Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/Dkthcz12XxfA1JgWm4tK2a3Edek.roa
File:                     Dkthcz12XxfA1JgWm4tK2a3Edek.roa (raw, json)
Hash identifier:          G3oWigynelGTTndPugLadjiQoZLS5XlxGk2Mx8UCKb0=
Subject key identifier:   0E:4B:61:73:3D:76:5F:17:C0:D4:98:16:9B:8B:4A:D9:AD:C4:75:E9
Certificate issuer:       /CN=a2088e06d553cff293d277f4d76c3a710bd8b2f7
Certificate serial:       018ED14D97E4D63D60D2CAD64FEBBA10F04B
Authority key identifier: A2:08:8E:06:D5:53:CF:F2:93:D2:77:F4:D7:6C:3A:71:0B:D8:B2:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ogiOBtVTz_KT0nf012w6cQvYsvc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/Dkthcz12XxfA1JgWm4tK2a3Edek.roa
Signing time:             Fri 12 Apr 2024 07:55:06 +0000
ROA not before:           Fri 12 Apr 2024 07:55:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43260
IP address blocks:        85.204.181.0/24 maxlen: 24
                          86.104.199.0/24 maxlen: 24
                          86.105.58.0/24 maxlen: 24
                          86.107.164.0/24 maxlen: 24
                          89.35.14.0/24 maxlen: 24
                          89.39.97.0/24 maxlen: 24
                          93.113.70.0/24 maxlen: 24
                          93.117.131.0/24 maxlen: 24
                          93.119.144.0/24 maxlen: 24
                          93.119.201.0/24 maxlen: 24
                          93.119.232.0/24 maxlen: 24
                          94.176.72.0/23 maxlen: 24
                          94.176.74.0/24 maxlen: 24
                          94.176.79.0/24 maxlen: 24
                          188.209.223.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 15 Apr 2024 14:42:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:d1:4d:97:e4:d6:3d:60:d2:ca:d6:4f:eb:ba:10:f0:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2088e06d553cff293d277f4d76c3a710bd8b2f7
        Validity
            Not Before: Apr 12 07:55:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0e4b61733d765f17c0d498169b8b4ad9adc475e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:3a:0f:bf:87:e6:2a:87:ef:15:1c:70:17:7f:
                    1c:75:74:e5:53:84:b7:bb:81:34:30:bd:7e:60:ee:
                    d4:7c:bc:21:d1:73:1e:73:cd:1b:0f:c4:5d:d1:e8:
                    e6:49:55:61:b0:18:cd:d3:25:2c:12:23:55:64:05:
                    8d:19:6a:0b:00:5f:e0:6a:2f:b7:80:4e:31:c4:26:
                    98:45:17:ae:e2:b6:b1:99:9e:2d:59:28:bd:58:51:
                    3f:14:76:5b:19:9a:e0:8b:12:ba:7a:3e:bd:3f:42:
                    c1:64:e2:23:e1:ab:72:53:cd:57:3f:80:6a:7b:d7:
                    fc:04:bb:2b:a2:87:d3:70:21:ae:56:57:a8:f3:34:
                    a7:c2:54:2c:13:fc:dd:eb:76:63:4d:d2:08:0f:d3:
                    75:19:c6:9b:63:b3:75:21:5a:61:25:ac:a7:6c:1d:
                    f6:50:31:ca:42:33:5b:2f:b4:b4:4a:e1:de:4b:02:
                    0a:3b:77:bd:58:e8:bd:a6:66:e4:7e:00:23:d9:2f:
                    35:85:ec:b6:1c:69:b1:09:9b:3e:c5:39:e4:13:c5:
                    59:f5:9d:46:2f:a7:a7:ee:dd:ed:41:98:cb:82:d2:
                    e1:ea:77:ba:44:7f:7e:67:b8:ea:e0:6f:15:47:25:
                    51:d5:c4:a2:5e:37:03:62:79:29:4a:87:7f:48:ab:
                    86:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:4B:61:73:3D:76:5F:17:C0:D4:98:16:9B:8B:4A:D9:AD:C4:75:E9
            X509v3 Authority Key Identifier:
                keyid:A2:08:8E:06:D5:53:CF:F2:93:D2:77:F4:D7:6C:3A:71:0B:D8:B2:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ogiOBtVTz_KT0nf012w6cQvYsvc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/Dkthcz12XxfA1JgWm4tK2a3Edek.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/ogiOBtVTz_KT0nf012w6cQvYsvc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.204.181.0/24
                  86.104.199.0/24
                  86.105.58.0/24
                  86.107.164.0/24
                  89.35.14.0/24
                  89.39.97.0/24
                  93.113.70.0/24
                  93.117.131.0/24
                  93.119.144.0/24
                  93.119.201.0/24
                  93.119.232.0/24
                  94.176.72.0-94.176.74.255
                  94.176.79.0/24
                  188.209.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:fe:98:df:c4:cd:56:2d:a0:2b:3d:12:96:79:f6:f5:e2:ca:
         b6:7d:e0:a4:ff:f0:80:64:03:bf:03:0f:6f:5a:56:4e:39:18:
         c8:4f:02:9e:c9:21:70:f5:71:2c:3f:da:42:04:f6:7e:55:53:
         f1:b8:3d:02:04:32:12:14:d3:aa:ba:f0:28:2f:cb:b6:3e:c4:
         d5:6c:cc:c1:a3:23:ff:de:69:58:8b:52:a8:9b:0a:da:6b:6b:
         d5:b7:c8:13:b3:8c:4b:d7:58:af:df:1d:e3:db:d8:3d:32:d5:
         33:1d:2a:0d:eb:4d:e9:ee:ec:d9:70:11:94:84:f3:ec:21:99:
         4f:b8:32:ea:09:f4:a6:d7:46:08:da:c0:2e:cd:2d:ba:d7:a0:
         d1:5e:d1:52:50:0b:4a:1d:bd:a9:42:52:1e:fb:85:7a:7d:5b:
         07:30:85:12:61:7f:5b:ef:42:f4:19:8e:27:40:f5:d4:b4:f4:
         29:36:ef:30:1f:d3:c9:95:62:84:cf:64:25:3a:71:f3:50:32:
         a0:84:ce:41:00:93:a4:fa:ae:30:b8:0d:19:43:62:87:fb:cf:
         08:c6:ff:43:7f:cf:d5:81:b6:d9:3d:bb:59:9d:66:f9:b4:00:
         59:ca:7b:7d:ff:22:b7:5e:f3:cf:1b:89:c8:f3:41:7e:31:05:
         c9:48:61:a3
-----BEGIN CERTIFICATE-----
MIIFUzCCBDugAwIBAgISAY7RTZfk1j1g0srWT+u6EPBLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyMDg4ZTA2ZDU1M2NmZjI5M2QyNzdmNGQ3NmMzYTcxMGJk
OGIyZjcwHhcNMjQwNDEyMDc1NTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTRiNjE3MzNkNzY1ZjE3YzBkNDk4MTY5YjhiNGFkOWFkYzQ3NWU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmjoPv4fmKofvFRxwF38cdXTlU4S3
u4E0ML1+YO7UfLwh0XMec80bD8Rd0ejmSVVhsBjN0yUsEiNVZAWNGWoLAF/gai+3
gE4xxCaYRReu4raxmZ4tWSi9WFE/FHZbGZrgixK6ej69P0LBZOIj4atyU81XP4Bq
e9f8BLsroofTcCGuVleo8zSnwlQsE/zd63ZjTdIID9N1GcabY7N1IVphJaynbB32
UDHKQjNbL7S0SuHeSwIKO3e9WOi9pmbkfgAj2S81hey2HGmxCZs+xTnkE8VZ9Z1G
L6en7t3tQZjLgtLh6ne6RH9+Z7jq4G8VRyVR1cSiXjcDYnkpSod/SKuG1wIDAQAB
o4ICXzCCAlswHQYDVR0OBBYEFA5LYXM9dl8XwNSYFpuLStmtxHXpMB8GA1UdIwQY
MBaAFKIIjgbVU8/yk9J39NdsOnEL2LL3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2dpT0J0VlR6X0tUMG5mMDEydzZjUXZZc3ZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS9iNDVkNzktYTRkNy00NDYwLWJmZTct
YmJlYTI5MThlMTAyLzEvRGt0aGN6MTJYeGZBMUpnV200dEsyYTNFZGVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS9iNDVkNzktYTRkNy00NDYwLWJmZTctYmJlYTI5MThlMTAy
LzEvb2dpT0J0VlR6X0tUMG5mMDEydzZjUXZZc3ZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHUGCCsGAQUFBwEHAQH/BGYwZDBiBAIAATBcAwQAVcy1AwQA
VmjHAwQAVmk6AwQAVmukAwQAWSMOAwQAWSdhAwQAXXFGAwQAXXWDAwQAXXeQAwQA
XXfJAwQAXXfoMAwDBANesEgDBABesEoDBABesE8DBAC80d8wDQYJKoZIhvcNAQEL
BQADggEBAIX+mN/EzVYtoCs9EpZ59vXiyrZ94KT/8IBkA78DD29aVk45GMhPAp7J
IXD1cSw/2kIE9n5VU/G4PQIEMhIU06q68Cgvy7Y+xNVszMGjI//eaViLUqibCtpr
a9W3yBOzjEvXWK/fHePb2D0y1TMdKg3rTenu7NlwEZSE8+whmU+4MuoJ9KbXRgja
wC7NLbrXoNFe0VJQC0odvalCUh77hXp9WwcwhRJhf1vvQvQZjidA9dS09Ck27zAf
08mVYoTPZCU6cfNQMqCEzkEAk6T6rjC4DRlDYof7zwjG/0N/z9WBttk9u1mdZvm0
AFnKe33/Irde888bicjzQX4xBclIYaM=
-----END CERTIFICATE-----