Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/0e7ed3-48cb-4afe-8d15-dffe17f3db54/1/RgZuqmmZn4KDh3oZLKcvQalyNXs.roa
File:                     RgZuqmmZn4KDh3oZLKcvQalyNXs.roa (raw, json)
Hash identifier:          KQMiBgoQMQKgYhzsOOjRGzWFIlBMbnV/NsG4iPNOe0o=
Subject key identifier:   46:06:6E:AA:69:99:9F:82:83:87:7A:19:2C:A7:2F:41:A9:72:35:7B
Certificate issuer:       /CN=9812e491aaa655b6324dbcc0cff00a8d63191076
Certificate serial:       018D3BEBE505E8BE0C7D4E118D2E9506A935
Authority key identifier: 98:12:E4:91:AA:A6:55:B6:32:4D:BC:C0:CF:F0:0A:8D:63:19:10:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mBLkkaqmVbYyTbzAz_AKjWMZEHY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/0e7ed3-48cb-4afe-8d15-dffe17f3db54/1/RgZuqmmZn4KDh3oZLKcvQalyNXs.roa
Signing time:             Wed 24 Jan 2024 14:42:11 +0000
ROA not before:           Wed 24 Jan 2024 14:42:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8362
IP address blocks:        5.158.240.0/20 maxlen: 20
                          37.220.48.0/20 maxlen: 20
                          46.162.128.0/18 maxlen: 18
                          62.64.32.0/19 maxlen: 19
                          79.141.192.0/24 maxlen: 24
                          79.141.193.0/24 maxlen: 24
                          79.141.194.0/24 maxlen: 24
                          79.141.197.0/24 maxlen: 24
                          79.141.206.0/23 maxlen: 23
                          195.146.224.0/20 maxlen: 20
                          195.146.240.0/20 maxlen: 20
                          2a01:8e80::/29 maxlen: 29

Validation:               Failed, certificate revoked on Mon 19 Feb 2024 09:18:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:3b:eb:e5:05:e8:be:0c:7d:4e:11:8d:2e:95:06:a9:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9812e491aaa655b6324dbcc0cff00a8d63191076
        Validity
            Not Before: Jan 24 14:42:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=46066eaa69999f8283877a192ca72f41a972357b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:a0:ed:17:83:c7:85:55:36:ab:80:b3:d0:84:
                    3e:07:f6:49:3f:2a:87:6f:9e:46:fa:88:d4:a6:6d:
                    45:38:a5:7d:39:6f:a3:2d:93:bf:7f:57:ca:4f:0b:
                    c9:57:70:96:fd:f9:bf:0f:59:8d:5c:4a:d4:fb:1c:
                    ff:a3:40:66:06:3e:82:31:3e:da:0b:ff:4c:86:14:
                    55:66:96:6f:f5:d5:ac:95:b6:d4:ed:20:1c:c5:f6:
                    eb:c8:98:5d:3f:dd:b3:13:b3:10:e0:03:c4:94:35:
                    74:67:73:c2:14:84:d2:b9:e2:0d:13:26:66:25:af:
                    45:1f:9e:17:84:6e:0d:e6:3f:fe:e1:a4:30:a9:c2:
                    9b:cf:56:48:3a:81:05:12:e3:45:9d:79:ff:a1:7a:
                    06:d0:7e:1d:39:42:6f:22:b3:65:8c:d4:74:4c:4d:
                    6d:2e:0b:95:f8:0c:ab:50:02:3d:b7:3e:ef:02:5a:
                    d5:8b:6e:4f:22:ca:88:b7:27:d4:1e:37:b6:ce:88:
                    74:72:4b:95:fa:a0:ff:21:13:7c:d4:8b:c8:70:09:
                    61:93:9d:ee:be:03:ae:eb:b7:f5:bb:81:ca:8e:00:
                    10:95:df:a4:51:c6:15:4f:47:83:3b:ff:6d:6c:70:
                    02:ff:db:81:b7:c8:ef:a7:eb:74:65:0e:c4:61:20:
                    e4:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:06:6E:AA:69:99:9F:82:83:87:7A:19:2C:A7:2F:41:A9:72:35:7B
            X509v3 Authority Key Identifier:
