Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/a45e7e-5dc3-49d3-aa3f-367e170e7128/1/PwXhPhlawp-0t4oNi5Kh123uzYc.roa
File:                     PwXhPhlawp-0t4oNi5Kh123uzYc.roa (raw, json)
Hash identifier:          7K7E/i/ml4qBLajHPvhY3xSt1wy73TBZq3SvlJ+uaVo=
Subject key identifier:   3F:05:E1:3E:19:5A:C2:9F:B4:B7:8A:0D:8B:92:A1:D7:6D:EE:CD:87
Certificate issuer:       /CN=601ddc60799263ffb9bd0e5eeb0872843dee6a72
Certificate serial:       018D60EC02436D0E3FC69526AB7AE65931A9
Authority key identifier: 60:1D:DC:60:79:92:63:FF:B9:BD:0E:5E:EB:08:72:84:3D:EE:6A:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YB3cYHmSY_-5vQ5e6whyhD3uanI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/a45e7e-5dc3-49d3-aa3f-367e170e7128/1/PwXhPhlawp-0t4oNi5Kh123uzYc.roa
Signing time:             Wed 31 Jan 2024 19:08:16 +0000
ROA not before:           Wed 31 Jan 2024 19:08:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15924
IP address blocks:        46.235.15.0/24 maxlen: 32
                          2a00:9940::/29 maxlen: 128
                          2a04:e880::/29 maxlen: 128
                          2a06:8540::/29 maxlen: 128
                          2a09:2340::/29 maxlen: 128
                          2a0e:7fc0::/29 maxlen: 128
                          2a14:2b80::/29 maxlen: 128
                          2a14:5c80::/29 maxlen: 128
                          2a14:6580::/29 maxlen: 128
                          2a14:7080::/29 maxlen: 128

Validation:               Failed, certificate revoked on Fri 02 Feb 2024 15:33:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:60:ec:02:43:6d:0e:3f:c6:95:26:ab:7a:e6:59:31:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=601ddc60799263ffb9bd0e5eeb0872843dee6a72
        Validity
            Not Before: Jan 31 19:08:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f05e13e195ac29fb4b78a0d8b92a1d76deecd87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:9c:54:37:db:fc:71:60:71:a6:b4:ca:2d:d2:
                    c3:08:5f:67:9e:f8:1a:9a:95:b8:cb:ad:c8:26:f8:
                    b6:02:0f:a7:e7:02:0a:1f:49:4b:99:5d:d5:15:f5:
                    68:eb:af:63:a4:46:84:3f:bc:92:3b:55:5f:7b:24:
                    75:ac:6c:c2:7e:29:eb:2e:58:20:1d:d6:b1:40:aa:
                    f6:f4:dd:fe:8e:aa:bd:b1:e5:7d:6f:fe:16:b4:bd:
                    08:ef:81:73:fa:b0:ab:cb:e6:40:52:89:45:6a:da:
                    1a:96:27:2b:e7:8e:b1:07:42:a0:4f:fe:8d:cf:3e:
                    2a:1f:67:92:35:4f:7c:a4:71:1a:bc:65:b2:55:af:
                    da:2e:ce:c2:b3:87:e3:db:e1:c0:24:cd:94:54:ac:
                    74:4b:4e:41:f3:1c:a0:b8:0a:39:94:8d:8d:6c:6f:
                    96:71:9d:dc:46:c5:ea:c8:67:fc:26:f2:b2:3f:9c:
                    52:bf:e9:8b:86:1a:4c:a8:05:e5:0e:e3:be:54:ea:
                    fa:79:42:6c:ea:b7:ff:14:d3:af:27:0b:10:60:8e:
                    c3:53:88:f8:53:27:b0:b4:6b:67:7c:20:04:7f:dc:
                    e0:50:ea:29:45:cc:59:86:cb:3a:a1:4a:ce:ed:e6:
                    45:90:02:91:ef:9a:a9:37:ef:04:06:cf:10:1d:55:
                    f2:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:05:E1:3E:19:5A:C2:9F:B4:B7:8A:0D:8B:92:A1:D7:6D:EE:CD:87
            X509v3 Authority Key Identifier:
                keyid:60:1D:DC:60:79:92:63:FF:B9:BD:0E:5E:EB:08:72:84:3D:EE:6A:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YB3cYHmSY_-5vQ5e6whyhD3uanI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/a45e7e-5dc3-49d3-aa3f-367e170e7128/1/PwXhPhlawp-0t4oNi5Kh123uzYc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/a45e7e-5dc3-49d3-aa3f-367e170e7128/1/YB3cYHmSY_-5vQ5e6whyhD3uanI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.235.15.0/24
                IPv6:
                  2a00:9940::/29
                  2a04:e880::/29
                  2a06:8540::/29
                  2a09:2340::/29
                  2a0e:7fc0::/29
                  2a14:2b80::/29
                  2a14:5c80::/29
                  2a14:6580::/29
                  2a14:7080::/29

    Signature Algorithm: sha256WithRSAEncryption
         ab:fb:04:7f:28:91:0a:a6:9b:54:e0:79:04:fd:5c:d4:21:e1:
         4e:9a:24:e1:3d:fb:75:67:d5:c7:db:8d:7a:e1:c9:d1:49:20:
         59:f8:d2:d8:37:32:19:67:c0:88:20:8a:07:4e:1f:4e:30:ae:
         aa:02:ca:53:90:08:04:77:74:44:30:96:c8:25:3e:9d:0e:61:
         75:b5:e6:5e:ad:83:39:aa:41:17:a5:03:c1:e2:a9:3b:98:69:
         1e:46:17:40:4e:dc:eb:f9:9d:1b:ed:0e:9c:b2:88:cc:a7:23:
         3c:83:84:eb:0a:79:e4:0b:a2:25:02:dc:cb:9f:2f:db:1e:90:
         75:1f:5a:b0:fa:ec:ce:c8:63:c1:70:91:b7:13:31:df:9a:6c:
         19:43:24:5d:9f:de:f5:68:2f:f4:a2:3d:d1:4f:7f:15:eb:cb:
         12:19:20:64:cb:69:1e:f1:3c:0e:61:3e:29:5a:76:72:18:6a:
         f8:61:47:f9:59:95:0b:31:2e:b0:dd:56:a1:d0:90:00:3e:ab:
         e6:b1:64:e2:83:6f:3e:88:d0:12:6d:fd:8c:d9:60:9f:05:62:
         33:61:e0:b9:64:7c:3f:48:ec:aa:62:3d:62:90:22:4a:66:61:
         1b:d5:25:ff:dd:91:3b:e6:3b:a1:b7:5a:d4:be:a2:23:cf:77:
         a5:36:05:b5
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAY1g7AJDbQ4/xpUmq3rmWTGpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwMWRkYzYwNzk5MjYzZmZiOWJkMGU1ZWViMDg3Mjg0M2Rl
ZTZhNzIwHhcNMjQwMTMxMTkwODE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjA1ZTEzZTE5NWFjMjlmYjRiNzhhMGQ4YjkyYTFkNzZkZWVjZDg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtJxUN9v8cWBxprTKLdLDCF9nnvga
mpW4y63IJvi2Ag+n5wIKH0lLmV3VFfVo669jpEaEP7ySO1VfeyR1rGzCfinrLlgg
HdaxQKr29N3+jqq9seV9b/4WtL0I74Fz+rCry+ZAUolFatoalicr546xB0KgT/6N
zz4qH2eSNU98pHEavGWyVa/aLs7Cs4fj2+HAJM2UVKx0S05B8xyguAo5lI2NbG+W
cZ3cRsXqyGf8JvKyP5xSv+mLhhpMqAXlDuO+VOr6eUJs6rf/FNOvJwsQYI7DU4j4
UyewtGtnfCAEf9zgUOopRcxZhss6oUrO7eZFkAKR75qpN+8EBs8QHVXy/QIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFD8F4T4ZWsKftLeKDYuSoddt7s2HMB8GA1UdIwQY
MBaAFGAd3GB5kmP/ub0OXusIcoQ97mpyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUIzY1lIbVNZXy01dlE1ZTZ3aHloRDN1YW5JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi9hNDVlN2UtNWRjMy00OWQzLWFhM2Yt
MzY3ZTE3MGU3MTI4LzEvUHdYaFBobGF3cC0wdDRvTmk1S2gxMjN1elljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi9hNDVlN2UtNWRjMy00OWQzLWFhM2YtMzY3ZTE3MGU3MTI4
LzEvWUIzY1lIbVNZXy01dlE1ZTZ3aHloRDN1YW5JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTAMBAIAATAGAwQALusPMEUE
AgACMD8DBQMqAJlAAwUDKgTogAMFAyoGhUADBQMqCSNAAwUDKg5/wAMFAyoUK4AD
BQMqFFyAAwUDKhRlgAMFAyoUcIAwDQYJKoZIhvcNAQELBQADggEBAKv7BH8okQqm
m1TgeQT9XNQh4U6aJOE9+3Vn1cfbjXrhydFJIFn40tg3MhlnwIggigdOH04wrqoC
ylOQCAR3dEQwlsglPp0OYXW15l6tgzmqQRelA8HiqTuYaR5GF0BO3Ov5nRvtDpyy
iMynIzyDhOsKeeQLoiUC3MufL9sekHUfWrD67M7IY8FwkbcTMd+abBlDJF2f3vVo
L/SiPdFPfxXryxIZIGTLaR7xPA5hPiladnIYavhhR/lZlQsxLrDdVqHQkAA+q+ax
ZOKDbz6I0BJt/YzZYJ8FYjNh4LlkfD9I7KpiPWKQIkpmYRvVJf/dkTvmO6G3WtS+
oiPPd6U2BbU=
-----END CERTIFICATE-----