Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/LAf6YZtVlenAZISrAJ1jK70pzKw.roa
File:                     LAf6YZtVlenAZISrAJ1jK70pzKw.roa (raw, json)
Hash identifier:          6NICe9ApONHR2zpMoppKMEKC+SZQY6fx5YEsizzKWvA=
Subject key identifier:   2C:07:FA:61:9B:55:95:E9:C0:64:84:AB:00:9D:63:2B:BD:29:CC:AC
Certificate issuer:       /CN=17067977efd14bc89fb0daba03bb0f600fbb0184
Certificate serial:       0192207718221F5ED8DFD0BD712692E40A5F
Authority key identifier: 17:06:79:77:EF:D1:4B:C8:9F:B0:DA:BA:03:BB:0F:60:0F:BB:01:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/LAf6YZtVlenAZISrAJ1jK70pzKw.roa
Signing time:             Mon 23 Sep 2024 19:58:48 +0000
ROA not before:           Mon 23 Sep 2024 19:58:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202635
IP address blocks:        86.110.32.0/24 maxlen: 24
                          86.110.35.0/24 maxlen: 24
                          86.110.38.0/24 maxlen: 24
                          86.110.39.0/24 maxlen: 24
                          86.110.40.0/24 maxlen: 24
                          86.110.41.0/24 maxlen: 24
                          86.110.43.0/24 maxlen: 24
                          86.110.45.0/24 maxlen: 24
                          185.158.176.0/22 maxlen: 24
                          185.193.60.0/22 maxlen: 24
                          185.244.100.0/22 maxlen: 24

Validation:               Failed, certificate revoked on Fri 18 Oct 2024 09:14:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:20:77:18:22:1f:5e:d8:df:d0:bd:71:26:92:e4:0a:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17067977efd14bc89fb0daba03bb0f600fbb0184
        Validity
            Not Before: Sep 23 19:58:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2c07fa619b5595e9c06484ab009d632bbd29ccac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:f6:9e:18:bb:5a:06:4b:a7:bd:fc:2a:11:86:
                    37:2b:7f:88:b3:a5:0a:9b:b4:f3:eb:3e:b6:e1:bc:
                    02:2b:9f:54:dc:a2:b7:d0:70:07:b9:22:c7:36:c5:
                    21:eb:e7:bb:7d:bd:b6:af:6b:8a:be:22:07:e1:88:
                    62:9a:a2:b6:10:8f:6f:e1:af:71:db:f8:24:e3:00:
                    3c:21:9e:b3:25:ad:67:f0:98:51:64:60:ed:03:8e:
                    1f:9b:29:a5:a4:fe:89:25:3e:b4:00:06:5e:21:1b:
                    dc:9f:1a:e8:75:9a:9c:f3:41:4c:ad:c4:e5:b3:25:
                    84:6a:60:19:8b:99:02:63:f7:10:cc:d9:04:db:f3:
                    9f:29:ba:04:b9:87:91:8b:d0:e2:8f:2c:91:d7:0b:
                    27:67:3a:31:16:9f:d2:9e:c0:ce:bf:0c:da:78:b8:
                    33:3b:a5:3d:52:d1:28:d3:7b:f6:6d:46:c6:93:97:
                    88:8e:b6:0c:df:57:f9:3f:16:6e:ec:cb:30:43:6c:
                    06:ac:c4:0b:c3:43:90:1b:82:71:f4:09:6e:c6:45:
                    9b:53:d1:27:7c:d4:83:c3:7e:72:97:be:36:a5:b2:
                    e2:1f:50:3d:e1:ea:a5:94:63:84:62:46:21:0e:fc:
                    87:a7:6c:c5:3a:16:22:d7:ec:01:9f:9b:22:47:7d:
                    f8:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:07:FA:61:9B:55:95:E9:C0:64:84:AB:00:9D:63:2B:BD:29:CC:AC
            X509v3 Authority Key Identifier:
