Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/465aae-2a2c-4200-8e5c-05f093385ac8/1/ZiBfOy1ThYUavkUneDckz7Ihpak.roa
File:                     ZiBfOy1ThYUavkUneDckz7Ihpak.roa (raw, json)
Hash identifier:          0Z0MY/FjHseTASU7c/maDDQCfgMP9DHGVgf2CV1u4p8=
Subject key identifier:   66:20:5F:3B:2D:53:85:85:1A:BE:45:27:78:37:24:CF:B2:21:A5:A9
Certificate issuer:       /CN=12a657f3424c8dd55215af853b93307c366c538a
Certificate serial:       01911782AA1F8A3055BF0189DCCB8479A896
Authority key identifier: 12:A6:57:F3:42:4C:8D:D5:52:15:AF:85:3B:93:30:7C:36:6C:53:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EqZX80JMjdVSFa-FO5MwfDZsU4o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/465aae-2a2c-4200-8e5c-05f093385ac8/1/ZiBfOy1ThYUavkUneDckz7Ihpak.roa
Signing time:             Sat 03 Aug 2024 09:12:04 +0000
ROA not before:           Sat 03 Aug 2024 09:12:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211995
IP address blocks:        46.28.237.0/24 maxlen: 24
                          93.114.130.0/24 maxlen: 24
                          109.237.112.0/20 maxlen: 20
                          109.237.112.0/24 maxlen: 24
                          185.77.3.0/24 maxlen: 24
                          185.136.207.0/24 maxlen: 24
                          185.233.35.0/24 maxlen: 24
                          194.164.222.0/24 maxlen: 24
                          213.142.158.0/24 maxlen: 24
                          2a10:d880::/29 maxlen: 29

Validation:               Failed, certificate revoked on Fri 09 Aug 2024 07:15:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:17:82:aa:1f:8a:30:55:bf:01:89:dc:cb:84:79:a8:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12a657f3424c8dd55215af853b93307c366c538a
        Validity
            Not Before: Aug  3 09:12:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=66205f3b2d5385851abe4527783724cfb221a5a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:9d:cd:39:9f:c7:c4:a1:2c:51:61:98:33:6f:
                    27:2d:b1:1f:22:bf:81:91:13:12:f8:51:fc:38:1a:
                    c3:83:a8:4d:e8:81:d6:6d:d2:3a:57:c2:ec:39:23:
                    72:17:8e:91:a6:0d:b1:27:5e:56:86:f5:03:22:3a:
                    bc:9f:ca:57:ab:ed:86:c5:59:59:05:2e:bb:c0:1e:
                    a7:7b:38:9d:15:7f:95:ab:0e:1b:44:d5:3d:47:7d:
                    b5:7a:8c:d8:54:4d:1d:8e:86:15:4b:01:45:f6:68:
                    70:53:56:c8:b3:6e:7f:3a:0a:70:9e:db:a9:a8:ab:
                    91:16:c0:96:92:1d:e2:3d:43:c0:3b:9b:80:e1:9c:
                    f3:1e:e2:8f:55:83:e1:72:37:e3:95:42:72:8c:1f:
                    59:ef:00:5f:2f:32:3f:d7:9f:ae:24:cc:c0:ab:35:
                    01:66:bf:13:57:28:c9:3a:ed:19:bf:30:79:4a:fa:
                    04:9d:01:0a:6f:b5:3a:91:76:80:38:ab:d7:3b:bc:
                    4e:81:c7:4d:08:ce:f4:50:d4:eb:ac:2b:a4:5d:36:
                    2c:94:f3:83:6d:e6:cb:c7:2f:c3:3c:5a:9c:b2:32:
                    b2:33:97:a3:e1:84:20:2e:d1:84:de:c8:08:ca:5f:
                    d7:67:78:d3:1c:61:05:55:3f:75:b2:d0:6e:08:cf:
                    a0:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:20:5F:3B:2D:53:85:85:1A:BE:45:27:78:37:24:CF:B2:21:A5:A9
            X509v3 Authority Key Identifier:
                keyid:12:A6:57:F3:42:4C:8D:D5:52:15:AF:85:3B:93:30:7C:36:6C:53:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EqZX80JMjdVSFa-FO5MwfDZsU4o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/465aae-2a2c-4200-8e5c-05f093385ac8/1/ZiBfOy1ThYUavkUneDckz7Ihpak.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/465aae-2a2c-4200-8e5c-05f093385ac8/1/EqZX80JMjdVSFa-FO5MwfDZsU4o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.28.237.0/24
                  93.114.130.0/24
                  109.237.112.0/20
                  185.77.3.0/24
                  185.136.207.0/24
                  185.233.35.0/24
                  194.164.222.0/24
                  213.142.158.0/24
                IPv6:
                  2a10:d880::/29

    Signature Algorithm: sha256WithRSAEncryption
         29:87:8c:f6:6c:bd:e1:6c:72:69:1e:7e:67:e7:48:73:13:19:
         d6:33:a0:5f:7d:32:ac:56:09:47:93:87:6b:83:a7:15:16:21:
         d7:64:f1:46:12:a8:58:fb:10:aa:7e:c7:3e:b2:80:cc:20:0c:
         60:ce:17:47:0a:7d:86:9c:ea:93:33:61:8c:d5:a6:56:79:8e:
         8e:62:cb:10:67:c7:36:8a:df:ea:cf:f2:70:64:e1:f3:17:01:
         77:7b:19:74:4a:d4:07:e7:8d:4a:13:38:a1:62:bf:58:61:85:
         59:9f:a0:06:46:ac:69:e2:d9:a4:07:d5:72:2a:39:40:30:79:
         92:c7:ac:92:ee:c2:26:07:56:66:b8:df:11:8f:7e:70:45:d6:
         0b:4c:62:ca:57:b5:48:99:bf:73:29:43:fc:d2:08:bd:4a:21:
         e2:b6:6e:4f:d0:91:b4:1b:64:a2:f7:d0:45:d6:07:83:2b:d1:
         36:be:37:d8:4b:af:da:39:c1:7f:c6:06:51:b1:d1:03:32:87:
         d1:68:82:4b:4d:ec:9f:73:71:12:da:ce:6a:25:d6:5c:ec:33:
         ae:f6:22:3e:b9:e5:40:17:6e:8d:d2:55:b0:7a:05:df:67:7b:
         69:30:ee:2f:07:f7:9d:97:67:c7:64:84:06:97:69:a6:12:a7:
         be:06:bf:d5
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAZEXgqofijBVvwGJ3MuEeaiWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyYTY1N2YzNDI0YzhkZDU1MjE1YWY4NTNiOTMzMDdjMzY2
YzUzOGEwHhcNMjQwODAzMDkxMjA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjIwNWYzYjJkNTM4NTg1MWFiZTQ1Mjc3ODM3MjRjZmIyMjFhNWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs53NOZ/HxKEsUWGYM28nLbEfIr+B
kRMS+FH8OBrDg6hN6IHWbdI6V8LsOSNyF46Rpg2xJ15WhvUDIjq8n8pXq+2GxVlZ
BS67wB6nezidFX+Vqw4bRNU9R321eozYVE0djoYVSwFF9mhwU1bIs25/Ogpwntup
qKuRFsCWkh3iPUPAO5uA4ZzzHuKPVYPhcjfjlUJyjB9Z7wBfLzI/15+uJMzAqzUB
Zr8TVyjJOu0ZvzB5SvoEnQEKb7U6kXaAOKvXO7xOgcdNCM70UNTrrCukXTYslPOD
bebLxy/DPFqcsjKyM5ej4YQgLtGE3sgIyl/XZ3jTHGEFVT91stBuCM+gCwIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFGYgXzstU4WFGr5FJ3g3JM+yIaWpMB8GA1UdIwQY
MBaAFBKmV/NCTI3VUhWvhTuTMHw2bFOKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXFaWDgwSk1qZFZTRmEtRk81TXdmRFpzVTRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS80NjVhYWUtMmEyYy00MjAwLThlNWMt
MDVmMDkzMzg1YWM4LzEvWmlCZk95MVRoWVVhdmtVbmVEY2t6N0locGFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS80NjVhYWUtMmEyYy00MjAwLThlNWMtMDVmMDkzMzg1YWM4
LzEvRXFaWDgwSk1qZFZTRmEtRk81TXdmRFpzVTRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQALhztAwQA
XXKCAwQEbe1wAwQAuU0DAwQAuYjPAwQAuekjAwQAwqTeAwQA1Y6eMA0EAgACMAcD
BQMqENiAMA0GCSqGSIb3DQEBCwUAA4IBAQAph4z2bL3hbHJpHn5n50hzExnWM6Bf
fTKsVglHk4drg6cVFiHXZPFGEqhY+xCqfsc+soDMIAxgzhdHCn2GnOqTM2GM1aZW
eY6OYssQZ8c2it/qz/JwZOHzFwF3exl0StQH541KEzihYr9YYYVZn6AGRqxp4tmk
B9VyKjlAMHmSx6yS7sImB1ZmuN8Rj35wRdYLTGLKV7VImb9zKUP80gi9SiHitm5P
0JG0G2Si99BF1geDK9E2vjfYS6/aOcF/xgZRsdEDMofRaIJLTeyfc3ES2s5qJdZc
7DOu9iI+ueVAF26N0lWwegXfZ3tpMO4vB/edl2fHZIQGl2mmEqe+Br/V
-----END CERTIFICATE-----