Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/44e893-9247-452e-9f67-6913387b8083/1/pkmb241-UcPG-i577iNMqUojpOY.roa
File:                     pkmb241-UcPG-i577iNMqUojpOY.roa (raw, json)
Hash identifier:          4XBeaMZbxghLzXiuKe423WoojHC+/B8bD0DR/0nmwdw=
Subject key identifier:   A6:49:9B:DB:8D:7E:51:C3:C6:FA:2E:7B:EE:23:4C:A9:4A:23:A4:E6
Certificate issuer:       /CN=9e30294b7e4645aaedb54672d48065b1b1cebc62
Certificate serial:       0187A2877F4A0C440A3F26556FC98F13E569
Authority key identifier: 9E:30:29:4B:7E:46:45:AA:ED:B5:46:72:D4:80:65:B1:B1:CE:BC:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/njApS35GRarttUZy1IBlsbHOvGI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/44e893-9247-452e-9f67-6913387b8083/1/pkmb241-UcPG-i577iNMqUojpOY.roa
Signing time:             Fri 21 Apr 2023 06:36:41 +0000
ROA not before:           Fri 21 Apr 2023 06:36:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     206123
IP address blocks:        45.131.168.0/22 maxlen: 24
                          109.106.16.0/23 maxlen: 24
                          185.195.196.0/22 maxlen: 24
                          109.106.18.0/23 maxlen: 24
                          185.211.92.0/22 maxlen: 24
                          93.115.211.0/24 maxlen: 24
                          185.123.128.0/22 maxlen: 24
                          185.254.118.0/23 maxlen: 24
                          171.22.12.0/22 maxlen: 24
                          93.115.253.0/24 maxlen: 24
                          2a0a:5ec0::/29 maxlen: 29
                          2a0d:c340::/29 maxlen: 29

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 00:29:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:a2:87:7f:4a:0c:44:0a:3f:26:55:6f:c9:8f:13:e5:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e30294b7e4645aaedb54672d48065b1b1cebc62
        Validity
            Not Before: Apr 21 06:36:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a6499bdb8d7e51c3c6fa2e7bee234ca94a23a4e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:7d:73:b9:e4:66:60:b4:10:7d:ba:bd:bb:05:
                    30:ae:22:75:36:cf:47:02:7d:51:d3:93:4f:70:0e:
                    09:3b:19:d6:8f:32:3f:37:1a:f3:69:b1:80:04:9d:
                    08:39:39:a0:52:56:01:9c:30:db:60:cc:75:64:70:
                    f9:75:93:e3:89:15:c5:b1:de:38:7e:88:5a:61:17:
                    1b:3f:22:ee:ae:2f:79:58:45:94:32:be:a2:1c:4c:
                    f6:71:92:cb:45:28:5c:24:24:b9:7b:a1:1f:f7:0e:
                    a0:a3:91:9c:3c:67:9e:fd:01:c3:e7:e0:2e:15:39:
                    d9:5a:0c:2b:da:a8:bf:42:2b:69:40:02:88:d1:27:
                    c7:bc:3c:03:cd:e3:c0:ac:10:26:b6:36:98:65:ba:
                    17:e5:38:de:f8:2a:5d:71:32:10:3c:0d:5a:47:e5:
                    0b:48:f0:f8:be:7d:2d:bb:15:f8:48:28:4f:67:c5:
                    d0:cb:c5:9d:13:1b:90:95:26:49:12:8c:fb:c0:27:
                    ed:6b:f3:c3:44:88:bf:da:b5:6f:fe:a5:61:2d:40:
                    a1:42:d3:84:ee:fa:8d:82:ce:99:0f:fd:f7:4f:ab:
                    88:04:bf:e2:08:bd:65:90:3c:9e:a8:b4:9e:e3:23:
                    db:d5:cb:37:cd:bf:28:cd:f0:e8:45:f7:52:fa:56:
                    56:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:49:9B:DB:8D:7E:51:C3:C6:FA:2E:7B:EE:23:4C:A9:4A:23:A4:E6
            X509v3 Authority Key Identifier:
