Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/TWgmfibYsDRCuyYYvAV15hCsc90.roa
File:                     TWgmfibYsDRCuyYYvAV15hCsc90.roa (raw, json)
Hash identifier:          VzdEnvDCdfXuzz7c0juiNVw0mxuZJlubXGMGW2x5z/Y=
Subject key identifier:   4D:68:26:7E:26:D8:B0:34:42:BB:26:18:BC:05:75:E6:10:AC:73:DD
Certificate issuer:       /CN=aedaeea9117a1d5ccc320222955a09faa0798fd9
Certificate serial:       018CC64B1E296C247322D7BC9EFF1D78C03E
Authority key identifier: AE:DA:EE:A9:11:7A:1D:5C:CC:32:02:22:95:5A:09:FA:A0:79:8F:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rtruqRF6HVzMMgIilVoJ-qB5j9k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/TWgmfibYsDRCuyYYvAV15hCsc90.roa
Signing time:             Mon 01 Jan 2024 18:31:00 +0000
ROA not before:           Mon 01 Jan 2024 18:31:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1828
IP address blocks:        45.133.82.0/24 maxlen: 24
                          45.133.80.0/22 maxlen: 22
                          45.133.80.0/24 maxlen: 24
                          45.133.81.0/24 maxlen: 24
                          185.92.123.0/24 maxlen: 24
                          185.92.120.0/24 maxlen: 24
                          185.92.121.0/24 maxlen: 24
                          185.92.122.0/24 maxlen: 24
                          45.15.192.0/22 maxlen: 22
                          45.15.192.0/24 maxlen: 24
                          45.15.193.0/24 maxlen: 24
                          45.15.194.0/24 maxlen: 24
                          45.15.195.0/24 maxlen: 24
                          2a05:f240::/29 maxlen: 29

Validation:               Failed, certificate revoked on Fri 12 Apr 2024 11:53:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:1e:29:6c:24:73:22:d7:bc:9e:ff:1d:78:c0:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aedaeea9117a1d5ccc320222955a09faa0798fd9
        Validity
            Not Before: Jan  1 18:31:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4d68267e26d8b03442bb2618bc0575e610ac73dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:37:53:25:06:8a:4b:73:14:ef:fa:f2:2f:78:
                    ba:d1:eb:c7:27:81:a5:ef:85:b1:d4:a6:e4:34:60:
                    01:35:d7:18:c5:cc:e8:fa:c4:a0:67:04:00:0f:e7:
                    1e:a8:ca:2f:b5:bd:eb:e1:71:f5:3f:08:27:d8:c8:
                    d5:b4:2d:25:38:7c:ce:c4:99:93:df:71:e1:b1:ba:
                    99:4d:25:e9:bd:7c:5d:c8:c5:71:a7:fd:56:67:d9:
                    24:cb:69:aa:05:96:fa:3b:53:f7:ca:92:63:16:95:
                    66:97:f0:c7:d1:20:72:14:66:47:aa:66:28:92:6b:
                    6a:0b:89:e6:e2:8a:11:64:8f:a6:ce:de:2a:1e:32:
                    19:fa:bd:52:cf:30:14:6e:d0:a1:bc:64:96:a1:d7:
                    40:60:99:ab:18:13:d6:6a:43:93:2d:20:b4:de:48:
                    c1:55:3e:8f:30:be:b4:ca:c7:83:6e:99:30:a1:ad:
                    30:3c:d0:82:0d:2d:64:82:99:15:8f:13:8c:e2:84:
                    2d:bb:ea:fb:6e:d4:5a:0b:ae:fa:d5:01:73:6d:08:
                    b0:ba:7c:64:d9:b9:eb:7c:91:c8:de:4f:1f:14:1a:
                    45:47:ba:35:07:9d:26:97:f9:cb:f5:42:13:1a:bb:
                    cf:e7:63:9d:4f:23:55:57:dc:96:be:4e:60:27:b2:
                    6c:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:68:26:7E:26:D8:B0:34:42:BB:26:18:BC:05:75:E6:10:AC:73:DD
