Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/8effe4-edbb-4dd4-85d4-48b8b5a9b411/1/TW4DMRPLhQsZqVVYI-SsKOU_Hc0.roa
File:                     TW4DMRPLhQsZqVVYI-SsKOU_Hc0.roa (raw, json)
Hash identifier:          GKS9m4nCp8I8Hhegyj4a9DqTCmMuyThCz6zHCzd6M0c=
Subject key identifier:   4D:6E:03:31:13:CB:85:0B:19:A9:55:58:23:E4:AC:28:E5:3F:1D:CD
Certificate issuer:       /CN=ddead919b85a13051d0208b7e28ddccb398b14d6
Certificate serial:       018CC94E5A847DD2CAE2683430C9393699B7
Authority key identifier: DD:EA:D9:19:B8:5A:13:05:1D:02:08:B7:E2:8D:DC:CB:39:8B:14:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3erZGbhaEwUdAgi34o3cyzmLFNY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/8effe4-edbb-4dd4-85d4-48b8b5a9b411/1/TW4DMRPLhQsZqVVYI-SsKOU_Hc0.roa
Signing time:             Tue 02 Jan 2024 08:33:24 +0000
ROA not before:           Tue 02 Jan 2024 08:33:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42845
IP address blocks:        193.28.233.0/24 maxlen: 24
                          45.137.144.0/22 maxlen: 22
                          77.74.208.0/21 maxlen: 24
                          185.135.124.0/22 maxlen: 22
                          37.157.224.0/21 maxlen: 24
                          185.40.224.0/22 maxlen: 22
                          185.232.224.0/22 maxlen: 22
                          194.150.92.0/22 maxlen: 22
                          89.46.96.0/22 maxlen: 24
                          95.128.144.0/21 maxlen: 24
                          185.185.116.0/22 maxlen: 22
                          2a00:7200::/32 maxlen: 32
Validation:               Failed, certificate revoked on Tue 22 Oct 2024 14:11:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:5a:84:7d:d2:ca:e2:68:34:30:c9:39:36:99:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ddead919b85a13051d0208b7e28ddccb398b14d6
        Validity
            Not Before: Jan  2 08:33:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4d6e033113cb850b19a9555823e4ac28e53f1dcd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:ee:4d:89:f3:e4:4a:15:f1:07:df:81:6a:63:
                    e4:21:a9:51:45:0a:d0:ce:1b:9d:41:c5:9e:45:df:
                    a7:90:51:34:68:9f:bd:ae:78:74:5f:c0:64:36:bf:
                    65:a8:b9:30:13:c3:4a:0c:03:36:84:0c:c6:62:77:
                    a9:03:0f:32:fc:d7:2c:b8:72:d2:38:23:4a:4a:3b:
                    24:c1:c7:2b:f3:5c:cc:54:2d:42:4e:87:aa:e5:a3:
                    81:0a:1d:6a:22:3c:bb:d2:bf:54:42:05:f7:68:b1:
                    2b:99:6e:01:e6:20:7e:a4:e7:1c:3c:c0:78:e2:82:
                    27:6a:c1:b1:4a:94:ee:03:9b:c6:7c:9b:57:5d:b8:
                    c4:b6:1f:79:d0:a7:30:bd:87:f9:b9:ca:b1:09:a3:
                    2d:a3:6f:b4:4e:0b:4a:78:62:67:06:b3:c4:1c:09:
                    bf:fa:e3:73:a9:83:e7:c6:d0:06:d7:9a:e5:d2:ef:
                    88:22:3d:62:d7:16:66:88:0c:3f:c0:22:41:b8:bd:
                    f9:4c:92:ca:73:77:d1:e7:1c:73:47:0e:4b:b8:8a:
                    34:4c:96:b7:99:cc:78:bc:1e:87:3f:18:03:db:86:
                    43:30:10:fb:b5:f6:62:e4:68:92:86:8c:a8:5f:23:
                    22:5f:f6:0c:12:86:32:8a:c3:89:7d:68:6d:a3:31:
                    97:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:6E:03:31:13:CB:85:0B:19:A9:55:58:23:E4:AC:28:E5:3F:1D:CD
            X509v3 Authority Key Identifier:
