Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/fwA7gJRFfUard39Qieb4z-Wq054.roa
File:                     fwA7gJRFfUard39Qieb4z-Wq054.roa (raw, json)
Hash identifier:          5JJDeXlYLvit9aFKoRLOacEOLPr+BHdcXmV+lQR0rVM=
Subject key identifier:   7F:00:3B:80:94:45:7D:46:AB:77:7F:50:89:E6:F8:CF:E5:AA:D3:9E
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       018E9F31B0AF447ABF5D6017C56DD738A2E7
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/fwA7gJRFfUard39Qieb4z-Wq054.roa
Signing time:             Tue 02 Apr 2024 14:23:37 +0000
ROA not before:           Tue 02 Apr 2024 14:23:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202656
IP address blocks:        45.87.126.0/24 maxlen: 24
                          45.95.29.0/24 maxlen: 24
                          45.128.125.0/24 maxlen: 24
                          45.128.126.0/24 maxlen: 24
                          45.128.127.0/24 maxlen: 24
                          45.128.128.0/24 maxlen: 24
                          94.154.190.0/24 maxlen: 24
                          176.116.15.0/24 maxlen: 24
                          176.126.96.0/24 maxlen: 24
                          193.28.178.0/24 maxlen: 24
                          193.187.105.0/24 maxlen: 24
                          194.59.187.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 08 Apr 2024 12:28:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:9f:31:b0:af:44:7a:bf:5d:60:17:c5:6d:d7:38:a2:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Apr  2 14:23:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7f003b8094457d46ab777f5089e6f8cfe5aad39e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:76:74:ba:67:45:91:c9:d8:f4:cc:21:73:e2:
                    8a:35:a4:59:be:6e:5b:3f:3c:8a:f5:29:2a:a9:49:
                    f6:24:b3:1f:1a:ec:2f:cf:86:45:48:2e:45:15:4d:
                    e5:23:7d:0b:74:f8:c2:02:60:45:0f:49:98:13:15:
                    16:1b:87:15:8f:4e:0e:1f:cb:2b:d1:9f:de:e8:57:
                    5d:11:8c:5c:e3:fd:3a:6b:23:78:5a:70:e5:ed:30:
                    2c:c8:18:f6:95:26:88:a9:f5:b3:c1:26:47:62:83:
                    52:13:fa:0f:7f:26:70:3c:b6:df:77:fd:72:8a:9f:
                    2c:4a:87:9b:3a:43:fe:f3:11:09:17:8d:80:96:09:
                    a1:5c:48:bb:69:da:eb:2d:2c:4e:26:69:96:d8:79:
                    70:23:d9:2f:53:7e:aa:76:bb:e1:ae:16:20:b4:d2:
                    78:fe:2e:30:5d:60:df:8c:c0:e5:cd:fe:ec:7f:d5:
                    6a:36:3d:cb:14:4a:b3:cd:0a:9e:25:8d:b6:ae:10:
                    d0:3c:53:3f:5f:b7:b4:36:7e:89:fc:ad:c1:df:36:
                    df:89:27:26:47:bf:87:aa:98:16:24:77:86:76:8c:
                    78:64:ec:a7:42:85:4a:f2:16:8c:f2:b3:95:a2:0e:
                    34:10:42:76:b3:73:6e:6d:05:10:7e:9d:9a:f9:8f:
                    e1:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:00:3B:80:94:45:7D:46:AB:77:7F:50:89:E6:F8:CF:E5:AA:D3:9E
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/fwA7gJRFfUard39Qieb4z-Wq054.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.87.126.0/24
                  45.95.29.0/24
                  45.128.125.0-45.128.128.255
                  94.154.190.0/24
                  176.116.15.0/24
                  176.126.96.0/24
                  193.28.178.0/24
                  193.187.105.0/24
                  194.59.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:5d:56:34:f4:88:cf:f0:d0:11:48:f1:80:21:e5:d1:59:86:
         78:0a:67:0b:66:8f:3e:1f:47:82:0a:59:36:ed:91:e7:cf:4b:
         96:0b:46:40:86:7b:46:e3:24:6c:1c:f5:c8:95:7c:7c:bf:78:
         c3:11:ea:74:51:ba:97:f7:fa:fa:c0:47:24:97:60:4e:ee:e8:
         01:f8:d6:d0:39:5b:7c:3c:70:dd:49:b7:b6:d1:72:42:f6:6a:
         1c:42:1a:58:c0:c1:6d:71:b9:2c:d2:9e:31:54:12:8f:82:08:
         1a:4e:32:b2:8c:fb:a1:78:0a:bd:77:13:e4:46:87:73:01:0b:
         3b:9b:0f:f9:95:fd:f4:09:d7:47:c2:14:4c:fa:2a:9b:b0:50:
         c1:0f:1c:f4:25:31:31:b8:d2:10:56:94:b5:de:9d:9a:fc:86:
         3c:1d:1c:1b:2e:46:e9:26:23:49:f8:6b:e5:a7:ad:d0:66:4d:
         fd:90:e2:15:42:85:7a:44:b5:51:c6:1b:33:2a:8d:cb:bb:da:
         42:68:de:ff:62:c1:6a:e6:39:65:76:67:de:d6:99:36:5f:82:
         09:f4:45:e3:ae:c1:b6:60:aa:4c:d0:39:fd:84:f8:2b:e5:93:
         92:09:80:4b:a9:a8:3a:92:22:45:32:fa:cb:34:f9:c9:55:f3:
         bf:18:56:a9
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAY6fMbCvRHq/XWAXxW3XOKLnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjQwNDAyMTQyMzM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjAwM2I4MDk0NDU3ZDQ2YWI3NzdmNTA4OWU2ZjhjZmU1YWFkMzllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhHZ0umdFkcnY9Mwhc+KKNaRZvm5b
PzyK9SkqqUn2JLMfGuwvz4ZFSC5FFU3lI30LdPjCAmBFD0mYExUWG4cVj04OH8sr
0Z/e6FddEYxc4/06ayN4WnDl7TAsyBj2lSaIqfWzwSZHYoNSE/oPfyZwPLbfd/1y
ip8sSoebOkP+8xEJF42AlgmhXEi7adrrLSxOJmmW2HlwI9kvU36qdrvhrhYgtNJ4
/i4wXWDfjMDlzf7sf9VqNj3LFEqzzQqeJY22rhDQPFM/X7e0Nn6J/K3B3zbfiScm
R7+HqpgWJHeGdox4ZOynQoVK8haM8rOVog40EEJ2s3NubQUQfp2a+Y/hNwIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFH8AO4CURX1Gq3d/UInm+M/lqtOeMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvZndBN2dKUkZmVWFyZDM5UWllYjR6LVdxMDU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQALVd+AwQA
LV8dMAwDBAAtgH0DBAAtgIADBABemr4DBACwdA8DBACwfmADBADBHLIDBADBu2kD
BADCO7swDQYJKoZIhvcNAQELBQADggEBABNdVjT0iM/w0BFI8YAh5dFZhngKZwtm
jz4fR4IKWTbtkefPS5YLRkCGe0bjJGwc9ciVfHy/eMMR6nRRupf3+vrARySXYE7u
6AH41tA5W3w8cN1Jt7bRckL2ahxCGljAwW1xuSzSnjFUEo+CCBpOMrKM+6F4Cr13
E+RGh3MBCzubD/mV/fQJ10fCFEz6KpuwUMEPHPQlMTG40hBWlLXenZr8hjwdHBsu
RukmI0n4a+WnrdBmTf2Q4hVChXpEtVHGGzMqjcu72kJo3v9iwWrmOWV2Z97WmTZf
ggn0ReOuwbZgqkzQOf2E+Cvlk5IJgEupqDqSIkUy+ss0+clV878YVqk=
-----END CERTIFICATE-----