Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/CD_hW9fCuHQw1VciyYW6OfzfyQs.roa
File:                     CD_hW9fCuHQw1VciyYW6OfzfyQs.roa (raw, json)
Hash identifier:          NF6enanWJJioObpzPoVyjLz6GxOQ1S5r64rHjsdlYGE=
Subject key identifier:   08:3F:E1:5B:D7:C2:B8:74:30:D5:57:22:C9:85:BA:39:FC:DF:C9:0B
Certificate issuer:       /CN=117f9d55826b42486dfc84d35c1a63a5ce87507c
Certificate serial:       01904E24848F3B2C864FC2A47790390EEA0C
Authority key identifier: 11:7F:9D:55:82:6B:42:48:6D:FC:84:D3:5C:1A:63:A5:CE:87:50:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EX-dVYJrQkht_ITTXBpjpc6HUHw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/CD_hW9fCuHQw1VciyYW6OfzfyQs.roa
Signing time:             Tue 25 Jun 2024 06:45:34 +0000
ROA not before:           Tue 25 Jun 2024 06:45:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48467
IP address blocks:        94.228.160.0/24 maxlen: 24
                          94.228.167.0/24 maxlen: 24
                          94.228.170.0/24 maxlen: 24
                          94.228.171.0/24 maxlen: 24
                          94.228.172.0/22 maxlen: 22
                          178.236.240.0/23 maxlen: 23
                          178.236.242.0/24 maxlen: 24
                          178.236.245.0/24 maxlen: 24
                          178.236.248.0/22 maxlen: 22
                          178.236.252.0/24 maxlen: 24
                          178.236.255.0/24 maxlen: 24
                          185.46.44.0/23 maxlen: 23
                          185.46.44.0/24 maxlen: 24
                          185.46.45.0/24 maxlen: 24
                          185.46.46.0/23 maxlen: 23
                          185.46.46.0/24 maxlen: 24
                          185.46.47.0/24 maxlen: 24
                          2a02:2070::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 25 Jun 2024 08:11:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4e:24:84:8f:3b:2c:86:4f:c2:a4:77:90:39:0e:ea:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=117f9d55826b42486dfc84d35c1a63a5ce87507c
        Validity
            Not Before: Jun 25 06:45:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=083fe15bd7c2b87430d55722c985ba39fcdfc90b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:46:db:89:d5:fb:18:1e:f4:6c:ab:57:d6:ba:
                    4b:c3:a5:9f:48:3a:fb:86:17:2d:d2:0e:31:0d:56:
                    f2:e7:d5:b4:3b:b9:e0:92:24:5d:32:05:47:23:fc:
                    6c:75:d5:28:7e:1a:18:fc:ad:27:e8:3c:00:32:ab:
                    a1:37:2c:ce:55:fc:f1:45:95:07:1d:69:da:af:d8:
                    85:11:76:f3:a2:6d:a2:f2:c1:e8:07:3d:8e:71:de:
                    b4:d4:60:56:15:1a:c4:6e:c4:ca:77:b0:e2:be:9f:
                    10:3d:13:fe:89:ee:39:cf:95:00:78:6f:e8:6e:48:
                    33:f7:4b:6a:2a:84:3d:51:c7:47:c5:21:fd:af:08:
                    74:6e:e2:d7:b9:da:ad:2d:93:2f:22:7b:32:48:8e:
                    77:ec:89:aa:ff:96:e1:56:34:e4:3c:b2:49:55:f8:
                    54:72:83:59:2f:e8:4b:53:9f:89:f2:7a:44:6d:60:
                    6d:f0:8d:a1:25:17:60:60:86:9b:38:f7:20:7b:8d:
                    de:89:44:b3:6c:b4:e5:41:2c:55:95:8a:99:14:1f:
                    2b:08:a4:7f:d3:86:c1:3d:fb:50:39:9d:32:04:40:
                    b7:7f:cb:08:5f:2c:63:f6:2a:cc:73:11:ad:0c:de:
                    69:96:93:18:37:36:e9:11:8b:cf:51:1f:8f:cf:55:
                    eb:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:3F:E1:5B:D7:C2:B8:74:30:D5:57:22:C9:85:BA:39:FC:DF:C9:0B