                keyid:DD:EA:D9:19:B8:5A:13:05:1D:02:08:B7:E2:8D:DC:CB:39:8B:14:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3erZGbhaEwUdAgi34o3cyzmLFNY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/8effe4-edbb-4dd4-85d4-48b8b5a9b411/1/TW4DMRPLhQsZqVVYI-SsKOU_Hc0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/8effe4-edbb-4dd4-85d4-48b8b5a9b411/1/3erZGbhaEwUdAgi34o3cyzmLFNY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.157.224.0/21
                  45.137.144.0/22
                  77.74.208.0/21
                  89.46.96.0/22
                  95.128.144.0/21
                  185.40.224.0/22
                  185.135.124.0/22
                  185.185.116.0/22
                  185.232.224.0/22
                  193.28.233.0/24
                  194.150.92.0/22
                IPv6:
                  2a00:7200::/32

    Signature Algorithm: sha256WithRSAEncryption
         5d:28:46:7e:eb:43:23:f0:b0:62:86:14:48:8f:3d:ec:3e:d8:
         95:06:0d:b5:e9:87:2c:22:8b:c3:85:0f:e2:e7:58:f3:af:85:
         74:1d:39:a5:e7:76:cf:1a:25:e1:4d:ca:95:82:f3:6a:61:72:
         4a:25:30:d8:81:2c:03:30:0d:24:be:e1:30:be:a4:12:a8:65:
         f4:0b:aa:ba:b1:fe:9f:5b:87:45:89:dc:fd:70:d8:d9:f4:29:
         ad:14:2d:77:4f:ee:2d:72:5d:8c:25:90:f7:07:5c:97:26:46:
         c3:eb:64:58:47:aa:48:65:95:17:c7:d5:ef:90:6b:97:7f:08:
         9b:97:14:ef:1b:19:e8:fa:86:cb:92:04:37:bc:68:98:03:56:
         84:0a:ec:64:70:58:bd:cc:35:65:f8:91:6d:39:3b:06:dc:2d:
         20:35:c1:d1:1d:e6:43:84:eb:68:99:02:4d:fe:1e:b9:35:f4:
         9e:ef:2d:14:7c:c9:07:59:ea:a6:d2:fa:69:bf:25:4d:db:08:
         79:cb:b1:a4:ce:17:fb:40:fa:14:ad:fe:a5:92:18:9b:ae:f4:
         3b:be:be:33:d6:55:15:c1:2a:79:fb:6d:da:56:ea:0a:7f:4a:
         67:0e:05:5f:e3:eb:27:17:b3:cd:99:65:3d:65:af:c0:9f:8a:
         ac:23:7a:fc
-----BEGIN CERTIFICATE-----
MIIFSDCCBDCgAwIBAgISAYzJTlqEfdLK4mg0MMk5Npm3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkZWFkOTE5Yjg1YTEzMDUxZDAyMDhiN2UyOGRkY2NiMzk4
YjE0ZDYwHhcNMjQwMTAyMDgzMzI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDZlMDMzMTEzY2I4NTBiMTlhOTU1NTgyM2U0YWMyOGU1M2YxZGNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAne5NifPkShXxB9+BamPkIalRRQrQ
zhudQcWeRd+nkFE0aJ+9rnh0X8BkNr9lqLkwE8NKDAM2hAzGYnepAw8y/NcsuHLS
OCNKSjskwccr81zMVC1CToeq5aOBCh1qIjy70r9UQgX3aLErmW4B5iB+pOccPMB4
4oInasGxSpTuA5vGfJtXXbjEth950KcwvYf5ucqxCaMto2+0TgtKeGJnBrPEHAm/
+uNzqYPnxtAG15rl0u+IIj1i1xZmiAw/wCJBuL35TJLKc3fR5xxzRw5LuIo0TJa3
mcx4vB6HPxgD24ZDMBD7tfZi5GiShoyoXyMiX/YMEoYyisOJfWhtozGXGwIDAQAB
o4ICVDCCAlAwHQYDVR0OBBYEFE1uAzETy4ULGalVWCPkrCjlPx3NMB8GA1UdIwQY
MBaAFN3q2Rm4WhMFHQIIt+KN3Ms5ixTWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2VyWkdiaGFFd1VkQWdpMzRvM2N5em1MRk5ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS84ZWZmZTQtZWRiYi00ZGQ0LTg1ZDQt
NDhiOGI1YTliNDExLzEvVFc0RE1SUExoUXNacVZWWUktU3NLT1VfSGMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS84ZWZmZTQtZWRiYi00ZGQ0LTg1ZDQtNDhiOGI1YTliNDEx
LzEvM2VyWkdiaGFFd1VkQWdpMzRvM2N5em1MRk5ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGoGCCsGAQUFBwEHAQH/BFswWTBIBAIAATBCAwQDJZ3gAwQC
LYmQAwQDTUrQAwQCWS5gAwQDX4CQAwQCuSjgAwQCuYd8AwQCubl0AwQCuejgAwQA
wRzpAwQCwpZcMA0EAgACMAcDBQAqAHIAMA0GCSqGSIb3DQEBCwUAA4IBAQBdKEZ+
60Mj8LBihhRIjz3sPtiVBg216YcsIovDhQ/i51jzr4V0HTml53bPGiXhTcqVgvNq
YXJKJTDYgSwDMA0kvuEwvqQSqGX0C6q6sf6fW4dFidz9cNjZ9CmtFC13T+4tcl2M
JZD3B1yXJkbD62RYR6pIZZUXx9XvkGuXfwiblxTvGxno+obLkgQ3vGiYA1aECuxk
cFi9zDVl+JFtOTsG3C0gNcHRHeZDhOtomQJN/h65NfSe7y0UfMkHWeqm0vppvyVN
2wh5y7Gkzhf7QPoUrf6lkhibrvQ7vr4z1lUVwSp5+23aVuoKf0pnDgVf4+snF7PN
mWU9Za/An4qsI3r8
-----END CERTIFICATE-----