Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/d5da0c-9cf3-4f8b-a562-cb11bc5b2f1b/1/LVB-CNDPS-VRm8mDXRHIkvOS0WA.roa
File:                     LVB-CNDPS-VRm8mDXRHIkvOS0WA.roa (raw, json)
Hash identifier:          xV5cDl/Dwi/1LB3dmFb0pcccU2lmspQXe6YqIdoZPnQ=
Subject key identifier:   2D:50:7E:08:D0:CF:4B:E5:51:9B:C9:83:5D:11:C8:92:F3:92:D1:60
Certificate issuer:       /CN=b32c9c26df7ccd8ad38d89bd5d49380b93b1e009
Certificate serial:       0190564F5889C7DE1044CF5C39BBFE7191DF
Authority key identifier: B3:2C:9C:26:DF:7C:CD:8A:D3:8D:89:BD:5D:49:38:0B:93:B1:E0:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/syycJt98zYrTjYm9XUk4C5Ox4Ak.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/d5da0c-9cf3-4f8b-a562-cb11bc5b2f1b/1/LVB-CNDPS-VRm8mDXRHIkvOS0WA.roa
Signing time:             Wed 26 Jun 2024 20:49:18 +0000
ROA not before:           Wed 26 Jun 2024 20:49:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43641
IP address blocks:        45.11.56.0/24 maxlen: 24
                          45.11.59.0/24 maxlen: 24
                          45.134.174.0/24 maxlen: 24
                          45.134.175.0/24 maxlen: 24
                          91.222.172.0/22 maxlen: 24
                          91.234.198.0/23 maxlen: 24
                          91.234.199.0/24 maxlen: 24
                          176.97.120.0/23 maxlen: 23
                          176.97.125.0/24 maxlen: 24
                          176.97.126.0/24 maxlen: 24
                          185.254.199.0/24 maxlen: 24
                          194.42.206.0/23 maxlen: 24
                          195.26.86.0/23 maxlen: 24
                          195.160.220.0/22 maxlen: 24
                          2a09:2dc1::/32 maxlen: 32

Validation:               Failed, certificate revoked on Thu 27 Jun 2024 10:28:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:56:4f:58:89:c7:de:10:44:cf:5c:39:bb:fe:71:91:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b32c9c26df7ccd8ad38d89bd5d49380b93b1e009
        Validity
            Not Before: Jun 26 20:49:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2d507e08d0cf4be5519bc9835d11c892f392d160
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:cf:03:98:ad:ea:cf:8c:89:8f:8a:e2:3b:77:
                    c3:c7:ab:82:e6:bd:4c:31:b3:c6:1d:6a:d4:34:1c:
                    a7:f6:d5:a7:7e:a8:49:ec:7d:a3:67:0e:c7:6c:47:
                    13:25:5e:1a:99:b6:33:a5:13:1f:69:bf:a4:3d:bb:
                    29:5f:04:d2:87:a7:c9:49:5f:67:7d:95:ba:b6:1e:
                    e3:15:90:6b:49:6e:42:9c:5e:40:cd:6a:60:02:c5:
                    e4:26:cd:34:4b:f1:44:43:28:5e:9f:b5:7f:40:60:
                    75:57:12:b3:a2:2e:70:01:78:a7:cf:59:d8:e1:e1:
                    e2:6c:cf:43:80:d4:05:2d:da:6a:70:d0:c9:ec:07:
                    22:22:2a:a2:ee:d1:01:f9:60:10:96:01:0b:84:ad:
                    50:f5:b4:1d:af:4f:c5:d0:8e:2d:d6:f4:d8:a0:04:
                    6d:36:67:4a:43:fa:64:c2:31:d9:15:d2:9b:92:57:
                    c7:56:38:b2:e1:d0:3a:89:ca:63:f9:bb:d6:c7:8e:
                    d6:f4:ba:82:53:5f:71:62:91:94:d0:fb:19:b5:ef:
                    7c:11:86:03:33:d5:b8:a3:df:2b:bd:9d:7e:34:40:
                    88:31:63:29:92:79:01:af:dd:4f:e2:c8:5a:1b:3a:
                    b6:36:57:bd:7f:e9:1f:fa:ea:f6:6f:1f:05:09:15:
                    64:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:50:7E:08:D0:CF:4B:E5:51:9B:C9:83:5D:11:C8:92:F3:92:D1:60
            X509v3 Authority Key Identifier:
