Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/45c689-afaa-4da3-a942-93194eb6108d/1/Uw_sptte57G7qmfWs6KhiSwKwOo.roa
File:                     Uw_sptte57G7qmfWs6KhiSwKwOo.roa (raw, json)
Hash identifier:          +RXPqSVIG6S3X3ySlTyvI5Uxq/kjKpHbIEKrf6POmTs=
Subject key identifier:   53:0F:EC:A6:DB:5E:E7:B1:BB:AA:67:D6:B3:A2:A1:89:2C:0A:C0:EA
Certificate issuer:       /CN=6e6d7bcabfcc308d420053c482a0d59fb1282e30
Certificate serial:       018E56713BBBED156DB579D9161A9F680717
Authority key identifier: 6E:6D:7B:CA:BF:CC:30:8D:42:00:53:C4:82:A0:D5:9F:B1:28:2E:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bm17yr_MMI1CAFPEgqDVn7EoLjA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/45c689-afaa-4da3-a942-93194eb6108d/1/Uw_sptte57G7qmfWs6KhiSwKwOo.roa
Signing time:             Tue 19 Mar 2024 11:20:45 +0000
ROA not before:           Tue 19 Mar 2024 11:20:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201017
IP address blocks:        145.219.0.0/21 maxlen: 21
                          145.219.8.0/21 maxlen: 21
                          145.219.8.0/24 maxlen: 24
                          145.219.9.0/24 maxlen: 24
                          145.219.10.0/24 maxlen: 24
                          145.219.11.0/24 maxlen: 24
                          145.219.12.0/24 maxlen: 24
                          145.219.13.0/24 maxlen: 24
                          145.219.14.0/24 maxlen: 24
                          145.219.15.0/24 maxlen: 24
                          145.219.16.0/23 maxlen: 23
                          145.219.16.0/24 maxlen: 24
                          145.219.17.0/24 maxlen: 24
                          2a04:b0c0::/44 maxlen: 44
                          2a04:b0c0::/45 maxlen: 45
                          2a04:b0c0:8::/45 maxlen: 45

Validation:               Failed, certificate revoked on Wed 03 Apr 2024 12:19:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:56:71:3b:bb:ed:15:6d:b5:79:d9:16:1a:9f:68:07:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e6d7bcabfcc308d420053c482a0d59fb1282e30
        Validity
            Not Before: Mar 19 11:20:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=530feca6db5ee7b1bbaa67d6b3a2a1892c0ac0ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:f2:e4:6c:82:93:f0:cd:fe:1c:12:57:7e:b9:
                    58:10:92:69:3a:92:32:93:57:45:57:d6:a1:c2:32:
                    8f:a9:54:43:d8:24:e9:e9:9c:49:33:31:7d:59:e1:
                    fd:64:a3:a3:fe:d2:07:93:8e:1e:ef:d4:96:b3:a0:
                    78:70:1b:18:5a:f0:73:8c:77:74:b6:01:84:56:ff:
                    26:6d:c0:da:0f:0f:1e:79:fd:7c:92:48:82:69:20:
                    75:66:da:bb:09:d9:5a:d7:ab:d7:aa:80:2e:20:e4:
                    67:fd:1f:e5:78:98:f0:b1:2e:18:e9:12:53:37:d0:
                    14:1c:72:3e:c8:6a:1c:56:ad:7d:66:a7:83:5c:16:
                    81:04:74:c3:d3:30:ae:82:44:09:c5:f6:34:e8:da:
                    c0:a6:f1:41:66:f1:3a:1e:50:44:9b:cf:93:34:90:
                    d4:69:d3:e6:9f:04:1b:02:30:9a:d8:70:9c:15:5d:
                    b7:be:92:10:10:d4:d0:5d:ee:3d:02:32:83:be:58:
                    1c:df:c7:d9:79:7d:6c:a5:d4:c0:7c:2f:30:81:f1:
                    c5:44:92:c5:20:7e:b9:db:a9:5d:18:9e:77:94:ad:
                    d9:8d:55:2f:08:d7:32:35:15:f1:ab:27:2c:b1:ea:
                    51:4e:d7:3d:9e:85:f0:dc:88:25:85:2e:a8:30:77:
                    c6:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:0F:EC:A6:DB:5E:E7:B1:BB:AA:67:D6:B3:A2:A1:89:2C:0A:C0:EA
            X509v3 Authority Key Identifier:
                keyid:6E:6D:7B:CA:BF:CC:30:8D:42:00:53:C4:82:A0:D5:9F:B1:28:2E:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bm17yr_MMI1CAFPEgqDVn7EoLjA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/45c689-afaa-4da3-a942-93194eb6108d/1/Uw_sptte57G7qmfWs6KhiSwKwOo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/45c689-afaa-4da3-a942-93194eb6108d/1/bm17yr_MMI1CAFPEgqDVn7EoLjA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.219.0.0-145.219.17.255
                IPv6:
                  2a04:b0c0::/44

    Signature Algorithm: sha256WithRSAEncryption
         8f:56:9a:5c:99:a6:d8:3e:8d:7d:7d:a6:0c:bc:09:79:a6:dc:
         ea:57:7a:7a:81:b4:5f:44:d0:2a:62:54:e9:93:2b:d8:cf:15:
         66:74:76:7e:c9:f8:dd:4d:18:ff:dc:b3:00:12:d1:db:e0:bf:
         3d:e6:df:eb:b4:bd:24:66:06:63:ec:5d:55:dd:c1:63:8b:07:
         35:fb:d8:4a:f4:99:53:5a:e4:d7:c3:38:15:ea:db:c0:15:32:
         30:c8:b2:fe:26:d7:e3:cf:ce:67:b0:62:54:7a:02:37:fd:39:
         fb:2a:f0:77:1c:4c:b0:10:78:5b:fa:92:5f:ca:38:76:6f:9a:
         b3:53:e4:b5:ee:0e:4d:41:fe:98:d4:ce:ed:ec:ad:b2:70:4d:
         93:79:dc:9d:e0:8c:b5:fb:8d:d9:3b:70:f3:30:d7:67:ad:1e:
         63:d2:93:d8:2d:15:b2:c5:d7:7f:a8:ac:76:35:42:8e:7e:f5:
         22:38:d4:e6:76:cb:57:87:c0:b3:38:34:dd:47:65:a8:57:4c:
         0e:c5:df:4e:23:d4:20:8b:e2:60:66:e3:6e:c7:73:22:4a:7f:
         89:8d:ca:99:e8:97:08:32:b9:b3:5d:06:53:82:aa:81:e8:b8:
         69:14:03:d7:5c:01:6e:39:44:e1:c7:2b:42:af:ec:f1:57:db:
         41:cb:0d:64
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAY5WcTu77RVttXnZFhqfaAcXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlNmQ3YmNhYmZjYzMwOGQ0MjAwNTNjNDgyYTBkNTlmYjEy
ODJlMzAwHhcNMjQwMzE5MTEyMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzBmZWNhNmRiNWVlN2IxYmJhYTY3ZDZiM2EyYTE4OTJjMGFjMGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnPLkbIKT8M3+HBJXfrlYEJJpOpIy
k1dFV9ahwjKPqVRD2CTp6ZxJMzF9WeH9ZKOj/tIHk44e79SWs6B4cBsYWvBzjHd0
tgGEVv8mbcDaDw8eef18kkiCaSB1Ztq7Cdla16vXqoAuIORn/R/leJjwsS4Y6RJT
N9AUHHI+yGocVq19ZqeDXBaBBHTD0zCugkQJxfY06NrApvFBZvE6HlBEm8+TNJDU
adPmnwQbAjCa2HCcFV23vpIQENTQXe49AjKDvlgc38fZeX1spdTAfC8wgfHFRJLF
IH6526ldGJ53lK3ZjVUvCNcyNRXxqycssepRTtc9noXw3IglhS6oMHfGkwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFFMP7KbbXuexu6pn1rOioYksCsDqMB8GA1UdIwQY
MBaAFG5te8q/zDCNQgBTxIKg1Z+xKC4wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm0xN3lyX01NSTFDQUZQRWdxRFZuN0VvTGpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy80NWM2ODktYWZhYS00ZGEzLWE5NDIt
OTMxOTRlYjYxMDhkLzEvVXdfc3B0dGU1N0c3cW1mV3M2S2hpU3dLd09vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy80NWM2ODktYWZhYS00ZGEzLWE5NDItOTMxOTRlYjYxMDhk
LzEvYm0xN3lyX01NSTFDQUZQRWdxRFZuN0VvTGpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjATBAIAATANMAsDAwCR2wME
AZHbEDAPBAIAAjAJAwcEKgSwwAAAMA0GCSqGSIb3DQEBCwUAA4IBAQCPVppcmabY
Po19faYMvAl5ptzqV3p6gbRfRNAqYlTpkyvYzxVmdHZ+yfjdTRj/3LMAEtHb4L89
5t/rtL0kZgZj7F1V3cFjiwc1+9hK9JlTWuTXwzgV6tvAFTIwyLL+Jtfjz85nsGJU
egI3/Tn7KvB3HEywEHhb+pJfyjh2b5qzU+S17g5NQf6Y1M7t7K2ycE2Tedyd4Iy1
+43ZO3DzMNdnrR5j0pPYLRWyxdd/qKx2NUKOfvUiONTmdstXh8CzODTdR2WoV0wO
xd9OI9Qgi+JgZuNux3MiSn+JjcqZ6JcIMrmzXQZTgqqB6LhpFAPXXAFuOUThxytC
r+zxV9tByw1k
-----END CERTIFICATE-----