Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/e55e30-97c6-40e6-81b7-507011570ee6/1/XSMFE3ia0E0qwUVPqRJlC6S7DcA.roa
File:                     XSMFE3ia0E0qwUVPqRJlC6S7DcA.roa (raw, json)
Hash identifier:          OgPbHhQAUEc3qJ2wP5HuPy4Ji8GFZht3X1O0Y3PGch8=
Subject key identifier:   5D:23:05:13:78:9A:D0:4D:2A:C1:45:4F:A9:12:65:0B:A4:BB:0D:C0
Certificate issuer:       /CN=a04845af1dc0087b274cee52a4a9e0880335435d
Certificate serial:       018DC60C20E7FAF6FDB3F47E4BFF7F518B1E
Authority key identifier: A0:48:45:AF:1D:C0:08:7B:27:4C:EE:52:A4:A9:E0:88:03:35:43:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oEhFrx3ACHsnTO5SpKngiAM1Q10.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/e55e30-97c6-40e6-81b7-507011570ee6/1/XSMFE3ia0E0qwUVPqRJlC6S7DcA.roa
Signing time:             Tue 20 Feb 2024 10:25:00 +0000
ROA not before:           Tue 20 Feb 2024 10:25:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42910
IP address blocks:        46.235.8.0/24 maxlen: 32
                          46.235.9.0/24 maxlen: 24
                          46.235.10.0/24 maxlen: 32
                          46.235.11.0/24 maxlen: 32
                          178.210.160.0/24 maxlen: 24
                          178.210.161.0/24 maxlen: 24
                          178.210.162.0/24 maxlen: 24
                          178.210.163.0/24 maxlen: 24
                          178.210.164.0/24 maxlen: 24
                          178.210.165.0/24 maxlen: 24
                          178.210.166.0/24 maxlen: 24
                          178.210.167.0/24 maxlen: 24
                          178.210.168.0/24 maxlen: 24
                          178.210.169.0/24 maxlen: 24
                          178.210.170.0/24 maxlen: 24
                          178.210.171.0/24 maxlen: 24
                          178.210.172.0/24 maxlen: 24
                          178.210.173.0/24 maxlen: 24
                          178.210.174.0/24 maxlen: 24
                          178.210.175.0/24 maxlen: 24
                          178.210.176.0/24 maxlen: 24
                          178.210.177.0/24 maxlen: 24
                          178.210.178.0/24 maxlen: 32
                          178.210.179.0/24 maxlen: 32
                          178.210.180.0/24 maxlen: 24
                          178.210.181.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 20 Feb 2024 16:12:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c6:0c:20:e7:fa:f6:fd:b3:f4:7e:4b:ff:7f:51:8b:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a04845af1dc0087b274cee52a4a9e0880335435d
        Validity
            Not Before: Feb 20 10:25:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5d230513789ad04d2ac1454fa912650ba4bb0dc0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:64:90:2c:85:cb:c1:a2:64:0c:73:7f:13:93:
                    b4:28:26:d0:80:32:38:dc:36:88:d9:97:0e:3d:2b:
                    88:9c:53:ca:b4:67:84:c7:63:6c:c7:4a:d8:b1:1a:
                    62:30:20:b6:b6:b9:65:94:d9:ae:22:6e:f8:0c:b2:
                    d7:05:53:4c:bc:75:8a:56:7d:7b:83:4c:3e:3f:03:
                    93:53:43:65:ec:0b:46:c5:55:b7:a5:db:4c:70:8c:
                    72:b2:94:f3:87:72:65:2c:db:b2:50:8d:bf:86:24:
                    39:57:40:92:4f:93:64:6f:b2:b6:66:57:d3:f0:d4:
                    04:21:9f:0e:f3:78:fb:5b:bb:7d:60:56:ce:aa:c4:
                    d4:8c:3a:ea:1e:fb:b8:ac:b8:a8:f3:32:88:f6:c9:
                    d0:d3:b6:7a:c6:ba:04:19:70:b4:3f:e6:9d:01:61:
                    23:49:ba:d7:6d:2d:b8:15:f4:9a:21:cb:db:ab:a6:
                    36:a3:b1:a1:73:de:c0:80:b0:72:21:66:9c:c9:c2:
                    8d:81:0e:8d:50:3d:9f:ad:79:45:db:c2:cd:18:56:
                    17:25:83:82:e5:cf:d3:88:43:e5:ef:90:4a:ae:0b:
                    90:cc:a6:60:6b:db:ef:05:1d:0f:6e:5b:90:a2:5c:
                    a8:cf:98:c7:5d:eb:d6:e9:4b:26:6b:9e:d5:7d:df:
                    b2:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:23:05:13:78:9A:D0:4D:2A:C1:45:4F:A9:12:65:0B:A4:BB:0D:C0
            X509v3 Authority Key Identifier:
                keyid:A0:48:45:AF:1D:C0:08:7B:27:4C:EE:52:A4:A9:E0:88:03:35:43:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oEhFrx3ACHsnTO5SpKngiAM1Q10.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/e55e30-97c6-40e6-81b7-507011570ee6/1/XSMFE3ia0E0qwUVPqRJlC6S7DcA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/e55e30-97c6-40e6-81b7-507011570ee6/1/oEhFrx3ACHsnTO5SpKngiAM1Q10.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.235.8.0/22
                  178.210.160.0-178.210.181.255

    Signature Algorithm: sha256WithRSAEncryption
         8c:ab:e5:d5:a5:cb:e8:26:a3:98:24:16:26:e5:f3:d1:de:f9:
         c7:d6:34:71:2e:dd:c5:4c:09:98:7e:48:8e:72:50:59:8e:50:
         b0:dc:7d:5d:82:31:1e:3f:55:55:8b:e9:0c:28:7c:c3:58:73:
         05:e2:a4:d9:e4:e0:00:57:21:62:eb:7b:82:94:d2:78:46:3a:
         7b:03:22:49:bc:06:e5:dd:2c:5c:2c:14:06:0d:56:a6:93:e8:
         75:dc:00:a3:47:31:dc:cc:8f:be:90:4c:07:c4:1a:c6:37:b6:
         da:75:8b:ff:8b:31:82:8f:d2:fe:67:75:ea:24:89:39:2f:08:
         d7:77:6a:98:a7:f7:bb:8c:05:7e:2d:46:59:ec:b7:be:4f:1d:
         ea:90:e1:d9:93:61:6d:41:b4:d8:e8:f2:87:5c:f5:a0:67:f0:
         72:89:29:26:ae:ca:e7:67:a1:63:e9:d5:0e:df:a6:ac:d2:e4:
         1b:fe:33:e8:e6:47:98:0f:70:44:a9:86:17:23:25:3f:1c:27:
         68:22:da:77:e0:e9:52:3d:35:df:75:94:7a:ab:5b:80:f9:78:
         30:0f:a6:39:26:17:c6:78:9c:9c:61:a2:e7:a9:a9:01:57:70:
         c1:67:c2:64:45:28:79:96:0e:2b:05:df:66:6d:4a:1c:5f:74:
         ea:6e:4d:2c
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAY3GDCDn+vb9s/R+S/9/UYseMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwNDg0NWFmMWRjMDA4N2IyNzRjZWU1MmE0YTllMDg4MDMz
NTQzNWQwHhcNMjQwMjIwMTAyNTAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDIzMDUxMzc4OWFkMDRkMmFjMTQ1NGZhOTEyNjUwYmE0YmIwZGMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl2SQLIXLwaJkDHN/E5O0KCbQgDI4
3DaI2ZcOPSuInFPKtGeEx2Nsx0rYsRpiMCC2trlllNmuIm74DLLXBVNMvHWKVn17
g0w+PwOTU0Nl7AtGxVW3pdtMcIxyspTzh3JlLNuyUI2/hiQ5V0CST5Nkb7K2ZlfT
8NQEIZ8O83j7W7t9YFbOqsTUjDrqHvu4rLio8zKI9snQ07Z6xroEGXC0P+adAWEj
SbrXbS24FfSaIcvbq6Y2o7Ghc97AgLByIWacycKNgQ6NUD2frXlF28LNGFYXJYOC
5c/TiEPl75BKrguQzKZga9vvBR0PbluQolyoz5jHXevW6Usma57Vfd+y6QIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFF0jBRN4mtBNKsFFT6kSZQukuw3AMB8GA1UdIwQY
MBaAFKBIRa8dwAh7J0zuUqSp4IgDNUNdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0VoRnJ4M0FDSHNuVE81U3BLbmdpQU0xUTEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS9lNTVlMzAtOTdjNi00MGU2LTgxYjct
NTA3MDExNTcwZWU2LzEvWFNNRkUzaWEwRTBxd1VWUHFSSmxDNlM3RGNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS9lNTVlMzAtOTdjNi00MGU2LTgxYjctNTA3MDExNTcwZWU2
LzEvb0VoRnJ4M0FDSHNuVE81U3BLbmdpQU0xUTEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQCLusIMAwD
BAWy0qADBAGy0rQwDQYJKoZIhvcNAQELBQADggEBAIyr5dWly+gmo5gkFibl89He
+cfWNHEu3cVMCZh+SI5yUFmOULDcfV2CMR4/VVWL6QwofMNYcwXipNnk4ABXIWLr
e4KU0nhGOnsDIkm8BuXdLFwsFAYNVqaT6HXcAKNHMdzMj76QTAfEGsY3ttp1i/+L
MYKP0v5ndeokiTkvCNd3apin97uMBX4tRlnst75PHeqQ4dmTYW1BtNjo8odc9aBn
8HKJKSauyudnoWPp1Q7fpqzS5Bv+M+jmR5gPcESphhcjJT8cJ2gi2nfg6VI9Nd91
lHqrW4D5eDAPpjkmF8Z4nJxhouepqQFXcMFnwmRFKHmWDisF32ZtShxfdOpuTSw=
-----END CERTIFICATE-----