Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/d6c257-f501-4796-aa61-c31bde510085/1/41VF1cemvBAnONmr-234EKQF3oE.roa
File:                     41VF1cemvBAnONmr-234EKQF3oE.roa (raw, json)
Hash identifier:          2NQqrFoThkQYPIyT5+s18StIlnE1DfsBeJNnv+ZPWXU=
Subject key identifier:   E3:55:45:D5:C7:A6:BC:10:27:38:D9:AB:FB:6D:F8:10:A4:05:DE:81
Certificate issuer:       /CN=98c1d03b49504d34465dc40a3d0f9086cacfdb8e
Certificate serial:       0190922D841FB687C169E31A740D71359FBC
Authority key identifier: 98:C1:D0:3B:49:50:4D:34:46:5D:C4:0A:3D:0F:90:86:CA:CF:DB:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mMHQO0lQTTRGXcQKPQ-QhsrP244.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/d6c257-f501-4796-aa61-c31bde510085/1/41VF1cemvBAnONmr-234EKQF3oE.roa
Signing time:             Mon 08 Jul 2024 11:49:34 +0000
ROA not before:           Mon 08 Jul 2024 11:49:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56655
IP address blocks:        45.88.200.0/24 maxlen: 24
                          45.88.201.0/24 maxlen: 24
                          185.14.97.0/24 maxlen: 24
                          185.125.168.0/22 maxlen: 22
                          185.181.60.0/22 maxlen: 22
                          185.243.216.0/24 maxlen: 24
                          185.243.217.0/24 maxlen: 24
                          185.243.218.0/24 maxlen: 24
                          193.243.189.0/24 maxlen: 24
                          194.32.107.0/24 maxlen: 24
                          195.16.73.0/24 maxlen: 24
                          2a03:94e0::/32 maxlen: 32
                          2a03:94e1::/32 maxlen: 32
                          2a03:94e2::/32 maxlen: 32
                          2a03:94e3::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 08 Jul 2024 20:19:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:92:2d:84:1f:b6:87:c1:69:e3:1a:74:0d:71:35:9f:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=98c1d03b49504d34465dc40a3d0f9086cacfdb8e
        Validity
            Not Before: Jul  8 11:49:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e35545d5c7a6bc102738d9abfb6df810a405de81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:40:11:89:fc:3d:fb:6f:1b:34:ad:c5:f2:1f:
                    04:c5:dc:61:89:0d:8f:3a:81:1d:1a:bc:ab:29:e8:
                    39:83:22:71:62:6f:9a:3a:37:58:dc:d1:d9:94:76:
                    ab:14:99:fe:85:8c:fc:f2:af:ef:d0:b4:3f:df:37:
                    01:db:98:a0:64:53:83:bb:97:6e:2a:8e:da:69:98:
                    c4:d9:d9:53:bd:6d:a6:8c:5c:03:60:b3:4a:b4:22:
                    43:58:b7:d8:f8:9e:25:a4:a5:68:a5:e9:43:c9:a0:
                    de:9d:e1:e2:ef:c5:b4:6a:71:12:f7:76:a2:ec:13:
                    25:1b:30:4f:0a:73:37:73:d0:85:38:0f:fd:06:ab:
                    b1:45:fc:c7:13:4a:8f:64:c0:d1:3a:2c:34:62:40:
                    60:ad:04:ce:13:e8:c2:ee:52:5d:b2:5f:06:15:92:
                    99:f0:65:9c:c7:9a:b3:68:7a:af:52:21:ee:4c:65:
                    1c:60:03:df:60:7c:34:3c:ee:1d:9e:87:3a:c3:9d:
                    6a:aa:e0:fc:39:62:3f:5a:eb:f9:bb:b3:6e:50:13:
                    b1:1b:5c:cf:87:50:4d:c1:ad:0e:61:63:33:50:47:
                    f4:6b:2a:d9:06:e7:99:6c:c2:67:7e:78:59:38:3a:
                    48:7a:de:91:e7:10:65:43:c5:ee:4e:c4:17:89:5a:
                    4f:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:55:45:D5:C7:A6:BC:10:27:38:D9:AB:FB:6D:F8:10:A4:05:DE:81
            X509v3 Authority Key Identifier:
                keyid:98:C1:D0:3B:49:50:4D:34:46:5D:C4:0A:3D:0F:90:86:CA:CF:DB:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mMHQO0lQTTRGXcQKPQ-QhsrP244.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/d6c257-f501-4796-aa61-c31bde510085/1/41VF1cemvBAnONmr-234EKQF3oE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/d6c257-f501-4796-aa61-c31bde510085/1/mMHQO0lQTTRGXcQKPQ-QhsrP244.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.200.0/23
                  185.14.97.0/24
                  185.125.168.0/22
                  185.181.60.0/22
                  185.243.216.0-185.243.218.255
                  193.243.189.0/24
                  194.32.107.0/24
                  195.16.73.0/24
                IPv6:
                  2a03:94e0::/30

    Signature Algorithm: sha256WithRSAEncryption
         58:07:ea:ad:f3:d9:34:e1:cb:f8:45:1b:e8:5c:a8:73:60:da:
         7d:fb:5b:de:3d:ae:6e:cd:2c:68:0d:4f:e9:46:49:35:5d:a7:
         90:31:63:0a:97:92:89:d2:a9:b0:3e:d4:41:17:c1:29:6d:e7:
         ef:4f:58:7e:2c:42:25:dd:36:38:d2:2e:15:31:dd:4b:80:69:
         2f:55:79:1b:60:c2:08:8a:fb:39:76:98:1e:1e:e6:a2:1b:52:
         2d:7b:03:7f:82:fc:2f:c9:01:c5:a0:d1:91:47:e6:d9:52:5b:
         31:d8:be:fa:b3:8c:55:c0:29:91:ca:f2:85:df:91:fc:53:c7:
         91:93:31:bc:c3:f5:60:cc:c3:be:10:e2:35:53:91:82:28:78:
         4b:bc:a3:23:68:d1:c6:a9:3f:4a:59:53:d1:70:0f:6b:42:1e:
         d1:7b:13:f3:7d:34:48:77:ee:01:05:cf:9f:50:c2:f3:a2:be:
         5a:7c:df:f1:28:db:d6:21:c4:23:57:e3:7e:38:6d:a6:bc:c9:
         0b:de:44:9a:64:9c:e4:73:e5:1c:a0:6c:ff:d8:1f:a3:47:f7:
         a1:42:c7:f9:11:f3:94:fc:4e:5b:25:1f:e2:93:d3:15:98:cc:
         0d:93:6a:e1:47:77:c0:a1:1a:68:ca:d5:af:53:67:2b:4b:37:
         be:56:46:ec
-----BEGIN CERTIFICATE-----
MIIFPjCCBCagAwIBAgISAZCSLYQftofBaeMadA1xNZ+8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4YzFkMDNiNDk1MDRkMzQ0NjVkYzQwYTNkMGY5MDg2Y2Fj
ZmRiOGUwHhcNMjQwNzA4MTE0OTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzU1NDVkNWM3YTZiYzEwMjczOGQ5YWJmYjZkZjgxMGE0MDVkZTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgUARifw9+28bNK3F8h8ExdxhiQ2P
OoEdGryrKeg5gyJxYm+aOjdY3NHZlHarFJn+hYz88q/v0LQ/3zcB25igZFODu5du
Ko7aaZjE2dlTvW2mjFwDYLNKtCJDWLfY+J4lpKVopelDyaDeneHi78W0anES93ai
7BMlGzBPCnM3c9CFOA/9BquxRfzHE0qPZMDROiw0YkBgrQTOE+jC7lJdsl8GFZKZ
8GWcx5qzaHqvUiHuTGUcYAPfYHw0PO4dnoc6w51qquD8OWI/Wuv5u7NuUBOxG1zP
h1BNwa0OYWMzUEf0ayrZBueZbMJnfnhZODpIet6R5xBlQ8XuTsQXiVpPOwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFONVRdXHprwQJzjZq/tt+BCkBd6BMB8GA1UdIwQY
MBaAFJjB0DtJUE00Rl3ECj0PkIbKz9uOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbU1IUU8wbFFUVFJHWGNRS1BRLVFoc3JQMjQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi9kNmMyNTctZjUwMS00Nzk2LWFhNjEt
YzMxYmRlNTEwMDg1LzEvNDFWRjFjZW12QkFuT05tci0yMzRFS1FGM29FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi9kNmMyNTctZjUwMS00Nzk2LWFhNjEtYzMxYmRlNTEwMDg1
LzEvbU1IUU8wbFFUVFJHWGNRS1BRLVFoc3JQMjQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGAGCCsGAQUFBwEHAQH/BFEwTzA+BAIAATA4AwQBLVjIAwQA
uQ5hAwQCuX2oAwQCubU8MAwDBAO589gDBAC589oDBADB870DBADCIGsDBADDEEkw
DQQCAAIwBwMFAioDlOAwDQYJKoZIhvcNAQELBQADggEBAFgH6q3z2TThy/hFG+hc
qHNg2n37W949rm7NLGgNT+lGSTVdp5AxYwqXkonSqbA+1EEXwSlt5+9PWH4sQiXd
NjjSLhUx3UuAaS9VeRtgwgiK+zl2mB4e5qIbUi17A3+C/C/JAcWg0ZFH5tlSWzHY
vvqzjFXAKZHK8oXfkfxTx5GTMbzD9WDMw74Q4jVTkYIoeEu8oyNo0capP0pZU9Fw
D2tCHtF7E/N9NEh37gEFz59QwvOivlp83/Eo29YhxCNX4344baa8yQveRJpknORz
5RygbP/YH6NH96FCx/kR85T8TlslH+KT0xWYzA2TauFHd8ChGmjK1a9TZytLN75W
Ruw=
-----END CERTIFICATE-----