Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/991f1c-999b-4f75-b0bf-5129172b6966/1/6F7d7XtZTZ5obxQ3BF4ndO4UEgI.roa
File:                     6F7d7XtZTZ5obxQ3BF4ndO4UEgI.roa (raw, json)
Hash identifier:          GREPF/ZVUs2RuhRmNS2BYgyh8LyQfCkjwtJLXvO67p0=
Subject key identifier:   E8:5E:DD:ED:7B:59:4D:9E:68:6F:14:37:04:5E:27:74:EE:14:12:02
Certificate issuer:       /CN=b21a3f4af94a580eb9e7b58542a0084b21c2b09b
Certificate serial:       0191934696F66F99D5DD97C30DBB563D351D
Authority key identifier: B2:1A:3F:4A:F9:4A:58:0E:B9:E7:B5:85:42:A0:08:4B:21:C2:B0:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sho_SvlKWA6557WFQqAISyHCsJs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/991f1c-999b-4f75-b0bf-5129172b6966/1/6F7d7XtZTZ5obxQ3BF4ndO4UEgI.roa
Signing time:             Tue 27 Aug 2024 09:59:22 +0000
ROA not before:           Tue 27 Aug 2024 09:59:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216154
IP address blocks:        45.10.172.0/23 maxlen: 23
                          45.10.172.0/24 maxlen: 24
                          45.10.173.0/24 maxlen: 24
                          84.252.102.0/23 maxlen: 23
                          89.150.34.0/23 maxlen: 23
                          89.150.41.0/24 maxlen: 24
                          89.150.59.0/24 maxlen: 24
                          103.90.72.0/23 maxlen: 23
                          103.90.74.0/23 maxlen: 23
                          103.90.74.0/24 maxlen: 24
                          103.90.75.0/24 maxlen: 24
                          2a0c:db40::/32 maxlen: 32
                          2a0c:db40::/48 maxlen: 48

Validation:               Failed, certificate revoked on Wed 04 Sep 2024 08:30:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:93:46:96:f6:6f:99:d5:dd:97:c3:0d:bb:56:3d:35:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b21a3f4af94a580eb9e7b58542a0084b21c2b09b
        Validity
            Not Before: Aug 27 09:59:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e85edded7b594d9e686f1437045e2774ee141202
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:06:2a:ce:50:ce:77:1b:60:a7:1f:e2:0e:5a:
                    d4:e7:28:89:8d:d2:c7:04:08:42:c0:c2:67:1d:48:
                    60:8f:dd:03:f8:96:f3:9b:a1:b6:c9:de:3e:af:34:
                    be:6f:54:b5:7d:81:2d:6f:ac:52:ce:c6:fa:8f:a9:
                    21:eb:77:a0:73:a5:3e:e8:22:9b:af:92:1b:9d:03:
                    43:6b:80:c0:10:3b:86:0c:7e:10:8d:8f:38:1b:b9:
                    37:2e:a9:c8:f8:47:03:28:09:07:34:28:1d:3f:3a:
                    9c:47:1f:74:be:3d:b5:e5:dd:2e:11:da:19:c4:1c:
                    ac:7d:60:2b:94:76:28:95:2d:21:5a:5a:87:9e:64:
                    22:66:94:68:0b:5b:a4:77:fc:6e:59:c4:58:9f:4a:
                    a8:04:12:5f:8c:6d:7e:d8:1c:a3:27:d0:13:1f:b6:
                    ab:6f:8e:bf:30:40:f0:57:80:01:06:79:e6:c4:db:
                    e8:a4:2e:66:24:25:2d:2c:c1:92:85:dd:41:b6:7b:
                    bb:bb:9c:c6:ce:2b:ac:f5:e3:16:3e:56:13:e3:76:
                    2c:fb:fb:88:a5:72:0c:b3:8e:e2:e5:5f:c9:48:54:
                    97:03:99:a5:53:ea:e0:ac:31:2f:d7:6c:d8:0d:0a:
                    98:3b:8c:05:df:24:5c:96:9f:c1:af:7b:40:e1:4e:
                    83:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:5E:DD:ED:7B:59:4D:9E:68:6F:14:37:04:5E:27:74:EE:14:12:02
            X509v3 Authority Key Identifier:
                keyid:B2:1A:3F:4A:F9:4A:58:0E:B9:E7:B5:85:42:A0:08:4B:21:C2:B0:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sho_SvlKWA6557WFQqAISyHCsJs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/991f1c-999b-4f75-b0bf-5129172b6966/1/6F7d7XtZTZ5obxQ3BF4ndO4UEgI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/991f1c-999b-4f75-b0bf-5129172b6966/1/sho_SvlKWA6557WFQqAISyHCsJs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.172.0/23
                  84.252.102.0/23
                  89.150.34.0/23
                  89.150.41.0/24
                  89.150.59.0/24
                  103.90.72.0/22
                IPv6:
                  2a0c:db40::/32

    Signature Algorithm: sha256WithRSAEncryption
         b8:4d:db:d0:32:40:e5:48:6e:cf:88:d9:90:66:d4:99:46:2e:
         b0:d9:31:52:76:4e:8d:fd:98:51:0b:07:f9:db:b5:b8:cc:34:
         9a:b9:24:7e:aa:3f:09:75:db:85:18:a6:d1:b0:2e:c7:75:df:
         49:87:3e:6f:03:bd:fc:10:e9:17:1b:55:97:c7:5a:ab:39:c5:
         16:71:24:25:56:57:de:7c:0f:71:26:d4:ed:a8:3e:75:be:b2:
         e5:bf:b2:02:70:de:d2:69:4c:05:10:87:26:ce:52:d5:30:53:
         8b:55:2b:a3:b3:f7:b2:d8:9c:7e:a1:95:d0:e0:9b:97:56:89:
         14:c6:7b:b0:e5:6f:dc:a4:fd:2d:2d:18:2a:e4:2f:37:68:3d:
         ab:b5:d1:bf:4a:aa:f4:0d:9c:7f:37:44:78:85:74:8a:fa:7f:
         e6:c8:27:14:a1:fb:d6:d4:e3:30:46:cd:45:1b:1b:8e:f4:4e:
         c7:05:7a:dd:f3:17:2b:9e:e8:16:43:d6:ae:54:f7:43:6d:66:
         84:e7:e8:9e:fe:2c:df:bd:f4:d7:d4:3b:34:81:2d:fc:67:d4:
         c2:ac:05:e0:9f:86:9f:d5:9a:e3:4e:85:c1:4a:ba:56:03:8b:
         69:db:d1:d7:7b:95:c1:49:10:df:06:fd:94:fd:43:bb:4a:05:
         84:c8:2a:c0
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAZGTRpb2b5nV3ZfDDbtWPTUdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyMWEzZjRhZjk0YTU4MGViOWU3YjU4NTQyYTAwODRiMjFj
MmIwOWIwHhcNMjQwODI3MDk1OTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODVlZGRlZDdiNTk0ZDllNjg2ZjE0MzcwNDVlMjc3NGVlMTQxMjAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3gYqzlDOdxtgpx/iDlrU5yiJjdLH
BAhCwMJnHUhgj90D+Jbzm6G2yd4+rzS+b1S1fYEtb6xSzsb6j6kh63egc6U+6CKb
r5IbnQNDa4DAEDuGDH4QjY84G7k3LqnI+EcDKAkHNCgdPzqcRx90vj215d0uEdoZ
xBysfWArlHYolS0hWlqHnmQiZpRoC1ukd/xuWcRYn0qoBBJfjG1+2ByjJ9ATH7ar
b46/MEDwV4ABBnnmxNvopC5mJCUtLMGShd1Btnu7u5zGzius9eMWPlYT43Ys+/uI
pXIMs47i5V/JSFSXA5mlU+rgrDEv12zYDQqYO4wF3yRclp/Br3tA4U6DiQIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFOhe3e17WU2eaG8UNwReJ3TuFBICMB8GA1UdIwQY
MBaAFLIaP0r5SlgOuee1hUKgCEshwrCbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2hvX1N2bEtXQTY1NTdXRlFxQUlTeUhDc0pzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS85OTFmMWMtOTk5Yi00Zjc1LWIwYmYt
NTEyOTE3MmI2OTY2LzEvNkY3ZDdYdFpUWjVvYnhRM0JGNG5kTzRVRWdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS85OTFmMWMtOTk5Yi00Zjc1LWIwYmYtNTEyOTE3MmI2OTY2
LzEvc2hvX1N2bEtXQTY1NTdXRlFxQUlTeUhDc0pzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQBLQqsAwQB
VPxmAwQBWZYiAwQAWZYpAwQAWZY7AwQCZ1pIMA0EAgACMAcDBQAqDNtAMA0GCSqG
SIb3DQEBCwUAA4IBAQC4TdvQMkDlSG7PiNmQZtSZRi6w2TFSdk6N/ZhRCwf527W4
zDSauSR+qj8JdduFGKbRsC7Hdd9Jhz5vA738EOkXG1WXx1qrOcUWcSQlVlfefA9x
JtTtqD51vrLlv7ICcN7SaUwFEIcmzlLVMFOLVSujs/ey2Jx+oZXQ4JuXVokUxnuw
5W/cpP0tLRgq5C83aD2rtdG/Sqr0DZx/N0R4hXSK+n/myCcUofvW1OMwRs1FGxuO
9E7HBXrd8xcrnugWQ9auVPdDbWaE5+ie/izfvfTX1Ds0gS38Z9TCrAXgn4af1Zrj
ToXBSrpWA4tp29HXe5XBSRDfBv2U/UO7SgWEyCrA
-----END CERTIFICATE-----