Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/f1b3da-bebf-44b0-ab12-d32e27fb7e59/1/IlkM8wotL-1OsrIB2ghqBA_aWN4.roa
File:                     IlkM8wotL-1OsrIB2ghqBA_aWN4.roa (raw, json)
Hash identifier:          4bLjQRtadpJVwVbHbUT3aT7z/eZ+2ItMpJi1Zd0/OLM=
Subject key identifier:   22:59:0C:F3:0A:2D:2F:ED:4E:B2:B2:01:DA:08:6A:04:0F:DA:58:DE
Certificate issuer:       /CN=b62d4cec783305923e3497ed884f1c445b4e78fb
Certificate serial:       018E1A19C90C3831374DF87235941C398F06
Authority key identifier: B6:2D:4C:EC:78:33:05:92:3E:34:97:ED:88:4F:1C:44:5B:4E:78:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ti1M7HgzBZI-NJftiE8cRFtOePs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/f1b3da-bebf-44b0-ab12-d32e27fb7e59/1/IlkM8wotL-1OsrIB2ghqBA_aWN4.roa
Signing time:             Thu 07 Mar 2024 18:08:01 +0000
ROA not before:           Thu 07 Mar 2024 18:08:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44901
IP address blocks:        46.253.0.0/24 maxlen: 24
                          46.253.1.0/24 maxlen: 24
                          46.253.2.0/24 maxlen: 24
                          46.253.3.0/24 maxlen: 24
                          46.253.4.0/24 maxlen: 24
                          46.253.5.0/24 maxlen: 24
                          91.132.60.0/24 maxlen: 24
                          91.132.62.0/24 maxlen: 24
                          91.132.63.0/24 maxlen: 24
                          93.94.140.0/24 maxlen: 24
                          95.169.202.0/24 maxlen: 24
                          95.169.203.0/24 maxlen: 24
                          185.243.213.0/24 maxlen: 24
                          2a09:be80::/32 maxlen: 32

Validation:               Failed, certificate revoked on Sat 09 Mar 2024 22:14:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:1a:19:c9:0c:38:31:37:4d:f8:72:35:94:1c:39:8f:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b62d4cec783305923e3497ed884f1c445b4e78fb
        Validity
            Not Before: Mar  7 18:08:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=22590cf30a2d2fed4eb2b201da086a040fda58de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:33:4e:14:34:1b:7c:49:87:2e:63:f3:f5:f0:
                    05:7b:1b:26:88:52:97:9b:59:40:19:aa:dc:7e:70:
                    9d:3b:95:17:cd:64:e1:0e:19:f7:56:e0:6d:c6:70:
                    be:df:c4:55:49:ca:28:f0:d4:56:4a:5c:87:f4:80:
                    bf:61:43:5f:70:66:26:01:23:1e:62:f2:53:84:ac:
                    cc:b5:45:6a:e2:6f:46:91:85:ad:89:0c:85:75:ba:
                    46:0d:c3:15:b7:90:7c:92:14:1b:01:12:08:bb:6d:
                    5f:1b:1d:82:2d:2c:34:cd:3c:77:17:40:63:21:be:
                    53:3b:fb:b9:87:8a:e6:f1:04:63:fb:37:9a:67:b9:
                    03:40:e9:c1:67:60:65:8f:76:6d:9b:77:71:c6:43:
                    49:eb:c7:a8:a5:12:f0:1c:d9:8a:31:49:97:08:13:
                    0f:09:c2:15:08:a9:94:c5:5d:fa:ce:fe:c3:5e:09:
                    e7:4e:69:fa:0f:60:24:98:07:c5:02:be:be:76:b4:
                    10:c0:8b:ce:ce:81:3a:e3:ec:e6:a7:10:73:92:5b:
                    97:4f:8c:a9:c9:08:6b:67:c3:06:ea:ed:ed:ce:19:
                    7f:9c:ae:7f:08:b8:45:8b:1a:92:3e:97:c2:96:fd:
                    3c:11:ec:cc:d0:18:c5:77:46:ca:ec:f8:2a:69:9c:
                    e7:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:59:0C:F3:0A:2D:2F:ED:4E:B2:B2:01:DA:08:6A:04:0F:DA:58:DE
            X509v3 Authority Key Identifier:
                keyid:B6:2D:4C:EC:78:33:05:92:3E:34:97:ED:88:4F:1C:44:5B:4E:78:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ti1M7HgzBZI-NJftiE8cRFtOePs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/f1b3da-bebf-44b0-ab12-d32e27fb7e59/1/IlkM8wotL-1OsrIB2ghqBA_aWN4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/f1b3da-bebf-44b0-ab12-d32e27fb7e59/1/ti1M7HgzBZI-NJftiE8cRFtOePs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.253.0.0-46.253.5.255
                  91.132.60.0/24
                  91.132.62.0/23
                  93.94.140.0/24
                  95.169.202.0/23
                  185.243.213.0/24
                IPv6:
                  2a09:be80::/32

    Signature Algorithm: sha256WithRSAEncryption
         72:3a:7e:bd:c0:df:6e:80:c1:9e:a1:3a:07:01:92:6c:35:11:
         f9:f1:82:bd:c3:5d:bf:ba:d6:29:a1:1d:fa:7a:14:0c:20:e3:
         6a:59:cf:ae:97:96:ab:1f:ea:8f:19:7e:64:ba:52:99:c5:7c:
         ec:05:fa:01:0f:7c:6d:32:bd:85:03:27:02:3c:98:ae:86:1b:
         26:f9:e7:98:fa:3b:82:39:48:1d:2a:fd:6f:31:e7:4d:a9:8d:
         74:0a:39:7c:96:28:54:27:c4:e8:de:c5:8b:70:ab:9d:0b:be:
         d6:5f:19:c8:0b:bd:f5:dd:d0:4f:49:e7:1e:4f:a8:62:da:84:
         5c:5d:17:a0:ce:c9:26:a3:1f:3c:2c:e4:cd:c8:37:0c:98:ba:
         b0:60:c3:30:aa:1a:84:3f:a2:d6:63:04:ae:bf:72:16:b7:42:
         7f:71:94:88:0a:1b:c4:9f:5f:bd:d0:a1:24:b2:f8:c3:06:84:
         39:a7:9f:b2:7f:05:97:fc:90:46:ac:c9:08:d6:47:d6:ea:bc:
         4b:28:5a:2c:f2:d1:78:a9:9a:ed:6c:73:e2:75:38:36:a7:39:
         df:dc:75:85:b3:7c:0a:89:e3:e4:2b:6a:be:df:d0:27:33:13:
         0a:27:5c:c1:f6:a5:b8:ab:1e:74:0e:dc:d4:f1:c5:6e:f1:69:
         27:a8:62:3b
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAY4aGckMODE3TfhyNZQcOY8GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2MmQ0Y2VjNzgzMzA1OTIzZTM0OTdlZDg4NGYxYzQ0NWI0
ZTc4ZmIwHhcNMjQwMzA3MTgwODAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjU5MGNmMzBhMmQyZmVkNGViMmIyMDFkYTA4NmEwNDBmZGE1OGRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjzNOFDQbfEmHLmPz9fAFexsmiFKX
m1lAGarcfnCdO5UXzWThDhn3VuBtxnC+38RVScoo8NRWSlyH9IC/YUNfcGYmASMe
YvJThKzMtUVq4m9GkYWtiQyFdbpGDcMVt5B8khQbARIIu21fGx2CLSw0zTx3F0Bj
Ib5TO/u5h4rm8QRj+zeaZ7kDQOnBZ2Blj3Ztm3dxxkNJ68eopRLwHNmKMUmXCBMP
CcIVCKmUxV36zv7DXgnnTmn6D2AkmAfFAr6+drQQwIvOzoE64+zmpxBzkluXT4yp
yQhrZ8MG6u3tzhl/nK5/CLhFixqSPpfClv08EezM0BjFd0bK7PgqaZznMQIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFCJZDPMKLS/tTrKyAdoIagQP2ljeMB8GA1UdIwQY
MBaAFLYtTOx4MwWSPjSX7YhPHERbTnj7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGkxTTdIZ3pCWkktTkpmdGlFOGNSRnRPZVBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9mMWIzZGEtYmViZi00NGIwLWFiMTIt
ZDMyZTI3ZmI3ZTU5LzEvSWxrTTh3b3RMLTFPc3JJQjJnaHFCQV9hV040LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9mMWIzZGEtYmViZi00NGIwLWFiMTItZDMyZTI3ZmI3ZTU5
LzEvdGkxTTdIZ3pCWkktTkpmdGlFOGNSRnRPZVBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjAxBAIAATArMAsDAwAu/QME
AS79BAMEAFuEPAMEAVuEPgMEAF1ejAMEAV+pygMEALnz1TANBAIAAjAHAwUAKgm+
gDANBgkqhkiG9w0BAQsFAAOCAQEAcjp+vcDfboDBnqE6BwGSbDUR+fGCvcNdv7rW
KaEd+noUDCDjalnPrpeWqx/qjxl+ZLpSmcV87AX6AQ98bTK9hQMnAjyYroYbJvnn
mPo7gjlIHSr9bzHnTamNdAo5fJYoVCfE6N7Fi3CrnQu+1l8ZyAu99d3QT0nnHk+o
YtqEXF0XoM7JJqMfPCzkzcg3DJi6sGDDMKoahD+i1mMErr9yFrdCf3GUiAobxJ9f
vdChJLL4wwaEOaefsn8Fl/yQRqzJCNZH1uq8SyhaLPLReKma7Wxz4nU4Nqc539x1
hbN8Conj5Ctqvt/QJzMTCidcwfaluKsedA7c1PHFbvFpJ6hiOw==
-----END CERTIFICATE-----