Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/KEODTBn98OyhIuPDVM905GFY5Zo.roa
File:                     KEODTBn98OyhIuPDVM905GFY5Zo.roa (raw, json)
Hash identifier:          i30Rp7dpCH9/gB+UIYd98EKAjidunvFINP9Ix6dMtg4=
Subject key identifier:   28:43:83:4C:19:FD:F0:EC:A1:22:E3:C3:54:CF:74:E4:61:58:E5:9A
Certificate issuer:       /CN=aedaeea9117a1d5ccc320222955a09faa0798fd9
Certificate serial:       018ED2277DC64F4C8E21179E8480184CBFE3
Authority key identifier: AE:DA:EE:A9:11:7A:1D:5C:CC:32:02:22:95:5A:09:FA:A0:79:8F:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rtruqRF6HVzMMgIilVoJ-qB5j9k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/KEODTBn98OyhIuPDVM905GFY5Zo.roa
Signing time:             Fri 12 Apr 2024 11:53:07 +0000
ROA not before:           Fri 12 Apr 2024 11:53:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1828
IP address blocks:        45.15.192.0/22 maxlen: 22
                          45.15.192.0/24 maxlen: 24
                          45.15.193.0/24 maxlen: 24
                          45.15.194.0/24 maxlen: 24
                          45.15.195.0/24 maxlen: 24
                          45.133.80.0/22 maxlen: 22
                          45.133.80.0/24 maxlen: 24
                          45.133.81.0/24 maxlen: 24
                          45.133.82.0/24 maxlen: 24
                          185.92.120.0/24 maxlen: 24
                          185.92.121.0/24 maxlen: 24
                          185.92.122.0/24 maxlen: 24
                          185.92.123.0/24 maxlen: 24
                          185.175.12.0/24 maxlen: 24
                          2a05:f240::/29 maxlen: 29

Validation:               Failed, certificate revoked on Mon 15 Apr 2024 10:27:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:d2:27:7d:c6:4f:4c:8e:21:17:9e:84:80:18:4c:bf:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aedaeea9117a1d5ccc320222955a09faa0798fd9
        Validity
            Not Before: Apr 12 11:53:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2843834c19fdf0eca122e3c354cf74e46158e59a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:89:ec:76:3b:75:77:8f:ba:97:86:f4:ef:93:
                    11:4f:87:0d:09:90:c4:4f:03:da:24:35:10:a4:b2:
                    6f:90:4b:fb:ba:52:08:20:a2:47:4a:c3:47:da:83:
                    ec:48:22:5e:7e:f0:ec:bf:3f:e1:0d:5a:09:b3:c3:
                    b4:e1:d6:60:7e:1e:28:0c:ff:ee:7c:bd:9a:7d:5a:
                    25:c7:60:01:96:af:e6:f2:04:82:54:60:81:8e:25:
                    41:5d:42:b4:d0:79:85:2c:24:c8:c6:64:c0:1d:fa:
                    ab:19:f8:1a:b3:d7:ab:a6:78:17:f6:79:62:c5:8f:
                    49:23:f9:09:0c:c6:67:b3:10:1a:de:b7:08:38:3a:
                    25:e7:96:09:cb:32:43:a3:75:a9:22:b5:1c:ed:f4:
                    d1:65:b2:53:ae:7c:69:a4:0f:71:cb:ff:b8:38:2f:
                    ca:8b:88:73:f9:5b:94:27:d8:82:0c:5f:76:9a:78:
                    83:35:29:4d:9f:04:99:8e:7c:71:89:e9:f8:c0:3c:
                    fb:cb:8a:c3:fc:37:31:29:93:5d:6b:87:6e:08:9a:
                    a6:a3:77:17:dd:64:82:0b:5b:cd:d2:94:4c:ff:dd:
                    57:5f:f3:5b:bd:a0:3a:70:15:f7:c8:0e:0b:2f:dc:
                    26:81:bf:1c:18:e9:8c:44:ec:f7:d1:99:9b:a3:06:
                    a4:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:43:83:4C:19:FD:F0:EC:A1:22:E3:C3:54:CF:74:E4:61:58:E5:9A
