Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/a29c67-f24d-4979-b2af-cc41c4a3198d/1/5ozOM0TehedHkpqBwHTiwq6kJnw.roa
File:                     5ozOM0TehedHkpqBwHTiwq6kJnw.roa (raw, json)
Hash identifier:          kYwsnjhFBCrik/aUxmhPZ3EOYpBdVLtZxaExKaHVMHk=
Subject key identifier:   E6:8C:CE:33:44:DE:85:E7:47:92:9A:81:C0:74:E2:C2:AE:A4:26:7C
Certificate issuer:       /CN=bcc63f010c540bcd4554344bfb9a59a2edbabc29
Certificate serial:       018D3C6195C582E0C5B8F9B5353102F109FE
Authority key identifier: BC:C6:3F:01:0C:54:0B:CD:45:54:34:4B:FB:9A:59:A2:ED:BA:BC:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vMY_AQxUC81FVDRL-5pZou26vCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2c/a29c67-f24d-4979-b2af-cc41c4a3198d/1/5ozOM0TehedHkpqBwHTiwq6kJnw.roa
Signing time:             Wed 24 Jan 2024 16:50:44 +0000
ROA not before:           Wed 24 Jan 2024 16:50:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60144
IP address blocks:        45.138.36.0/22 maxlen: 24
                          45.150.76.0/22 maxlen: 24
                          91.215.156.0/22 maxlen: 24
                          146.19.105.0/24 maxlen: 24
                          185.27.236.0/22 maxlen: 24
                          185.53.8.0/22 maxlen: 24
                          185.56.28.0/22 maxlen: 24
                          192.162.136.0/22 maxlen: 24
                          2a02:5060::/32 maxlen: 48
                          2a07:f9c0::/29 maxlen: 48
                          2a12:1680::/29 maxlen: 29
                          2a12:8f00::/29 maxlen: 29

Validation:               Failed, certificate revoked on Thu 01 Feb 2024 00:29:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:3c:61:95:c5:82:e0:c5:b8:f9:b5:35:31:02:f1:09:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bcc63f010c540bcd4554344bfb9a59a2edbabc29
        Validity
            Not Before: Jan 24 16:50:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e68cce3344de85e747929a81c074e2c2aea4267c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:df:fd:6d:26:c8:ce:b4:4d:5b:b4:35:21:83:
                    68:c3:70:ef:25:3e:4d:92:e9:c7:53:88:12:d5:f4:
                    45:8b:03:60:2f:d0:ed:53:3f:87:3f:db:9b:44:34:
                    f6:a2:ad:70:a4:91:f2:c6:00:4c:bb:1c:41:cd:af:
                    76:d2:7e:c4:8d:1e:b9:1e:11:6b:ba:97:63:fa:2d:
                    f8:3e:ef:1a:2e:21:25:02:4c:af:cd:71:ea:5f:18:
                    13:c4:76:7a:01:8e:f4:55:cf:b1:49:04:9f:a5:d6:
                    1f:40:2c:45:bc:51:53:00:f3:a4:5e:eb:32:87:0c:
                    5a:d8:69:48:1c:28:46:83:0b:b0:95:0d:e1:80:2b:
                    6e:90:28:22:e5:82:3e:c3:98:59:95:e1:cb:13:81:
                    c0:c1:a9:98:34:70:91:77:cf:20:09:e8:ec:15:81:
                    a4:2f:db:10:b3:a0:c1:09:bc:50:ce:bf:a1:d6:b2:
                    ec:a3:55:49:3d:34:13:c5:a3:d3:be:be:92:26:62:
                    6f:95:af:ef:ea:87:19:3c:f4:c2:94:44:49:c2:aa:
                    91:b4:b9:da:fc:82:75:16:f0:97:49:38:42:37:6d:
                    b4:70:3f:51:6b:a5:2f:22:8e:ed:57:9f:17:85:46:
                    36:4b:68:59:76:12:c0:f1:9a:b3:e4:94:b6:4a:3e:
                    c3:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:8C:CE:33:44:DE:85:E7:47:92:9A:81:C0:74:E2:C2:AE:A4:26:7C
            X509v3 Authority Key Identifier:
                keyid:BC:C6:3F:01:0C:54:0B:CD:45:54:34:4B:FB:9A:59:A2:ED:BA:BC:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vMY_AQxUC81FVDRL-5pZou26vCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/a29c67-f24d-4979-b2af-cc41c4a3198d/1/5ozOM0TehedHkpqBwHTiwq6kJnw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/a29c67-f24d-4979-b2af-cc41c4a3198d/1/vMY_AQxUC81FVDRL-5pZou26vCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.138.36.0/22
                  45.150.76.0/22
                  91.215.156.0/22
                  146.19.105.0/24
                  185.27.236.0/22
                  185.53.8.0/22
                  185.56.28.0/22
                  192.162.136.0/22
                IPv6:
                  2a02:5060::/32
                  2a07:f9c0::/29
                  2a12:1680::/29
                  2a12:8f00::/29

    Signature Algorithm: sha256WithRSAEncryption
         ae:18:b8:f0:77:ad:58:f0:9a:fd:ff:1d:ba:53:04:82:a0:8b:
         d8:bc:3b:3d:4d:45:0f:d8:5e:90:ee:3e:29:86:9f:81:f2:62:
         4a:98:1e:a9:8e:93:e2:e2:4f:42:59:4f:47:22:c9:af:0c:71:
         d5:11:78:2a:31:a9:30:6c:5e:5f:70:06:d8:ee:66:43:39:32:
         57:ab:de:0e:ed:f3:20:62:1f:63:83:82:ad:61:e8:f1:bf:91:
         48:51:34:18:fa:c9:81:02:9b:25:0a:2c:00:96:15:71:be:48:
         05:b3:6a:45:c0:9a:c8:27:eb:b2:16:97:1c:5d:d9:b4:3f:9b:
         7d:49:a8:d7:72:30:e5:58:e4:97:1f:92:9f:80:9f:e1:43:be:
         f7:91:73:3e:15:17:fe:50:22:02:3e:52:c2:0b:be:cf:9c:21:
         85:5a:0c:bd:15:da:05:d8:c6:63:2e:69:8e:a1:e4:33:6f:f4:
         c2:c3:ec:0f:bc:43:eb:23:95:99:57:0e:b9:7c:d8:0a:a2:1b:
         66:7b:d3:c7:17:dd:cd:33:e5:2d:30:86:d2:5c:89:94:2c:09:
         61:69:46:7f:fd:19:07:49:18:ee:43:14:69:2a:61:f7:3e:ff:
         c3:6b:0e:9c:01:6a:6c:19:b3:2c:d6:6b:99:e0:af:41:9f:0d:
         b6:b7:29:65
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAY08YZXFguDFuPm1NTEC8Qn+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjYzYzZjAxMGM1NDBiY2Q0NTU0MzQ0YmZiOWE1OWEyZWRi
YWJjMjkwHhcNMjQwMTI0MTY1MDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjhjY2UzMzQ0ZGU4NWU3NDc5MjlhODFjMDc0ZTJjMmFlYTQyNjdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAst/9bSbIzrRNW7Q1IYNow3DvJT5N
kunHU4gS1fRFiwNgL9DtUz+HP9ubRDT2oq1wpJHyxgBMuxxBza920n7EjR65HhFr
updj+i34Pu8aLiElAkyvzXHqXxgTxHZ6AY70Vc+xSQSfpdYfQCxFvFFTAPOkXusy
hwxa2GlIHChGgwuwlQ3hgCtukCgi5YI+w5hZleHLE4HAwamYNHCRd88gCejsFYGk
L9sQs6DBCbxQzr+h1rLso1VJPTQTxaPTvr6SJmJvla/v6ocZPPTClERJwqqRtLna
/IJ1FvCXSThCN220cD9Ra6UvIo7tV58XhUY2S2hZdhLA8Zqz5JS2Sj7DywIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFOaMzjNE3oXnR5KagcB04sKupCZ8MB8GA1UdIwQY
MBaAFLzGPwEMVAvNRVQ0S/uaWaLturwpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdk1ZX0FReFVDODFGVkRSTC01cFpvdTI2dkNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYy9hMjljNjctZjI0ZC00OTc5LWIyYWYt
Y2M0MWM0YTMxOThkLzEvNW96T00wVGVoZWRIa3BxQndIVGl3cTZrSm53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYy9hMjljNjctZjI0ZC00OTc5LWIyYWYtY2M0MWM0YTMxOThk
LzEvdk1ZX0FReFVDODFGVkRSTC01cFpvdTI2dkNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDA2BAIAATAwAwQCLYokAwQC
LZZMAwQCW9ecAwQAkhNpAwQCuRvsAwQCuTUIAwQCuTgcAwQCwKKIMCIEAgACMBwD
BQAqAlBgAwUDKgf5wAMFAyoSFoADBQMqEo8AMA0GCSqGSIb3DQEBCwUAA4IBAQCu
GLjwd61Y8Jr9/x26UwSCoIvYvDs9TUUP2F6Q7j4php+B8mJKmB6pjpPi4k9CWU9H
IsmvDHHVEXgqMakwbF5fcAbY7mZDOTJXq94O7fMgYh9jg4KtYejxv5FIUTQY+smB
ApslCiwAlhVxvkgFs2pFwJrIJ+uyFpccXdm0P5t9SajXcjDlWOSXH5KfgJ/hQ773
kXM+FRf+UCICPlLCC77PnCGFWgy9FdoF2MZjLmmOoeQzb/TCw+wPvEPrI5WZVw65
fNgKohtme9PHF93NM+UtMIbSXImULAlhaUZ//RkHSRjuQxRpKmH3Pv/Daw6cAWps
GbMs1muZ4K9Bnw22tyll
-----END CERTIFICATE-----