Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/b24127-81dd-4fa1-83f0-7b410b781def/1/34g5HwZF50RU398Jl_JWsGRr3oA.roa
File:                     34g5HwZF50RU398Jl_JWsGRr3oA.roa (raw, json)
Hash identifier:          Efg2oODjISIoXmQPVRUJmEaMXz/1+g62RYB6dTfh42I=
Subject key identifier:   DF:88:39:1F:06:45:E7:44:54:DF:DF:09:97:F2:56:B0:64:6B:DE:80
Certificate issuer:       /CN=c56d2154ed53b629d872b2a38d9cd041bdb4b128
Certificate serial:       01867873223E9543E5792349FF7F419EEEB7
Authority key identifier: C5:6D:21:54:ED:53:B6:29:D8:72:B2:A3:8D:9C:D0:41:BD:B4:B1:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xW0hVO1TtinYcrKjjZzQQb20sSg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/b24127-81dd-4fa1-83f0-7b410b781def/1/34g5HwZF50RU398Jl_JWsGRr3oA.roa
Signing time:             Wed 22 Feb 2023 09:27:36 +0000
ROA not before:           Wed 22 Feb 2023 09:27:36 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     48326
IP address blocks:        94.229.32.0/21 maxlen: 21
                          94.229.32.0/20 maxlen: 20
                          94.229.40.0/21 maxlen: 21
                          46.228.216.0/21 maxlen: 21
                          46.228.223.0/24 maxlen: 24
                          193.8.85.0/24 maxlen: 24
                          193.8.84.0/23 maxlen: 23
                          193.8.84.0/24 maxlen: 24
                          193.8.92.0/24 maxlen: 24
                          193.8.92.0/23 maxlen: 23
                          193.8.93.0/24 maxlen: 24
                          46.228.208.0/21 maxlen: 21
                          46.228.208.0/20 maxlen: 20
                          2a00:b000::/32 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 04:29:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:78:73:22:3e:95:43:e5:79:23:49:ff:7f:41:9e:ee:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c56d2154ed53b629d872b2a38d9cd041bdb4b128
        Validity
            Not Before: Feb 22 09:27:36 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=df88391f0645e74454dfdf0997f256b0646bde80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:00:04:14:e3:88:0b:df:85:12:77:65:d1:27:
                    44:e6:75:68:cb:50:9c:5b:ad:ec:3e:5e:34:65:ce:
                    c3:10:50:c2:04:70:75:3b:23:0f:81:cd:d8:f6:b2:
                    39:58:b8:ed:81:d3:dd:1e:13:b5:f9:26:28:b9:8a:
                    9f:60:0b:88:33:57:ac:1a:62:85:6b:d5:8c:f3:26:
                    54:0c:7c:e5:43:21:21:91:30:57:a7:79:94:60:21:
                    97:47:5d:ef:52:96:f9:4c:99:25:17:b3:36:b0:49:
                    43:43:fd:b6:b0:7c:9d:c9:ed:5d:b4:9f:6b:44:ac:
                    54:23:4f:7f:b3:c6:0e:b2:b3:81:33:f1:9c:5d:07:
                    c8:24:81:4d:63:5e:a0:62:dd:df:d5:2a:bc:e8:cb:
                    34:62:3a:e9:a9:06:32:a3:21:11:2f:01:85:bc:9e:
                    6b:28:db:4f:63:2b:e0:d9:9b:36:2f:d3:b0:d4:63:
                    27:5c:ac:46:3f:36:24:0b:42:f0:4d:a5:b1:8a:59:
                    79:7e:2d:a4:04:d1:ad:e5:59:c9:16:cc:06:0d:50:
                    c2:b5:38:71:f0:ed:78:90:aa:33:02:8d:c9:d1:78:
                    8f:b7:c7:fe:25:91:87:8b:d9:da:3d:52:c1:b6:6e:
                    f2:fe:38:28:18:ae:d2:6f:25:41:e8:cb:72:34:ab:
                    86:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:88:39:1F:06:45:E7:44:54:DF:DF:09:97:F2:56:B0:64:6B:DE:80
