Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/3142a5-d92d-4d06-8228-be622c3132df/1/DiK6M4tjNTwX6utUqgUKMsm8AJc.roa
File:                     DiK6M4tjNTwX6utUqgUKMsm8AJc.roa (raw, json)
Hash identifier:          Zqwk0Hh6lLb/MxcokuhuaNfZ0twPH1HxzxIGNp9iBlo=
Subject key identifier:   0E:22:BA:33:8B:63:35:3C:17:EA:EB:54:AA:05:0A:32:C9:BC:00:97
Certificate issuer:       /CN=aa2a58c697a1449976b0d11d6f126025e14089c6
Certificate serial:       018CC424C5B1B63C65357859865B6224F5D6
Authority key identifier: AA:2A:58:C6:97:A1:44:99:76:B0:D1:1D:6F:12:60:25:E1:40:89:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qipYxpehRJl2sNEdbxJgJeFAicY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/3142a5-d92d-4d06-8228-be622c3132df/1/DiK6M4tjNTwX6utUqgUKMsm8AJc.roa
Signing time:             Mon 01 Jan 2024 08:29:53 +0000
ROA not before:           Mon 01 Jan 2024 08:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44507
IP address blocks:        185.16.56.0/22 maxlen: 22
                          146.247.32.0/21 maxlen: 21
                          46.42.32.0/21 maxlen: 21
                          46.42.40.0/21 maxlen: 21
                          46.228.96.0/20 maxlen: 20
                          5.175.88.0/21 maxlen: 21
                          178.57.32.0/21 maxlen: 21
                          46.42.0.0/18 maxlen: 18
                          178.57.40.0/21 maxlen: 21
                          46.42.8.0/21 maxlen: 21
                          178.57.48.0/21 maxlen: 21
                          46.42.16.0/21 maxlen: 21
                          46.42.24.0/21 maxlen: 21
                          134.90.152.0/21 maxlen: 21
                          194.58.160.0/21 maxlen: 21
                          194.58.176.0/21 maxlen: 21
                          188.120.48.0/20 maxlen: 20

Validation:               Failed, certificate revoked on Fri 22 Nov 2024 05:28:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:c5:b1:b6:3c:65:35:78:59:86:5b:62:24:f5:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa2a58c697a1449976b0d11d6f126025e14089c6
        Validity
            Not Before: Jan  1 08:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0e22ba338b63353c17eaeb54aa050a32c9bc0097
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:43:ab:8b:e6:18:cb:01:ae:5d:54:d3:e8:80:
                    91:87:6a:dd:00:d5:03:ec:48:8a:ae:79:bc:8e:cd:
                    67:06:a9:99:93:8a:49:f6:ae:21:db:5a:58:c1:83:
                    65:9c:37:17:64:bb:06:12:64:22:9e:ac:80:2f:90:
                    b2:15:79:78:48:f3:88:a8:ad:d9:46:a9:de:61:c8:
                    47:36:39:86:e4:1d:1a:2d:78:14:2b:af:12:1a:e1:
                    c5:8e:9b:e7:ba:76:52:bd:c6:aa:b5:fc:86:f3:50:
                    7c:52:60:ec:8d:1c:39:f6:a9:86:de:ad:ac:65:4c:
                    e9:2c:04:9a:0a:d2:ed:9e:13:54:24:49:14:ab:b6:
                    bb:4c:48:29:b1:c6:e1:f0:fe:83:f2:91:bd:1e:91:
                    7c:d8:89:d5:b6:54:21:58:40:eb:09:54:9e:a7:ba:
                    1b:0c:ef:ec:19:11:bb:9f:23:2b:8d:1a:f9:03:b9:
                    f1:fd:f7:81:6b:66:65:89:2b:29:a2:2f:31:8e:02:
                    96:e6:d5:1d:90:36:50:ea:37:e0:b6:66:23:e8:cc:
                    5a:17:d0:3f:99:f8:08:f4:c9:4d:34:0a:c6:9c:2b:
                    35:86:3c:c9:ce:df:a3:41:78:f0:4b:67:26:43:11:
                    7d:bf:b0:2d:e7:a4:84:21:aa:f1:3e:98:17:71:18:
                    22:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:22:BA:33:8B:63:35:3C:17:EA:EB:54:AA:05:0A:32:C9:BC:00:97
