Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/iRmI1dNQRUIR0gqjQV33pIIKZmo.roa
File:                     iRmI1dNQRUIR0gqjQV33pIIKZmo.roa (raw, json)
Hash identifier:          Fl1+EM91If93+PZYN8BwaX/4MiWi+inCIXrlTXN/zdg=
Subject key identifier:   89:19:88:D5:D3:50:45:42:11:D2:0A:A3:41:5D:F7:A4:82:0A:66:6A
Certificate issuer:       /CN=d8d662dcc6fe3b81ef3de2fca3cfcedc11ebaa43
Certificate serial:       018CC56EFE95ACCB6A0C7D376779E93EDF55
Authority key identifier: D8:D6:62:DC:C6:FE:3B:81:EF:3D:E2:FC:A3:CF:CE:DC:11:EB:AA:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/iRmI1dNQRUIR0gqjQV33pIIKZmo.roa
Signing time:             Mon 01 Jan 2024 14:30:34 +0000
ROA not before:           Mon 01 Jan 2024 14:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51759
IP address blocks:        46.36.108.0/24 maxlen: 24
                          46.36.108.0/23 maxlen: 23
                          46.36.107.0/24 maxlen: 24
                          46.36.106.0/24 maxlen: 24
                          46.36.110.0/24 maxlen: 24
                          46.36.109.0/24 maxlen: 24
                          46.36.97.0/24 maxlen: 24
                          46.36.96.0/23 maxlen: 23
                          46.36.96.0/24 maxlen: 24
                          46.36.102.0/24 maxlen: 24
                          46.36.101.0/24 maxlen: 24
                          46.36.100.0/24 maxlen: 24
                          46.36.100.0/22 maxlen: 22
                          46.36.105.0/24 maxlen: 24
                          46.36.104.0/22 maxlen: 22
                          46.36.104.0/24 maxlen: 24
                          46.36.103.0/24 maxlen: 24
                          46.36.102.0/23 maxlen: 23

Validation:               Failed, certificate revoked on Mon 29 Jan 2024 12:16:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:fe:95:ac:cb:6a:0c:7d:37:67:79:e9:3e:df:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8d662dcc6fe3b81ef3de2fca3cfcedc11ebaa43
        Validity
            Not Before: Jan  1 14:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=891988d5d350454211d20aa3415df7a4820a666a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:38:a6:14:5f:1e:ae:28:3b:34:66:82:f0:6a:
                    8c:02:dc:6c:11:68:33:b2:72:01:55:8c:9c:d7:28:
                    7c:f7:77:da:bc:d8:93:5a:06:07:cb:5f:de:1a:7b:
                    ee:89:8d:a1:be:2c:ed:b0:8f:d8:7c:a0:1d:6b:8d:
                    53:f6:b0:18:35:90:19:e5:53:2c:98:4d:07:5c:d7:
                    10:ee:ec:73:b0:ce:51:d2:bb:f1:b5:5f:4b:42:f2:
                    cc:b2:35:d1:95:be:e8:b5:5a:b8:52:d3:cd:a3:87:
                    4e:7a:c7:f7:7d:58:9e:c7:48:d3:15:92:37:44:4f:
                    a8:69:e5:e4:48:50:12:84:bf:28:2c:63:ae:4d:8e:
                    8a:7b:b5:69:7b:5c:64:24:99:d9:a2:0b:cd:22:5a:
                    d3:70:9e:e0:3d:fd:6f:4b:14:f2:81:c7:02:7b:a1:
                    27:91:0f:9d:7a:0c:8d:20:b7:ab:7d:ac:a5:bc:7c:
                    ed:e7:b9:17:c1:37:88:99:a9:c5:db:11:53:0f:4f:
                    d7:95:3c:95:34:ba:62:14:a1:f1:4b:39:33:cc:d3:
                    fb:e0:22:60:50:cb:ac:6b:90:78:9c:eb:2c:6b:d5:
                    1d:70:12:35:40:c9:a6:3f:6b:2d:98:ed:4b:43:00:
                    d9:7d:c2:0a:42:4a:d5:4c:dc:5a:56:30:67:26:d9:
                    cf:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:19:88:D5:D3:50:45:42:11:D2:0A:A3:41:5D:F7:A4:82:0A:66:6A
            X509v3 Authority Key Identifier:
                keyid:D8:D6:62:DC:C6:FE:3B:81:EF:3D:E2:FC:A3:CF:CE:DC:11:EB:AA:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/iRmI1dNQRUIR0gqjQV33pIIKZmo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.36.96.0/23
                  46.36.100.0-46.36.110.255

    Signature Algorithm: sha256WithRSAEncryption
         9a:de:c2:e9:60:82:3b:3e:4c:54:94:44:94:51:1a:a0:86:d5:
         88:b1:b7:3c:64:f8:c8:32:92:64:24:89:6f:d0:2b:73:7d:d7:
         14:75:f2:68:39:56:cf:e6:0f:ed:d9:c2:a4:fa:be:30:5a:18:
         9f:33:ad:1d:0a:f4:e2:77:94:c7:ad:c3:2e:fa:fd:bb:0a:6e:
         40:fb:06:ab:48:bd:35:25:8f:00:4b:4b:94:d1:7c:d5:c4:5b:
         1e:97:17:de:83:30:da:ee:a2:3a:9c:a1:9b:5d:b0:92:7b:ec:
         70:de:e4:00:c3:7f:41:5d:86:8e:91:4a:e6:78:aa:49:42:9e:
         cb:c1:ea:80:01:52:ef:af:30:5b:8c:ab:37:d2:ab:80:cf:58:
         f6:1e:b0:f6:e0:66:7a:7a:89:5f:9a:e7:de:2e:fa:a3:11:72:
         0b:a0:8a:32:9e:b2:55:f3:77:95:0c:5f:81:ca:b3:d8:16:38:
         e0:76:39:f1:e5:69:db:be:6b:7b:c8:3b:28:9e:f5:48:06:92:
         51:05:62:cb:d2:5c:ed:cc:5a:42:ad:f9:c4:f3:c3:47:f1:54:
         71:69:f6:b5:6d:5c:14:1e:92:b0:41:2e:a3:47:80:79:60:ea:
         a6:cc:b0:a0:34:f6:74:4d:78:03:e9:16:c3:22:8c:ce:05:0f:
         81:f6:37:eb
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzFbv6VrMtqDH03Z3npPt9VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4ZDY2MmRjYzZmZTNiODFlZjNkZTJmY2EzY2ZjZWRjMTFl
YmFhNDMwHhcNMjQwMTAxMTQzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTE5ODhkNWQzNTA0NTQyMTFkMjBhYTM0MTVkZjdhNDgyMGE2NjZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmTimFF8erig7NGaC8GqMAtxsEWgz
snIBVYyc1yh893favNiTWgYHy1/eGnvuiY2hviztsI/YfKAda41T9rAYNZAZ5VMs
mE0HXNcQ7uxzsM5R0rvxtV9LQvLMsjXRlb7otVq4UtPNo4dOesf3fViex0jTFZI3
RE+oaeXkSFAShL8oLGOuTY6Ke7Vpe1xkJJnZogvNIlrTcJ7gPf1vSxTygccCe6En
kQ+degyNILerfaylvHzt57kXwTeImanF2xFTD0/XlTyVNLpiFKHxSzkzzNP74CJg
UMusa5B4nOssa9UdcBI1QMmmP2stmO1LQwDZfcIKQkrVTNxaVjBnJtnPcwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFIkZiNXTUEVCEdIKo0Fd96SCCmZqMB8GA1UdIwQY
MBaAFNjWYtzG/juB7z3i/KPPztwR66pDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMk5aaTNNYi1PNEh2UGVMOG84X08zQkhycWtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS84OGZmZjUtZGZkOS00MDA4LTk1Yjct
Nzg1ZTU4ODM2NDRkLzEvaVJtSTFkTlFSVUlSMGdxalFWMzNwSUlLWm1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS84OGZmZjUtZGZkOS00MDA4LTk1YjctNzg1ZTU4ODM2NDRk
LzEvMk5aaTNNYi1PNEh2UGVMOG84X08zQkhycWtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQBLiRgMAwD
BAIuJGQDBAAuJG4wDQYJKoZIhvcNAQELBQADggEBAJrewulggjs+TFSURJRRGqCG
1Yixtzxk+MgykmQkiW/QK3N91xR18mg5Vs/mD+3ZwqT6vjBaGJ8zrR0K9OJ3lMet
wy76/bsKbkD7BqtIvTUljwBLS5TRfNXEWx6XF96DMNruojqcoZtdsJJ77HDe5ADD
f0Fdho6RSuZ4qklCnsvB6oABUu+vMFuMqzfSq4DPWPYesPbgZnp6iV+a594u+qMR
cgugijKeslXzd5UMX4HKs9gWOOB2OfHladu+a3vIOyie9UgGklEFYsvSXO3MWkKt
+cTzw0fxVHFp9rVtXBQekrBBLqNHgHlg6qbMsKA09nRNeAPpFsMijM4FD4H2N+s=
-----END CERTIFICATE-----