            X509v3 Authority Key Identifier:
                keyid:AE:DA:EE:A9:11:7A:1D:5C:CC:32:02:22:95:5A:09:FA:A0:79:8F:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rtruqRF6HVzMMgIilVoJ-qB5j9k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/KEODTBn98OyhIuPDVM905GFY5Zo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/rtruqRF6HVzMMgIilVoJ-qB5j9k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.15.192.0/22
                  45.133.80.0/22
                  185.92.120.0/22
                  185.175.12.0/24
                IPv6:
                  2a05:f240::/29

    Signature Algorithm: sha256WithRSAEncryption
         0e:60:29:50:bc:30:92:bf:d4:69:13:c3:b7:2f:7f:dd:45:bb:
         56:ba:b9:2d:cb:7f:f6:e1:ba:71:e9:89:1f:61:2b:d2:1e:74:
         55:da:93:a6:fb:90:96:6d:26:43:be:b8:06:fe:9e:d5:bc:55:
         ef:74:a4:68:cf:4e:40:96:4e:cd:9a:ab:b9:a0:31:cf:7a:2e:
         67:d4:e4:18:de:4d:77:73:d7:83:2d:a1:84:43:fb:8f:01:ea:
         44:53:2d:7b:4e:41:ba:d9:c3:b0:55:55:12:7d:8e:b9:75:22:
         48:bd:91:8d:29:e1:0d:3f:f5:8a:ee:3c:1c:9d:1d:54:6d:18:
         ed:19:e7:f1:c5:fe:ff:49:85:d4:16:a5:40:4c:37:d4:3c:14:
         5c:fb:9e:3d:ec:b4:86:70:76:6e:f6:79:c3:cb:ed:58:7d:f0:
         e7:25:31:ce:9e:64:4b:f7:91:08:66:35:c2:a9:c2:88:44:4e:
         e6:94:6d:4a:a7:a1:38:6a:52:2d:39:f3:8e:52:07:e5:06:97:
         48:6f:88:38:4f:08:92:90:31:a0:2f:61:0b:2b:06:06:d3:56:
         89:e5:39:57:75:dd:ea:42:7b:3f:ca:b8:e0:2e:3e:1d:0a:c2:
         9c:ec:ab:c6:b2:5f:df:5b:f5:6a:0c:cf:b2:e0:e5:37:39:9b:
         f2:98:0d:d3
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAY7SJ33GT0yOIReehIAYTL/jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlZGFlZWE5MTE3YTFkNWNjYzMyMDIyMjk1NWEwOWZhYTA3
OThmZDkwHhcNMjQwNDEyMTE1MzA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODQzODM0YzE5ZmRmMGVjYTEyMmUzYzM1NGNmNzRlNDYxNThlNTlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgInsdjt1d4+6l4b075MRT4cNCZDE
TwPaJDUQpLJvkEv7ulIIIKJHSsNH2oPsSCJefvDsvz/hDVoJs8O04dZgfh4oDP/u
fL2afVolx2ABlq/m8gSCVGCBjiVBXUK00HmFLCTIxmTAHfqrGfgas9erpngX9nli
xY9JI/kJDMZnsxAa3rcIODol55YJyzJDo3WpIrUc7fTRZbJTrnxppA9xy/+4OC/K
i4hz+VuUJ9iCDF92mniDNSlNnwSZjnxxien4wDz7y4rD/DcxKZNda4duCJqmo3cX
3WSCC1vN0pRM/91XX/NbvaA6cBX3yA4LL9wmgb8cGOmMROz30Zmbowak9QIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFChDg0wZ/fDsoSLjw1TPdORhWOWaMB8GA1UdIwQY
MBaAFK7a7qkReh1czDICIpVaCfqgeY/ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnRydXFSRjZIVnpNTWdJaWxWb0otcUI1ajlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi9hMTNiMDEtNDE1My00ZWE1LWJmMjEt
OTk4NjhjNTEzMjlhLzEvS0VPRFRCbjk4T3loSXVQRFZNOTA1R0ZZNVpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi9hMTNiMDEtNDE1My00ZWE1LWJmMjEtOTk4NjhjNTEzMjlh
LzEvcnRydXFSRjZIVnpNTWdJaWxWb0otcUI1ajlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQCLQ/AAwQC
LYVQAwQCuVx4AwQAua8MMA0EAgACMAcDBQMqBfJAMA0GCSqGSIb3DQEBCwUAA4IB
AQAOYClQvDCSv9RpE8O3L3/dRbtWurkty3/24bpx6YkfYSvSHnRV2pOm+5CWbSZD
vrgG/p7VvFXvdKRoz05Alk7Nmqu5oDHPei5n1OQY3k13c9eDLaGEQ/uPAepEUy17
TkG62cOwVVUSfY65dSJIvZGNKeENP/WK7jwcnR1UbRjtGefxxf7/SYXUFqVATDfU
PBRc+5497LSGcHZu9nnDy+1YffDnJTHOnmRL95EIZjXCqcKIRE7mlG1Kp6E4alIt
OfOOUgflBpdIb4g4TwiSkDGgL2ELKwYG01aJ5TlXdd3qQns/yrjgLj4dCsKc7KvG
sl/fW/VqDM+y4OU3OZvymA3T
-----END CERTIFICATE-----