b:04:31:6b:4d:
         70:51:5b:e9:af:11:f2:ac:9b:56:46:d4:7e:aa:80:78:82:b6:
         b6:96:7d:8a:50:3d:46:ff:1c:85:b1:a3:46:e9:34:62:f8:83:
         8a:28:3a:e8:66:32:e5:88:6b:0c:f6:4b:67:68:b1:f2:d1:aa:
         96:a4:87:3b:b7:f4:15:e5:cd:48:b0:8d:2f:8a:2c:86:8d:06:
         fa:95:e7:80:72:79:b1:2f:9b:75:41:2d:f3:d5:05:de:d9:00:
         29:19:60:89:88:e3:9b:72:91:c3:4f:73:27:c7:f7:70:e0:f5:
         c0:f2:6a:bc:cd:29:a5:c2:b9:46:d0:9a:85:2d:ed:55:93:55:
         31:de:d6:2e:73:86:68:5c:36:b3:bb:9f:16:84:c5:f2:2d:fa:
         e2:80:08:0a:f3:31:80:51:d8:d2:67:18:b2:59:30:4e:bf:75:
         61:50:b9:60
-----BEGIN CERTIFICATE-----
MIIFRjCCBC6gAwIBAgISAYzIASv3+5xq2R2rtQxBKG5dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjQwMTAyMDIyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzMwYTJjNzkzYjJkMGE5OGM2YWNjYTRjNTA0YzY4MWRlYzg1ODQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzjEtzCXYpzCIMe9xROmIm7Zex+19
jvWyHDDOJvs15G8XcKOr9tZCN2Lg++ZC+kk7y4Gtxyfg27yl9kDvbCrR2P4X0Jen
tCgWQ35PyXzAc2tnPyWgh2TQYXs3CNNXHW3skawKG6MqjLTYVtcIsEo29e8eVjKq
usv2e6l7zNRSa69sZaLZVSFUsg0edIyDlXsMLk6rOQwbJHj7yORUrCn8MDg6ltHH
D4HtTFK5a0lCjVxCYHNGFkxnWczzn99DYVLS0n97BAdGaTKvIIxSf+jvWvylTWSS
o7QoTtQfg5OGisGaJ6ss3u4EhLCXOsl2AjvbB999lgzTb6Q05wLPbCg5EQIDAQAB
o4ICUjCCAk4wHQYDVR0OBBYEFAMwoseTstCpjGrMpMUExoHeyFhCMB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvQXpDaXg1T3kwS21NYXN5a3hRVEdnZDdJV0VJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGgGCCsGAQUFBwEHAQH/BFkwVzBGBAIAATBAAwUALhPM+zAM
AwQALhPNAwQALhPOAwQAUFEsAwQBUFEuAwQAU9+LAwQAU9+VAwUAXmXpzgMEAF5l
7gMEArmwdDANBAIAAjAHAwUDIAEb+DANBgkqhkiG9w0BAQsFAAOCAQEApaC7BvkN
oqLnFcH+UiKqGBQAfIFZqEupixVmFr0NqCZMiWZnR6jMlJK3EBg7n462uugc9tle
R1NGxmqHadrPdT49IgtLaFNXlRCgLONGJodRU7vQgXsEMWtNcFFb6a8R8qybVkbU
fqqAeIK2tpZ9ilA9Rv8chbGjRuk0YviDiig66GYy5YhrDPZLZ2ix8tGqlqSHO7f0
FeXNSLCNL4osho0G+pXngHJ5sS+bdUEt89UF3tkAKRlgiYjjm3KRw09zJ8f3cOD1
wPJqvM0ppcK5RtCahS3tVZNVMd7WLnOGaFw2s7ufFoTF8i364oAICvMxgFHY0mcY
slkwTr91YVC5YA==
-----END CERTIFICATE-----