            X509v3 Authority Key Identifier:
                keyid:C5:6D:21:54:ED:53:B6:29:D8:72:B2:A3:8D:9C:D0:41:BD:B4:B1:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xW0hVO1TtinYcrKjjZzQQb20sSg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/b24127-81dd-4fa1-83f0-7b410b781def/1/34g5HwZF50RU398Jl_JWsGRr3oA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/b24127-81dd-4fa1-83f0-7b410b781def/1/xW0hVO1TtinYcrKjjZzQQb20sSg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.228.208.0/20
                  94.229.32.0/20
                  193.8.84.0/23
                  193.8.92.0/23
                IPv6:
                  2a00:b000::/32

    Signature Algorithm: sha256WithRSAEncryption
         98:8e:76:a3:1b:fa:19:d3:4d:6f:de:ad:27:b2:24:f9:23:bb:
         ef:00:c5:e6:f8:cc:8b:42:ba:dd:82:1b:6a:b8:54:9c:f1:79:
         85:4b:03:3b:e8:cf:1c:a4:bf:1e:61:da:96:ec:d7:d6:3d:ce:
         b2:e2:03:c3:e1:17:a3:42:8b:fb:31:73:86:b3:da:fb:cb:4e:
         1c:cc:8c:0f:04:f0:90:aa:4e:87:71:e3:ca:d7:64:8c:e0:f8:
         36:2b:f2:96:be:36:f6:09:eb:ff:f3:5b:09:5b:54:b9:40:97:
         ac:d4:f4:9c:95:d8:05:b4:f2:74:bc:cf:47:95:b9:dc:95:9f:
         98:d2:e4:1b:9e:83:96:72:af:71:86:fd:c8:cd:3b:48:ee:a0:
         c5:d8:e0:79:58:dc:c0:d1:69:3e:88:03:de:3b:77:40:26:b5:
         ce:56:8f:2f:19:5c:3e:eb:5e:f9:27:af:e8:25:13:b1:ca:69:
         a0:21:55:62:69:7f:7f:a3:91:b1:9a:96:96:c1:c5:75:97:2d:
         2a:2d:d4:20:e7:87:84:9d:94:ab:63:ba:cd:18:db:6f:0c:48:
         27:0f:00:9b:d3:92:72:87:36:7f:28:5e:a9:e1:78:00:68:5f:
         64:48:7e:42:d7:c7:96:9f:cd:e3:a0:2a:a8:32:97:bb:ea:73:
         bb:83:9a:06
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYZ4cyI+lUPleSNJ/39Bnu63MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1NmQyMTU0ZWQ1M2I2MjlkODcyYjJhMzhkOWNkMDQxYmRi
NGIxMjgwHhcNMjMwMjIyMDkyNzM2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjg4MzkxZjA2NDVlNzQ0NTRkZmRmMDk5N2YyNTZiMDY0NmJkZTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgQAEFOOIC9+FEndl0SdE5nVoy1Cc
W63sPl40Zc7DEFDCBHB1OyMPgc3Y9rI5WLjtgdPdHhO1+SYouYqfYAuIM1esGmKF
a9WM8yZUDHzlQyEhkTBXp3mUYCGXR13vUpb5TJklF7M2sElDQ/22sHydye1dtJ9r
RKxUI09/s8YOsrOBM/GcXQfIJIFNY16gYt3f1Sq86Ms0YjrpqQYyoyERLwGFvJ5r
KNtPYyvg2Zs2L9Ow1GMnXKxGPzYkC0LwTaWxill5fi2kBNGt5VnJFswGDVDCtThx
8O14kKozAo3J0XiPt8f+JZGHi9naPVLBtm7y/jgoGK7SbyVB6MtyNKuG2wIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFN+IOR8GRedEVN/fCZfyVrBka96AMB8GA1UdIwQY
MBaAFMVtIVTtU7Yp2HKyo42c0EG9tLEoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFcwaFZPMVR0aW5ZY3JLampaelFRYjIwc1NnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9iMjQxMjctODFkZC00ZmExLTgzZjAt
N2I0MTBiNzgxZGVmLzEvMzRnNUh3WkY1MFJVMzk4SmxfSldzR1JyM29BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9iMjQxMjctODFkZC00ZmExLTgzZjAtN2I0MTBiNzgxZGVm
LzEveFcwaFZPMVR0aW5ZY3JLampaelFRYjIwc1NnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQELuTQAwQE
XuUgAwQBwQhUAwQBwQhcMA0EAgACMAcDBQAqALAAMA0GCSqGSIb3DQEBCwUAA4IB
AQCYjnajG/oZ001v3q0nsiT5I7vvAMXm+MyLQrrdghtquFSc8XmFSwM76M8cpL8e
YdqW7NfWPc6y4gPD4RejQov7MXOGs9r7y04czIwPBPCQqk6HcePK12SM4Pg2K/KW
vjb2Cev/81sJW1S5QJes1PScldgFtPJ0vM9HlbnclZ+Y0uQbnoOWcq9xhv3IzTtI
7qDF2OB5WNzA0Wk+iAPeO3dAJrXOVo8vGVw+6175J6/oJROxymmgIVViaX9/o5Gx
mpaWwcV1ly0qLdQg54eEnZSrY7rNGNtvDEgnDwCb05JyhzZ/KF6p4XgAaF9kSH5C
18eWn83joCqoMpe76nO7g5oG
-----END CERTIFICATE-----