                keyid:9E:30:29:4B:7E:46:45:AA:ED:B5:46:72:D4:80:65:B1:B1:CE:BC:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/njApS35GRarttUZy1IBlsbHOvGI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/44e893-9247-452e-9f67-6913387b8083/1/pkmb241-UcPG-i577iNMqUojpOY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/44e893-9247-452e-9f67-6913387b8083/1/njApS35GRarttUZy1IBlsbHOvGI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.131.168.0/22
                  93.115.211.0/24
                  93.115.253.0/24
                  109.106.16.0/22
                  171.22.12.0/22
                  185.123.128.0/22
                  185.195.196.0/22
                  185.211.92.0/22
                  185.254.118.0/23
                IPv6:
                  2a0a:5ec0::/29
                  2a0d:c340::/29

    Signature Algorithm: sha256WithRSAEncryption
         91:42:b2:f6:85:3e:e4:0a:dd:00:00:ba:bd:0c:0b:cb:d0:bf:
         49:6d:39:46:d3:b0:ef:03:e6:63:91:38:88:80:c2:4b:ea:17:
         3f:a7:12:99:35:28:1d:42:fc:47:de:c0:47:d8:c0:1a:2a:f9:
         04:7e:e9:4a:ca:37:09:21:78:d6:a7:bb:51:e3:6d:c3:9e:7b:
         86:63:1e:47:58:30:bf:74:48:68:34:bb:f2:60:a6:f9:98:01:
         f1:7a:1b:df:25:e0:c8:7a:6c:e2:28:89:46:67:f8:70:f8:96:
         77:b5:14:5e:43:c7:8b:01:cb:4f:2f:e9:e0:8d:a2:b6:30:e9:
         0e:19:d2:8c:f9:14:c6:46:ad:ad:0b:49:f5:e8:5f:da:c6:d4:
         5f:7a:8f:64:24:a4:78:bf:0e:98:ba:57:f5:a5:70:81:86:35:
         a1:02:f4:63:b3:16:3d:a1:8c:8e:1c:f6:c7:01:18:ef:e9:e1:
         ae:3d:1c:a7:c2:d9:2b:e6:96:55:9c:04:18:1c:3f:52:93:c8:
         85:df:b0:22:b3:cb:51:96:47:b7:1e:ee:34:b7:14:f1:f4:c6:
         55:f0:29:f7:18:41:40:1e:47:7e:f9:a3:ad:5c:6b:ba:ab:07:
         ba:fa:5d:1a:66:21:e6:99:f7:2e:29:91:b8:e4:99:4d:80:7a:
         b1:bb:c0:9b
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAYeih39KDEQKPyZVb8mPE+VpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllMzAyOTRiN2U0NjQ1YWFlZGI1NDY3MmQ0ODA2NWIxYjFj
ZWJjNjIwHhcNMjMwNDIxMDYzNjQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjQ5OWJkYjhkN2U1MWMzYzZmYTJlN2JlZTIzNGNhOTRhMjNhNGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1X1zueRmYLQQfbq9uwUwriJ1Ns9H
An1R05NPcA4JOxnWjzI/NxrzabGABJ0IOTmgUlYBnDDbYMx1ZHD5dZPjiRXFsd44
fohaYRcbPyLuri95WEWUMr6iHEz2cZLLRShcJCS5e6Ef9w6go5GcPGee/QHD5+Au
FTnZWgwr2qi/QitpQAKI0SfHvDwDzePArBAmtjaYZboX5Tje+CpdcTIQPA1aR+UL
SPD4vn0tuxX4SChPZ8XQy8WdExuQlSZJEoz7wCfta/PDRIi/2rVv/qVhLUChQtOE
7vqNgs6ZD/33T6uIBL/iCL1lkDyeqLSe4yPb1cs3zb8ozfDoRfdS+lZW4wIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFKZJm9uNflHDxvoue+4jTKlKI6TmMB8GA1UdIwQY
MBaAFJ4wKUt+RkWq7bVGctSAZbGxzrxiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmpBcFMzNUdSYXJ0dFVaeTFJQmxzYkhPdkdJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC80NGU4OTMtOTI0Ny00NTJlLTlmNjct
NjkxMzM4N2I4MDgzLzEvcGttYjI0MS1VY1BHLWk1NzdpTk1xVW9qcE9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC80NGU4OTMtOTI0Ny00NTJlLTlmNjctNjkxMzM4N2I4MDgz
LzEvbmpBcFMzNUdSYXJ0dFVaeTFJQmxzYkhPdkdJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDA8BAIAATA2AwQCLYOoAwQA
XXPTAwQAXXP9AwQCbWoQAwQCqxYMAwQCuXuAAwQCucPEAwQCudNcAwQBuf52MBQE
AgACMA4DBQMqCl7AAwUDKg3DQDANBgkqhkiG9w0BAQsFAAOCAQEAkUKy9oU+5Ard
AAC6vQwLy9C/SW05RtOw7wPmY5E4iIDCS+oXP6cSmTUoHUL8R97AR9jAGir5BH7p
Sso3CSF41qe7UeNtw557hmMeR1gwv3RIaDS78mCm+ZgB8Xob3yXgyHps4iiJRmf4
cPiWd7UUXkPHiwHLTy/p4I2itjDpDhnSjPkUxkatrQtJ9ehf2sbUX3qPZCSkeL8O
mLpX9aVwgYY1oQL0Y7MWPaGMjhz2xwEY7+nhrj0cp8LZK+aWVZwEGBw/UpPIhd+w
IrPLUZZHtx7uNLcU8fTGVfAp9xhBQB5HfvmjrVxruqsHuvpdGmYh5pn3LimRuOSZ
TYB6sbvAmw==
-----END CERTIFICATE-----