                keyid:17:06:79:77:EF:D1:4B:C8:9F:B0:DA:BA:03:BB:0F:60:0F:BB:01:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/LAf6YZtVlenAZISrAJ1jK70pzKw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.110.32.0/24
                  86.110.35.0/24
                  86.110.38.0-86.110.41.255
                  86.110.43.0/24
                  86.110.45.0/24
                  185.158.176.0/22
                  185.193.60.0/22
                  185.244.100.0/22

    Signature Algorithm: sha256WithRSAEncryption
         04:1e:80:59:ec:11:cd:20:d2:07:37:eb:d3:c3:a9:1b:52:d8:
         c5:3b:f5:cc:6f:19:22:7d:0d:fb:2b:8c:77:2c:7d:56:3b:b8:
         31:7e:50:0f:d9:09:c3:1f:37:35:77:5a:4e:ae:fa:35:37:1f:
         13:fa:fe:7c:76:9e:47:36:f5:ae:86:6d:56:48:07:83:85:57:
         b9:51:9a:d3:d6:4a:da:bd:cd:7f:ad:50:4b:cb:9b:0f:ae:49:
         d8:5e:dc:95:c1:cd:ea:81:3f:17:f7:78:b2:09:af:fb:44:3b:
         fa:82:f5:e5:5f:81:d9:bb:cf:13:7a:64:b1:5c:91:15:22:13:
         75:7e:9a:d8:2f:97:9a:93:83:d7:e7:82:c9:05:57:a2:3a:7a:
         8c:c9:5f:18:8d:33:dd:fc:f1:20:5d:fa:3d:82:ba:6a:94:74:
         20:1e:98:3c:c1:3f:ae:ba:74:02:d8:74:95:10:b9:0e:7d:3f:
         a1:f1:28:14:5e:24:fa:81:de:26:23:eb:91:8a:bd:cd:3c:c8:
         03:e5:67:0d:85:fc:cb:d5:ca:c2:f4:c6:86:28:ef:b1:62:25:
         56:03:38:22:ea:e5:a1:66:a2:69:b2:ce:ff:1e:3d:57:03:4a:
         7f:97:98:2f:52:22:b8:32:99:d7:79:0a:84:6f:b2:d6:9a:b8:
         c9:5b:de:bf
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAZIgdxgiH17Y39C9cSaS5ApfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3MDY3OTc3ZWZkMTRiYzg5ZmIwZGFiYTAzYmIwZjYwMGZi
YjAxODQwHhcNMjQwOTIzMTk1ODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzA3ZmE2MTliNTU5NWU5YzA2NDg0YWIwMDlkNjMyYmJkMjljY2FjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPaeGLtaBkunvfwqEYY3K3+Is6UK
m7Tz6z624bwCK59U3KK30HAHuSLHNsUh6+e7fb22r2uKviIH4YhimqK2EI9v4a9x
2/gk4wA8IZ6zJa1n8JhRZGDtA44fmymlpP6JJT60AAZeIRvcnxrodZqc80FMrcTl
syWEamAZi5kCY/cQzNkE2/OfKboEuYeRi9DijyyR1wsnZzoxFp/SnsDOvwzaeLgz
O6U9UtEo03v2bUbGk5eIjrYM31f5PxZu7MswQ2wGrMQLw0OQG4Jx9AluxkWbU9En
fNSDw35yl742pbLiH1A94eqllGOEYkYhDvyHp2zFOhYi1+wBn5siR3345QIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFCwH+mGbVZXpwGSEqwCdYyu9KcysMB8GA1UdIwQY
MBaAFBcGeXfv0UvIn7DaugO7D2APuwGEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRndaNWQtX1JTOGlmc05xNkE3c1BZQS03QVlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9lMWFkN2EtMTJlNy00ZmQwLWI2MWUt
ZDFhNzc3MmRiMDc2LzEvTEFmNlladFZsZW5BWklTckFKMWpLNzBwekt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9lMWFkN2EtMTJlNy00ZmQwLWI2MWUtZDFhNzc3MmRiMDc2
LzEvRndaNWQtX1JTOGlmc05xNkE3c1BZQS03QVlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQAVm4gAwQA
Vm4jMAwDBAFWbiYDBAFWbigDBABWbisDBABWbi0DBAK5nrADBAK5wTwDBAK59GQw
DQYJKoZIhvcNAQELBQADggEBAAQegFnsEc0g0gc369PDqRtS2MU79cxvGSJ9Dfsr
jHcsfVY7uDF+UA/ZCcMfNzV3Wk6u+jU3HxP6/nx2nkc29a6GbVZIB4OFV7lRmtPW
Stq9zX+tUEvLmw+uSdhe3JXBzeqBPxf3eLIJr/tEO/qC9eVfgdm7zxN6ZLFckRUi
E3V+mtgvl5qTg9fngskFV6I6eozJXxiNM9388SBd+j2CumqUdCAemDzBP666dALY
dJUQuQ59P6HxKBReJPqB3iYj65GKvc08yAPlZw2F/MvVysL0xoYo77FiJVYDOCLq
5aFmommyzv8ePVcDSn+XmC9SIrgymdd5CoRvstaauMlb3r8=
-----END CERTIFICATE-----