Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/924546-d9c7-4a0d-ae00-62c43ac7c02f/1/xFnVCzqUPjKy3TH4tjbVJZajwgA.roa
File:                     xFnVCzqUPjKy3TH4tjbVJZajwgA.roa (raw, json)
Hash identifier:          32y3cZCtbpaLYvlYzq61qCJ8iNY+79fafgKGTzOzdJo=
Subject key identifier:   C4:59:D5:0B:3A:94:3E:32:B2:DD:31:F8:B6:36:D5:25:96:A3:C2:00
Certificate issuer:       /CN=7642fd3f336ce6ee99e61fa977049a6c6a923e4a
Certificate serial:       0189EBA8D73709B81FCEFB9D0ED7AA72495A
Authority key identifier: 76:42:FD:3F:33:6C:E6:EE:99:E6:1F:A9:77:04:9A:6C:6A:92:3E:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dkL9PzNs5u6Z5h-pdwSabGqSPko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/924546-d9c7-4a0d-ae00-62c43ac7c02f/1/xFnVCzqUPjKy3TH4tjbVJZajwgA.roa
Signing time:             Sat 12 Aug 2023 21:30:58 +0000
ROA not before:           Sat 12 Aug 2023 21:30:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        46.162.3.0/24 maxlen: 24
                          46.162.0.0/24 maxlen: 24
                          46.162.8.0/24 maxlen: 24
                          46.162.9.0/24 maxlen: 24
                          46.162.10.0/23 maxlen: 24
                          46.162.10.0/24 maxlen: 24
                          46.162.11.0/24 maxlen: 24
                          46.162.12.0/24 maxlen: 24
                          46.162.18.0/24 maxlen: 24
                          46.162.23.0/24 maxlen: 24
                          46.162.26.0/24 maxlen: 24
                          46.162.32.0/24 maxlen: 24
                          46.162.50.0/24 maxlen: 24
                          46.162.48.0/24 maxlen: 24
                          46.162.49.0/24 maxlen: 24
                          46.162.52.0/23 maxlen: 24

Validation:               Failed, certificate revoked on Sun 13 Aug 2023 06:57:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:eb:a8:d7:37:09:b8:1f:ce:fb:9d:0e:d7:aa:72:49:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7642fd3f336ce6ee99e61fa977049a6c6a923e4a
        Validity
            Not Before: Aug 12 21:30:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c459d50b3a943e32b2dd31f8b636d52596a3c200
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:d2:68:db:47:dc:74:ba:88:9b:f2:d5:c3:d2:
                    35:cd:c4:a6:9f:a4:fc:db:27:3a:7c:22:2f:5d:9c:
                    f3:d3:6c:c9:31:d3:7a:7e:67:8d:d2:c7:92:ab:e7:
                    2e:f7:e9:8f:e4:5e:0c:83:9b:ca:16:97:59:f7:be:
                    e6:5e:c4:69:97:59:b0:24:74:61:69:8f:f6:32:91:
                    3c:aa:f5:e5:48:8e:d5:2d:f3:5e:02:9a:9d:77:c7:
                    dc:22:1a:a8:58:93:8a:ff:c5:60:0d:e5:fe:6c:bb:
                    f6:62:e9:9e:ca:69:ea:69:51:00:4f:bf:e5:c8:69:
                    33:4a:cb:2b:2f:c8:dc:2c:6c:da:87:0f:60:18:72:
                    68:49:5f:e9:65:e0:d6:d8:ff:e5:98:19:1a:7b:bf:
                    ef:68:24:15:5f:6b:11:dd:4b:0a:08:19:97:30:e0:
                    14:c2:ab:eb:b1:b2:36:7f:bd:56:3c:23:db:60:fa:
                    62:4e:50:e3:ee:24:22:d1:95:45:9f:0f:4d:b3:f4:
                    14:4a:38:20:e1:c0:3a:f5:0a:87:8d:38:2c:00:eb:
                    c2:20:53:2d:5b:6d:b6:85:cc:6b:44:dc:f1:41:85:
                    b0:04:83:6a:60:4c:0b:75:4f:1e:26:5c:3c:3a:74:
                    86:14:10:20:98:93:f8:0c:7d:ab:12:28:e6:e2:ea:
                    c9:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:59:D5:0B:3A:94:3E:32:B2:DD:31:F8:B6:36:D5:25:96:A3:C2:00
            X509v3 Authority Key Identifier:
                keyid:76:42:FD:3F:33:6C:E6:EE:99:E6:1F:A9:77:04:9A:6C:6A:92:3E:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dkL9PzNs5u6Z5h-pdwSabGqSPko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/924546-d9c7-4a0d-ae00-62c43ac7c02f/1/xFnVCzqUPjKy3TH4tjbVJZajwgA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/924546-d9c7-4a0d-ae00-62c43ac7c02f/1/dkL9PzNs5u6Z5h-pdwSabGqSPko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.162.0.0/24
                  46.162.3.0/24
                  46.162.8.0-46.162.12.255
                  46.162.18.0/24
                  46.162.23.0/24
                  46.162.26.0/24
                  46.162.32.0/24
                  46.162.48.0-46.162.50.255
                  46.162.52.0/23

    Signature Algorithm: sha256WithRSAEncryption
         32:9e:c2:ea:f3:0d:3f:69:f4:46:f5:4c:df:c5:e7:95:f4:4c:
         5f:9d:87:92:9f:b0:9d:ad:19:ec:17:e3:d3:92:91:8d:57:49:
         a9:ae:19:f2:2e:79:72:e5:a5:ff:87:a3:ed:bc:8f:77:c2:1e:
         7e:f6:d8:5d:06:2d:df:d3:51:d9:3e:7c:e4:c6:1b:3d:47:7b:
         25:35:d2:af:9f:1b:e0:17:54:e1:58:09:c3:bc:89:c0:cf:44:
         14:79:f3:22:8f:3a:75:e0:0c:70:fc:c1:99:a2:72:2f:50:8e:
         d6:20:e4:b7:f6:12:99:9a:87:bc:fa:b0:28:c2:26:ae:59:7d:
         6c:c6:15:2f:1a:71:7f:4e:38:30:c4:9b:ce:84:37:0d:97:75:
         7a:36:b8:12:e5:5a:d8:65:88:4e:c1:81:c3:85:84:15:4e:ed:
         78:25:ec:7e:03:5b:92:a1:e3:b5:be:e6:f1:69:eb:f8:1c:47:
         fd:e0:33:c7:9f:da:38:68:2d:f6:a8:f4:da:ba:3f:6a:cc:b7:
         48:3b:0b:e4:6b:6e:34:24:4c:bb:85:01:a1:db:ab:c9:e3:7a:
         b1:c5:34:d9:40:75:b7:81:20:52:38:e7:8b:52:a8:a8:dc:51:
         9e:a4:51:7e:3e:49:38:1c:53:f7:4f:93:76:0e:48:af:48:f0:
         c5:89:f7:4e
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYnrqNc3CbgfzvudDteqcklaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2NDJmZDNmMzM2Y2U2ZWU5OWU2MWZhOTc3MDQ5YTZjNmE5
MjNlNGEwHhcNMjMwODEyMjEzMDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDU5ZDUwYjNhOTQzZTMyYjJkZDMxZjhiNjM2ZDUyNTk2YTNjMjAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhdJo20fcdLqIm/LVw9I1zcSmn6T8
2yc6fCIvXZzz02zJMdN6fmeN0seSq+cu9+mP5F4Mg5vKFpdZ977mXsRpl1mwJHRh
aY/2MpE8qvXlSI7VLfNeApqdd8fcIhqoWJOK/8VgDeX+bLv2YumeymnqaVEAT7/l
yGkzSssrL8jcLGzahw9gGHJoSV/pZeDW2P/lmBkae7/vaCQVX2sR3UsKCBmXMOAU
wqvrsbI2f71WPCPbYPpiTlDj7iQi0ZVFnw9Ns/QUSjgg4cA69QqHjTgsAOvCIFMt
W222hcxrRNzxQYWwBINqYEwLdU8eJlw8OnSGFBAgmJP4DH2rEijm4urJIwIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFMRZ1Qs6lD4yst0x+LY21SWWo8IAMB8GA1UdIwQY
MBaAFHZC/T8zbObumeYfqXcEmmxqkj5KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGtMOVB6TnM1dTZaNWgtcGR3U2FiR3FTUGtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy85MjQ1NDYtZDljNy00YTBkLWFlMDAt
NjJjNDNhYzdjMDJmLzEveEZuVkN6cVVQakt5M1RINHRqYlZKWmFqd2dBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy85MjQ1NDYtZDljNy00YTBkLWFlMDAtNjJjNDNhYzdjMDJm
LzEvZGtMOVB6TnM1dTZaNWgtcGR3U2FiR3FTUGtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjBMBAIAATBGAwQALqIAAwQA
LqIDMAwDBAMuoggDBAAuogwDBAAuohIDBAAuohcDBAAuohoDBAAuoiAwDAMEBC6i
MAMEAC6iMgMEAS6iNDANBgkqhkiG9w0BAQsFAAOCAQEAMp7C6vMNP2n0RvVM38Xn
lfRMX52Hkp+wna0Z7Bfj05KRjVdJqa4Z8i55cuWl/4ej7byPd8IefvbYXQYt39NR
2T585MYbPUd7JTXSr58b4BdU4VgJw7yJwM9EFHnzIo86deAMcPzBmaJyL1CO1iDk
t/YSmZqHvPqwKMImrll9bMYVLxpxf044MMSbzoQ3DZd1eja4EuVa2GWITsGBw4WE
FU7teCXsfgNbkqHjtb7m8Wnr+BxH/eAzx5/aOGgt9qj02ro/asy3SDsL5GtuNCRM
u4UBoduryeN6scU02UB1t4EgUjjni1KoqNxRnqRRfj5JOBxT90+Tdg5Ir0jwxYn3
Tg==
-----END CERTIFICATE-----