Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/237947-70c2-4661-a36f-6b497b2c0b38/1/CGFxUoUCUUKulAuH1jlz6pSIneo.roa
File:                     CGFxUoUCUUKulAuH1jlz6pSIneo.roa (raw, json)
Hash identifier:          V+uFU7SV+yFi3Dq3vLVVMW43axwdRwlxJ+kR7PwTokY=
Subject key identifier:   08:61:71:52:85:02:51:42:AE:94:0B:87:D6:39:73:EA:94:88:9D:EA
Certificate issuer:       /CN=10a8c6e9308bb00083100171e00dbb6140f4f580
Certificate serial:       018CC94CD22899FF1EFC13513BC4B6BF0772
Authority key identifier: 10:A8:C6:E9:30:8B:B0:00:83:10:01:71:E0:0D:BB:61:40:F4:F5:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EKjG6TCLsACDEAFx4A27YUD09YA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/237947-70c2-4661-a36f-6b497b2c0b38/1/CGFxUoUCUUKulAuH1jlz6pSIneo.roa
Signing time:             Tue 02 Jan 2024 08:31:44 +0000
ROA not before:           Tue 02 Jan 2024 08:31:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57948
IP address blocks:        185.70.44.0/24 maxlen: 24
                          185.70.45.0/24 maxlen: 24
                          185.70.46.0/24 maxlen: 24
                          185.70.47.0/24 maxlen: 24
                          91.236.244.0/24 maxlen: 24
                          91.236.245.0/24 maxlen: 24
                          171.25.229.0/24 maxlen: 24
                          2.57.42.0/24 maxlen: 24
                          2.57.43.0/24 maxlen: 24
                          2.57.41.0/24 maxlen: 24
                          2.57.40.0/24 maxlen: 24
                          2a05:2600::/32 maxlen: 32
                          2a05:2603::/32 maxlen: 32
                          2a05:2605::/32 maxlen: 32
                          2a05:2600::/29 maxlen: 29
                          2a05:2602::/32 maxlen: 32
                          2a05:2606::/32 maxlen: 32
                          2a05:2601::/32 maxlen: 32
                          2a05:2607::/32 maxlen: 32
                          2a05:2604::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 11 Nov 2024 10:32:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:d2:28:99:ff:1e:fc:13:51:3b:c4:b6:bf:07:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10a8c6e9308bb00083100171e00dbb6140f4f580
        Validity
            Not Before: Jan  2 08:31:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0861715285025142ae940b87d63973ea94889dea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:0d:b5:13:37:24:09:59:88:46:b4:d4:23:c7:
                    54:6b:98:35:e2:d4:31:ca:5c:d6:98:14:d6:c7:5b:
                    d9:2f:46:e2:77:2f:09:a1:d9:ed:ef:b7:80:29:0a:
                    6c:3f:ee:1e:d3:8a:3a:92:70:55:58:a4:a5:e6:a7:
                    a5:fa:06:29:57:62:a3:31:6b:e5:23:3e:d9:50:ab:
                    7c:42:b9:73:d7:32:53:fc:95:06:e5:d5:b0:de:78:
                    f9:f6:15:0d:f2:fe:ec:ab:04:87:09:35:91:2d:55:
                    ee:5f:6f:e8:20:6a:0e:14:47:fc:36:5a:95:7f:8e:
                    9a:ef:bd:c9:8c:1d:31:1d:3b:93:44:a1:34:30:12:
                    e4:d8:d3:d1:46:84:b3:ee:2d:ab:bb:b8:6d:21:83:
                    e8:55:2d:1c:f0:85:94:e6:58:f1:cd:8e:52:84:99:
                    8e:41:38:ca:02:5e:f9:6a:2f:de:bf:2a:0c:c8:f3:
                    b1:84:69:a2:e9:79:40:93:bf:a4:1c:5a:f8:04:be:
                    06:b8:3b:29:0b:c9:4d:ab:3f:c3:c9:2d:88:f2:0d:
                    2b:7b:41:8d:a2:93:10:98:a4:ee:19:12:85:2a:7f:
                    a8:46:a4:c0:30:da:d0:46:70:2d:af:5b:51:ba:80:
                    f2:1a:fc:0f:db:51:86:d7:af:58:23:f3:13:02:4f:
                    bb:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:61:71:52:85:02:51:42:AE:94:0B:87:D6:39:73:EA:94:88:9D:EA
            X509v3 Authority Key Identifier:
                keyid:10:A8:C6:E9:30:8B:B0:00:83:10:01:71:E0:0D:BB:61:40:F4:F5:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EKjG6TCLsACDEAFx4A27YUD09YA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/237947-70c2-4661-a36f-6b497b2c0b38/1/CGFxUoUCUUKulAuH1jlz6pSIneo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/237947-70c2-4661-a36f-6b497b2c0b38/1/EKjG6TCLsACDEAFx4A27YUD09YA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.40.0/22
                  91.236.244.0/23
                  171.25.229.0/24
                  185.70.44.0/22
                IPv6:
                  2a05:2600::/29

    Signature Algorithm: sha256WithRSAEncryption
         bd:fb:45:0f:c0:57:85:d6:cf:1a:a3:94:89:19:ee:9a:b2:b2:
         19:9f:44:69:b8:fb:a2:fe:14:97:a6:f8:40:c4:ef:19:f8:82:
         5a:73:3d:f2:5c:cd:73:b5:25:ca:b0:8a:9a:ed:67:de:8c:cd:
         d7:0c:f7:a2:59:1e:5e:69:89:6d:29:a3:d8:d5:ce:64:29:db:
         91:95:11:77:30:0a:20:3a:6f:66:72:05:db:06:f1:eb:32:be:
         07:c5:c6:e5:d9:9f:2f:fb:89:10:d3:77:d1:92:81:85:7e:83:
         a0:be:9e:d0:44:71:fd:e6:db:ee:7e:2f:fa:55:a1:83:25:34:
         9e:20:a8:3f:2b:d8:82:67:b8:59:1e:07:f6:cb:a0:9f:80:ed:
         45:52:5e:36:ca:bb:43:9f:c6:57:96:42:c1:9f:6a:78:fa:98:
         a0:7f:0d:c7:75:d6:11:0a:b5:d4:39:d9:d4:1b:61:e3:b0:de:
         f1:48:9c:37:4a:da:08:93:a2:b8:fe:e9:ee:16:5b:35:a3:04:
         d7:be:1e:23:00:f4:dc:36:22:c1:59:93:3c:28:a1:9b:16:a8:
         d4:94:60:70:13:ba:cc:5e:5b:71:16:7c:92:3e:fc:8d:c7:75:
         57:1e:f9:0f:39:62:11:20:ac:fc:28:09:0d:58:b1:9a:41:80:
         5f:22:38:67
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYzJTNIomf8e/BNRO8S2vwdyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwYThjNmU5MzA4YmIwMDA4MzEwMDE3MWUwMGRiYjYxNDBm
NGY1ODAwHhcNMjQwMTAyMDgzMTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODYxNzE1Mjg1MDI1MTQyYWU5NDBiODdkNjM5NzNlYTk0ODg5ZGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApw21EzckCVmIRrTUI8dUa5g14tQx
ylzWmBTWx1vZL0bidy8Jodnt77eAKQpsP+4e04o6knBVWKSl5qel+gYpV2KjMWvl
Iz7ZUKt8Qrlz1zJT/JUG5dWw3nj59hUN8v7sqwSHCTWRLVXuX2/oIGoOFEf8NlqV
f46a773JjB0xHTuTRKE0MBLk2NPRRoSz7i2ru7htIYPoVS0c8IWU5ljxzY5ShJmO
QTjKAl75ai/evyoMyPOxhGmi6XlAk7+kHFr4BL4GuDspC8lNqz/DyS2I8g0re0GN
opMQmKTuGRKFKn+oRqTAMNrQRnAtr1tRuoDyGvwP21GG169YI/MTAk+7IwIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFAhhcVKFAlFCrpQLh9Y5c+qUiJ3qMB8GA1UdIwQY
MBaAFBCoxukwi7AAgxABceANu2FA9PWAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUtqRzZUQ0xzQUNERUFGeDRBMjdZVUQwOVlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8yMzc5NDctNzBjMi00NjYxLWEzNmYt
NmI0OTdiMmMwYjM4LzEvQ0dGeFVvVUNVVUt1bEF1SDFqbHo2cFNJbmVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8yMzc5NDctNzBjMi00NjYxLWEzNmYtNmI0OTdiMmMwYjM4
LzEvRUtqRzZUQ0xzQUNERUFGeDRBMjdZVUQwOVlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQCAjkoAwQB
W+z0AwQAqxnlAwQCuUYsMA0EAgACMAcDBQMqBSYAMA0GCSqGSIb3DQEBCwUAA4IB
AQC9+0UPwFeF1s8ao5SJGe6asrIZn0RpuPui/hSXpvhAxO8Z+IJacz3yXM1ztSXK
sIqa7WfejM3XDPeiWR5eaYltKaPY1c5kKduRlRF3MAogOm9mcgXbBvHrMr4Hxcbl
2Z8v+4kQ03fRkoGFfoOgvp7QRHH95tvufi/6VaGDJTSeIKg/K9iCZ7hZHgf2y6Cf
gO1FUl42yrtDn8ZXlkLBn2p4+pigfw3HddYRCrXUOdnUG2HjsN7xSJw3StoIk6K4
/unuFls1owTXvh4jAPTcNiLBWZM8KKGbFqjUlGBwE7rMXltxFnySPvyNx3VXHvkP
OWIRIKz8KAkNWLGaQYBfIjhn
-----END CERTIFICATE-----