                keyid:98:12:E4:91:AA:A6:55:B6:32:4D:BC:C0:CF:F0:0A:8D:63:19:10:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mBLkkaqmVbYyTbzAz_AKjWMZEHY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/0e7ed3-48cb-4afe-8d15-dffe17f3db54/1/RgZuqmmZn4KDh3oZLKcvQalyNXs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/0e7ed3-48cb-4afe-8d15-dffe17f3db54/1/mBLkkaqmVbYyTbzAz_AKjWMZEHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.158.240.0/20
                  37.220.48.0/20
                  46.162.128.0/18
                  62.64.32.0/19
                  79.141.192.0-79.141.194.255
                  79.141.197.0/24
                  79.141.206.0/23
                  195.146.224.0/19
                IPv6:
                  2a01:8e80::/29

    Signature Algorithm: sha256WithRSAEncryption
         98:c7:51:95:f7:05:92:2e:1a:2e:c0:ce:6c:02:eb:e0:63:d1:
         f2:ac:20:82:3f:71:39:7e:a6:da:42:cd:75:c2:ac:38:bb:b3:
         bd:40:54:be:63:6d:77:3c:f5:91:a0:65:a0:1b:9e:03:25:55:
         2e:88:86:72:98:d7:61:d4:8d:ad:07:a0:45:ef:60:4a:30:01:
         29:36:62:aa:ba:70:24:a1:09:04:3a:ee:2e:b3:7a:fe:a5:6a:
         7a:ac:25:65:ed:0d:6d:a2:ad:17:30:b2:9e:fb:33:9f:e6:9d:
         5c:82:7a:2c:e4:cf:2a:4a:46:b2:08:6c:78:fb:1d:42:ee:cc:
         75:2f:03:03:98:3a:e7:86:c9:27:d8:1e:97:03:84:4f:5f:f0:
         88:76:c6:89:62:07:71:0b:80:90:87:0f:53:ba:94:dd:e7:9d:
         fe:61:41:4d:0c:35:82:f0:da:23:ed:95:8b:f0:3c:71:55:01:
         3d:d0:5b:36:3a:ac:23:e1:49:30:df:a2:d8:fc:85:73:27:8e:
         48:8f:de:d9:73:85:fc:c5:80:4b:f9:b7:46:25:d5:73:72:55:
         50:d9:1d:8a:99:81:22:02:4a:5e:e2:9d:40:d3:74:2c:fd:c9:
         2c:d3:94:b3:73:f2:89:cf:96:8e:de:d0:a9:40:3c:da:08:3b:
         5b:33:6c:c5
-----BEGIN CERTIFICATE-----
MIIFPjCCBCagAwIBAgISAY076+UF6L4MfU4RjS6VBqk1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MTJlNDkxYWFhNjU1YjYzMjRkYmNjMGNmZjAwYThkNjMx
OTEwNzYwHhcNMjQwMTI0MTQ0MjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjA2NmVhYTY5OTk5ZjgyODM4NzdhMTkyY2E3MmY0MWE5NzIzNTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkqDtF4PHhVU2q4Cz0IQ+B/ZJPyqH
b55G+ojUpm1FOKV9OW+jLZO/f1fKTwvJV3CW/fm/D1mNXErU+xz/o0BmBj6CMT7a
C/9MhhRVZpZv9dWslbbU7SAcxfbryJhdP92zE7MQ4APElDV0Z3PCFITSueINEyZm
Ja9FH54XhG4N5j/+4aQwqcKbz1ZIOoEFEuNFnXn/oXoG0H4dOUJvIrNljNR0TE1t
LguV+AyrUAI9tz7vAlrVi25PIsqItyfUHje2zoh0ckuV+qD/IRN81IvIcAlhk53u
vgOu67f1u4HKjgAQld+kUcYVT0eDO/9tbHAC/9uBt8jvp+t0ZQ7EYSDkiwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFEYGbqppmZ+Cg4d6GSynL0GpcjV7MB8GA1UdIwQY
MBaAFJgS5JGqplW2Mk28wM/wCo1jGRB2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUJMa2thcW1WYll5VGJ6QXpfQUtqV01aRUhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni8wZTdlZDMtNDhjYi00YWZlLThkMTUt
ZGZmZTE3ZjNkYjU0LzEvUmdadXFtbVpuNEtEaDNvWkxLY3ZRYWx5TlhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni8wZTdlZDMtNDhjYi00YWZlLThkMTUtZGZmZTE3ZjNkYjU0
LzEvbUJMa2thcW1WYll5VGJ6QXpfQUtqV01aRUhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGAGCCsGAQUFBwEHAQH/BFEwTzA+BAIAATA4AwQEBZ7wAwQE
JdwwAwQGLqKAAwQFPkAgMAwDBAZPjcADBABPjcIDBABPjcUDBAFPjc4DBAXDkuAw
DQQCAAIwBwMFAyoBjoAwDQYJKoZIhvcNAQELBQADggEBAJjHUZX3BZIuGi7AzmwC
6+Bj0fKsIII/cTl+ptpCzXXCrDi7s71AVL5jbXc89ZGgZaAbngMlVS6IhnKY12HU
ja0HoEXvYEowASk2Yqq6cCShCQQ67i6zev6lanqsJWXtDW2irRcwsp77M5/mnVyC
eizkzypKRrIIbHj7HULuzHUvAwOYOueGySfYHpcDhE9f8Ih2xoliB3ELgJCHD1O6
lN3nnf5hQU0MNYLw2iPtlYvwPHFVAT3QWzY6rCPhSTDfotj8hXMnjkiP3tlzhfzF
gEv5t0Yl1XNyVVDZHYqZgSICSl7inUDTdCz9ySzTlLNz8onPlo7e0KlAPNoIO1sz
bMU=
-----END CERTIFICATE-----