            X509v3 Authority Key Identifier:
                keyid:11:7F:9D:55:82:6B:42:48:6D:FC:84:D3:5C:1A:63:A5:CE:87:50:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EX-dVYJrQkht_ITTXBpjpc6HUHw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/CD_hW9fCuHQw1VciyYW6OfzfyQs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/EX-dVYJrQkht_ITTXBpjpc6HUHw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.228.160.0/24
                  94.228.167.0/24
                  94.228.170.0-94.228.175.255
                  178.236.240.0-178.236.242.255
                  178.236.245.0/24
                  178.236.248.0-178.236.252.255
                  178.236.255.0/24
                  185.46.44.0/22
                IPv6:
                  2a02:2070::/32

    Signature Algorithm: sha256WithRSAEncryption
         0e:07:45:fc:6c:33:c0:f6:63:fb:d2:df:de:b2:7a:30:8e:49:
         87:be:d6:47:c3:13:f6:75:86:e8:31:14:e4:59:a6:24:c4:56:
         11:96:1e:29:ad:e0:49:cf:4a:4c:7e:fc:57:08:48:92:33:0e:
         68:b6:9e:52:94:a2:a8:8d:38:e8:83:15:ae:4a:8e:55:0d:01:
         e8:43:6b:71:6e:88:54:3e:d3:86:64:74:9b:cb:90:05:bc:dd:
         5e:5d:be:4e:4a:cb:aa:57:57:e7:a1:b5:bc:e8:51:fd:bb:4e:
         18:bc:89:a2:62:8d:fe:95:f0:ac:b4:74:c7:a6:9c:b7:3e:ea:
         da:7c:84:ff:63:f9:e3:fd:06:5a:2b:07:2b:51:14:f8:17:f6:
         3a:9d:b4:c0:98:bb:4d:5f:20:09:fa:c6:0e:7d:b8:84:96:2b:
         54:39:38:b8:d4:50:85:75:65:05:d7:6b:da:fd:09:91:7d:a6:
         8b:4c:f9:61:fc:e3:5a:c3:21:dd:ef:b8:89:4c:cd:2f:3b:ff:
         9e:74:ad:bd:3e:18:42:a2:2c:28:55:42:58:52:cf:65:6a:be:
         e6:03:99:5d:8c:46:5c:b3:76:ce:8d:00:db:80:97:ef:27:66:
         17:6e:8c:5a:40:d2:23:bb:15:d2:7f:2d:6e:ac:b9:02:82:51:
         3c:31:b0:f2
-----BEGIN CERTIFICATE-----
MIIFTjCCBDagAwIBAgISAZBOJISPOyyGT8Kkd5A5DuoMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExN2Y5ZDU1ODI2YjQyNDg2ZGZjODRkMzVjMWE2M2E1Y2U4
NzUwN2MwHhcNMjQwNjI1MDY0NTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODNmZTE1YmQ3YzJiODc0MzBkNTU3MjJjOTg1YmEzOWZjZGZjOTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkbbidX7GB70bKtX1rpLw6WfSDr7
hhct0g4xDVby59W0O7ngkiRdMgVHI/xsddUofhoY/K0n6DwAMquhNyzOVfzxRZUH
HWnar9iFEXbzom2i8sHoBz2Ocd601GBWFRrEbsTKd7Divp8QPRP+ie45z5UAeG/o
bkgz90tqKoQ9UcdHxSH9rwh0buLXudqtLZMvInsySI537Imq/5bhVjTkPLJJVfhU
coNZL+hLU5+J8npEbWBt8I2hJRdgYIabOPcge43eiUSzbLTlQSxVlYqZFB8rCKR/
04bBPftQOZ0yBEC3f8sIXyxj9irMcxGtDN5plpMYNzbpEYvPUR+Pz1XrrQIDAQAB
o4ICWjCCAlYwHQYDVR0OBBYEFAg/4VvXwrh0MNVXIsmFujn838kLMB8GA1UdIwQY
MBaAFBF/nVWCa0JIbfyE01waY6XOh1B8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVgtZFZZSnJRa2h0X0lUVFhCcGpwYzZIVUh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9lYWZjNDEtYzM1OC00YjUxLTliMWMt
M2ZiYmJhOTI0OWNkLzEvQ0RfaFc5ZkN1SFF3MVZjaXlZVzZPZnpmeVFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9lYWZjNDEtYzM1OC00YjUxLTliMWMtM2ZiYmJhOTI0OWNk
LzEvRVgtZFZZSnJRa2h0X0lUVFhCcGpwYzZIVUh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHAGCCsGAQUFBwEHAQH/BGEwXzBOBAIAATBIAwQAXuSgAwQA
XuSnMAwDBAFe5KoDBARe5KAwDAMEBLLs8AMEALLs8gMEALLs9TAMAwQDsuz4AwQA
suz8AwQAsuz/AwQCuS4sMA0EAgACMAcDBQAqAiBwMA0GCSqGSIb3DQEBCwUAA4IB
AQAOB0X8bDPA9mP70t/esnowjkmHvtZHwxP2dYboMRTkWaYkxFYRlh4preBJz0pM
fvxXCEiSMw5otp5SlKKojTjogxWuSo5VDQHoQ2txbohUPtOGZHSby5AFvN1eXb5O
SsuqV1fnobW86FH9u04YvImiYo3+lfCstHTHppy3PurafIT/Y/nj/QZaKwcrURT4
F/Y6nbTAmLtNXyAJ+sYOfbiElitUOTi41FCFdWUF12va/QmRfaaLTPlh/ONawyHd
77iJTM0vO/+edK29PhhCoiwoVUJYUs9lar7mA5ldjEZcs3bOjQDbgJfvJ2YXboxa
QNIjuxXSfy1urLkCglE8MbDy
-----END CERTIFICATE-----