Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/924546-d9c7-4a0d-ae00-62c43ac7c02f/1/3lqfnFQCniU911gY-iiiwDNvOl8.roa
File:                     3lqfnFQCniU911gY-iiiwDNvOl8.roa (raw, json)
Hash identifier:          YYRc10uJd3hB8MQ4apmczDR4C5kjTEpyYZsSnPfyXyU=
Subject key identifier:   DE:5A:9F:9C:54:02:9E:25:3D:D7:58:18:FA:28:A2:C0:33:6F:3A:5F
Certificate issuer:       /CN=7642fd3f336ce6ee99e61fa977049a6c6a923e4a
Certificate serial:       018A18199794CE75B6A26AD90BD4819DA249
Authority key identifier: 76:42:FD:3F:33:6C:E6:EE:99:E6:1F:A9:77:04:9A:6C:6A:92:3E:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dkL9PzNs5u6Z5h-pdwSabGqSPko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/924546-d9c7-4a0d-ae00-62c43ac7c02f/1/3lqfnFQCniU911gY-iiiwDNvOl8.roa
Signing time:             Mon 21 Aug 2023 12:37:24 +0000
ROA not before:           Mon 21 Aug 2023 12:37:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        46.162.3.0/24 maxlen: 24
                          46.162.0.0/24 maxlen: 24
                          46.162.8.0/24 maxlen: 24
                          46.162.9.0/24 maxlen: 24
                          46.162.10.0/24 maxlen: 24
                          46.162.10.0/23 maxlen: 24
                          46.162.11.0/24 maxlen: 24
                          46.162.15.0/24 maxlen: 24
                          46.162.12.0/24 maxlen: 24
                          46.162.18.0/24 maxlen: 24
                          46.162.22.0/24 maxlen: 24
                          46.162.23.0/24 maxlen: 24
                          46.162.20.0/24 maxlen: 24
                          46.162.21.0/24 maxlen: 24
                          46.162.26.0/24 maxlen: 24
                          46.162.32.0/24 maxlen: 24
                          46.162.50.0/24 maxlen: 24
                          46.162.51.0/24 maxlen: 24
                          46.162.48.0/24 maxlen: 24
                          46.162.49.0/24 maxlen: 24
                          46.162.52.0/23 maxlen: 24

Validation:               Failed, certificate revoked on Wed 13 Sep 2023 15:34:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:18:19:97:94:ce:75:b6:a2:6a:d9:0b:d4:81:9d:a2:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7642fd3f336ce6ee99e61fa977049a6c6a923e4a
        Validity
            Not Before: Aug 21 12:37:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=de5a9f9c54029e253dd75818fa28a2c0336f3a5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:84:f1:27:d6:7d:51:17:91:0b:fa:1f:1f:e3:
                    8c:4b:ea:82:13:b6:a8:2b:26:4b:b9:9b:a0:b0:ae:
                    2d:90:7a:67:08:18:b9:6c:f7:2b:6f:41:72:e2:73:
                    fb:ec:de:8c:03:62:fc:0a:f6:7b:81:9b:ca:ba:3d:
                    de:92:60:d3:68:f6:f5:b3:ca:fc:6f:ed:56:6d:0d:
                    29:8c:74:0f:1f:c9:78:3d:48:35:1e:41:f8:d0:31:
                    02:19:08:40:59:9b:9e:24:8c:eb:cd:e3:f9:fb:f7:
                    7b:db:a0:07:06:83:32:be:2e:a3:bf:15:11:cc:69:
                    91:d3:06:34:ba:00:c4:54:64:6e:18:31:16:6c:67:
                    18:0a:f6:11:31:2a:83:50:31:55:ad:ff:48:77:45:
                    5e:c8:85:67:94:d0:66:74:1a:dd:e6:9e:64:08:aa:
                    e2:24:0a:9b:84:e1:91:e3:95:82:a3:7a:fb:50:14:
                    ea:26:84:76:af:dd:fc:f5:27:14:40:59:80:50:28:
                    8a:64:a8:7e:53:24:98:f9:59:6e:df:ca:fc:49:85:
                    cd:a4:e3:6f:ad:02:8a:4c:22:4f:9a:e6:bc:c4:9c:
                    4d:d8:9a:f9:b7:9c:56:fc:bd:7c:ef:53:fa:d9:51:
                    66:26:a0:6c:21:74:4a:a9:6f:83:e8:c6:7c:7b:06:
                    10:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:5A:9F:9C:54:02:9E:25:3D:D7:58:18:FA:28:A2:C0:33:6F:3A:5F
            X509v3 Authority Key Identifier:
                keyid:76:42:FD:3F:33:6C:E6:EE:99:E6:1F:A9:77:04:9A:6C:6A:92:3E:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dkL9PzNs5u6Z5h-pdwSabGqSPko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/924546-d9c7-4a0d-ae00-62c43ac7c02f/1/3lqfnFQCniU911gY-iiiwDNvOl8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/924546-d9c7-4a0d-ae00-62c43ac7c02f/1/dkL9PzNs5u6Z5h-pdwSabGqSPko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.162.0.0/24
                  46.162.3.0/24
                  46.162.8.0-46.162.12.255
                  46.162.15.0/24
                  46.162.18.0/24
                  46.162.20.0/22
                  46.162.26.0/24
                  46.162.32.0/24
                  46.162.48.0-46.162.53.255

    Signature Algorithm: sha256WithRSAEncryption
         4c:8a:ca:c8:c4:35:a9:ee:d8:57:7a:9f:cb:0a:a3:21:14:ef:
         b1:c3:c7:8f:f0:8c:2b:7b:3e:b1:e3:3f:34:f5:e8:f4:33:88:
         5e:8c:75:34:f4:0e:7e:e8:55:72:b2:54:1c:9f:17:ac:f4:d4:
         ea:6e:56:17:b4:32:d6:05:f0:6a:70:98:59:d1:80:3d:2e:d8:
         14:35:c0:a0:29:ea:37:85:a6:1e:4e:83:f7:8e:85:20:61:30:
         db:d8:eb:98:0e:4f:c1:de:ed:85:fd:6f:6a:09:e6:07:78:fb:
         49:64:f6:13:22:79:ba:72:bd:91:c7:e9:89:e7:d6:5a:d2:82:
         11:01:9c:8e:26:22:1e:4f:37:a6:53:39:4a:7e:68:87:97:f5:
         42:8a:3a:95:bd:1b:89:87:aa:d0:ee:b0:7c:f6:6c:90:75:85:
         42:5b:7d:12:b6:aa:a6:15:c6:b5:35:6c:c3:ee:7d:50:a9:69:
         8f:a9:f4:ce:bd:ab:d3:66:9e:86:79:0a:92:c3:f9:48:4e:04:
         50:74:d1:3f:1f:fb:bc:b3:dc:16:b7:db:ca:2e:b2:49:92:07:
         40:5b:d4:de:11:78:b3:bf:d7:74:0b:6a:ae:d2:9b:6d:6f:b4:
         ef:8e:9c:ca:df:6d:71:f6:71:ea:c2:46:17:d2:79:06:8e:7c:
         d8:4a:64:4a
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYoYGZeUznW2omrZC9SBnaJJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2NDJmZDNmMzM2Y2U2ZWU5OWU2MWZhOTc3MDQ5YTZjNmE5
MjNlNGEwHhcNMjMwODIxMTIzNzI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTVhOWY5YzU0MDI5ZTI1M2RkNzU4MThmYTI4YTJjMDMzNmYzYTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAooTxJ9Z9UReRC/ofH+OMS+qCE7ao
KyZLuZugsK4tkHpnCBi5bPcrb0Fy4nP77N6MA2L8CvZ7gZvKuj3ekmDTaPb1s8r8
b+1WbQ0pjHQPH8l4PUg1HkH40DECGQhAWZueJIzrzeP5+/d726AHBoMyvi6jvxUR
zGmR0wY0ugDEVGRuGDEWbGcYCvYRMSqDUDFVrf9Id0VeyIVnlNBmdBrd5p5kCKri
JAqbhOGR45WCo3r7UBTqJoR2r9389ScUQFmAUCiKZKh+UySY+Vlu38r8SYXNpONv
rQKKTCJPmua8xJxN2Jr5t5xW/L1871P62VFmJqBsIXRKqW+D6MZ8ewYQkQIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFN5an5xUAp4lPddYGPooosAzbzpfMB8GA1UdIwQY
MBaAFHZC/T8zbObumeYfqXcEmmxqkj5KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGtMOVB6TnM1dTZaNWgtcGR3U2FiR3FTUGtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy85MjQ1NDYtZDljNy00YTBkLWFlMDAt
NjJjNDNhYzdjMDJmLzEvM2xxZm5GUUNuaVU5MTFnWS1paWl3RE52T2w4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy85MjQ1NDYtZDljNy00YTBkLWFlMDAtNjJjNDNhYzdjMDJm
LzEvZGtMOVB6TnM1dTZaNWgtcGR3U2FiR3FTUGtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjBMBAIAATBGAwQALqIAAwQA
LqIDMAwDBAMuoggDBAAuogwDBAAuog8DBAAuohIDBAIuohQDBAAuohoDBAAuoiAw
DAMEBC6iMAMEAS6iNDANBgkqhkiG9w0BAQsFAAOCAQEATIrKyMQ1qe7YV3qfywqj
IRTvscPHj/CMK3s+seM/NPXo9DOIXox1NPQOfuhVcrJUHJ8XrPTU6m5WF7Qy1gXw
anCYWdGAPS7YFDXAoCnqN4WmHk6D946FIGEw29jrmA5Pwd7thf1vagnmB3j7SWT2
EyJ5unK9kcfpiefWWtKCEQGcjiYiHk83plM5Sn5oh5f1Qoo6lb0biYeq0O6wfPZs
kHWFQlt9EraqphXGtTVsw+59UKlpj6n0zr2r02aehnkKksP5SE4EUHTRPx/7vLPc
Frfbyi6ySZIHQFvU3hF4s7/XdAtqrtKbbW+0746cyt9tcfZx6sJGF9J5Bo582Epk
Sg==
-----END CERTIFICATE-----