Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/lALteSP6345iNQutLLKFDHqlMPw.roa
File:                     lALteSP6345iNQutLLKFDHqlMPw.roa (raw, json)
Hash identifier:          QOhNpXVm5jZ6TNMUvsLIL11XL379vhmQk4mjlPMs0BM=
Subject key identifier:   94:02:ED:79:23:FA:DF:8E:62:35:0B:AD:2C:B2:85:0C:7A:A5:30:FC
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       018CC86F422CB65A89BFBBE491B98BF7E15F
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/lALteSP6345iNQutLLKFDHqlMPw.roa
Signing time:             Tue 02 Jan 2024 04:29:43 +0000
ROA not before:           Tue 02 Jan 2024 04:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60721
IP address blocks:        45.13.189.0/24 maxlen: 24
                          45.13.190.0/24 maxlen: 24
                          5.181.84.0/24 maxlen: 24
                          5.181.85.0/24 maxlen: 24
                          45.151.3.0/24 maxlen: 24
                          5.181.87.0/24 maxlen: 24
                          195.211.188.0/22 maxlen: 24
                          45.88.136.0/23 maxlen: 24
                          85.209.122.0/23 maxlen: 24
                          194.242.97.0/24 maxlen: 24
                          45.144.212.0/24 maxlen: 24
                          45.132.181.0/24 maxlen: 24
                          45.132.182.0/23 maxlen: 24
                          195.177.92.0/24 maxlen: 24
                          195.177.93.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sat 09 Mar 2024 09:32:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:42:2c:b6:5a:89:bf:bb:e4:91:b9:8b:f7:e1:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Jan  2 04:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9402ed7923fadf8e62350bad2cb2850c7aa530fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:69:ac:6c:b1:62:42:68:4c:98:79:24:f3:c8:
                    b0:26:e3:b6:0f:b1:f3:50:a3:94:13:c7:0b:a2:d2:
                    c2:68:a9:51:28:6b:4f:a4:aa:55:ed:20:8c:9b:86:
                    80:6c:6e:99:78:65:0c:eb:1f:35:a7:45:24:ca:4f:
                    1e:79:5f:3e:5a:c7:fc:79:94:fb:9d:f8:9f:aa:fa:
                    e8:19:c2:ef:b1:40:44:f5:26:97:24:91:68:05:be:
                    04:cf:a0:0d:60:c2:bd:96:7a:01:c9:8e:d7:d0:3a:
                    62:8c:99:33:27:fa:dd:a0:c4:2c:3c:b8:a0:d7:9b:
                    c1:6b:bc:25:7b:6c:6e:71:49:8a:2f:bb:61:8e:f1:
                    d2:6c:5d:71:89:9a:00:de:c8:17:33:89:6f:ed:96:
                    93:b0:0d:73:13:40:33:f9:a2:d7:2f:6d:17:64:bf:
                    cb:7d:98:ad:b0:9f:25:9b:24:b7:e4:ee:de:4b:63:
                    eb:08:74:d3:9d:92:e9:19:8b:06:91:dd:cb:e4:6d:
                    e9:a9:8e:77:1d:e9:1b:44:52:ff:6c:b5:49:f7:07:
                    7a:80:d4:0b:fc:da:f1:c5:6d:7f:d5:f9:b3:25:14:
                    c7:ac:11:11:eb:ca:5e:7a:97:62:7a:50:be:0d:be:
                    f6:7c:9a:0c:e0:c2:7c:6b:e7:7c:e0:33:74:b6:4b:
                    5a:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:02:ED:79:23:FA:DF:8E:62:35:0B:AD:2C:B2:85:0C:7A:A5:30:FC
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/lALteSP6345iNQutLLKFDHqlMPw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.84.0/23
                  5.181.87.0/24
                  45.13.189.0-45.13.190.255
                  45.88.136.0/23
                  45.132.181.0-45.132.183.255
                  45.144.212.0/24
                  45.151.3.0/24
                  85.209.122.0/23
                  194.242.97.0/24
                  195.177.92.0/23
                  195.211.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8f:24:bc:1f:54:6b:2d:63:78:6e:0d:6b:f2:c3:de:b2:01:7a:
         f3:f2:3a:b9:a2:a0:37:bb:32:00:70:84:d3:46:ef:e3:b8:0f:
         de:6e:6b:00:f0:d4:ac:37:a9:01:0d:d7:28:b0:be:14:e7:51:
         ee:14:34:99:4d:6f:fc:44:d2:03:37:c1:a1:96:c1:8c:d1:56:
         ce:f5:38:2c:ed:55:72:46:e1:51:af:19:ba:c4:84:32:06:cd:
         03:b0:01:b4:b6:5f:d7:5c:0c:ce:40:10:cf:34:ad:dc:2b:80:
         d9:79:43:8b:53:c6:46:bf:29:98:b8:e9:c1:5a:fc:4f:0a:e1:
         6b:cb:d5:e6:57:6f:c6:58:0b:be:4b:fc:23:b1:42:3e:9d:08:
         45:fe:17:cc:97:a0:2a:58:c0:08:e9:b1:12:b9:8a:11:77:37:
         11:11:c9:3a:5e:b0:ea:a4:cb:d5:77:0d:16:eb:9a:93:36:d3:
         15:36:72:d8:e7:cd:d3:3a:ba:b9:08:06:9a:ab:b3:c7:27:29:
         63:71:13:a8:90:1d:97:14:1a:90:88:9c:41:9d:17:00:fd:6d:
         24:4b:d5:d1:54:b1:e6:87:ae:47:49:74:a6:c6:72:82:cc:ac:
         01:c7:64:04:bd:a5:d7:d2:54:52:ef:27:71:20:dd:8e:4e:43:
         c4:2b:44:ce
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAYzIb0IstlqJv7vkkbmL9+FfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjQwMTAyMDQyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDAyZWQ3OTIzZmFkZjhlNjIzNTBiYWQyY2IyODUwYzdhYTUzMGZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3GmsbLFiQmhMmHkk88iwJuO2D7Hz
UKOUE8cLotLCaKlRKGtPpKpV7SCMm4aAbG6ZeGUM6x81p0Ukyk8eeV8+Wsf8eZT7
nfifqvroGcLvsUBE9SaXJJFoBb4Ez6ANYMK9lnoByY7X0DpijJkzJ/rdoMQsPLig
15vBa7wle2xucUmKL7thjvHSbF1xiZoA3sgXM4lv7ZaTsA1zE0Az+aLXL20XZL/L
fZitsJ8lmyS35O7eS2PrCHTTnZLpGYsGkd3L5G3pqY53HekbRFL/bLVJ9wd6gNQL
/NrxxW1/1fmzJRTHrBER68peepdielC+Db72fJoM4MJ8a+d84DN0tkta0QIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFJQC7Xkj+t+OYjULrSyyhQx6pTD8MB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvbEFMdGVTUDYzNDVpTlF1dExMS0ZESHFsTVB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjBYBAIAATBSAwQBBbVUAwQA
BbVXMAwDBAAtDb0DBAAtDb4DBAEtWIgwDAMEAC2EtQMEAy2EsAMEAC2Q1AMEAC2X
AwMEAVXRegMEAMLyYQMEAcOxXAMEAsPTvDANBgkqhkiG9w0BAQsFAAOCAQEAjyS8
H1RrLWN4bg1r8sPesgF68/I6uaKgN7syAHCE00bv47gP3m5rAPDUrDepAQ3XKLC+
FOdR7hQ0mU1v/ETSAzfBoZbBjNFWzvU4LO1VckbhUa8ZusSEMgbNA7ABtLZf11wM
zkAQzzSt3CuA2XlDi1PGRr8pmLjpwVr8Twrha8vV5ldvxlgLvkv8I7FCPp0IRf4X
zJegKljACOmxErmKEXc3ERHJOl6w6qTL1XcNFuuakzbTFTZy2OfN0zq6uQgGmquz
xycpY3ETqJAdlxQakIicQZ0XAP1tJEvV0VSx5oeuR0l0psZygsysAcdkBL2l19JU
Uu8ncSDdjk5DxCtEzg==
-----END CERTIFICATE-----