Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/1XqmxBws7HrM_4mgZ6Z1fPAW_Ns.roa
File:                     1XqmxBws7HrM_4mgZ6Z1fPAW_Ns.roa (raw, json)
Hash identifier:          ZZ3OcEyP6XtvLkmy95Lr76IsPW9/+rRI2CuDBJZuiVE=
Subject key identifier:   D5:7A:A6:C4:1C:2C:EC:7A:CC:FF:89:A0:67:A6:75:7C:F0:16:FC:DB
Certificate issuer:       /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial:       018F301D76DC07E5D6B293086280B5C047C6
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/1XqmxBws7HrM_4mgZ6Z1fPAW_Ns.roa
Signing time:             Tue 30 Apr 2024 17:46:28 +0000
ROA not before:           Tue 30 Apr 2024 17:46:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200462
IP address blocks:        2.58.52.0/23 maxlen: 32
                          5.180.192.0/23 maxlen: 24
                          5.180.195.0/24 maxlen: 24
                          45.86.124.0/22 maxlen: 24
                          94.247.43.0/24 maxlen: 32
                          2a00:f826:8::/48 maxlen: 48
                          2a07:6fc0:10::/44 maxlen: 48
                          2a09:e1c0::/32 maxlen: 128
                          2a0c:8900::/29 maxlen: 128
                          2a0e:de80::/29 maxlen: 48

Validation:               Failed, certificate revoked on Tue 07 May 2024 12:09:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:30:1d:76:dc:07:e5:d6:b2:93:08:62:80:b5:c0:47:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
        Validity
            Not Before: Apr 30 17:46:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d57aa6c41c2cec7accff89a067a6757cf016fcdb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:f2:bb:1b:2a:33:16:18:8b:c5:0e:14:04:b8:
                    ff:2e:01:da:99:68:18:1b:44:f9:41:13:90:54:79:
                    28:c1:8c:1e:0e:1e:e4:33:18:50:68:16:d0:88:21:
                    50:dc:ca:eb:86:a5:b9:e6:84:fc:c0:2c:5d:7e:53:
                    d7:6a:bf:74:56:52:3d:2b:f7:3f:54:06:c6:bc:94:
                    a2:e5:03:ec:06:48:04:8a:f4:dd:b6:48:76:e3:97:
                    45:c5:34:0d:a9:50:9d:e7:89:6b:5e:87:72:06:64:
                    03:da:3e:ad:35:77:23:e2:94:dd:bc:c1:08:83:62:
                    ac:2f:73:f3:4b:b9:14:87:b4:30:ee:65:e4:64:bc:
                    11:6f:59:86:b3:7f:7b:88:61:77:f8:aa:03:05:9b:
                    d2:30:7e:25:97:3c:e0:67:cd:d8:0f:da:48:86:fe:
                    0d:b7:4c:6f:bd:a1:d8:93:ef:6c:d6:c5:22:0e:89:
                    bb:d2:dc:42:b6:d9:7e:52:49:de:a7:f8:33:20:55:
                    d3:19:26:2a:08:51:ef:0a:5e:16:38:1d:f8:8f:5d:
                    db:29:dd:6d:57:1b:f1:5c:aa:ca:8b:9e:f1:b1:d8:
                    4c:d9:1a:b8:9b:e0:5d:20:d7:c7:9a:f0:53:5c:36:
                    dd:42:61:72:33:fb:5a:67:87:ac:e7:61:61:95:9c:
                    76:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:7A:A6:C4:1C:2C:EC:7A:CC:FF:89:A0:67:A6:75:7C:F0:16:FC:DB
            X509v3 Authority Key Identifier:
                keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/1XqmxBws7HrM_4mgZ6Z1fPAW_Ns.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.52.0/23
                  5.180.192.0/23
                  5.180.195.0/24
                  45.86.124.0/22
                  94.247.43.0/24
                IPv6:
                  2a00:f826:8::/48
                  2a07:6fc0:10::/44
                  2a09:e1c0::/32
                  2a0c:8900::/29
                  2a0e:de80::/29

    Signature Algorithm: sha256WithRSAEncryption
         57:a5:ff:89:81:56:79:3a:95:64:50:33:2c:64:14:00:6d:18:
         53:62:3d:54:d8:82:6e:ee:6f:74:c5:92:dc:0d:1a:41:9c:7e:
         dd:db:e7:b0:7e:7e:74:a4:86:a1:f9:a4:44:8a:86:e0:0c:c1:
         3d:f5:0a:ad:2b:7c:f1:b4:4e:0b:78:00:d2:af:0e:82:08:76:
         33:78:76:b0:c1:5d:e0:b3:de:3e:49:f9:33:ae:19:c7:75:ca:
         f6:d1:db:d0:4a:75:3f:28:dc:7d:96:eb:a4:2f:c6:7f:a3:24:
         53:17:50:65:1f:54:01:65:6a:3a:c2:61:ce:e4:a3:91:29:a8:
         12:ff:cd:62:95:e5:ce:e7:5c:d6:dc:a0:07:b3:cc:79:69:09:
         a6:e8:78:21:c1:13:13:5b:fc:3d:66:c5:ce:40:1e:ff:f3:bb:
         ea:c6:b3:1e:8b:0a:22:a0:25:3b:94:c4:14:9b:23:64:07:36:
         ed:d7:0e:af:e4:fd:57:89:a1:1d:6f:61:fe:0a:d5:cb:dd:77:
         5e:17:82:18:0b:63:f4:b3:2e:20:57:a7:2a:69:81:35:5a:1c:
         cc:b1:37:31:c9:9a:2f:21:c3:df:87:4d:29:4f:e5:9d:c4:60:
         ab:27:8d:59:7e:7d:f6:26:49:a0:0a:91:f8:de:ca:a0:16:b6:
         45:9c:c5:7b
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAY8wHXbcB+XWspMIYoC1wEfGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MjUzYzRmMjMzY2U5ODQ3Njk5YWU2OGVjYmY1ZDc1MTRi
MGZhZGIwHhcNMjQwNDMwMTc0NjI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTdhYTZjNDFjMmNlYzdhY2NmZjg5YTA2N2E2NzU3Y2YwMTZmY2RiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApvK7GyozFhiLxQ4UBLj/LgHamWgY
G0T5QROQVHkowYweDh7kMxhQaBbQiCFQ3MrrhqW55oT8wCxdflPXar90VlI9K/c/
VAbGvJSi5QPsBkgEivTdtkh245dFxTQNqVCd54lrXodyBmQD2j6tNXcj4pTdvMEI
g2KsL3PzS7kUh7Qw7mXkZLwRb1mGs397iGF3+KoDBZvSMH4llzzgZ83YD9pIhv4N
t0xvvaHYk+9s1sUiDom70txCttl+Uknep/gzIFXTGSYqCFHvCl4WOB34j13bKd1t
VxvxXKrKi57xsdhM2Rq4m+BdINfHmvBTXDbdQmFyM/taZ4es52FhlZx2gQIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFNV6psQcLOx6zP+JoGemdXzwFvzbMB8GA1UdIwQY
MBaAFLQlPE8jPOmEdpmuaOy/XXUUsPrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMt
NThiMzhmNWFjODBiLzEvMVhxbXhCd3M3SHJNXzRtZ1o2WjFmUEFXX05zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMtNThiMzhmNWFjODBi
LzEvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTAkBAIAATAeAwQBAjo0AwQB
BbTAAwQABbTDAwQCLVZ8AwQAXvcrMC0EAgACMCcDBwAqAPgmAAgDBwQqB2/AABAD
BQAqCeHAAwUDKgyJAAMFAyoO3oAwDQYJKoZIhvcNAQELBQADggEBAFel/4mBVnk6
lWRQMyxkFABtGFNiPVTYgm7ub3TFktwNGkGcft3b57B+fnSkhqH5pESKhuAMwT31
Cq0rfPG0Tgt4ANKvDoIIdjN4drDBXeCz3j5J+TOuGcd1yvbR29BKdT8o3H2W66Qv
xn+jJFMXUGUfVAFlajrCYc7ko5EpqBL/zWKV5c7nXNbcoAezzHlpCaboeCHBExNb
/D1mxc5AHv/zu+rGsx6LCiKgJTuUxBSbI2QHNu3XDq/k/VeJoR1vYf4K1cvdd14X
ghgLY/SzLiBXpyppgTVaHMyxNzHJmi8hw9+HTSlP5Z3EYKsnjVl+ffYmSaAKkfje
yqAWtkWcxXs=
-----END CERTIFICATE-----