Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/iSFxtdiGo7eQ5CiUResFzUsS7hw.roa
File:                     iSFxtdiGo7eQ5CiUResFzUsS7hw.roa (raw, json)
Hash identifier:          19ljixeKZDDkBGWdfP48fVFMcFU4vGuuHPBOzakPuiw=
Subject key identifier:   89:21:71:B5:D8:86:A3:B7:90:E4:28:94:45:EB:05:CD:4B:12:EE:1C
Certificate issuer:       /CN=91d0c78c309a3e99dc9ab74f2cdc0484859e7530
Certificate serial:       018E32FE8648C91E0FA40ED53B57566037C9
Authority key identifier: 91:D0:C7:8C:30:9A:3E:99:DC:9A:B7:4F:2C:DC:04:84:85:9E:75:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kdDHjDCaPpncmrdPLNwEhIWedTA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/iSFxtdiGo7eQ5CiUResFzUsS7hw.roa
Signing time:             Tue 12 Mar 2024 14:08:45 +0000
ROA not before:           Tue 12 Mar 2024 14:08:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44592
IP address blocks:        45.142.180.0/24 maxlen: 24
                          45.142.181.0/24 maxlen: 24
                          45.142.182.0/24 maxlen: 24
                          45.153.34.0/24 maxlen: 24
                          45.153.35.0/24 maxlen: 24
                          92.246.84.0/24 maxlen: 24
                          92.246.85.0/24 maxlen: 24
                          92.246.86.0/24 maxlen: 24
                          146.19.169.0/24 maxlen: 24
                          195.62.46.0/24 maxlen: 24
                          2a0d:c2c0::/29 maxlen: 29

Validation:               Failed, certificate revoked on Wed 13 Mar 2024 12:37:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:32:fe:86:48:c9:1e:0f:a4:0e:d5:3b:57:56:60:37:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=91d0c78c309a3e99dc9ab74f2cdc0484859e7530
        Validity
            Not Before: Mar 12 14:08:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=892171b5d886a3b790e4289445eb05cd4b12ee1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:48:0a:9f:41:12:c0:ec:04:07:ea:94:86:ad:
                    cb:5b:5d:a7:bf:b1:4c:1c:78:fc:38:6f:91:49:2e:
                    be:b6:f5:0c:ff:0f:2e:3b:b5:0a:8a:b3:b6:29:1b:
                    24:73:96:a9:d5:0f:cf:23:8d:70:47:28:b9:48:3b:
                    68:d7:29:a2:74:d1:26:28:55:52:22:38:2b:10:c5:
                    09:48:3d:a0:27:46:96:4a:01:77:02:e9:13:db:c0:
                    a9:0a:f0:25:67:9c:fe:b6:91:52:ba:33:ee:e1:72:
                    c2:25:24:b8:32:80:9d:bd:b6:be:f9:03:18:b6:2d:
                    62:56:ad:89:d9:f3:a4:04:a1:73:99:0a:94:bf:cc:
                    ae:23:55:72:2e:a8:cd:e2:e9:c1:ed:ca:fd:be:3a:
                    cf:6f:45:7f:be:91:16:0d:51:45:48:d9:ee:33:63:
                    fd:12:d5:22:62:2f:c1:11:15:a2:e6:5d:e1:53:10:
                    20:14:24:59:b1:61:99:49:7e:1e:a5:be:0a:bc:28:
                    22:e2:81:98:48:58:23:8c:dd:28:c0:f6:cb:16:f3:
                    64:d8:76:a8:8d:91:f3:09:0f:50:c7:15:ab:34:7f:
                    fa:a4:e5:61:77:18:a0:2d:b9:d3:8c:1d:7e:e2:85:
                    9b:8a:36:fc:9f:93:2d:2a:da:8d:77:26:51:04:c8:
                    c4:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:21:71:B5:D8:86:A3:B7:90:E4:28:94:45:EB:05:CD:4B:12:EE:1C
            X509v3 Authority Key Identifier:
                keyid:91:D0:C7:8C:30:9A:3E:99:DC:9A:B7:4F:2C:DC:04:84:85:9E:75:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kdDHjDCaPpncmrdPLNwEhIWedTA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/iSFxtdiGo7eQ5CiUResFzUsS7hw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/kdDHjDCaPpncmrdPLNwEhIWedTA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.180.0-45.142.182.255
                  45.153.34.0/23
                  92.246.84.0-92.246.86.255
                  146.19.169.0/24
                  195.62.46.0/24
                IPv6:
                  2a0d:c2c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         be:14:51:35:ab:9a:09:02:c3:73:78:5a:28:45:e5:dd:e7:ed:
         89:4e:4c:c1:a0:c7:ad:ec:5e:e4:54:03:9f:ad:4f:5e:75:50:
         bd:02:fb:7a:00:23:62:4e:5b:94:74:4b:5d:af:82:2d:56:d8:
         f3:1d:62:d4:07:3e:e3:07:d1:46:6b:7e:81:0b:bd:cc:a3:24:
         0f:0b:d0:45:da:cc:9b:15:78:27:d8:31:0b:b9:4d:3a:12:95:
         7a:6f:fe:f4:2f:1f:65:11:02:73:9d:6e:50:43:9a:1e:a0:65:
         01:b5:46:a9:45:c5:28:32:71:dd:76:2e:b3:b9:77:4d:29:9a:
         2c:eb:76:6b:3e:68:11:08:0b:b0:17:5c:dd:8d:35:7c:a9:83:
         77:00:7d:28:b9:72:5b:15:b1:1a:03:b3:52:38:0c:c7:df:89:
         ef:ae:b5:7d:e1:19:cc:09:ee:25:47:17:7d:59:7c:ef:7a:1b:
         80:00:a7:a7:ba:52:fb:e1:2b:2f:de:8e:6f:e4:de:7e:03:dd:
         76:ef:94:7e:38:e5:0a:00:e2:5a:05:3a:ee:a8:58:82:3f:a3:
         75:98:33:44:f3:53:a8:10:8c:ad:dd:9b:89:fd:89:6b:08:48:
         70:ef:4c:0d:3e:2d:34:0a:12:69:75:35:56:7d:f4:78:13:1a:
         25:47:76:3a
-----BEGIN CERTIFICATE-----
MIIFNDCCBBygAwIBAgISAY4y/oZIyR4PpA7VO1dWYDfJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxZDBjNzhjMzA5YTNlOTlkYzlhYjc0ZjJjZGMwNDg0ODU5
ZTc1MzAwHhcNMjQwMzEyMTQwODQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTIxNzFiNWQ4ODZhM2I3OTBlNDI4OTQ0NWViMDVjZDRiMTJlZTFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk0gKn0ESwOwEB+qUhq3LW12nv7FM
HHj8OG+RSS6+tvUM/w8uO7UKirO2KRskc5ap1Q/PI41wRyi5SDto1ymidNEmKFVS
IjgrEMUJSD2gJ0aWSgF3AukT28CpCvAlZ5z+tpFSujPu4XLCJSS4MoCdvba++QMY
ti1iVq2J2fOkBKFzmQqUv8yuI1VyLqjN4unB7cr9vjrPb0V/vpEWDVFFSNnuM2P9
EtUiYi/BERWi5l3hUxAgFCRZsWGZSX4epb4KvCgi4oGYSFgjjN0owPbLFvNk2Hao
jZHzCQ9QxxWrNH/6pOVhdxigLbnTjB1+4oWbijb8n5MtKtqNdyZRBMjE0wIDAQAB
o4ICQDCCAjwwHQYDVR0OBBYEFIkhcbXYhqO3kOQolEXrBc1LEu4cMB8GA1UdIwQY
MBaAFJHQx4wwmj6Z3Jq3TyzcBISFnnUwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2RESGpEQ2FQcG5jbXJkUExOd0VoSVdlZFRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS8yOTNhMmYtMzk5Ny00OTdmLTllZjEt
NDg1MmM4ZmY4YWYyLzEvaVNGeHRkaUdvN2VRNUNpVVJlc0Z6VXNTN2h3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS8yOTNhMmYtMzk5Ny00OTdmLTllZjEtNDg1MmM4ZmY4YWYy
LzEva2RESGpEQ2FQcG5jbXJkUExOd0VoSVdlZFRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFYGCCsGAQUFBwEHAQH/BEcwRTA0BAIAATAuMAwDBAItjrQD
BAAtjrYDBAEtmSIwDAMEAlz2VAMEAFz2VgMEAJITqQMEAMM+LjANBAIAAjAHAwUD
Kg3CwDANBgkqhkiG9w0BAQsFAAOCAQEAvhRRNauaCQLDc3haKEXl3eftiU5MwaDH
rexe5FQDn61PXnVQvQL7egAjYk5blHRLXa+CLVbY8x1i1Ac+4wfRRmt+gQu9zKMk
DwvQRdrMmxV4J9gxC7lNOhKVem/+9C8fZRECc51uUEOaHqBlAbVGqUXFKDJx3XYu
s7l3TSmaLOt2az5oEQgLsBdc3Y01fKmDdwB9KLlyWxWxGgOzUjgMx9+J7661feEZ
zAnuJUcXfVl873obgACnp7pS++ErL96Ob+TefgPddu+UfjjlCgDiWgU67qhYgj+j
dZgzRPNTqBCMrd2bif2JawhIcO9MDT4tNAoSaXU1Vn30eBMaJUd2Og==
-----END CERTIFICATE-----