Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/b24127-81dd-4fa1-83f0-7b410b781def/1/RAfz4rNEk3lk_muoJ7SCXa7oseQ.roa
File:                     RAfz4rNEk3lk_muoJ7SCXa7oseQ.roa (raw, json)
Hash identifier:          UMrPhF5ohWwAo8XqBcPzEpqtAdXAynrvAoENU0izB5Q=
Subject key identifier:   44:07:F3:E2:B3:44:93:79:64:FE:6B:A8:27:B4:82:5D:AE:E8:B1:E4
Certificate issuer:       /CN=c56d2154ed53b629d872b2a38d9cd041bdb4b128
Certificate serial:       018CC348B42EC755FCCB62AD344CF6016C82
Authority key identifier: C5:6D:21:54:ED:53:B6:29:D8:72:B2:A3:8D:9C:D0:41:BD:B4:B1:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xW0hVO1TtinYcrKjjZzQQb20sSg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/b24127-81dd-4fa1-83f0-7b410b781def/1/RAfz4rNEk3lk_muoJ7SCXa7oseQ.roa
Signing time:             Mon 01 Jan 2024 04:29:30 +0000
ROA not before:           Mon 01 Jan 2024 04:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48326
IP address blocks:        94.229.32.0/21 maxlen: 21
                          94.229.32.0/20 maxlen: 20
                          94.229.40.0/21 maxlen: 21
                          46.228.216.0/21 maxlen: 21
                          46.228.223.0/24 maxlen: 24
                          193.8.85.0/24 maxlen: 24
                          193.8.84.0/23 maxlen: 23
                          193.8.84.0/24 maxlen: 24
                          193.8.92.0/24 maxlen: 24
                          193.8.92.0/23 maxlen: 23
                          193.8.93.0/24 maxlen: 24
                          46.228.208.0/21 maxlen: 21
                          46.228.208.0/20 maxlen: 20
                          2a00:b000::/32 maxlen: 48

Validation:               Failed, certificate revoked on Sat 13 Apr 2024 07:10:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:b4:2e:c7:55:fc:cb:62:ad:34:4c:f6:01:6c:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c56d2154ed53b629d872b2a38d9cd041bdb4b128
        Validity
            Not Before: Jan  1 04:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4407f3e2b344937964fe6ba827b4825daee8b1e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:b4:a6:5e:2d:01:3b:9e:97:06:16:57:22:19:
                    ff:5a:b2:53:c3:0d:df:0f:ec:c6:bb:bd:2f:7e:61:
                    47:5a:b2:5f:7b:b8:db:b8:a5:31:14:02:37:f4:90:
                    08:1e:78:c6:c5:6c:34:7a:f0:e9:da:23:eb:79:75:
                    3e:be:4b:a4:4a:72:80:8c:a2:41:00:15:90:9d:c2:
                    3b:a4:c8:25:d7:15:9d:4b:f5:90:69:92:5f:33:c7:
                    22:b9:2a:bc:a9:af:e4:32:c7:97:53:ed:ee:33:aa:
                    ae:8c:93:36:ab:e6:fc:fd:d3:87:dd:16:4c:9e:a6:
                    a6:4d:12:9b:51:39:9c:a0:a9:28:2f:2a:12:79:24:
                    a8:7c:e0:7c:74:66:0e:dc:70:32:09:2b:1f:b7:08:
                    0b:1d:62:80:2f:a0:7b:51:f5:33:c2:ba:76:d6:c7:
                    cb:44:e5:af:67:3d:11:98:57:1f:10:e4:6d:ee:35:
                    ce:11:4f:19:21:3e:a8:1c:c9:3f:a4:0c:3c:fd:56:
                    60:58:2d:bd:a8:61:82:a6:0f:2d:82:7b:9a:7a:85:
                    66:3a:0e:99:55:5d:a8:34:a5:36:24:0d:b8:4e:87:
                    f3:70:f4:31:b0:c8:33:4c:68:7d:12:14:80:a2:fd:
                    4e:2b:8b:e5:36:4d:38:2d:74:84:93:23:ca:8b:b5:
                    d9:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:07:F3:E2:B3:44:93:79:64:FE:6B:A8:27:B4:82:5D:AE:E8:B1:E4
