Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/46d943-8cbd-41a2-b9f2-52058f8a9a1a/1/kyZ-CVPaLIxYxoGoAbjUtZVLmKQ.roa
File:                     kyZ-CVPaLIxYxoGoAbjUtZVLmKQ.roa (raw, json)
Hash identifier:          80FWv/DL3OHAEv2CdOJ1T4hFDXrRMLZA8iYAbdGoUpY=
Subject key identifier:   93:26:7E:09:53:DA:2C:8C:58:C6:81:A8:01:B8:D4:B5:95:4B:98:A4
Certificate issuer:       /CN=3ec63e5db0435c2d3e74a6b28ad3d9c30d6a8cee
Certificate serial:       01914C714F6595362318687FEE5FE4F0C2E9
Authority key identifier: 3E:C6:3E:5D:B0:43:5C:2D:3E:74:A6:B2:8A:D3:D9:C3:0D:6A:8C:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PsY-XbBDXC0-dKayitPZww1qjO4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/46d943-8cbd-41a2-b9f2-52058f8a9a1a/1/kyZ-CVPaLIxYxoGoAbjUtZVLmKQ.roa
Signing time:             Tue 13 Aug 2024 15:52:59 +0000
ROA not before:           Tue 13 Aug 2024 15:52:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20253
IP address blocks:        84.201.208.0/20 maxlen: 24
                          146.19.181.0/24 maxlen: 26
                          217.20.48.0/24 maxlen: 24
                          217.20.49.0/24 maxlen: 24
                          217.20.50.0/24 maxlen: 24
                          217.20.51.0/24 maxlen: 24
                          217.20.52.0/24 maxlen: 24
                          217.20.53.0/24 maxlen: 24
                          217.20.54.0/24 maxlen: 24
                          217.20.55.0/24 maxlen: 24
                          217.20.56.0/24 maxlen: 24
                          217.20.57.0/24 maxlen: 24
                          217.20.58.0/24 maxlen: 24
                          217.20.59.0/24 maxlen: 24
                          217.20.60.0/24 maxlen: 24
                          217.20.61.0/24 maxlen: 24
                          217.20.62.0/24 maxlen: 24
                          217.20.63.0/24 maxlen: 24
                          2a12:45c7:ffff::/48 maxlen: 48

Validation:               Failed, certificate revoked on Fri 16 Aug 2024 03:03:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:4c:71:4f:65:95:36:23:18:68:7f:ee:5f:e4:f0:c2:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ec63e5db0435c2d3e74a6b28ad3d9c30d6a8cee
        Validity
            Not Before: Aug 13 15:52:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=93267e0953da2c8c58c681a801b8d4b5954b98a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:c2:07:e3:e5:4e:1f:e9:7f:d5:f3:a8:be:4c:
                    1d:11:22:66:4e:ed:5a:f6:ad:70:b6:58:e7:a5:ee:
                    3c:49:b8:06:7f:f5:f2:32:7e:53:e1:ac:f6:15:e9:
                    b6:8e:5f:65:41:0b:a7:7b:54:23:9b:af:9a:8f:08:
                    bc:23:fd:18:dd:e4:ba:94:cf:09:66:20:1a:e7:b2:
                    a1:f9:67:7f:61:bb:bf:9e:97:da:7d:2f:e5:bd:30:
                    a8:7f:a9:cf:77:b0:6e:9b:46:0f:11:80:25:9c:90:
                    d0:4d:ab:6b:08:78:98:db:ce:f0:29:d3:7e:1f:37:
                    c1:12:fb:0d:d8:1f:8a:f5:24:87:c5:ab:ed:3d:7d:
                    fc:a8:68:c5:5c:24:e4:c0:ee:c4:9c:3f:1f:06:e2:
                    52:8b:67:dd:69:93:d0:c3:8c:bb:2e:c8:52:ca:e5:
                    93:d8:91:ff:74:04:3b:57:e5:39:93:db:f5:ad:56:
                    11:ed:38:53:9a:f2:fd:96:51:75:6c:b2:b0:6e:9b:
                    45:6f:04:68:81:c2:20:a4:a4:08:9f:be:60:9d:5a:
                    66:64:00:ae:a3:db:5c:25:f6:a1:d1:84:38:02:3f:
                    ea:af:df:f7:ba:7f:cb:5a:da:78:45:e9:7d:73:d3:
                    5c:d8:5d:bf:03:4c:a0:9a:77:40:5e:35:f9:9b:df:
                    fb:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:26:7E:09:53:DA:2C:8C:58:C6:81:A8:01:B8:D4:B5:95:4B:98:A4
            X509v3 Authority Key Identifier:
                keyid:3E:C6:3E:5D:B0:43:5C:2D:3E:74:A6:B2:8A:D3:D9:C3:0D:6A:8C:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PsY-XbBDXC0-dKayitPZww1qjO4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/46d943-8cbd-41a2-b9f2-52058f8a9a1a/1/kyZ-CVPaLIxYxoGoAbjUtZVLmKQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/46d943-8cbd-41a2-b9f2-52058f8a9a1a/1/PsY-XbBDXC0-dKayitPZww1qjO4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.201.208.0/20
                  146.19.181.0/24
                  217.20.48.0/20
                IPv6:
                  2a12:45c7:ffff::/48

    Signature Algorithm: sha256WithRSAEncryption
         2e:e4:fd:0e:ff:64:fa:cd:a3:1c:b3:a1:06:40:cb:72:b8:8b:
         f1:5d:a1:bf:fd:9a:39:59:7a:34:66:40:a2:a9:da:05:90:9a:
         55:2b:48:94:d1:ef:9f:f2:60:e0:11:01:61:c9:40:7a:4e:a5:
         14:af:b2:3c:53:1a:26:f9:13:c3:f6:3d:75:e3:28:9d:1b:c4:
         11:33:07:cb:45:d8:fd:1c:88:c9:76:de:48:5a:9e:ed:9f:21:
         e7:fb:30:3d:d5:9a:a2:14:53:26:eb:4d:cb:f1:09:8f:b7:9e:
         4d:08:0c:0a:2d:21:f4:66:41:04:c5:f5:1f:8e:16:6d:e6:fb:
         33:10:35:fc:13:a9:4c:1c:03:62:f3:ad:0a:8f:f8:5a:2c:b9:
         47:8a:a8:4e:5f:ba:e8:b4:80:dc:dd:e3:e2:12:cc:4e:2b:6d:
         13:a9:58:bd:a0:6d:e2:72:7c:f6:27:a8:50:57:74:7f:05:97:
         4a:4a:85:3b:0b:32:93:ff:d6:34:ca:96:d9:b0:ea:7e:75:6a:
         e9:c2:b0:bf:2b:25:8d:3d:91:1d:99:04:71:38:74:9d:f4:e6:
         98:3e:46:a2:ef:91:2e:5e:13:da:96:a6:d7:c0:23:5d:90:75:
         cd:e0:43:c6:15:57:f8:9e:70:b7:28:cf:f0:c1:32:89:d5:c6:
         e7:c1:9e:82
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAZFMcU9llTYjGGh/7l/k8MLpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlYzYzZTVkYjA0MzVjMmQzZTc0YTZiMjhhZDNkOWMzMGQ2
YThjZWUwHhcNMjQwODEzMTU1MjU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzI2N2UwOTUzZGEyYzhjNThjNjgxYTgwMWI4ZDRiNTk1NGI5OGE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA48IH4+VOH+l/1fOovkwdESJmTu1a
9q1wtljnpe48SbgGf/XyMn5T4az2Fem2jl9lQQune1Qjm6+ajwi8I/0Y3eS6lM8J
ZiAa57Kh+Wd/Ybu/npfafS/lvTCof6nPd7Bum0YPEYAlnJDQTatrCHiY287wKdN+
HzfBEvsN2B+K9SSHxavtPX38qGjFXCTkwO7EnD8fBuJSi2fdaZPQw4y7LshSyuWT
2JH/dAQ7V+U5k9v1rVYR7ThTmvL9llF1bLKwbptFbwRogcIgpKQIn75gnVpmZACu
o9tcJfah0YQ4Aj/qr9/3un/LWtp4Rel9c9Nc2F2/A0ygmndAXjX5m9/7cwIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFJMmfglT2iyMWMaBqAG41LWVS5ikMB8GA1UdIwQY
MBaAFD7GPl2wQ1wtPnSmsorT2cMNaozuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHNZLVhiQkRYQzAtZEtheWl0UFp3dzFxak80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS80NmQ5NDMtOGNiZC00MWEyLWI5ZjIt
NTIwNThmOGE5YTFhLzEva3laLUNWUGFMSXhZeG9Hb0FialV0WlZMbUtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS80NmQ5NDMtOGNiZC00MWEyLWI5ZjItNTIwNThmOGE5YTFh
LzEvUHNZLVhiQkRYQzAtZEtheWl0UFp3dzFxak80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAYBAIAATASAwQEVMnQAwQA
khO1AwQE2RQwMA8EAgACMAkDBwAqEkXH//8wDQYJKoZIhvcNAQELBQADggEBAC7k
/Q7/ZPrNoxyzoQZAy3K4i/Fdob/9mjlZejRmQKKp2gWQmlUrSJTR75/yYOARAWHJ
QHpOpRSvsjxTGib5E8P2PXXjKJ0bxBEzB8tF2P0ciMl23khanu2fIef7MD3VmqIU
UybrTcvxCY+3nk0IDAotIfRmQQTF9R+OFm3m+zMQNfwTqUwcA2LzrQqP+FosuUeK
qE5fuui0gNzd4+ISzE4rbROpWL2gbeJyfPYnqFBXdH8Fl0pKhTsLMpP/1jTKltmw
6n51aunCsL8rJY09kR2ZBHE4dJ305pg+RqLvkS5eE9qWptfAI12Qdc3gQ8YVV/ie
cLcoz/DBMonVxufBnoI=
-----END CERTIFICATE-----