Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/RKm6rbkiYzE83JTBo9eRtQG881U.roa
File:                     RKm6rbkiYzE83JTBo9eRtQG881U.roa (raw, json)
Hash identifier:          tX5DKhy162UQ76DAXT1KpJbgRvciJR8vvKIdQrLs0Uw=
Subject key identifier:   44:A9:BA:AD:B9:22:63:31:3C:DC:94:C1:A3:D7:91:B5:01:BC:F3:55
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       018D4138B496BA9266ADE836CFC3C130345B
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/RKm6rbkiYzE83JTBo9eRtQG881U.roa
Signing time:             Thu 25 Jan 2024 15:24:11 +0000
ROA not before:           Thu 25 Jan 2024 15:24:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35913
IP address blocks:        45.90.145.0/24 maxlen: 24
                          45.90.146.0/24 maxlen: 24
                          45.140.220.0/24 maxlen: 24
                          45.140.221.0/24 maxlen: 24
                          45.154.196.0/22 maxlen: 24
                          77.83.241.0/24 maxlen: 24
                          77.83.243.0/24 maxlen: 24
                          85.202.162.0/24 maxlen: 24
                          178.218.145.0/24 maxlen: 24
                          185.227.71.0/24 maxlen: 24
                          185.234.75.0/24 maxlen: 24
                          185.242.225.0/24 maxlen: 24
                          193.105.177.0/24 maxlen: 24
                          194.56.224.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 21 Mar 2024 16:14:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:41:38:b4:96:ba:92:66:ad:e8:36:cf:c3:c1:30:34:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan 25 15:24:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=44a9baadb92263313cdc94c1a3d791b501bcf355
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:57:41:aa:fe:bb:73:82:43:36:97:40:e2:21:
                    17:4f:c2:91:89:3a:82:52:06:d1:a4:82:ef:00:77:
                    5b:7f:96:d9:f9:79:12:18:2a:f0:b2:e8:85:e6:b8:
                    23:e7:1d:bc:7e:de:4e:57:2f:b0:a8:cb:13:f7:bb:
                    3e:06:c1:41:73:ad:6f:78:a1:7c:41:9d:2f:e6:1a:
                    fc:ed:14:cf:b0:db:61:47:2d:17:43:d5:a5:45:19:
                    ed:94:76:71:ef:6b:1a:4c:b6:95:10:06:c1:ca:ac:
                    b2:0c:85:9b:0e:31:4e:ab:72:05:8a:f0:d8:a0:6e:
                    df:5b:40:1a:48:61:b4:25:62:b3:4b:8f:ba:e0:7f:
                    81:6c:90:93:cf:7a:39:46:51:a1:e9:ce:5d:54:8b:
                    0d:94:dc:06:f4:82:8d:1c:ae:e1:f3:5e:ff:71:36:
                    df:96:09:a5:3f:2a:a0:12:33:ef:ca:99:ff:89:6c:
                    62:d7:7d:fd:f5:b6:29:3b:a6:20:01:07:ed:99:14:
                    be:5e:1f:60:1b:fb:de:ec:df:80:13:28:c5:da:ea:
                    6f:be:c7:e0:f4:74:07:53:a3:44:6f:11:51:16:57:
                    e4:16:d5:94:de:df:03:59:e1:62:5c:88:d7:61:cd:
                    6e:60:6e:6b:7b:2c:a9:f8:e9:60:e1:51:99:92:82:
                    fd:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:A9:BA:AD:B9:22:63:31:3C:DC:94:C1:A3:D7:91:B5:01:BC:F3:55
