Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/6669bb-1f62-42a3-9e8d-49a6545786e6/1/guad4u08mkgl8gKj0nb1iEQXv0s.roa
File:                     guad4u08mkgl8gKj0nb1iEQXv0s.roa (raw, json)
Hash identifier:          2+/s2lCFF6YAkDZIdtuAR4m8eo0yWKiTKosdfTceAhs=
Subject key identifier:   82:E6:9D:E2:ED:3C:9A:48:25:F2:02:A3:D2:76:F5:88:44:17:BF:4B
Certificate issuer:       /CN=c6c0fdbb65ca491cb83cc085a43e0340596ae873
Certificate serial:       0191FAC82EB90517316B3E0DFBC612F1A6DB
Authority key identifier: C6:C0:FD:BB:65:CA:49:1C:B8:3C:C0:85:A4:3E:03:40:59:6A:E8:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xsD9u2XKSRy4PMCFpD4DQFlq6HM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/6669bb-1f62-42a3-9e8d-49a6545786e6/1/guad4u08mkgl8gKj0nb1iEQXv0s.roa
Signing time:             Mon 16 Sep 2024 12:21:48 +0000
ROA not before:           Mon 16 Sep 2024 12:21:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31631
IP address blocks:        45.150.140.0/22 maxlen: 22
                          80.252.120.0/22 maxlen: 22
                          103.110.208.0/22 maxlen: 22
                          109.224.248.0/21 maxlen: 21
                          185.108.168.0/22 maxlen: 22
                          185.205.172.0/22 maxlen: 22
                          193.178.54.0/23 maxlen: 23
                          193.178.112.0/23 maxlen: 23
                          195.167.138.0/24 maxlen: 24
                          195.167.181.0/24 maxlen: 24
                          195.167.182.0/24 maxlen: 24
                          2a06:e40::/29 maxlen: 29

Validation:               Failed, certificate revoked on Tue 29 Oct 2024 10:25:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:fa:c8:2e:b9:05:17:31:6b:3e:0d:fb:c6:12:f1:a6:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c6c0fdbb65ca491cb83cc085a43e0340596ae873
        Validity
            Not Before: Sep 16 12:21:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=82e69de2ed3c9a4825f202a3d276f5884417bf4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:b6:23:10:97:78:4b:16:f4:55:4c:35:56:2e:
                    c6:90:0a:e5:aa:d8:a4:07:1c:03:37:0e:00:e7:9a:
                    03:ab:51:87:03:4a:38:a3:53:77:10:f8:69:99:2d:
                    88:49:42:64:19:cb:46:2d:50:fd:c7:90:5d:af:8c:
                    d5:31:72:60:e9:48:ea:0e:22:90:f6:6e:c1:f1:53:
                    a8:7e:94:58:8d:4a:56:f2:fc:65:0a:19:92:dd:90:
                    3c:d3:28:c1:89:dc:ab:f1:57:ac:e9:89:4a:e0:ba:
                    11:d4:1b:5c:6c:bc:62:d6:46:bd:4f:24:60:a6:f7:
                    af:2e:0e:11:35:f1:c7:77:1e:c3:f7:cd:f0:82:30:
                    3c:68:a8:88:81:cd:ec:75:f5:74:a9:c1:1d:90:5d:
                    90:16:97:c1:e6:d1:0a:bc:11:ad:37:6c:24:32:a2:
                    a8:1e:3a:c5:42:a3:92:ac:9f:09:c1:c9:b2:d4:50:
                    93:72:b8:a5:a0:f3:d5:79:69:52:11:b5:4c:3f:6f:
                    a0:7d:17:03:a7:72:d4:33:34:6c:a6:4d:7a:a9:30:
                    08:11:be:a1:e8:fe:f2:b7:b4:8c:82:f4:00:a9:53:
                    1b:88:4b:24:3d:d0:10:93:80:4a:d3:94:8f:00:4f:
                    ed:33:dc:e9:52:94:f4:1e:15:45:c2:32:16:08:94:
                    aa:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:E6:9D:E2:ED:3C:9A:48:25:F2:02:A3:D2:76:F5:88:44:17:BF:4B
            X509v3 Authority Key Identifier:
                keyid:C6:C0:FD:BB:65:CA:49:1C:B8:3C:C0:85:A4:3E:03:40:59:6A:E8:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xsD9u2XKSRy4PMCFpD4DQFlq6HM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6669bb-1f62-42a3-9e8d-49a6545786e6/1/guad4u08mkgl8gKj0nb1iEQXv0s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6669bb-1f62-42a3-9e8d-49a6545786e6/1/xsD9u2XKSRy4PMCFpD4DQFlq6HM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.140.0/22
                  80.252.120.0/22
                  103.110.208.0/22
                  109.224.248.0/21
                  185.108.168.0/22
                  185.205.172.0/22
                  193.178.54.0/23
                  193.178.112.0/23
                  195.167.138.0/24
                  195.167.181.0-195.167.182.255
                IPv6:
                  2a06:e40::/29

    Signature Algorithm: sha256WithRSAEncryption
         8c:65:58:73:9a:2d:b1:2f:74:06:87:f6:a5:24:9d:68:79:e3:
         47:7a:61:f7:f2:af:7e:bf:b4:47:2c:5f:c0:ee:f4:54:cc:f8:
         2f:bd:8f:45:13:1c:3e:09:4a:fe:3a:34:10:e9:bc:5b:41:3f:
         6b:5d:63:66:91:1b:4f:66:6e:08:69:bd:78:92:d4:43:c7:02:
         61:db:93:9d:7f:5a:dc:05:40:5d:3e:9e:38:0f:84:fb:72:2c:
         d2:66:e7:c2:b0:4a:07:43:c5:eb:54:99:a0:bb:3f:90:5e:25:
         41:f0:f0:5e:9e:17:e1:c1:fe:c7:09:bb:99:59:6a:ca:bd:f8:
         49:c4:8e:5d:ef:19:1d:20:02:7c:b6:aa:57:e5:a7:e7:50:18:
         dd:32:a3:dc:7d:84:9e:c1:81:fc:2a:cc:39:d6:21:88:da:4d:
         10:72:a2:e2:a4:b1:40:24:41:5a:5b:a2:9a:da:a0:20:22:dd:
         e3:b0:84:49:53:ab:7a:cf:8e:d6:43:fd:ec:25:6a:0d:23:55:
         f8:e7:7f:45:77:9c:9e:b5:ca:d0:4f:82:f9:d2:5b:e0:b0:b8:
         56:40:32:85:c8:75:b5:68:05:9c:6e:1b:20:09:50:c8:f1:ee:
         26:ea:50:c9:9c:e5:61:7f:fa:0d:e5:ea:f9:cb:0b:f9:57:0a:
         00:cc:41:7a
-----BEGIN CERTIFICATE-----
MIIFSjCCBDKgAwIBAgISAZH6yC65BRcxaz4N+8YS8abbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2YzBmZGJiNjVjYTQ5MWNiODNjYzA4NWE0M2UwMzQwNTk2
YWU4NzMwHhcNMjQwOTE2MTIyMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmU2OWRlMmVkM2M5YTQ4MjVmMjAyYTNkMjc2ZjU4ODQ0MTdiZjRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs7YjEJd4Sxb0VUw1Vi7GkArlqtik
BxwDNw4A55oDq1GHA0o4o1N3EPhpmS2ISUJkGctGLVD9x5Bdr4zVMXJg6UjqDiKQ
9m7B8VOofpRYjUpW8vxlChmS3ZA80yjBidyr8Ves6YlK4LoR1BtcbLxi1ka9TyRg
pvevLg4RNfHHdx7D983wgjA8aKiIgc3sdfV0qcEdkF2QFpfB5tEKvBGtN2wkMqKo
HjrFQqOSrJ8Jwcmy1FCTcriloPPVeWlSEbVMP2+gfRcDp3LUMzRspk16qTAIEb6h
6P7yt7SMgvQAqVMbiEskPdAQk4BK05SPAE/tM9zpUpT0HhVFwjIWCJSqpQIDAQAB
o4ICVjCCAlIwHQYDVR0OBBYEFILmneLtPJpIJfICo9J29YhEF79LMB8GA1UdIwQY
MBaAFMbA/btlykkcuDzAhaQ+A0BZauhzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHNEOXUyWEtTUnk0UE1DRnBENERRRmxxNkhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi82NjY5YmItMWY2Mi00MmEzLTllOGQt
NDlhNjU0NTc4NmU2LzEvZ3VhZDR1MDhta2dsOGdLajBuYjFpRVFYdjBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi82NjY5YmItMWY2Mi00MmEzLTllOGQtNDlhNjU0NTc4NmU2
LzEveHNEOXUyWEtTUnk0UE1DRnBENERRRmxxNkhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGwGCCsGAQUFBwEHAQH/BF0wWzBKBAIAATBEAwQCLZaMAwQC
UPx4AwQCZ27QAwQDbeD4AwQCuWyoAwQCuc2sAwQBwbI2AwQBwbJwAwQAw6eKMAwD
BADDp7UDBADDp7YwDQQCAAIwBwMFAyoGDkAwDQYJKoZIhvcNAQELBQADggEBAIxl
WHOaLbEvdAaH9qUknWh540d6Yffyr36/tEcsX8Du9FTM+C+9j0UTHD4JSv46NBDp
vFtBP2tdY2aRG09mbghpvXiS1EPHAmHbk51/WtwFQF0+njgPhPtyLNJm58KwSgdD
xetUmaC7P5BeJUHw8F6eF+HB/scJu5lZasq9+EnEjl3vGR0gAny2qlflp+dQGN0y
o9x9hJ7BgfwqzDnWIYjaTRByouKksUAkQVpbopraoCAi3eOwhElTq3rPjtZD/ewl
ag0jVfjnf0V3nJ61ytBPgvnSW+CwuFZAMoXIdbVoBZxuGyAJUMjx7ibqUMmc5WF/
+g3l6vnLC/lXCgDMQXo=
-----END CERTIFICATE-----