Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/Qph_YZL1lclXIhAqttR1U6Tc6Y4.roa
File:                     Qph_YZL1lclXIhAqttR1U6Tc6Y4.roa (raw, json)
Hash identifier:          c4sP7gGoKjwhdBirPBDDoB4NWTiNSKLwHxjpVJgHZfk=
Subject key identifier:   42:98:7F:61:92:F5:95:C9:57:22:10:2A:B6:D4:75:53:A4:DC:E9:8E
Certificate issuer:       /CN=6c03a2caf298019fbd668621516c8c6e1d10e83c
Certificate serial:       018F61D938134B0B32726806B93BD2CB9B37
Authority key identifier: 6C:03:A2:CA:F2:98:01:9F:BD:66:86:21:51:6C:8C:6E:1D:10:E8:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/Qph_YZL1lclXIhAqttR1U6Tc6Y4.roa
Signing time:             Fri 10 May 2024 09:32:56 +0000
ROA not before:           Fri 10 May 2024 09:32:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203020
IP address blocks:        45.114.12.0/22 maxlen: 32
                          45.145.104.0/22 maxlen: 32
                          91.132.114.0/23 maxlen: 32
                          103.240.180.0/22 maxlen: 32
                          193.19.204.0/24 maxlen: 32
                          193.19.205.0/24 maxlen: 32
                          193.19.206.0/24 maxlen: 32
                          193.19.207.0/24 maxlen: 32
                          193.28.182.0/24 maxlen: 32
                          193.28.191.0/24 maxlen: 32
                          193.28.202.0/24 maxlen: 32
                          193.28.237.0/24 maxlen: 32

Validation:               Failed, certificate revoked on Wed 15 May 2024 08:58:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:61:d9:38:13:4b:0b:32:72:68:06:b9:3b:d2:cb:9b:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c03a2caf298019fbd668621516c8c6e1d10e83c
        Validity
            Not Before: May 10 09:32:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=42987f6192f595c95722102ab6d47553a4dce98e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:cb:48:cb:03:97:24:f2:7b:d7:0a:23:2f:82:
                    f7:13:18:cd:87:3c:3a:b2:e6:f5:b7:ce:49:08:71:
                    28:4c:02:03:16:8c:5a:ce:85:27:b6:9d:0f:af:1d:
                    bd:63:05:ea:78:71:cc:3d:5c:8e:5b:bf:de:13:25:
                    9a:e2:c9:07:ec:93:7d:f8:f9:0b:a2:3e:31:2b:84:
                    27:cd:14:06:7f:a6:9c:b6:2e:28:4d:8b:72:29:46:
                    59:cc:1b:41:5a:a4:9d:08:1c:48:35:c5:79:a4:ef:
                    87:23:f3:e6:14:5d:36:01:a1:d2:63:ab:69:ce:35:
                    26:58:60:c1:49:a6:6c:ad:23:e5:d5:ce:e6:14:fa:
                    ec:1e:d7:0b:17:d6:0d:4c:09:24:d5:6f:6a:59:6a:
                    db:04:ac:f0:05:5b:d3:ac:ca:d8:38:28:bf:7a:5f:
                    73:ef:33:5c:74:6b:f2:ec:9e:85:5f:b2:a9:d8:03:
                    87:46:f9:10:12:22:22:9a:e7:f9:c1:df:d7:05:53:
                    3e:26:63:f3:41:f0:d2:40:3d:5b:50:8b:07:c9:08:
                    43:fb:cf:84:30:8d:ac:98:96:eb:ad:c8:46:ee:c9:
                    37:b6:e9:67:bb:c4:70:86:88:6e:3a:73:6b:31:9c:
                    fc:86:c5:3f:8a:50:e4:ca:c0:2f:2d:db:77:91:e9:
                    45:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:98:7F:61:92:F5:95:C9:57:22:10:2A:B6:D4:75:53:A4:DC:E9:8E
            X509v3 Authority Key Identifier:
                keyid:6C:03:A2:CA:F2:98:01:9F:BD:66:86:21:51:6C:8C:6E:1D:10:E8:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/Qph_YZL1lclXIhAqttR1U6Tc6Y4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.114.12.0/22
                  45.145.104.0/22
                  91.132.114.0/23
                  103.240.180.0/22
                  193.19.204.0/22
                  193.28.182.0/24
                  193.28.191.0/24
                  193.28.202.0/24
                  193.28.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:97:65:53:ff:b1:c5:e6:a0:62:29:9d:e9:b4:72:bc:07:59:
         92:1c:b9:e9:2a:b5:5f:ef:1b:e4:e9:a1:35:e2:fc:1e:1a:4e:
         5d:25:bf:b8:14:bc:9d:c9:f5:94:13:4c:bb:41:9f:1d:0a:34:
         23:a6:6e:48:04:d7:37:86:78:c4:3c:35:c4:11:71:9a:87:18:
         89:22:41:e3:22:c7:26:6c:22:ef:5e:e4:54:32:d5:80:15:72:
         57:3a:fa:83:40:8f:92:4c:c1:ee:41:3e:e8:d6:dd:6a:e0:9b:
         4c:ed:33:a3:ff:01:ed:c2:b3:87:b4:f4:18:11:a3:53:48:16:
         42:ff:27:7c:6e:53:7c:52:f7:71:24:c9:b0:ba:f7:77:86:6f:
         65:f5:6e:91:b0:d3:90:8e:fd:f7:62:98:e7:bd:7e:f6:03:1b:
         a8:ac:d7:2a:21:4c:a0:06:9e:d8:50:93:fc:27:11:52:43:49:
         23:b9:92:eb:87:80:1c:12:88:a4:07:eb:0a:15:a7:16:7e:bb:
         86:90:a2:82:86:93:79:ed:64:5a:fb:63:b1:dc:f0:8d:8e:f3:
         be:9e:08:2a:98:e9:e7:35:3a:57:88:6f:c5:e5:b0:01:2d:47:
         74:fa:7d:15:60:ab:fe:2f:a7:7f:8a:91:c6:f6:2b:b0:b5:31:
         0b:57:45:1b
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAY9h2TgTSwsycmgGuTvSy5s3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjMDNhMmNhZjI5ODAxOWZiZDY2ODYyMTUxNmM4YzZlMWQx
MGU4M2MwHhcNMjQwNTEwMDkzMjU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Mjk4N2Y2MTkyZjU5NWM5NTcyMjEwMmFiNmQ0NzU1M2E0ZGNlOThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs8tIywOXJPJ71wojL4L3ExjNhzw6
sub1t85JCHEoTAIDFoxazoUntp0Prx29YwXqeHHMPVyOW7/eEyWa4skH7JN9+PkL
oj4xK4QnzRQGf6acti4oTYtyKUZZzBtBWqSdCBxINcV5pO+HI/PmFF02AaHSY6tp
zjUmWGDBSaZsrSPl1c7mFPrsHtcLF9YNTAkk1W9qWWrbBKzwBVvTrMrYOCi/el9z
7zNcdGvy7J6FX7Kp2AOHRvkQEiIimuf5wd/XBVM+JmPzQfDSQD1bUIsHyQhD+8+E
MI2smJbrrchG7sk3tulnu8RwhohuOnNrMZz8hsU/ilDkysAvLdt3kelFVwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFEKYf2GS9ZXJVyIQKrbUdVOk3OmOMB8GA1UdIwQY
MBaAFGwDosrymAGfvWaGIVFsjG4dEOg8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkFPaXl2S1lBWi05Wm9ZaFVXeU1iaDBRNkR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny8xNmI4ZTQtMTI1My00ZDllLWJkNDkt
ZmMzN2ZiMGNkNDNiLzEvUXBoX1laTDFsY2xYSWhBcXR0UjFVNlRjNlk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny8xNmI4ZTQtMTI1My00ZDllLWJkNDktZmMzN2ZiMGNkNDNi
LzEvYkFPaXl2S1lBWi05Wm9ZaFVXeU1iaDBRNkR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQCLXIMAwQC
LZFoAwQBW4RyAwQCZ/C0AwQCwRPMAwQAwRy2AwQAwRy/AwQAwRzKAwQAwRztMA0G
CSqGSIb3DQEBCwUAA4IBAQBMl2VT/7HF5qBiKZ3ptHK8B1mSHLnpKrVf7xvk6aE1
4vweGk5dJb+4FLydyfWUE0y7QZ8dCjQjpm5IBNc3hnjEPDXEEXGahxiJIkHjIscm
bCLvXuRUMtWAFXJXOvqDQI+STMHuQT7o1t1q4JtM7TOj/wHtwrOHtPQYEaNTSBZC
/yd8blN8UvdxJMmwuvd3hm9l9W6RsNOQjv33YpjnvX72AxuorNcqIUygBp7YUJP8
JxFSQ0kjuZLrh4AcEoikB+sKFacWfruGkKKChpN57WRa+2Ox3PCNjvO+nggqmOnn
NTpXiG/F5bABLUd0+n0VYKv+L6d/ipHG9iuwtTELV0Ub
-----END CERTIFICATE-----