Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/31c815-d96a-4bb6-8ccf-f2b81079b746/1/BEojomu1p1Uqt2JkLpgHuo4IF34.roa
File:                     BEojomu1p1Uqt2JkLpgHuo4IF34.roa (raw, json)
Hash identifier:          q6An6m1bejwCNUQKEsBz3ggq9CtmQUPvYizWGgoRy8o=
Subject key identifier:   04:4A:23:A2:6B:B5:A7:55:2A:B7:62:64:2E:98:07:BA:8E:08:17:7E
Certificate issuer:       /CN=b2853aa1eb32bfee0feb1483c14936d101f16edf
Certificate serial:       018CC500ACF463206FA8233FEE5E4D2ECB74
Authority key identifier: B2:85:3A:A1:EB:32:BF:EE:0F:EB:14:83:C1:49:36:D1:01:F1:6E:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/soU6oesyv-4P6xSDwUk20QHxbt8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/31c815-d96a-4bb6-8ccf-f2b81079b746/1/BEojomu1p1Uqt2JkLpgHuo4IF34.roa
Signing time:             Mon 01 Jan 2024 12:30:04 +0000
ROA not before:           Mon 01 Jan 2024 12:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57724
IP address blocks:        185.178.208.0/24 maxlen: 24
                          185.178.209.0/24 maxlen: 24
                          185.178.210.0/24 maxlen: 24
                          45.10.243.0/24 maxlen: 24
                          45.10.241.0/24 maxlen: 24
                          45.10.242.0/24 maxlen: 24
                          45.10.240.0/24 maxlen: 24
                          45.10.240.0/22 maxlen: 32
                          91.215.41.0/24 maxlen: 24
                          91.215.42.0/24 maxlen: 24
                          91.215.40.0/24 maxlen: 32
                          91.215.43.0/24 maxlen: 24
                          185.129.102.0/24 maxlen: 24
                          185.129.103.0/24 maxlen: 24
                          185.129.100.0/24 maxlen: 24
                          185.129.101.0/24 maxlen: 24
                          2a0a:4180::/48 maxlen: 48

Validation:               Failed, certificate revoked on Sat 29 Jun 2024 03:08:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:ac:f4:63:20:6f:a8:23:3f:ee:5e:4d:2e:cb:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b2853aa1eb32bfee0feb1483c14936d101f16edf
        Validity
            Not Before: Jan  1 12:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=044a23a26bb5a7552ab762642e9807ba8e08177e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:19:01:98:a4:d1:3e:95:3b:73:05:82:7f:6c:
                    93:20:c8:82:03:88:87:65:f8:c0:8c:e1:ac:7f:6f:
                    5e:24:a7:33:d2:95:ca:da:93:cc:01:21:dd:66:07:
                    72:22:ae:ef:bb:88:02:9f:0c:43:fc:75:5a:e3:72:
                    36:04:c4:65:c4:dd:9d:94:25:ab:52:1a:c4:c4:7d:
                    80:af:18:7a:70:bc:82:91:6d:de:0f:c2:9e:39:c2:
                    db:b8:5e:d1:ad:5c:1e:1e:8b:74:74:a5:cc:cf:95:
                    96:5c:25:d3:9a:ea:f2:05:f1:d9:22:45:32:a5:6f:
                    8f:d5:64:52:31:84:77:3d:60:c3:ce:35:2f:5e:b1:
                    14:2a:46:0d:a0:1d:22:65:6d:b2:5b:35:0d:17:ac:
                    bd:9e:8f:d7:4d:31:66:35:16:f1:06:e1:12:53:56:
                    50:d0:ca:ae:20:f4:d7:77:ef:02:9c:e3:7f:59:6b:
                    b8:29:cd:bb:2c:e8:21:49:25:d3:94:0c:34:2a:00:
                    d7:51:fd:d5:b6:95:6c:d5:b8:ce:42:11:5a:82:42:
                    57:00:a3:e2:0b:e9:32:9f:8b:95:29:f1:15:27:0d:
                    83:89:3f:ae:3d:5a:64:0a:af:08:32:32:dc:6f:84:
                    c5:0a:16:c2:35:cb:8e:75:89:c7:ed:67:9a:08:c3:
                    e3:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:4A:23:A2:6B:B5:A7:55:2A:B7:62:64:2E:98:07:BA:8E:08:17:7E
            X509v3 Authority Key Identifier:
                keyid:B2:85:3A:A1:EB:32:BF:EE:0F:EB:14:83:C1:49:36:D1:01:F1:6E:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/soU6oesyv-4P6xSDwUk20QHxbt8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/31c815-d96a-4bb6-8ccf-f2b81079b746/1/BEojomu1p1Uqt2JkLpgHuo4IF34.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/31c815-d96a-4bb6-8ccf-f2b81079b746/1/soU6oesyv-4P6xSDwUk20QHxbt8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.240.0/22
                  91.215.40.0/22
                  185.129.100.0/22
                  185.178.208.0-185.178.210.255
                IPv6:
                  2a0a:4180::/48

    Signature Algorithm: sha256WithRSAEncryption
         27:db:da:04:eb:f5:2d:40:b4:a6:34:fb:2e:69:d9:0a:20:8a:
         ec:d9:3f:12:2e:23:f6:4e:7f:17:fc:20:ae:9b:26:04:7c:1d:
         ed:1e:f5:a2:4d:61:da:70:31:69:a2:11:a5:57:21:ed:a8:f4:
         00:fc:bc:5e:f5:11:71:aa:47:06:fd:79:48:35:53:07:67:f2:
         68:b4:b5:f3:d8:3a:ee:96:8c:03:0d:3b:95:0d:75:09:42:8e:
         a2:7a:86:ee:93:24:82:d1:63:39:cd:b4:e3:12:dc:27:df:d7:
         60:3f:2f:15:24:17:c8:b2:df:14:67:35:2a:4e:7e:a0:8b:b7:
         94:50:1d:e5:db:c3:28:2b:21:40:8f:c7:53:ad:3d:03:04:db:
         a9:0b:3e:7d:91:0b:01:e3:e5:49:9f:74:ff:63:e6:3b:9e:f3:
         f0:fc:54:c0:36:1e:a5:db:a2:33:db:ac:c3:f2:b3:7f:61:a6:
         8a:e4:01:98:95:e5:ba:06:67:5f:4c:f3:d5:07:1a:72:a7:be:
         10:6d:d4:88:0a:c6:31:38:45:9f:03:be:c2:de:84:af:e8:c4:
         bb:d2:fd:2f:e7:a3:e2:be:df:fe:5e:76:5b:16:87:59:4c:78:
         4e:bd:ce:46:15:6a:35:c6:2c:cc:04:bb:55:c6:80:37:36:97:
         0a:89:5b:b1
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgISAYzFAKz0YyBvqCM/7l5NLst0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyODUzYWExZWIzMmJmZWUwZmViMTQ4M2MxNDkzNmQxMDFm
MTZlZGYwHhcNMjQwMTAxMTIzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDRhMjNhMjZiYjVhNzU1MmFiNzYyNjQyZTk4MDdiYThlMDgxNzdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhRkBmKTRPpU7cwWCf2yTIMiCA4iH
ZfjAjOGsf29eJKcz0pXK2pPMASHdZgdyIq7vu4gCnwxD/HVa43I2BMRlxN2dlCWr
UhrExH2Arxh6cLyCkW3eD8KeOcLbuF7RrVweHot0dKXMz5WWXCXTmuryBfHZIkUy
pW+P1WRSMYR3PWDDzjUvXrEUKkYNoB0iZW2yWzUNF6y9no/XTTFmNRbxBuESU1ZQ
0MquIPTXd+8CnON/WWu4Kc27LOghSSXTlAw0KgDXUf3VtpVs1bjOQhFagkJXAKPi
C+kyn4uVKfEVJw2DiT+uPVpkCq8IMjLcb4TFChbCNcuOdYnH7WeaCMPjTwIDAQAB
o4ICNDCCAjAwHQYDVR0OBBYEFARKI6JrtadVKrdiZC6YB7qOCBd+MB8GA1UdIwQY
MBaAFLKFOqHrMr/uD+sUg8FJNtEB8W7fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc29VNm9lc3l2LTRQNnhTRHdVazIwUUh4YnQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi8zMWM4MTUtZDk2YS00YmI2LThjY2Yt
ZjJiODEwNzliNzQ2LzEvQkVvam9tdTFwMVVxdDJKa0xwZ0h1bzRJRjM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi8zMWM4MTUtZDk2YS00YmI2LThjY2YtZjJiODEwNzliNzQ2
LzEvc29VNm9lc3l2LTRQNnhTRHdVazIwUUh4YnQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEoGCCsGAQUFBwEHAQH/BDswOTAmBAIAATAgAwQCLQrwAwQC
W9coAwQCuYFkMAwDBAS5stADBAC5stIwDwQCAAIwCQMHACoKQYAAADANBgkqhkiG
9w0BAQsFAAOCAQEAJ9vaBOv1LUC0pjT7LmnZCiCK7Nk/Ei4j9k5/F/wgrpsmBHwd
7R71ok1h2nAxaaIRpVch7aj0APy8XvURcapHBv15SDVTB2fyaLS189g67paMAw07
lQ11CUKOonqG7pMkgtFjOc204xLcJ9/XYD8vFSQXyLLfFGc1Kk5+oIu3lFAd5dvD
KCshQI/HU609AwTbqQs+fZELAePlSZ90/2PmO57z8PxUwDYepduiM9usw/Kzf2Gm
iuQBmJXlugZnX0zz1Qcacqe+EG3UiArGMThFnwO+wt6Er+jEu9L9L+ej4r7f/l52
WxaHWUx4Tr3ORhVqNcYszAS7VcaANzaXColbsQ==
-----END CERTIFICATE-----