            X509v3 Authority Key Identifier:
                keyid:C5:6D:21:54:ED:53:B6:29:D8:72:B2:A3:8D:9C:D0:41:BD:B4:B1:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xW0hVO1TtinYcrKjjZzQQb20sSg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/b24127-81dd-4fa1-83f0-7b410b781def/1/RAfz4rNEk3lk_muoJ7SCXa7oseQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/b24127-81dd-4fa1-83f0-7b410b781def/1/xW0hVO1TtinYcrKjjZzQQb20sSg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.228.208.0/20
                  94.229.32.0/20
                  193.8.84.0/23
                  193.8.92.0/23
                IPv6:
                  2a00:b000::/32

    Signature Algorithm: sha256WithRSAEncryption
         7e:aa:a0:a6:77:48:fb:f6:ce:3f:e6:be:0a:b9:23:15:ea:12:
         bb:82:c2:c7:eb:2d:cb:29:66:c6:ec:db:47:21:5b:37:22:52:
         7d:46:7d:73:58:92:d9:d2:f8:61:4c:98:25:4f:78:5b:dc:85:
         14:6d:ca:13:d9:45:a1:7f:4f:57:14:39:a6:77:20:f6:3f:43:
         2e:0d:4e:27:c6:90:a3:89:04:26:bb:13:66:00:f0:1c:a1:d4:
         eb:5a:fa:0b:9a:9f:96:4e:14:fe:09:84:d2:bc:8a:b6:ac:ca:
         7a:c1:35:03:90:26:c7:b6:61:f8:05:a2:21:42:0e:db:d5:fc:
         c5:01:6d:e3:2c:4a:fc:af:45:46:88:2c:f9:bf:25:03:72:02:
         c0:8f:f3:11:99:55:67:a2:ab:3a:d3:0d:40:a5:a5:e2:6c:89:
         e3:8f:60:ae:f8:75:a7:e1:08:8b:0f:c7:d9:bb:57:eb:cc:f1:
         02:fd:57:5d:d2:12:d7:00:ff:35:78:f0:00:d2:4f:60:10:c5:
         f9:d9:29:e4:94:f9:a0:19:6e:1a:ea:18:b8:32:a4:72:33:21:
         5c:d7:97:dd:ba:da:4f:fd:a5:a6:07:5e:82:e0:31:21:77:40:
         29:41:dc:f8:67:80:f3:f5:57:f7:98:eb:59:61:4a:ee:59:36:
         2f:c0:2a:0a
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYzDSLQux1X8y2KtNEz2AWyCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1NmQyMTU0ZWQ1M2I2MjlkODcyYjJhMzhkOWNkMDQxYmRi
NGIxMjgwHhcNMjQwMTAxMDQyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDA3ZjNlMmIzNDQ5Mzc5NjRmZTZiYTgyN2I0ODI1ZGFlZThiMWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk7SmXi0BO56XBhZXIhn/WrJTww3f
D+zGu70vfmFHWrJfe7jbuKUxFAI39JAIHnjGxWw0evDp2iPreXU+vkukSnKAjKJB
ABWQncI7pMgl1xWdS/WQaZJfM8ciuSq8qa/kMseXU+3uM6qujJM2q+b8/dOH3RZM
nqamTRKbUTmcoKkoLyoSeSSofOB8dGYO3HAyCSsftwgLHWKAL6B7UfUzwrp21sfL
ROWvZz0RmFcfEORt7jXOEU8ZIT6oHMk/pAw8/VZgWC29qGGCpg8tgnuaeoVmOg6Z
VV2oNKU2JA24TofzcPQxsMgzTGh9EhSAov1OK4vlNk04LXSEkyPKi7XZLQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFEQH8+KzRJN5ZP5rqCe0gl2u6LHkMB8GA1UdIwQY
MBaAFMVtIVTtU7Yp2HKyo42c0EG9tLEoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFcwaFZPMVR0aW5ZY3JLampaelFRYjIwc1NnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9iMjQxMjctODFkZC00ZmExLTgzZjAt
N2I0MTBiNzgxZGVmLzEvUkFmejRyTkVrM2xrX211b0o3U0NYYTdvc2VRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9iMjQxMjctODFkZC00ZmExLTgzZjAtN2I0MTBiNzgxZGVm
LzEveFcwaFZPMVR0aW5ZY3JLampaelFRYjIwc1NnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQELuTQAwQE
XuUgAwQBwQhUAwQBwQhcMA0EAgACMAcDBQAqALAAMA0GCSqGSIb3DQEBCwUAA4IB
AQB+qqCmd0j79s4/5r4KuSMV6hK7gsLH6y3LKWbG7NtHIVs3IlJ9Rn1zWJLZ0vhh
TJglT3hb3IUUbcoT2UWhf09XFDmmdyD2P0MuDU4nxpCjiQQmuxNmAPAcodTrWvoL
mp+WThT+CYTSvIq2rMp6wTUDkCbHtmH4BaIhQg7b1fzFAW3jLEr8r0VGiCz5vyUD
cgLAj/MRmVVnoqs60w1ApaXibInjj2Cu+HWn4QiLD8fZu1frzPEC/Vdd0hLXAP81
ePAA0k9gEMX52SnklPmgGW4a6hi4MqRyMyFc15fdutpP/aWmB16C4DEhd0ApQdz4
Z4Dz9Vf3mOtZYUruWTYvwCoK
-----END CERTIFICATE-----