Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/501f2b-fd1f-45ea-b494-d73dc4b41ce1/1/0fPJ2ksWfVqQ_Y1AVcqDQCtat2E.roa
File:                     0fPJ2ksWfVqQ_Y1AVcqDQCtat2E.roa (raw, json)
Hash identifier:          O9SxxXQ48I/yX3HnwZ+kfDDmtsQ5X/tjkryaT+ScrNs=
Subject key identifier:   D1:F3:C9:DA:4B:16:7D:5A:90:FD:8D:40:55:CA:83:40:2B:5A:B7:61
Certificate issuer:       /CN=bc464ba9d26385f54df6254ac248926d370445b0
Certificate serial:       018C684C19F007BD9210B1A237F338C05DCA
Authority key identifier: BC:46:4B:A9:D2:63:85:F5:4D:F6:25:4A:C2:48:92:6D:37:04:45:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vEZLqdJjhfVN9iVKwkiSbTcERbA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/501f2b-fd1f-45ea-b494-d73dc4b41ce1/1/0fPJ2ksWfVqQ_Y1AVcqDQCtat2E.roa
Signing time:             Thu 14 Dec 2023 12:27:47 +0000
ROA not before:           Thu 14 Dec 2023 12:27:47 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     8540
IP address blocks:        146.19.52.0/24 maxlen: 24
                          185.151.20.0/22 maxlen: 24
                          45.155.184.0/22 maxlen: 24
                          185.227.88.0/23 maxlen: 24
                          185.227.91.0/24 maxlen: 24
                          185.236.166.0/24 maxlen: 24
                          185.236.164.0/23 maxlen: 24
                          185.209.204.0/22 maxlen: 24
                          195.128.151.0/24 maxlen: 24
                          2a0b:4c40::/29 maxlen: 29
                          2a07:7540::/29 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 14:30:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:68:4c:19:f0:07:bd:92:10:b1:a2:37:f3:38:c0:5d:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc464ba9d26385f54df6254ac248926d370445b0
        Validity
            Not Before: Dec 14 12:27:47 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d1f3c9da4b167d5a90fd8d4055ca83402b5ab761
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:98:87:75:6b:e7:ed:77:f9:ed:89:c6:b6:79:
                    ea:68:73:52:53:46:7e:66:bf:a9:9e:e2:57:06:90:
                    16:1d:15:9d:0e:9a:0d:6e:6a:7d:57:00:34:4b:2e:
                    9f:52:b5:36:6f:16:e2:0e:d7:80:76:e0:45:5e:0f:
                    8a:2c:bb:55:7a:76:11:b7:19:97:c2:5f:d0:f7:d3:
                    63:22:94:4a:c5:61:17:a2:5f:bf:20:52:f5:1b:48:
                    f3:f6:40:97:14:4b:c1:6c:16:03:d1:56:7f:33:ff:
                    d6:a2:db:03:a4:70:d2:8f:aa:7d:9e:5f:08:b8:48:
                    87:0f:f4:71:cb:b5:63:6a:76:5f:59:87:43:d1:45:
                    f6:f8:53:cf:a2:a6:9f:57:8e:8b:e1:25:e3:88:10:
                    fc:41:e2:ba:60:b7:4f:bd:30:98:85:c0:e6:cf:d0:
                    18:92:f6:82:1f:23:9f:2c:e3:1c:3e:b3:33:cb:53:
                    da:71:0a:cd:ad:f7:32:99:7c:7d:1f:7f:01:05:e1:
                    0a:db:75:58:ed:01:fa:30:08:5c:aa:1f:5c:b4:d1:
                    d7:ba:5a:fc:b8:91:3b:a7:93:93:b9:a9:8b:ce:46:
                    84:77:e8:69:17:34:c6:61:02:7f:80:d5:43:fa:cb:
                    4f:d1:1d:00:82:0d:d9:b9:f5:f4:17:32:ff:ff:8b:
                    7f:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:F3:C9:DA:4B:16:7D:5A:90:FD:8D:40:55:CA:83:40:2B:5A:B7:61
            X509v3 Authority Key Identifier:
                keyid:BC:46:4B:A9:D2:63:85:F5:4D:F6:25:4A:C2:48:92:6D:37:04:45:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vEZLqdJjhfVN9iVKwkiSbTcERbA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/501f2b-fd1f-45ea-b494-d73dc4b41ce1/1/0fPJ2ksWfVqQ_Y1AVcqDQCtat2E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/501f2b-fd1f-45ea-b494-d73dc4b41ce1/1/vEZLqdJjhfVN9iVKwkiSbTcERbA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.184.0/22
                  146.19.52.0/24
                  185.151.20.0/22
                  185.209.204.0/22
                  185.227.88.0/23
                  185.227.91.0/24
                  185.236.164.0-185.236.166.255
                  195.128.151.0/24
                IPv6:
                  2a07:7540::/29
                  2a0b:4c40::/29

    Signature Algorithm: sha256WithRSAEncryption
         43:86:74:47:30:37:04:31:d6:4a:01:4a:77:9e:40:e8:6b:ce:
         d1:3e:8b:51:40:ee:e3:84:0f:53:75:0d:7b:61:30:58:4d:12:
         bd:04:04:0a:f6:8e:00:12:40:de:7d:2f:da:fd:38:6a:2a:b1:
         eb:85:a6:c2:7f:4e:78:99:34:5f:18:38:21:2f:5d:4c:7f:c7:
         c5:35:d6:bc:ab:2b:3b:3a:5d:79:1d:02:14:f7:8d:5f:82:d6:
         d1:ad:f7:34:67:03:3f:23:76:83:b1:94:81:5c:01:ed:4f:fa:
         cb:f6:3d:49:66:47:30:75:ef:c5:41:16:66:32:51:01:c4:81:
         28:54:5f:e8:8c:97:0e:3f:79:e7:ea:6b:b2:79:5a:d2:30:96:
         fb:98:fb:2b:ee:c4:93:a1:b1:41:06:7b:8c:9d:f5:3c:4e:4f:
         92:4e:39:91:aa:c5:6f:c0:5c:ea:94:15:04:f7:9d:71:96:76:
         fb:9c:47:4c:aa:f9:40:e0:09:d1:67:62:d4:ee:fa:d6:69:4d:
         42:95:d6:21:92:89:c6:dd:ee:73:da:c0:25:8a:2f:16:6f:26:
         52:0a:db:d8:89:b1:23:1f:a3:87:ec:01:66:fc:93:bf:6a:3a:
         5a:35:70:6a:46:4a:43:ae:fe:39:69:99:c3:3b:35:32:b9:57:
         65:5c:a9:11
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAYxoTBnwB72SELGiN/M4wF3KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjNDY0YmE5ZDI2Mzg1ZjU0ZGY2MjU0YWMyNDg5MjZkMzcw
NDQ1YjAwHhcNMjMxMjE0MTIyNzQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWYzYzlkYTRiMTY3ZDVhOTBmZDhkNDA1NWNhODM0MDJiNWFiNzYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlpiHdWvn7Xf57YnGtnnqaHNSU0Z+
Zr+pnuJXBpAWHRWdDpoNbmp9VwA0Sy6fUrU2bxbiDteAduBFXg+KLLtVenYRtxmX
wl/Q99NjIpRKxWEXol+/IFL1G0jz9kCXFEvBbBYD0VZ/M//WotsDpHDSj6p9nl8I
uEiHD/Rxy7VjanZfWYdD0UX2+FPPoqafV46L4SXjiBD8QeK6YLdPvTCYhcDmz9AY
kvaCHyOfLOMcPrMzy1PacQrNrfcymXx9H38BBeEK23VY7QH6MAhcqh9ctNHXulr8
uJE7p5OTuamLzkaEd+hpFzTGYQJ/gNVD+stP0R0Agg3ZufX0FzL//4t/gwIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFNHzydpLFn1akP2NQFXKg0ArWrdhMB8GA1UdIwQY
MBaAFLxGS6nSY4X1TfYlSsJIkm03BEWwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkVaTHFkSmpoZlZOOWlWS3draVNiVGNFUmJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS81MDFmMmItZmQxZi00NWVhLWI0OTQt
ZDczZGM0YjQxY2UxLzEvMGZQSjJrc1dmVnFRX1kxQVZjcURRQ3RhdDJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS81MDFmMmItZmQxZi00NWVhLWI0OTQtZDczZGM0YjQxY2Ux
LzEvdkVaTHFkSmpoZlZOOWlWS3draVNiVGNFUmJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjA+BAIAATA4AwQCLZu4AwQA
khM0AwQCuZcUAwQCudHMAwQBueNYAwQAueNbMAwDBAK57KQDBAC57KYDBADDgJcw
FAQCAAIwDgMFAyoHdUADBQMqC0xAMA0GCSqGSIb3DQEBCwUAA4IBAQBDhnRHMDcE
MdZKAUp3nkDoa87RPotRQO7jhA9TdQ17YTBYTRK9BAQK9o4AEkDefS/a/ThqKrHr
habCf054mTRfGDghL11Mf8fFNda8qys7Ol15HQIU941fgtbRrfc0ZwM/I3aDsZSB
XAHtT/rL9j1JZkcwde/FQRZmMlEBxIEoVF/ojJcOP3nn6muyeVrSMJb7mPsr7sST
obFBBnuMnfU8Tk+STjmRqsVvwFzqlBUE951xlnb7nEdMqvlA4AnRZ2LU7vrWaU1C
ldYhkonG3e5z2sAlii8WbyZSCtvYibEjH6OH7AFm/JO/ajpaNXBqRkpDrv45aZnD
OzUyuVdlXKkR
-----END CERTIFICATE-----