Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/3IvwZQtmrsCjl8Rtbv4N6XGscls.roa
File:                     3IvwZQtmrsCjl8Rtbv4N6XGscls.roa (raw, json)
Hash identifier:          zfR4S3qnZMcaTowLHaiNWbnbIX76wfbyA2+mYttjxAQ=
Subject key identifier:   DC:8B:F0:65:0B:66:AE:C0:A3:97:C4:6D:6E:FE:0D:E9:71:AC:72:5B
Certificate issuer:       /CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Certificate serial:       018E4653DD23EB89D730DA4084D40F956DBC
Authority key identifier: 6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/3IvwZQtmrsCjl8Rtbv4N6XGscls.roa
Signing time:             Sat 16 Mar 2024 08:14:44 +0000
ROA not before:           Sat 16 Mar 2024 08:14:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48359
IP address blocks:        45.94.214.0/24 maxlen: 24
                          45.94.215.0/24 maxlen: 24
                          89.42.44.0/22 maxlen: 22
                          89.44.240.0/24 maxlen: 24
                          89.44.241.0/24 maxlen: 24
                          89.44.242.0/24 maxlen: 24
                          89.46.217.0/24 maxlen: 24
                          185.3.200.0/24 maxlen: 24
                          185.239.1.0/24 maxlen: 24
                          188.212.99.0/24 maxlen: 24
                          188.240.196.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 09 Jul 2024 17:46:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:46:53:dd:23:eb:89:d7:30:da:40:84:d4:0f:95:6d:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ddb38b343da2d119309edaa19c7a78870327ebe
        Validity
            Not Before: Mar 16 08:14:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dc8bf0650b66aec0a397c46d6efe0de971ac725b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:fb:94:2a:3d:d7:32:36:02:7a:23:50:34:8c:
                    c1:2f:fa:ba:a8:61:7e:ff:28:15:d2:2e:a9:38:c1:
                    93:f8:c6:7f:32:75:17:f8:41:a9:bf:0f:87:26:71:
                    a5:64:e2:48:80:7e:b0:0c:00:53:2d:ef:7c:74:33:
                    25:20:94:cc:16:ae:f1:ef:09:49:39:c0:2f:81:34:
                    c1:9c:7e:ce:bd:6e:a9:fe:01:d8:8b:36:81:71:62:
                    46:77:6f:9e:63:99:e7:57:22:a8:43:42:0b:3c:62:
                    35:af:c0:00:e4:38:38:48:48:dc:39:1b:7b:a1:98:
                    2a:46:25:8b:d4:2e:86:48:35:34:50:f6:04:2d:6b:
                    e7:e8:7d:10:9c:72:53:1e:e6:32:fc:b4:db:c3:f1:
                    9b:fa:90:6f:ba:55:22:68:9d:57:f6:ce:b9:98:fa:
                    72:5a:fc:23:f4:dd:de:fd:c9:32:0c:39:2f:87:3d:
                    71:b9:19:85:e8:48:1d:d9:f3:55:b1:eb:b4:50:9b:
                    95:56:f5:dc:b6:c2:f9:47:be:68:d6:66:41:ca:d6:
                    3a:cd:45:4f:2e:d7:07:e0:38:14:33:a7:87:25:14:
                    ba:15:cb:09:0e:d1:3e:d7:c5:b4:bf:0d:d6:04:b0:
                    b2:99:29:14:e7:0b:bc:77:37:2c:0a:c7:b2:9c:83:
                    cd:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:8B:F0:65:0B:66:AE:C0:A3:97:C4:6D:6E:FE:0D:E9:71:AC:72:5B