            X509v3 Authority Key Identifier:
                keyid:AE:DA:EE:A9:11:7A:1D:5C:CC:32:02:22:95:5A:09:FA:A0:79:8F:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rtruqRF6HVzMMgIilVoJ-qB5j9k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/TWgmfibYsDRCuyYYvAV15hCsc90.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/rtruqRF6HVzMMgIilVoJ-qB5j9k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.15.192.0/22
                  45.133.80.0/22
                  185.92.120.0/22
                IPv6:
                  2a05:f240::/29

    Signature Algorithm: sha256WithRSAEncryption
         5e:fa:e5:d9:59:fd:1d:10:58:96:f1:5a:a4:82:40:54:26:69:
         89:88:14:c8:73:a9:68:c6:34:c7:0a:74:fd:38:56:e2:74:6c:
         a6:20:06:9e:4c:ee:50:d2:bf:6d:73:4a:27:18:96:fb:2b:1c:
         a4:a5:74:84:80:50:7e:23:36:c6:f4:21:b1:75:99:60:9b:5b:
         7a:e5:80:0e:ab:b9:08:1e:87:48:d7:4f:3b:8d:26:46:13:cc:
         1e:f1:d4:11:c0:a4:23:9c:41:64:d2:9b:a0:40:f2:f4:c0:34:
         9f:6a:d5:3b:78:54:41:8a:f3:49:da:e3:97:dc:43:1e:ce:c6:
         66:85:74:ca:3f:08:6b:68:d9:d6:88:1f:96:fb:75:1b:05:6c:
         c4:22:5b:12:b8:f9:e0:d8:f5:8a:29:96:a0:be:22:c8:81:0b:
         f6:30:b6:71:39:55:28:0a:b7:b7:ce:dc:89:9f:ca:5f:c7:42:
         e6:9d:d9:85:45:a8:7a:74:0f:62:c4:83:d9:60:e0:bb:ff:bb:
         b4:5f:d8:2c:46:90:80:3e:40:77:8c:6f:87:cd:4b:47:62:cc:
         01:1c:38:bc:0a:07:ca:7b:fc:18:2c:c3:c9:54:00:01:76:23:
         60:5e:93:f7:b2:cf:ce:06:9f:f5:d3:75:61:75:41:d1:df:01:
         7c:30:de:bf
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYzGSx4pbCRzIte8nv8deMA+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlZGFlZWE5MTE3YTFkNWNjYzMyMDIyMjk1NWEwOWZhYTA3
OThmZDkwHhcNMjQwMTAxMTgzMTAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDY4MjY3ZTI2ZDhiMDM0NDJiYjI2MThiYzA1NzVlNjEwYWM3M2RkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzjdTJQaKS3MU7/ryL3i60evHJ4Gl
74Wx1KbkNGABNdcYxczo+sSgZwQAD+ceqMovtb3r4XH1Pwgn2MjVtC0lOHzOxJmT
33HhsbqZTSXpvXxdyMVxp/1WZ9kky2mqBZb6O1P3ypJjFpVml/DH0SByFGZHqmYo
kmtqC4nm4ooRZI+mzt4qHjIZ+r1SzzAUbtChvGSWoddAYJmrGBPWakOTLSC03kjB
VT6PML60yseDbpkwoa0wPNCCDS1kgpkVjxOM4oQtu+r7btRaC6761QFzbQiwunxk
2bnrfJHI3k8fFBpFR7o1B50ml/nL9UITGrvP52OdTyNVV9yWvk5gJ7JsiQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFE1oJn4m2LA0QrsmGLwFdeYQrHPdMB8GA1UdIwQY
MBaAFK7a7qkReh1czDICIpVaCfqgeY/ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnRydXFSRjZIVnpNTWdJaWxWb0otcUI1ajlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi9hMTNiMDEtNDE1My00ZWE1LWJmMjEt
OTk4NjhjNTEzMjlhLzEvVFdnbWZpYllzRFJDdXlZWXZBVjE1aENzYzkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi9hMTNiMDEtNDE1My00ZWE1LWJmMjEtOTk4NjhjNTEzMjlh
LzEvcnRydXFSRjZIVnpNTWdJaWxWb0otcUI1ajlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQCLQ/AAwQC
LYVQAwQCuVx4MA0EAgACMAcDBQMqBfJAMA0GCSqGSIb3DQEBCwUAA4IBAQBe+uXZ
Wf0dEFiW8VqkgkBUJmmJiBTIc6loxjTHCnT9OFbidGymIAaeTO5Q0r9tc0onGJb7
KxykpXSEgFB+IzbG9CGxdZlgm1t65YAOq7kIHodI1087jSZGE8we8dQRwKQjnEFk
0pugQPL0wDSfatU7eFRBivNJ2uOX3EMezsZmhXTKPwhraNnWiB+W+3UbBWzEIlsS
uPng2PWKKZagviLIgQv2MLZxOVUoCre3ztyJn8pfx0LmndmFRah6dA9ixIPZYOC7
/7u0X9gsRpCAPkB3jG+HzUtHYswBHDi8CgfKe/wYLMPJVAABdiNgXpP3ss/OBp/1
03VhdUHR3wF8MN6/
-----END CERTIFICATE-----