            X509v3 Authority Key Identifier:
                keyid:AA:2A:58:C6:97:A1:44:99:76:B0:D1:1D:6F:12:60:25:E1:40:89:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qipYxpehRJl2sNEdbxJgJeFAicY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/3142a5-d92d-4d06-8228-be622c3132df/1/DiK6M4tjNTwX6utUqgUKMsm8AJc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/3142a5-d92d-4d06-8228-be622c3132df/1/qipYxpehRJl2sNEdbxJgJeFAicY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.175.88.0/21
                  46.42.0.0/18
                  46.228.96.0/20
                  134.90.152.0/21
                  146.247.32.0/21
                  178.57.32.0-178.57.55.255
                  185.16.56.0/22
                  188.120.48.0/20
                  194.58.160.0/21
                  194.58.176.0/21

    Signature Algorithm: sha256WithRSAEncryption
         87:e1:48:92:dc:72:ce:95:f1:fb:1b:62:1e:16:e1:8c:97:f8:
         be:46:b1:00:4b:84:2b:ff:d6:2b:7e:db:2a:19:5e:03:b6:7d:
         a2:e2:49:e0:00:26:4d:6c:10:ff:c8:23:61:94:34:26:28:90:
         fe:fd:3f:d1:fc:12:8a:07:ba:7c:85:9c:af:86:88:68:c2:70:
         4b:8a:bc:bf:b2:35:bb:0d:3d:79:99:db:73:86:16:ce:a4:17:
         f0:5d:d3:58:7a:3c:00:c5:1b:69:d9:e6:15:68:87:8c:4e:c5:
         e3:7c:19:8f:7e:ff:6c:cd:4e:b0:67:a5:21:1d:90:d2:55:3e:
         51:d8:7b:c8:e6:70:4d:a9:23:63:4c:a2:57:b4:86:b0:ec:e2:
         f2:e7:1e:7c:8c:9f:53:1d:cf:9d:5e:93:17:b0:19:46:ec:41:
         8f:18:9a:d1:a9:e7:a2:60:9d:9e:2c:73:38:32:fe:c0:cf:a0:
         1e:11:17:e9:82:b6:f4:6b:c4:a9:8a:1c:ed:7d:9c:6d:9a:f7:
         aa:c4:2b:93:f0:ae:d8:6f:f0:99:e1:7c:a6:5d:3c:48:c0:5e:
         f6:52:75:f2:af:5d:ea:8b:b9:86:7d:5e:7b:ba:5d:a5:57:97:
         6c:12:4c:f4:4b:a2:96:2b:27:bb:dc:6b:b4:2f:bc:d8:a2:15:
         86:e2:a2:c1
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYzEJMWxtjxlNXhZhltiJPXWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhMmE1OGM2OTdhMTQ0OTk3NmIwZDExZDZmMTI2MDI1ZTE0
MDg5YzYwHhcNMjQwMTAxMDgyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTIyYmEzMzhiNjMzNTNjMTdlYWViNTRhYTA1MGEzMmM5YmMwMDk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs0Ori+YYywGuXVTT6ICRh2rdANUD
7EiKrnm8js1nBqmZk4pJ9q4h21pYwYNlnDcXZLsGEmQinqyAL5CyFXl4SPOIqK3Z
RqneYchHNjmG5B0aLXgUK68SGuHFjpvnunZSvcaqtfyG81B8UmDsjRw59qmG3q2s
ZUzpLASaCtLtnhNUJEkUq7a7TEgpscbh8P6D8pG9HpF82InVtlQhWEDrCVSep7ob
DO/sGRG7nyMrjRr5A7nx/feBa2ZliSspoi8xjgKW5tUdkDZQ6jfgtmYj6MxaF9A/
mfgI9MlNNArGnCs1hjzJzt+jQXjwS2cmQxF9v7At56SEIarxPpgXcRgirwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFA4iujOLYzU8F+rrVKoFCjLJvACXMB8GA1UdIwQY
MBaAFKoqWMaXoUSZdrDRHW8SYCXhQInGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWlwWXhwZWhSSmwyc05FZGJ4SmdKZUZBaWNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8zMTQyYTUtZDkyZC00ZDA2LTgyMjgt
YmU2MjJjMzEzMmRmLzEvRGlLNk00dGpOVHdYNnV0VXFnVUtNc204QUpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8zMTQyYTUtZDkyZC00ZDA2LTgyMjgtYmU2MjJjMzEzMmRm
LzEvcWlwWXhwZWhSSmwyc05FZGJ4SmdKZUZBaWNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQDBa9YAwQG
LioAAwQELuRgAwQDhlqYAwQDkvcgMAwDBAWyOSADBAOyOTADBAK5EDgDBAS8eDAD
BAPCOqADBAPCOrAwDQYJKoZIhvcNAQELBQADggEBAIfhSJLccs6V8fsbYh4W4YyX
+L5GsQBLhCv/1it+2yoZXgO2faLiSeAAJk1sEP/II2GUNCYokP79P9H8EooHunyF
nK+GiGjCcEuKvL+yNbsNPXmZ23OGFs6kF/Bd01h6PADFG2nZ5hVoh4xOxeN8GY9+
/2zNTrBnpSEdkNJVPlHYe8jmcE2pI2NMole0hrDs4vLnHnyMn1Mdz51ekxewGUbs
QY8YmtGp56JgnZ4sczgy/sDPoB4RF+mCtvRrxKmKHO19nG2a96rEK5Pwrthv8Jnh
fKZdPEjAXvZSdfKvXeqLuYZ9Xnu6XaVXl2wSTPRLopYrJ7vca7QvvNiiFYbiosE=
-----END CERTIFICATE-----