            X509v3 Authority Key Identifier:
                keyid:6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/3IvwZQtmrsCjl8Rtbv4N6XGscls.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.94.214.0/23
                  89.42.44.0/22
                  89.44.240.0-89.44.242.255
                  89.46.217.0/24
                  185.3.200.0/24
                  185.239.1.0/24
                  188.212.99.0/24
                  188.240.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:cb:dc:b4:10:7d:84:b7:e4:39:d9:ff:a6:22:ce:3f:98:b6:
         2a:4e:00:f1:ae:94:4d:d8:5b:40:4e:bd:00:95:62:1b:78:e0:
         b7:87:1b:f8:ec:b7:b8:4e:c5:35:9e:e3:e5:e3:bb:a3:77:b1:
         5f:72:69:13:1d:10:94:49:f5:63:e3:0c:35:86:99:08:e9:dd:
         44:f5:2a:0f:81:f9:6f:90:d1:68:40:76:0d:a6:29:65:db:8e:
         e7:84:10:dd:e3:1a:fe:66:98:84:64:ec:36:04:20:43:a7:a8:
         5d:64:1d:66:57:45:11:45:c4:f2:cf:56:38:29:5a:0c:c5:c2:
         e3:02:d2:89:45:bc:f2:9c:a0:98:ee:2a:22:a0:5e:7b:e6:11:
         f1:1e:2d:0d:b5:24:ce:bf:d0:39:58:ee:c6:89:0e:90:84:53:
         5a:ed:58:12:04:b9:7c:03:6d:55:a5:40:f9:bc:f4:c1:ed:bd:
         da:38:67:16:40:a0:02:36:cb:11:28:44:76:cf:74:2a:f7:a0:
         49:25:46:a3:a6:41:b1:0b:bf:58:8a:eb:79:b7:06:70:83:71:
         cc:57:2d:6d:1c:7c:ed:c3:e1:11:83:9f:95:ab:c3:41:79:fa:
         8d:8d:2d:99:41:43:4a:1e:1e:b0:3a:f2:c7:b8:26:d4:76:42:
         d1:85:95:a5
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAY5GU90j64nXMNpAhNQPlW28MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZGIzOGIzNDNkYTJkMTE5MzA5ZWRhYTE5YzdhNzg4NzAz
MjdlYmUwHhcNMjQwMzE2MDgxNDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzhiZjA2NTBiNjZhZWMwYTM5N2M0NmQ2ZWZlMGRlOTcxYWM3MjViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjfuUKj3XMjYCeiNQNIzBL/q6qGF+
/ygV0i6pOMGT+MZ/MnUX+EGpvw+HJnGlZOJIgH6wDABTLe98dDMlIJTMFq7x7wlJ
OcAvgTTBnH7OvW6p/gHYizaBcWJGd2+eY5nnVyKoQ0ILPGI1r8AA5Dg4SEjcORt7
oZgqRiWL1C6GSDU0UPYELWvn6H0QnHJTHuYy/LTbw/Gb+pBvulUiaJ1X9s65mPpy
Wvwj9N3e/ckyDDkvhz1xuRmF6Egd2fNVseu0UJuVVvXctsL5R75o1mZBytY6zUVP
LtcH4DgUM6eHJRS6FcsJDtE+18W0vw3WBLCymSkU5wu8dzcsCseynIPNOQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFNyL8GULZq7Ao5fEbW7+DelxrHJbMB8GA1UdIwQY
MBaAFG3bOLND2i0RkwntqhnHp4hwMn6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQt
M2RmYTUxMGQ2YjE2LzEvM0l2d1pRdG1yc0NqbDhSdGJ2NE42WEdzY2xzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQtM2RmYTUxMGQ2YjE2
LzEvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQBLV7WAwQC
WSosMAwDBARZLPADBABZLPIDBABZLtkDBAC5A8gDBAC57wEDBAC81GMDBAC88MQw
DQYJKoZIhvcNAQELBQADggEBABbL3LQQfYS35DnZ/6Yizj+YtipOAPGulE3YW0BO
vQCVYht44LeHG/jst7hOxTWe4+Xju6N3sV9yaRMdEJRJ9WPjDDWGmQjp3UT1Kg+B
+W+Q0WhAdg2mKWXbjueEEN3jGv5mmIRk7DYEIEOnqF1kHWZXRRFFxPLPVjgpWgzF
wuMC0olFvPKcoJjuKiKgXnvmEfEeLQ21JM6/0DlY7saJDpCEU1rtWBIEuXwDbVWl
QPm89MHtvdo4ZxZAoAI2yxEoRHbPdCr3oEklRqOmQbELv1iK63m3BnCDccxXLW0c
fO3D4RGDn5Wrw0F5+o2NLZlBQ0oeHrA68se4JtR2QtGFlaU=
-----END CERTIFICATE-----