Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/1d2ef8-a86e-446f-8c35-b833bd9e0b3a/1/4lsZi1rSNEEkW-sfiWsV1tKflvk.roa
File:                     4lsZi1rSNEEkW-sfiWsV1tKflvk.roa (raw, json)
Hash identifier:          L6oO5/Il9N734YauG7fF0EYvmcs/6faVIoiHIrM8Dbk=
Subject key identifier:   E2:5B:19:8B:5A:D2:34:41:24:5B:EB:1F:89:6B:15:D6:D2:9F:96:F9
Certificate issuer:       /CN=0d69e3ee55dd862674d458661ba34908b0617fa1
Certificate serial:       018CC6B91AABEBF0894FD65B1AAC28BB1F64
Authority key identifier: 0D:69:E3:EE:55:DD:86:26:74:D4:58:66:1B:A3:49:08:B0:61:7F:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DWnj7lXdhiZ01FhmG6NJCLBhf6E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/1d2ef8-a86e-446f-8c35-b833bd9e0b3a/1/4lsZi1rSNEEkW-sfiWsV1tKflvk.roa
Signing time:             Mon 01 Jan 2024 20:31:08 +0000
ROA not before:           Mon 01 Jan 2024 20:31:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60294
IP address blocks:        94.31.96.0/20 maxlen: 20
                          185.22.44.0/24 maxlen: 24
                          185.22.44.0/22 maxlen: 22
                          185.22.45.0/24 maxlen: 24
                          94.31.64.0/18 maxlen: 18
                          94.31.80.0/20 maxlen: 20
                          185.7.196.0/22 maxlen: 22
                          185.113.120.0/22 maxlen: 22
                          185.22.140.0/22 maxlen: 22
                          185.158.40.0/22 maxlen: 22
                          185.158.41.0/24 maxlen: 24
                          46.245.216.0/21 maxlen: 21
                          2a00:61e0::/32 maxlen: 32
                          2a03:fc0::/32 maxlen: 32
                          2a00:6020::/32 maxlen: 32

Validation:               Failed, certificate revoked on Thu 25 Apr 2024 12:05:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:1a:ab:eb:f0:89:4f:d6:5b:1a:ac:28:bb:1f:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d69e3ee55dd862674d458661ba34908b0617fa1
        Validity
            Not Before: Jan  1 20:31:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e25b198b5ad23441245beb1f896b15d6d29f96f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:23:e0:91:f7:c0:34:20:8a:e9:11:c4:40:52:
                    86:f4:c6:da:ee:fb:dc:a9:51:49:0e:7a:b7:b3:f0:
                    89:a3:00:c6:26:4a:a1:bd:0c:2c:ef:a2:6e:ea:6d:
                    1e:a2:ff:86:06:5d:6f:2b:9a:15:a7:92:c8:c1:25:
                    0d:91:74:f1:7e:fa:e9:ac:4f:99:2c:9c:6b:0d:99:
                    63:d8:58:61:8b:9e:24:90:1b:f8:fc:8e:03:4a:82:
                    9e:56:70:f4:c1:79:b8:8a:1b:2d:01:13:5e:52:d3:
                    91:9c:e1:16:a3:86:85:5d:ab:a3:ce:97:b2:dd:45:
                    e0:bc:b1:cb:25:d3:4d:cc:f7:73:ff:e4:af:80:b8:
                    9e:c2:04:db:9f:d8:51:c8:27:4c:28:28:3a:6d:a7:
                    d5:8b:0e:76:7e:19:9f:00:dd:61:29:48:d3:85:20:
                    09:22:83:21:ce:47:cb:c9:31:12:3e:be:70:2a:b5:
                    08:ae:9c:c9:ab:65:d4:18:ac:ac:07:47:3d:eb:f0:
                    ed:9e:0f:95:3b:ec:7a:ce:88:d9:92:b6:5c:40:9e:
                    73:b3:dc:cc:35:11:b5:65:3d:fd:e9:5d:a8:2d:c0:
                    5e:12:bf:55:d7:3f:9f:87:3b:ad:8d:51:e6:ef:e5:
                    3d:d2:80:2a:30:85:20:8a:3e:5d:ff:a0:7f:8f:ca:
                    92:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:5B:19:8B:5A:D2:34:41:24:5B:EB:1F:89:6B:15:D6:D2:9F:96:F9
            X509v3 Authority Key Identifier:
                keyid:0D:69:E3:EE:55:DD:86:26:74:D4:58:66:1B:A3:49:08:B0:61:7F:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DWnj7lXdhiZ01FhmG6NJCLBhf6E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/1d2ef8-a86e-446f-8c35-b833bd9e0b3a/1/4lsZi1rSNEEkW-sfiWsV1tKflvk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/1d2ef8-a86e-446f-8c35-b833bd9e0b3a/1/DWnj7lXdhiZ01FhmG6NJCLBhf6E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.245.216.0/21
                  94.31.64.0/18
                  185.7.196.0/22
                  185.22.44.0/22
                  185.22.140.0/22
                  185.113.120.0/22
                  185.158.40.0/22
                IPv6:
                  2a00:6020::/32
                  2a00:61e0::/32
                  2a03:fc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         49:3d:ae:20:40:b0:28:7c:f8:c1:62:a3:7c:bf:5c:c2:c9:01:
         6d:c4:19:fb:af:8d:c4:69:30:81:15:79:9d:79:e8:71:00:82:
         f3:cf:87:6b:b1:70:ba:02:9d:c4:bd:55:dc:89:39:d1:93:13:
         b7:03:fd:f3:14:7f:ad:8f:ce:3c:b2:09:d9:fd:c2:d9:ed:69:
         1a:b9:b3:47:ba:ce:db:e7:41:7b:c1:cb:77:42:dc:f7:47:04:
         17:5e:21:dd:28:02:17:de:c7:83:9d:4a:1f:10:75:1c:cc:a6:
         34:57:d3:aa:6f:52:62:f6:d0:3a:d2:c7:b8:7b:be:35:e4:62:
         4b:c6:2e:9a:d4:e1:37:7c:ca:93:f8:6a:d6:92:66:67:ef:ef:
         b4:67:69:eb:39:49:e5:a0:5a:72:d0:da:7d:d5:ec:6b:31:be:
         27:54:27:79:a7:36:2d:9f:e8:f8:e1:f6:ed:df:e4:25:29:98:
         73:19:13:3d:5d:b3:c1:04:e2:66:a8:db:81:3d:42:cd:e2:23:
         fb:b3:2d:b1:53:71:30:19:20:2c:73:a4:89:6f:38:29:92:80:
         65:ae:9b:91:ab:54:13:5e:6f:9f:2b:87:07:ad:b6:8b:2a:18:
         dd:f8:65:23:b2:88:26:78:3f:8c:83:0e:00:30:9f:21:b3:f1:
         37:23:72:38
-----BEGIN CERTIFICATE-----
MIIFPjCCBCagAwIBAgISAYzGuRqr6/CJT9ZbGqwoux9kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNjllM2VlNTVkZDg2MjY3NGQ0NTg2NjFiYTM0OTA4YjA2
MTdmYTEwHhcNMjQwMTAxMjAzMTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjViMTk4YjVhZDIzNDQxMjQ1YmViMWY4OTZiMTVkNmQyOWY5NmY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnSPgkffANCCK6RHEQFKG9Mba7vvc
qVFJDnq3s/CJowDGJkqhvQws76Ju6m0eov+GBl1vK5oVp5LIwSUNkXTxfvrprE+Z
LJxrDZlj2Fhhi54kkBv4/I4DSoKeVnD0wXm4ihstARNeUtORnOEWo4aFXaujzpey
3UXgvLHLJdNNzPdz/+SvgLiewgTbn9hRyCdMKCg6bafViw52fhmfAN1hKUjThSAJ
IoMhzkfLyTESPr5wKrUIrpzJq2XUGKysB0c96/Dtng+VO+x6zojZkrZcQJ5zs9zM
NRG1ZT396V2oLcBeEr9V1z+fhzutjVHm7+U90oAqMIUgij5d/6B/j8qSrwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFOJbGYta0jRBJFvrH4lrFdbSn5b5MB8GA1UdIwQY
MBaAFA1p4+5V3YYmdNRYZhujSQiwYX+hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFduajdsWGRoaVowMUZobUc2TkpDTEJoZjZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi8xZDJlZjgtYTg2ZS00NDZmLThjMzUt
YjgzM2JkOWUwYjNhLzEvNGxzWmkxclNORUVrVy1zZmlXc1YxdEtmbHZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi8xZDJlZjgtYTg2ZS00NDZmLThjMzUtYjgzM2JkOWUwYjNh
LzEvRFduajdsWGRoaVowMUZobUc2TkpDTEJoZjZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGAGCCsGAQUFBwEHAQH/BFEwTzAwBAIAATAqAwQDLvXYAwQG
Xh9AAwQCuQfEAwQCuRYsAwQCuRaMAwQCuXF4AwQCuZ4oMBsEAgACMBUDBQAqAGAg
AwUAKgBh4AMFACoDD8AwDQYJKoZIhvcNAQELBQADggEBAEk9riBAsCh8+MFio3y/
XMLJAW3EGfuvjcRpMIEVeZ156HEAgvPPh2uxcLoCncS9VdyJOdGTE7cD/fMUf62P
zjyyCdn9wtntaRq5s0e6ztvnQXvBy3dC3PdHBBdeId0oAhfex4OdSh8QdRzMpjRX
06pvUmL20DrSx7h7vjXkYkvGLprU4Td8ypP4ataSZmfv77Rnaes5SeWgWnLQ2n3V
7GsxvidUJ3mnNi2f6Pjh9u3f5CUpmHMZEz1ds8EE4mao24E9Qs3iI/uzLbFTcTAZ
ICxzpIlvOCmSgGWum5GrVBNeb58rhwettosqGN34ZSOyiCZ4P4yDDgAwnyGz8Tcj
cjg=
-----END CERTIFICATE-----