Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/ML_mGDc3LCQE3-9r7gFdoA4ZheI.roa
File:                     ML_mGDc3LCQE3-9r7gFdoA4ZheI.roa (raw, json)
Hash identifier:          LahQT+1bEcTogcFYU7tED8hjWoyYzvPTqWvjK9Xgclo=
Subject key identifier:   30:BF:E6:18:37:37:2C:24:04:DF:EF:6B:EE:01:5D:A0:0E:19:85:E2
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       0190359531A43D9FBBD85B27B562C7459708
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/ML_mGDc3LCQE3-9r7gFdoA4ZheI.roa
Signing time:             Thu 20 Jun 2024 12:18:08 +0000
ROA not before:           Thu 20 Jun 2024 12:18:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        45.135.182.0/24 maxlen: 24
                          45.135.183.0/24 maxlen: 24
                          45.144.172.0/24 maxlen: 24
                          86.107.100.0/24 maxlen: 24
                          89.34.106.0/24 maxlen: 24
                          92.114.32.0/24 maxlen: 24
                          93.114.183.0/24 maxlen: 24
                          176.223.66.0/24 maxlen: 24
                          188.64.142.0/24 maxlen: 24
                          188.208.103.0/24 maxlen: 24
                          217.19.4.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 24 Jun 2024 10:28:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:35:95:31:a4:3d:9f:bb:d8:5b:27:b5:62:c7:45:97:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jun 20 12:18:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=30bfe61837372c2404dfef6bee015da00e1985e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:d1:fc:4e:16:16:09:bf:6e:cb:5d:fa:69:76:
                    f4:68:45:1a:a4:34:c9:3d:07:33:f7:26:9d:88:41:
                    84:25:42:91:7f:82:e1:a7:48:0b:c3:20:37:8f:32:
                    9c:ca:f0:9d:e0:f7:6d:e2:78:76:e5:ab:58:71:19:
                    c9:f6:ac:fc:b9:86:84:b9:68:d3:d1:ab:eb:1b:b3:
                    08:13:e9:a5:9e:78:31:16:78:fa:78:31:6f:7c:30:
                    61:13:ea:e3:8b:54:46:81:37:c2:62:72:73:e2:eb:
                    0b:2a:07:92:70:ba:5d:f1:80:d2:95:ed:bf:1d:10:
                    01:27:7f:9c:1f:5a:74:fe:1e:70:d6:50:06:84:c4:
                    14:6a:80:9f:71:25:09:27:a5:9e:34:1e:36:f3:89:
                    e7:b7:3c:c1:78:eb:f7:c5:da:f4:38:01:21:12:2e:
                    77:bf:b3:87:8f:68:d8:d9:68:f6:40:fe:a0:4d:44:
                    7a:ca:f6:fc:8d:6e:24:52:6d:9d:aa:62:01:b0:7b:
                    81:97:d9:26:b0:53:24:53:cb:df:dd:4b:96:b5:0b:
                    11:c2:cc:bc:ef:7d:88:bc:4f:84:28:2b:9b:be:62:
                    ac:c9:f3:df:8b:ec:6b:71:fe:f2:44:46:bd:3f:d2:
                    9d:e7:31:bb:1b:d4:b9:0a:b4:3d:bb:fd:cc:dd:27:
                    32:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:BF:E6:18:37:37:2C:24:04:DF:EF:6B:EE:01:5D:A0:0E:19:85:E2
