Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/aa7b33-deeb-4abd-b8d2-5697249f5124/1/TK_xK6zsW0paUnPsWx43Wdy-j5g.roa
File:                     TK_xK6zsW0paUnPsWx43Wdy-j5g.roa (raw, json)
Hash identifier:          XU57BkhtcA//2ehRT42vSyNpfEyiCvYDrJ53hjDTRts=
Subject key identifier:   4C:AF:F1:2B:AC:EC:5B:4A:5A:52:73:EC:5B:1E:37:59:DC:BE:8F:98
Certificate issuer:       /CN=9bff15278f53f7761c2f3d33dd9be77a8a4fbd94
Certificate serial:       018CC9BCD6447B3C2F7DD2554CDDFEB0DB20
Authority key identifier: 9B:FF:15:27:8F:53:F7:76:1C:2F:3D:33:DD:9B:E7:7A:8A:4F:BD:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m_8VJ49T93YcLz0z3ZvneopPvZQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/aa7b33-deeb-4abd-b8d2-5697249f5124/1/TK_xK6zsW0paUnPsWx43Wdy-j5g.roa
Signing time:             Tue 02 Jan 2024 10:34:05 +0000
ROA not before:           Tue 02 Jan 2024 10:34:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12297
IP address blocks:        178.160.245.0/24 maxlen: 24
                          178.160.248.0/22 maxlen: 24
                          178.160.251.0/24 maxlen: 24
                          178.160.252.0/22 maxlen: 24
                          46.70.0.0/15 maxlen: 24
                          87.241.128.0/18 maxlen: 24
                          178.160.192.0/18 maxlen: 24
                          212.73.64.0/19 maxlen: 24
                          2a00:f38:0:111e::/64 maxlen: 64
                          2a00:f38:0:111c::/64 maxlen: 64
                          2a00:f38:0:111d::/64 maxlen: 64
                          2a00:f38::/29 maxlen: 48
                          2a00:f38:0:101d::/64 maxlen: 64
                          2a00:f38::/32 maxlen: 48
                          2a00:f38:0:111f::/64 maxlen: 64
Validation:               Failed, certificate revoked on Thu 02 Jan 2025 11:49:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:d6:44:7b:3c:2f:7d:d2:55:4c:dd:fe:b0:db:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bff15278f53f7761c2f3d33dd9be77a8a4fbd94
        Validity
            Not Before: Jan  2 10:34:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4caff12bacec5b4a5a5273ec5b1e3759dcbe8f98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:59:82:10:fb:7c:48:0e:9b:bf:d5:02:6a:d8:
                    a2:d8:61:74:21:ef:78:2e:50:1d:b7:73:0a:2d:c2:
                    10:9f:d9:4f:dc:1f:ef:04:c2:98:61:f3:5c:46:f1:
                    7a:2b:74:a1:02:6c:f4:8a:89:ed:e4:c9:99:99:6c:
                    cf:10:f2:7e:f7:68:61:01:16:56:37:77:bb:18:47:
                    89:63:06:1f:ad:bb:5c:21:d2:76:28:c5:fa:19:82:
                    1c:2c:ab:e6:8a:16:fc:0f:fd:5f:93:80:ce:64:24:
                    2e:b8:c1:4b:d8:69:32:97:35:1e:d9:49:16:1f:5a:
                    2d:b1:26:96:3e:b8:99:f2:08:d0:d4:e1:34:8b:f1:
                    15:42:7f:cf:56:d1:91:d7:ab:8d:1b:d7:f1:50:e7:
                    2e:31:4b:6c:ee:a0:e8:69:a1:d3:23:73:01:22:c2:
                    22:df:ce:41:ff:66:56:32:42:a0:6c:d6:84:e7:84:
                    ff:ce:a8:58:9c:c3:4f:de:6d:14:70:c2:2c:0e:86:
                    44:d7:1f:99:32:b8:f6:45:1d:a7:4e:80:a8:ff:07:
                    90:7c:1f:5a:f9:88:99:3e:2c:0e:ed:96:a8:d9:f5:
                    33:95:7a:ae:9c:d4:67:7a:ca:5a:d4:32:23:15:d1:
                    16:71:a9:2f:d5:f0:a9:3e:6e:ca:58:3e:cf:86:da:
                    63:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:AF:F1:2B:AC:EC:5B:4A:5A:52:73:EC:5B:1E:37:59:DC:BE:8F:98