                keyid:B3:2C:9C:26:DF:7C:CD:8A:D3:8D:89:BD:5D:49:38:0B:93:B1:E0:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/syycJt98zYrTjYm9XUk4C5Ox4Ak.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/d5da0c-9cf3-4f8b-a562-cb11bc5b2f1b/1/LVB-CNDPS-VRm8mDXRHIkvOS0WA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/d5da0c-9cf3-4f8b-a562-cb11bc5b2f1b/1/syycJt98zYrTjYm9XUk4C5Ox4Ak.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.56.0/24
                  45.11.59.0/24
                  45.134.174.0/23
                  91.222.172.0/22
                  91.234.198.0/23
                  176.97.120.0/23
                  176.97.125.0-176.97.126.255
                  185.254.199.0/24
                  194.42.206.0/23
                  195.26.86.0/23
                  195.160.220.0/22
                IPv6:
                  2a09:2dc1::/32

    Signature Algorithm: sha256WithRSAEncryption
         48:13:44:c5:98:43:78:ad:6a:22:b8:96:80:eb:46:b2:7f:9e:
         dc:b6:8d:3c:55:bb:6c:db:ca:c8:21:3d:b1:90:0f:41:d8:a0:
         f2:fc:00:35:18:c2:e2:9e:70:61:e4:dc:02:3c:94:35:51:f1:
         db:52:68:f7:31:e9:32:b6:14:40:3c:1f:39:af:5c:0b:ed:63:
         5e:20:01:dc:0c:4a:9c:5d:90:a3:1f:59:61:ab:2f:38:ff:0b:
         dc:42:e3:d7:cd:9f:b3:73:cf:ef:3d:91:55:82:cb:4c:65:3e:
         7d:d4:d6:de:0b:fb:74:7b:6d:a2:94:51:c0:5e:95:84:1a:6a:
         36:17:65:55:a0:75:13:28:3f:4b:f3:9a:58:c2:37:69:77:33:
         b8:2a:6e:5c:9b:e3:b1:e4:31:35:98:80:71:a1:c7:99:7b:13:
         ac:0c:fc:d8:72:f7:9d:a5:c0:31:02:72:28:f1:dd:53:e8:38:
         5c:58:fa:e5:a5:de:17:e9:2e:fd:52:de:bd:dc:29:81:31:63:
         50:0d:02:7a:4a:68:04:2f:fe:cc:89:e0:98:1c:ef:13:c7:2f:
         bd:13:9e:4d:7e:74:5c:e5:97:c2:1f:19:ce:a9:29:bd:3b:47:
         d9:29:58:c0:3f:4b:d7:4f:78:b5:a0:98:b6:2e:fc:0e:7a:a5:
         45:b8:04:33
-----BEGIN CERTIFICATE-----
MIIFUDCCBDigAwIBAgISAZBWT1iJx94QRM9cObv+cZHfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzMmM5YzI2ZGY3Y2NkOGFkMzhkODliZDVkNDkzODBiOTNi
MWUwMDkwHhcNMjQwNjI2MjA0OTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDUwN2UwOGQwY2Y0YmU1NTE5YmM5ODM1ZDExYzg5MmYzOTJkMTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAms8DmK3qz4yJj4riO3fDx6uC5r1M
MbPGHWrUNByn9tWnfqhJ7H2jZw7HbEcTJV4ambYzpRMfab+kPbspXwTSh6fJSV9n
fZW6th7jFZBrSW5CnF5AzWpgAsXkJs00S/FEQyhen7V/QGB1VxKzoi5wAXinz1nY
4eHibM9DgNQFLdpqcNDJ7AciIiqi7tEB+WAQlgELhK1Q9bQdr0/F0I4t1vTYoARt
NmdKQ/pkwjHZFdKbklfHVjiy4dA6icpj+bvWx47W9LqCU19xYpGU0PsZte98EYYD
M9W4o98rvZ1+NECIMWMpknkBr91P4shaGzq2Nle9f+kf+ur2bx8FCRVkfQIDAQAB
o4ICXDCCAlgwHQYDVR0OBBYEFC1QfgjQz0vlUZvJg10RyJLzktFgMB8GA1UdIwQY
MBaAFLMsnCbffM2K042JvV1JOAuTseAJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3l5Y0p0OTh6WXJUalltOVhVazRDNU94NEFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC9kNWRhMGMtOWNmMy00ZjhiLWE1NjIt
Y2IxMWJjNWIyZjFiLzEvTFZCLUNORFBTLVZSbThtRFhSSElrdk9TMFdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC9kNWRhMGMtOWNmMy00ZjhiLWE1NjItY2IxMWJjNWIyZjFi
LzEvc3l5Y0p0OTh6WXJUalltOVhVazRDNU94NEFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHIGCCsGAQUFBwEHAQH/BGMwYTBQBAIAATBKAwQALQs4AwQA
LQs7AwQBLYauAwQCW96sAwQBW+rGAwQBsGF4MAwDBACwYX0DBACwYX4DBAC5/scD
BAHCKs4DBAHDGlYDBALDoNwwDQQCAAIwBwMFACoJLcEwDQYJKoZIhvcNAQELBQAD
ggEBAEgTRMWYQ3itaiK4loDrRrJ/nty2jTxVu2zbysghPbGQD0HYoPL8ADUYwuKe
cGHk3AI8lDVR8dtSaPcx6TK2FEA8HzmvXAvtY14gAdwMSpxdkKMfWWGrLzj/C9xC
49fNn7Nzz+89kVWCy0xlPn3U1t4L+3R7baKUUcBelYQaajYXZVWgdRMoP0vzmljC
N2l3M7gqblyb47HkMTWYgHGhx5l7E6wM/Nhy952lwDECcijx3VPoOFxY+uWl3hfp
Lv1S3r3cKYExY1ANAnpKaAQv/syJ4Jgc7xPHL70Tnk1+dFzll8IfGc6pKb07R9kp
WMA/S9dPeLWgmLYu/A56pUW4BDM=
-----END CERTIFICATE-----