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/RKm6rbkiYzE83JTBo9eRtQG881U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.90.145.0-45.90.146.255
                  45.140.220.0/23
                  45.154.196.0/22
                  77.83.241.0/24
                  77.83.243.0/24
                  85.202.162.0/24
                  178.218.145.0/24
                  185.227.71.0/24
                  185.234.75.0/24
                  185.242.225.0/24
                  193.105.177.0/24
                  194.56.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c2:de:29:1d:db:33:a2:a0:8d:0c:7a:ab:fa:f2:be:ae:24:7d:
         cc:a8:10:d6:8b:d6:ab:12:ed:9a:cd:3c:91:73:41:4d:f4:19:
         d1:f0:48:94:b3:10:f1:74:7d:2a:07:d7:93:f8:99:27:3e:07:
         6b:9d:5a:4c:dc:b4:43:25:75:4c:3a:5c:59:b4:b3:49:65:ab:
         34:ac:2c:d4:3f:08:87:d0:33:06:4e:01:c9:47:91:17:4c:08:
         1e:ef:f8:9a:0c:dc:ac:24:2a:7e:26:32:c1:9e:97:92:34:80:
         30:53:68:9d:b1:76:90:92:97:38:e2:7c:51:15:1c:c8:43:e3:
         7e:c4:50:ee:22:b2:8c:6c:8a:dc:14:eb:50:a8:11:83:53:24:
         2e:49:f6:b7:e2:47:11:35:ba:1e:89:fb:39:66:96:2d:e9:30:
         11:b7:3c:e6:0c:69:2b:f6:02:b8:25:7a:ca:60:c0:d5:d2:83:
         37:07:b5:22:79:6f:9d:ed:2d:72:a1:78:53:59:ab:e5:66:10:
         14:91:86:e3:4e:c2:e6:75:5b:2a:9d:16:51:8f:16:6a:73:78:
         ec:41:9d:a0:98:ab:7b:b3:92:b4:91:ec:f5:2b:98:ff:1c:8d:
         73:e3:1e:fa:92:74:57:93:c0:30:9d:b7:84:ef:2d:d4:e9:be:
         78:4f:8f:1c
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAY1BOLSWupJmreg2z8PBMDRbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjQwMTI1MTUyNDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGE5YmFhZGI5MjI2MzMxM2NkYzk0YzFhM2Q3OTFiNTAxYmNmMzU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsFdBqv67c4JDNpdA4iEXT8KRiTqC
UgbRpILvAHdbf5bZ+XkSGCrwsuiF5rgj5x28ft5OVy+wqMsT97s+BsFBc61veKF8
QZ0v5hr87RTPsNthRy0XQ9WlRRntlHZx72saTLaVEAbByqyyDIWbDjFOq3IFivDY
oG7fW0AaSGG0JWKzS4+64H+BbJCTz3o5RlGh6c5dVIsNlNwG9IKNHK7h817/cTbf
lgmlPyqgEjPvypn/iWxi13399bYpO6YgAQftmRS+Xh9gG/ve7N+AEyjF2upvvsfg
9HQHU6NEbxFRFlfkFtWU3t8DWeFiXIjXYc1uYG5reyyp+Olg4VGZkoL99wIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFESpuq25ImMxPNyUwaPXkbUBvPNVMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvUkttNnJia2lZekU4M0pUQm85ZVJ0UUc4ODFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDBWBAIAATBQMAwDBAAtWpED
BAAtWpIDBAEtjNwDBAItmsQDBABNU/EDBABNU/MDBABVyqIDBACy2pEDBAC540cD
BAC56ksDBAC58uEDBADBabEDBADCOOAwDQYJKoZIhvcNAQELBQADggEBAMLeKR3b
M6KgjQx6q/ryvq4kfcyoENaL1qsS7ZrNPJFzQU30GdHwSJSzEPF0fSoH15P4mSc+
B2udWkzctEMldUw6XFm0s0llqzSsLNQ/CIfQMwZOAclHkRdMCB7v+JoM3KwkKn4m
MsGel5I0gDBTaJ2xdpCSlzjifFEVHMhD437EUO4isoxsitwU61CoEYNTJC5J9rfi
RxE1uh6J+zlmli3pMBG3POYMaSv2ArglespgwNXSgzcHtSJ5b53tLXKheFNZq+Vm
EBSRhuNOwuZ1WyqdFlGPFmpzeOxBnaCYq3uzkrSR7PUrmP8cjXPjHvqSdFeTwDCd
t4TvLdTpvnhPjxw=
-----END CERTIFICATE-----