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/ML_mGDc3LCQE3-9r7gFdoA4ZheI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.182.0/23
                  45.144.172.0/24
                  86.107.100.0/24
                  89.34.106.0/24
                  92.114.32.0/24
                  93.114.183.0/24
                  176.223.66.0/24
                  188.64.142.0/24
                  188.208.103.0/24
                  217.19.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:bf:6f:6e:6d:24:ac:c0:00:e9:36:61:4b:97:8f:7d:42:e5:
         59:40:23:0b:0b:20:05:db:70:28:19:0e:39:54:91:6c:dc:e8:
         31:11:0a:7c:07:a7:b3:33:54:4c:e5:c2:0d:b3:18:69:e8:6a:
         ad:ed:52:eb:04:4f:82:22:d0:03:fc:b8:ab:b2:ca:2e:c6:19:
         f8:ea:95:39:d2:ac:fa:e1:6d:ac:f9:33:6b:c5:12:53:56:5a:
         5d:1d:a5:48:4a:9b:4b:86:92:bf:62:77:25:a1:e8:01:d2:72:
         5c:ab:54:9c:6f:f5:60:90:b7:33:75:42:d4:08:33:02:80:0b:
         23:bc:7f:cf:d4:f7:92:5d:48:fb:ba:8f:37:5c:59:b4:68:74:
         eb:ac:47:24:c1:31:13:03:80:fb:d8:bf:22:8a:60:b9:5e:03:
         26:4e:ae:c1:25:b4:42:d4:90:68:77:07:81:8c:d7:38:dd:7c:
         84:38:09:2f:2f:ff:47:a8:07:8e:56:cf:9b:79:6f:72:03:8a:
         98:7b:be:b9:49:75:28:79:1e:31:ec:f0:b1:ac:ba:4a:64:f9:
         1e:8a:e4:1e:3c:07:9c:b8:b2:63:c8:92:4c:4f:44:ce:e9:7e:
         ef:7d:38:0b:e4:5b:87:bb:7a:e6:e0:b8:c8:22:c6:2b:fc:77:
         f5:b2:f8:aa
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZA1lTGkPZ+72FsntWLHRZcIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjQwNjIwMTIxODA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGJmZTYxODM3MzcyYzI0MDRkZmVmNmJlZTAxNWRhMDBlMTk4NWUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2dH8ThYWCb9uy136aXb0aEUapDTJ
PQcz9yadiEGEJUKRf4Lhp0gLwyA3jzKcyvCd4Pdt4nh25atYcRnJ9qz8uYaEuWjT
0avrG7MIE+mlnngxFnj6eDFvfDBhE+rji1RGgTfCYnJz4usLKgeScLpd8YDSle2/
HRABJ3+cH1p0/h5w1lAGhMQUaoCfcSUJJ6WeNB4284nntzzBeOv3xdr0OAEhEi53
v7OHj2jY2Wj2QP6gTUR6yvb8jW4kUm2dqmIBsHuBl9kmsFMkU8vf3UuWtQsRwsy8
732IvE+EKCubvmKsyfPfi+xrcf7yREa9P9Kd5zG7G9S5CrQ9u/3M3ScyTQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFDC/5hg3NywkBN/va+4BXaAOGYXiMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvTUxfbUdEYzNMQ1FFMy05cjdnRmRvQTRaaGVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQBLYe2AwQA
LZCsAwQAVmtkAwQAWSJqAwQAXHIgAwQAXXK3AwQAsN9CAwQAvECOAwQAvNBnAwQA
2RMEMA0GCSqGSIb3DQEBCwUAA4IBAQBPv29ubSSswADpNmFLl499QuVZQCMLCyAF
23AoGQ45VJFs3OgxEQp8B6ezM1RM5cINsxhp6Gqt7VLrBE+CItAD/Lirssouxhn4
6pU50qz64W2s+TNrxRJTVlpdHaVISptLhpK/YncloegB0nJcq1Scb/VgkLczdULU
CDMCgAsjvH/P1PeSXUj7uo83XFm0aHTrrEckwTETA4D72L8iimC5XgMmTq7BJbRC
1JBodweBjNc43XyEOAkvL/9HqAeOVs+beW9yA4qYe765SXUoeR4x7PCxrLpKZPke
iuQePAecuLJjyJJMT0TO6X7vfTgL5FuHu3rm4LjIIsYr/Hf1sviq
-----END CERTIFICATE-----