Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/c8ec95-b5f5-44fb-b93d-2092af647070/1/ohhOUlVMKCKsWBTTVv_mzLzERxc.roa
File:                     ohhOUlVMKCKsWBTTVv_mzLzERxc.roa (raw, json)
Hash identifier:          eY0dpYrB3O8M1UbJAafN/MbV0/Yxa79OGEZjwNmPYyQ=
Subject key identifier:   A2:18:4E:52:55:4C:28:22:AC:58:14:D3:56:FF:E6:CC:BC:C4:47:17
Certificate issuer:       /CN=8c186a56ea84c13c62768a9d17bae133cedf1045
Certificate serial:       01919E5650C50B604E4D4A36E3A444819CBF
Authority key identifier: 8C:18:6A:56:EA:84:C1:3C:62:76:8A:9D:17:BA:E1:33:CE:DF:10:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jBhqVuqEwTxidoqdF7rhM87fEEU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/c8ec95-b5f5-44fb-b93d-2092af647070/1/ohhOUlVMKCKsWBTTVv_mzLzERxc.roa
Signing time:             Thu 29 Aug 2024 13:32:22 +0000
ROA not before:           Thu 29 Aug 2024 13:32:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208687
IP address blocks:        45.89.4.0/22 maxlen: 24
                          141.195.128.0/18 maxlen: 24
                          141.195.160.0/24 maxlen: 24
                          141.195.161.0/24 maxlen: 24
                          141.195.162.0/24 maxlen: 24
                          141.195.179.0/24 maxlen: 24
                          141.195.181.0/24 maxlen: 24
                          141.195.182.0/24 maxlen: 24
                          141.195.184.0/24 maxlen: 24
                          141.195.188.0/24 maxlen: 24
                          141.195.189.0/24 maxlen: 24
                          141.195.190.0/23 maxlen: 23
                          185.147.244.0/23 maxlen: 24
                          185.147.244.0/24 maxlen: 24
                          185.147.245.0/24 maxlen: 24
                          2a0a:5580::/29 maxlen: 48

Validation:               Failed, certificate revoked on Thu 29 Aug 2024 13:46:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:9e:56:50:c5:0b:60:4e:4d:4a:36:e3:a4:44:81:9c:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8c186a56ea84c13c62768a9d17bae133cedf1045
        Validity
            Not Before: Aug 29 13:32:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a2184e52554c2822ac5814d356ffe6ccbcc44717
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:72:ef:ee:14:cd:29:dc:cb:e8:5a:f0:a5:c5:
                    10:20:9d:31:09:95:1e:0a:99:22:2c:e3:93:5e:7d:
                    d6:40:76:4d:c7:f2:91:d5:cb:1c:9e:91:20:8a:44:
                    54:72:bd:64:a6:75:e3:03:cd:14:f4:8a:3f:f4:6c:
                    cc:6c:d8:eb:d2:56:bd:63:20:ea:d8:46:0f:b2:f6:
                    6e:51:db:b9:bc:34:3d:d3:1c:fb:1c:de:34:b8:32:
                    be:14:81:c2:c7:48:95:25:75:30:72:ff:cc:2e:b1:
                    a9:77:c1:0b:4f:6f:1f:e9:72:75:b4:1e:09:fa:5b:
                    3a:39:aa:7e:92:18:f3:75:68:f4:4f:06:8d:5e:14:
                    29:9b:b1:1e:d8:3f:50:7e:e6:37:63:66:41:94:59:
                    08:2a:a5:2d:60:90:d8:8c:03:70:3a:05:79:88:4c:
                    3f:60:03:30:e2:09:79:5b:1d:97:09:1f:89:7e:3f:
                    eb:58:6d:e9:21:d6:58:e4:86:20:ec:24:7c:72:01:
                    60:93:5f:79:94:d4:12:01:32:9d:92:16:e6:74:45:
                    7a:16:b1:71:58:1b:c9:ad:fc:0c:68:27:b4:cb:7b:
                    80:cb:51:e8:32:c6:a7:6e:d3:a5:b5:87:31:04:45:
                    81:fc:13:8a:e9:18:14:c5:90:cf:d0:32:19:db:66:
                    f8:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:18:4E:52:55:4C:28:22:AC:58:14:D3:56:FF:E6:CC:BC:C4:47:17
            X509v3 Authority Key Identifier:
                keyid:8C:18:6A:56:EA:84:C1:3C:62:76:8A:9D:17:BA:E1:33:CE:DF:10:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jBhqVuqEwTxidoqdF7rhM87fEEU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/c8ec95-b5f5-44fb-b93d-2092af647070/1/ohhOUlVMKCKsWBTTVv_mzLzERxc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/c8ec95-b5f5-44fb-b93d-2092af647070/1/jBhqVuqEwTxidoqdF7rhM87fEEU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.4.0/22
                  141.195.128.0/18
                  185.147.244.0/23
                IPv6:
                  2a0a:5580::/29

    Signature Algorithm: sha256WithRSAEncryption
         4f:ea:81:74:7e:29:a6:45:c0:51:2e:54:bc:b4:c4:83:64:6a:
         67:57:43:01:db:c3:30:cd:35:39:fa:3c:d5:d1:3c:ac:8f:18:
         6f:06:32:b0:db:53:68:81:e3:0c:48:7e:4f:1b:b9:e8:92:0a:
         9f:6a:07:3a:7f:f1:0b:9c:26:c2:0e:3d:eb:95:e3:b9:a6:27:
         bc:92:12:88:0c:f4:18:73:09:db:11:fd:f2:3d:12:2e:11:7e:
         ce:9c:e1:6f:a2:62:80:a8:e2:93:08:8c:4c:5d:8f:a2:13:1a:
         b4:bb:ec:8e:77:c5:cb:13:bc:0f:58:50:58:3f:8a:c1:6e:27:
         53:ce:b8:5e:27:9f:dc:f7:72:34:3f:9f:4f:05:75:02:d0:f3:
         e0:06:dd:6a:8c:e4:67:10:ce:a1:6f:71:9a:3c:ee:d8:23:5f:
         61:4e:8c:12:06:b8:df:19:eb:bb:5c:f6:12:2c:65:c3:ec:88:
         3d:7b:23:50:a0:2e:24:c6:0b:a1:c8:4d:10:0f:8d:f8:3a:b9:
         30:5a:11:6b:9a:ee:84:fa:6e:40:75:d8:67:fb:79:54:13:4e:
         d8:b2:51:cd:38:8d:d3:db:b4:7e:7a:e7:87:f7:bc:3c:32:0f:
         f7:72:cc:d6:b3:be:06:f6:d0:66:3f:79:d9:53:55:64:1f:d5:
         37:a2:3a:72
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZGeVlDFC2BOTUo246REgZy/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjMTg2YTU2ZWE4NGMxM2M2Mjc2OGE5ZDE3YmFlMTMzY2Vk
ZjEwNDUwHhcNMjQwODI5MTMzMjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjE4NGU1MjU1NGMyODIyYWM1ODE0ZDM1NmZmZTZjY2JjYzQ0NzE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt3Lv7hTNKdzL6FrwpcUQIJ0xCZUe
CpkiLOOTXn3WQHZNx/KR1cscnpEgikRUcr1kpnXjA80U9Io/9GzMbNjr0la9YyDq
2EYPsvZuUdu5vDQ90xz7HN40uDK+FIHCx0iVJXUwcv/MLrGpd8ELT28f6XJ1tB4J
+ls6Oap+khjzdWj0TwaNXhQpm7Ee2D9QfuY3Y2ZBlFkIKqUtYJDYjANwOgV5iEw/
YAMw4gl5Wx2XCR+Jfj/rWG3pIdZY5IYg7CR8cgFgk195lNQSATKdkhbmdEV6FrFx
WBvJrfwMaCe0y3uAy1HoMsanbtOltYcxBEWB/BOK6RgUxZDP0DIZ22b4BwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFKIYTlJVTCgirFgU01b/5sy8xEcXMB8GA1UdIwQY
MBaAFIwYalbqhME8YnaKnRe64TPO3xBFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvakJocVZ1cUV3VHhpZG9xZEY3cmhNODdmRUVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi9jOGVjOTUtYjVmNS00NGZiLWI5M2Qt
MjA5MmFmNjQ3MDcwLzEvb2hoT1VsVk1LQ0tzV0JUVFZ2X216THpFUnhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi9jOGVjOTUtYjVmNS00NGZiLWI5M2QtMjA5MmFmNjQ3MDcw
LzEvakJocVZ1cUV3VHhpZG9xZEY3cmhNODdmRUVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQCLVkEAwQG
jcOAAwQBuZP0MA0EAgACMAcDBQMqClWAMA0GCSqGSIb3DQEBCwUAA4IBAQBP6oF0
fimmRcBRLlS8tMSDZGpnV0MB28MwzTU5+jzV0TysjxhvBjKw21NogeMMSH5PG7no
kgqfagc6f/ELnCbCDj3rleO5pie8khKIDPQYcwnbEf3yPRIuEX7OnOFvomKAqOKT
CIxMXY+iExq0u+yOd8XLE7wPWFBYP4rBbidTzrheJ5/c93I0P59PBXUC0PPgBt1q
jORnEM6hb3GaPO7YI19hTowSBrjfGeu7XPYSLGXD7Ig9eyNQoC4kxguhyE0QD434
OrkwWhFrmu6E+m5Addhn+3lUE07YslHNOI3T27R+eueH97w8Mg/3cszWs74G9tBm
P3nZU1VkH9U3ojpy
-----END CERTIFICATE-----