Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/tu3wuOZ2toAhxgUHNKfY3eg6qDY.roa
File:                     tu3wuOZ2toAhxgUHNKfY3eg6qDY.roa (raw, json)
Hash identifier:          2GBIxfVljZTrRGTuATEm0lGWHCzLAc8llCNjMSynRE4=
Subject key identifier:   B6:ED:F0:B8:E6:76:B6:80:21:C6:05:07:34:A7:D8:DD:E8:3A:A8:36
Certificate issuer:       /CN=d8d662dcc6fe3b81ef3de2fca3cfcedc11ebaa43
Certificate serial:       018D793AD7619916982AF04851B4A98D4FD7
Authority key identifier: D8:D6:62:DC:C6:FE:3B:81:EF:3D:E2:FC:A3:CF:CE:DC:11:EB:AA:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/tu3wuOZ2toAhxgUHNKfY3eg6qDY.roa
Signing time:             Mon 05 Feb 2024 12:25:15 +0000
ROA not before:           Mon 05 Feb 2024 12:25:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51759
IP address blocks:        46.36.96.0/23 maxlen: 23
                          46.36.96.0/24 maxlen: 24
                          46.36.97.0/24 maxlen: 24
                          46.36.100.0/24 maxlen: 24
                          46.36.103.0/24 maxlen: 24
                          46.36.104.0/22 maxlen: 22
                          46.36.104.0/24 maxlen: 24
                          46.36.105.0/24 maxlen: 24
                          46.36.106.0/24 maxlen: 24
                          46.36.107.0/24 maxlen: 24
                          46.36.108.0/23 maxlen: 23
                          46.36.108.0/24 maxlen: 24
                          46.36.109.0/24 maxlen: 24
                          46.36.110.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 12 Feb 2024 08:02:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:79:3a:d7:61:99:16:98:2a:f0:48:51:b4:a9:8d:4f:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8d662dcc6fe3b81ef3de2fca3cfcedc11ebaa43
        Validity
            Not Before: Feb  5 12:25:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b6edf0b8e676b68021c6050734a7d8dde83aa836
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:40:0f:95:20:1c:d1:91:00:00:81:fd:1d:fd:
                    fa:30:bb:ef:1e:63:75:39:46:b5:2b:3b:60:84:95:
                    c1:e4:d3:77:85:65:0e:80:ae:72:5e:db:e7:81:2b:
                    ee:29:ee:d7:a8:34:b6:5e:fc:9b:8f:09:82:d9:77:
                    24:b5:b5:9d:a7:66:52:8a:c9:d6:19:6c:58:c3:6a:
                    04:0d:bc:4a:fe:e3:81:8b:dc:da:2c:29:97:90:2b:
                    de:f7:ca:50:a4:37:fa:7c:88:d8:d1:ad:97:1f:7a:
                    0e:32:3b:fd:23:d4:c9:54:1b:52:53:81:6e:f4:76:
                    70:19:63:bd:a8:60:df:bb:46:83:dd:6b:dc:ba:4d:
                    c9:ac:b6:eb:a2:12:10:81:88:3f:a3:d8:99:ed:5c:
                    f8:e0:7c:61:4f:77:7f:b3:2c:84:22:dc:c5:df:3d:
                    8d:07:a8:c5:36:cf:21:b3:0e:87:a0:cc:3e:27:47:
                    e3:47:fa:c7:8e:04:1f:a6:cc:45:3f:f5:2a:7b:ca:
                    1a:96:2a:d1:c8:8b:9a:ad:e0:d7:19:a1:48:dc:34:
                    64:cd:4a:ec:69:bf:e7:82:20:de:dc:01:0a:81:53:
                    e1:68:1b:d1:f1:be:2d:6b:c0:21:5b:88:d3:9b:ee:
                    c1:58:e3:d1:d3:ad:c4:d5:df:a7:62:8a:ca:bf:61:
                    a2:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:ED:F0:B8:E6:76:B6:80:21:C6:05:07:34:A7:D8:DD:E8:3A:A8:36
            X509v3 Authority Key Identifier:
                keyid:D8:D6:62:DC:C6:FE:3B:81:EF:3D:E2:FC:A3:CF:CE:DC:11:EB:AA:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/tu3wuOZ2toAhxgUHNKfY3eg6qDY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.36.96.0/23
                  46.36.100.0/24
                  46.36.103.0-46.36.110.255

    Signature Algorithm: sha256WithRSAEncryption
         a6:70:bb:95:25:f5:3c:fe:b0:4c:1d:af:c2:81:29:28:d8:b3:
         13:54:c5:3d:31:7e:b9:a5:14:84:ac:db:e1:f2:13:b2:05:a9:
         18:e2:57:2a:46:a9:27:07:85:c2:ec:7d:65:4c:46:28:92:fb:
         a7:1e:2f:62:f5:72:a9:07:76:bd:44:4c:66:98:f9:84:d2:e7:
         96:00:54:bb:97:b6:33:10:08:9b:ad:71:5f:c9:2a:9f:7e:fd:
         a7:e6:e8:c1:30:a6:80:14:81:cc:88:41:6d:75:22:bc:98:e6:
         cc:21:66:3d:85:8c:ba:3e:2a:d1:a8:5e:2d:be:9a:c4:9b:54:
         89:9f:12:e3:84:ce:05:06:e3:49:48:80:18:7e:73:d2:58:4c:
         a9:2e:b1:89:cc:8e:8d:42:4d:17:4e:92:d1:b7:2d:c7:de:3c:
         bd:dc:44:8e:e9:33:b6:be:6a:c1:bc:b7:cf:c8:c0:0e:35:d5:
         41:90:d2:31:70:6e:0b:54:4c:70:0b:2b:21:f0:76:03:91:3d:
         de:65:12:21:17:96:a6:9e:69:70:7e:49:ef:b8:f2:e8:9a:49:
         a9:d0:13:2c:e9:6d:d2:df:50:64:fe:60:5b:61:bf:30:70:1b:
         50:6b:1d:03:86:9d:ae:d2:2d:a4:b4:d9:0a:01:70:0b:fa:ff:
         39:bf:96:13
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAY15OtdhmRaYKvBIUbSpjU/XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4ZDY2MmRjYzZmZTNiODFlZjNkZTJmY2EzY2ZjZWRjMTFl
YmFhNDMwHhcNMjQwMjA1MTIyNTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmVkZjBiOGU2NzZiNjgwMjFjNjA1MDczNGE3ZDhkZGU4M2FhODM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiUAPlSAc0ZEAAIH9Hf36MLvvHmN1
OUa1KztghJXB5NN3hWUOgK5yXtvngSvuKe7XqDS2XvybjwmC2XcktbWdp2ZSisnW
GWxYw2oEDbxK/uOBi9zaLCmXkCve98pQpDf6fIjY0a2XH3oOMjv9I9TJVBtSU4Fu
9HZwGWO9qGDfu0aD3Wvcuk3JrLbrohIQgYg/o9iZ7Vz44HxhT3d/syyEItzF3z2N
B6jFNs8hsw6HoMw+J0fjR/rHjgQfpsxFP/Uqe8oalirRyIuareDXGaFI3DRkzUrs
ab/ngiDe3AEKgVPhaBvR8b4ta8AhW4jTm+7BWOPR063E1d+nYorKv2GihwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFLbt8LjmdraAIcYFBzSn2N3oOqg2MB8GA1UdIwQY
MBaAFNjWYtzG/juB7z3i/KPPztwR66pDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMk5aaTNNYi1PNEh2UGVMOG84X08zQkhycWtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS84OGZmZjUtZGZkOS00MDA4LTk1Yjct
Nzg1ZTU4ODM2NDRkLzEvdHUzd3VPWjJ0b0FoeGdVSE5LZlkzZWc2cURZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS84OGZmZjUtZGZkOS00MDA4LTk1YjctNzg1ZTU4ODM2NDRk
LzEvMk5aaTNNYi1PNEh2UGVMOG84X08zQkhycWtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQBLiRgAwQA
LiRkMAwDBAAuJGcDBAAuJG4wDQYJKoZIhvcNAQELBQADggEBAKZwu5Ul9Tz+sEwd
r8KBKSjYsxNUxT0xfrmlFISs2+HyE7IFqRjiVypGqScHhcLsfWVMRiiS+6ceL2L1
cqkHdr1ETGaY+YTS55YAVLuXtjMQCJutcV/JKp9+/afm6MEwpoAUgcyIQW11IryY
5swhZj2FjLo+KtGoXi2+msSbVImfEuOEzgUG40lIgBh+c9JYTKkusYnMjo1CTRdO
ktG3LcfePL3cRI7pM7a+asG8t8/IwA411UGQ0jFwbgtUTHALKyHwdgORPd5lEiEX
lqaeaXB+Se+48uiaSanQEyzpbdLfUGT+YFthvzBwG1BrHQOGna7SLaS02QoBcAv6
/zm/lhM=
-----END CERTIFICATE-----