            X509v3 Authority Key Identifier:
                keyid:9B:FF:15:27:8F:53:F7:76:1C:2F:3D:33:DD:9B:E7:7A:8A:4F:BD:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m_8VJ49T93YcLz0z3ZvneopPvZQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/aa7b33-deeb-4abd-b8d2-5697249f5124/1/TK_xK6zsW0paUnPsWx43Wdy-j5g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/aa7b33-deeb-4abd-b8d2-5697249f5124/1/m_8VJ49T93YcLz0z3ZvneopPvZQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.70.0.0/15
                  87.241.128.0/18
                  178.160.192.0/18
                  212.73.64.0/19
                IPv6:
                  2a00:f38::/29

    Signature Algorithm: sha256WithRSAEncryption
         44:a8:2e:c8:18:ad:e3:f7:f4:3c:4b:cc:d8:cb:62:31:d6:98:
         76:a6:c9:5d:31:a2:62:07:22:9b:d4:d1:41:78:a9:79:9c:f7:
         fc:c3:86:3e:4b:80:97:f2:53:a8:b8:92:d6:cf:50:49:b4:5d:
         b5:22:bb:b4:da:10:71:92:40:1e:09:49:11:dc:b4:22:34:60:
         b4:64:22:e6:1d:e5:c8:59:1c:6d:30:6a:22:7a:85:1d:ce:5b:
         c8:c4:54:6a:e5:24:6d:25:16:dd:79:fe:d7:df:a8:c7:aa:2c:
         a4:b3:31:a5:9d:0d:70:a3:49:14:b5:34:96:f1:b7:c8:ae:29:
         f8:86:98:38:10:28:cd:4d:df:5a:1d:e0:e3:94:d0:3a:c2:a0:
         7e:36:4d:c3:e1:a7:88:9e:7e:18:03:23:17:57:f1:a6:e7:23:
         25:77:57:ad:f8:41:31:e2:fe:fb:c0:7e:97:fb:13:25:b8:2b:
         ef:9a:e7:d2:f2:b0:d0:48:12:39:ec:97:8b:e4:6e:9f:e0:39:
         c1:e1:ca:44:14:be:7a:24:44:89:8d:c8:37:1c:b7:52:f7:08:
         5d:8b:2d:5b:02:d8:7b:22:6d:74:62:09:cd:69:72:f1:05:6a:
         2d:68:a8:63:a3:4b:d0:61:37:0f:70:0b:8f:fd:a6:c8:26:de:
         4f:da:7c:6d
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAYzJvNZEezwvfdJVTN3+sNsgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliZmYxNTI3OGY1M2Y3NzYxYzJmM2QzM2RkOWJlNzdhOGE0
ZmJkOTQwHhcNMjQwMTAyMTAzNDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2FmZjEyYmFjZWM1YjRhNWE1MjczZWM1YjFlMzc1OWRjYmU4Zjk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnFmCEPt8SA6bv9UCatii2GF0Ie94
LlAdt3MKLcIQn9lP3B/vBMKYYfNcRvF6K3ShAmz0iont5MmZmWzPEPJ+92hhARZW
N3e7GEeJYwYfrbtcIdJ2KMX6GYIcLKvmihb8D/1fk4DOZCQuuMFL2GkylzUe2UkW
H1otsSaWPriZ8gjQ1OE0i/EVQn/PVtGR16uNG9fxUOcuMUts7qDoaaHTI3MBIsIi
385B/2ZWMkKgbNaE54T/zqhYnMNP3m0UcMIsDoZE1x+ZMrj2RR2nToCo/weQfB9a
+YiZPiwO7Zao2fUzlXqunNRnespa1DIjFdEWcakv1fCpPm7KWD7PhtpjOwIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFEyv8Sus7FtKWlJz7FseN1ncvo+YMB8GA1UdIwQY
MBaAFJv/FSePU/d2HC89M92b53qKT72UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbV84Vko0OVQ5M1ljTHowejNadm5lb3BQdlpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy9hYTdiMzMtZGVlYi00YWJkLWI4ZDIt
NTY5NzI0OWY1MTI0LzEvVEtfeEs2enNXMHBhVW5Qc1d4NDNXZHktajVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy9hYTdiMzMtZGVlYi00YWJkLWI4ZDItNTY5NzI0OWY1MTI0
LzEvbV84Vko0OVQ5M1ljTHowejNadm5lb3BQdlpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAdBAIAATAXAwMBLkYDBAZX
8YADBAayoMADBAXUSUAwDQQCAAIwBwMFAyoADzgwDQYJKoZIhvcNAQELBQADggEB
AESoLsgYreP39DxLzNjLYjHWmHamyV0xomIHIpvU0UF4qXmc9/zDhj5LgJfyU6i4
ktbPUEm0XbUiu7TaEHGSQB4JSRHctCI0YLRkIuYd5chZHG0waiJ6hR3OW8jEVGrl
JG0lFt15/tffqMeqLKSzMaWdDXCjSRS1NJbxt8iuKfiGmDgQKM1N31od4OOU0DrC
oH42TcPhp4iefhgDIxdX8abnIyV3V634QTHi/vvAfpf7EyW4K++a59LysNBIEjns
l4vkbp/gOcHhykQUvnokRImNyDcct1L3CF2LLVsC2HsibXRiCc1pcvEFai1oqGOj
S9BhNw9wC4/9psgm3k/afG0=
-----END CERTIFICATE-----