Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/c68819-2f9e-44ce-8810-51dc2b096def/1/aFXOGKaT4iLpUND6hHbP_QFug1k.roa
File:                     aFXOGKaT4iLpUND6hHbP_QFug1k.roa (raw, json)
Hash identifier:          VwYeDa1NTixcEytwReKLDJjs+SM/a4n2GKXTSBGro0I=
Subject key identifier:   68:55:CE:18:A6:93:E2:22:E9:50:D0:FA:84:76:CF:FD:01:6E:83:59
Certificate issuer:       /CN=4200982284a050d941dbebbd04b5d0c914f635b7
Certificate serial:       0191B6E9D249CF4D735BD97934047CE5603D
Authority key identifier: 42:00:98:22:84:A0:50:D9:41:DB:EB:BD:04:B5:D0:C9:14:F6:35:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QgCYIoSgUNlB2-u9BLXQyRT2Nbc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/c68819-2f9e-44ce-8810-51dc2b096def/1/aFXOGKaT4iLpUND6hHbP_QFug1k.roa
Signing time:             Tue 03 Sep 2024 08:04:22 +0000
ROA not before:           Tue 03 Sep 2024 08:04:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200651
IP address blocks:        37.156.68.0/24 maxlen: 24
                          185.100.84.0/23 maxlen: 23
                          185.100.86.0/24 maxlen: 24
                          185.100.87.0/24 maxlen: 24
                          185.165.170.0/24 maxlen: 24
                          185.165.171.0/24 maxlen: 24
                          2a06:1700::/48 maxlen: 48
                          2a06:1700:1::/48 maxlen: 48
                          2a06:1700:2::/48 maxlen: 48
                          2a06:1700:3::/48 maxlen: 48
                          2a06:1700:4::/48 maxlen: 48
                          2a06:1700:100::/48 maxlen: 48
Validation:               Failed, certificate revoked on Wed 04 Sep 2024 09:06:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:b6:e9:d2:49:cf:4d:73:5b:d9:79:34:04:7c:e5:60:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4200982284a050d941dbebbd04b5d0c914f635b7
        Validity
            Not Before: Sep  3 08:04:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6855ce18a693e222e950d0fa8476cffd016e8359
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:e7:b8:00:55:40:a6:21:31:28:f9:41:7e:1d:
                    69:5c:1d:f9:c4:0c:ab:9f:9b:51:ea:0b:d1:6c:2c:
                    d2:f7:6c:92:59:b9:a7:80:e9:a9:a8:ff:6a:28:3b:
                    3b:e1:42:f6:ce:af:6d:e5:ab:3a:21:f5:9b:27:e9:
                    98:2a:e1:8d:75:4d:08:e6:e3:19:51:2e:25:be:51:
                    f7:25:89:be:eb:96:d4:76:4a:90:7b:7a:b5:b9:d9:
                    99:96:d4:e5:81:f8:42:5d:23:93:9d:47:c0:c1:d0:
                    58:cf:c8:69:e8:c1:d2:39:9b:9e:8d:9b:5e:c5:18:
                    e5:ac:97:66:30:e2:62:2d:60:ac:b7:cd:83:db:e9:
                    21:67:84:5a:ce:7f:76:ef:dc:98:ca:b0:22:0d:eb:
                    89:da:d6:1d:8e:d4:ca:6d:ad:c2:cd:cc:d0:80:af:
                    d3:e8:ac:d5:1c:3f:0e:9c:0e:cf:05:d9:ab:91:39:
                    32:ea:1b:64:7f:85:6f:0b:2d:f9:2b:e0:3e:a7:d0:
                    8b:7b:fe:b9:3e:cb:ea:3a:d9:9a:72:b2:0f:6b:d2:
                    46:bc:29:7a:22:1d:22:00:d5:44:3c:f4:24:6a:4e:
                    dd:68:9a:c1:90:28:a1:f5:5d:9a:59:4d:37:24:4c:
                    11:73:2f:31:dd:16:b0:4f:3c:4b:a8:d6:64:1a:7c:
                    53:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:55:CE:18:A6:93:E2:22:E9:50:D0:FA:84:76:CF:FD:01:6E:83:59
            X509v3 Authority Key Identifier:
                keyid:42:00:98:22:84:A0:50:D9:41:DB:EB:BD:04:B5:D0:C9:14:F6:35:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QgCYIoSgUNlB2-u9BLXQyRT2Nbc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/c68819-2f9e-44ce-8810-51dc2b096def/1/aFXOGKaT4iLpUND6hHbP_QFug1k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/c68819-2f9e-44ce-8810-51dc2b096def/1/QgCYIoSgUNlB2-u9BLXQyRT2Nbc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.156.68.0/24
                  185.100.84.0/22
                  185.165.170.0/23
                IPv6:
                  2a06:1700::-2a06:1700:4:ffff:ffff:ffff:ffff:ffff
                  2a06:1700:100::/48

    Signature Algorithm: sha256WithRSAEncryption
         40:d0:60:51:e7:f6:f1:97:14:80:f4:20:9e:0a:6e:59:40:6d:
         95:21:d9:31:3b:23:71:26:8d:cb:93:be:98:ee:09:9a:b1:1e:
         ec:14:1b:59:7f:66:fd:c7:d7:c5:81:3a:f4:ae:86:e6:ad:67:
         79:25:96:07:33:dc:80:59:24:f2:c7:f8:b1:5e:4c:f1:c8:c6:
         ad:27:d1:48:ed:50:fd:e8:7c:06:cc:4e:4e:2e:22:d2:d0:57:
         b5:5e:b2:56:5b:de:58:d3:ba:1b:cd:ef:b8:1c:2b:c5:32:5f:
         7c:0a:db:5d:bb:85:9e:9c:67:8c:e5:b9:fb:0e:a1:19:ac:2b:
         f8:68:a7:3d:68:36:28:e3:d3:1f:b9:79:f3:89:b7:d2:0b:7b:
         87:c8:6e:b6:95:50:1d:64:c8:aa:b6:8b:33:de:25:a0:6d:82:
         1c:4c:1b:47:09:14:76:c2:9f:95:de:6d:83:db:1a:5c:f3:e3:
         9a:1c:85:05:e5:ec:54:96:14:24:0f:82:ea:53:40:ae:1d:a1:
         e4:7f:92:4d:6b:a2:50:3e:e9:22:f2:89:cf:e7:cd:0c:5a:38:
         fc:67:00:18:90:b5:d4:d3:fd:52:0b:83:3b:48:29:65:80:02:
         98:b3:b4:03:14:93:e6:87:b0:77:d0:6a:57:b9:3e:01:a4:2f:
         2b:bf:7a:35
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAZG26dJJz01zW9l5NAR85WA9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyMDA5ODIyODRhMDUwZDk0MWRiZWJiZDA0YjVkMGM5MTRm
NjM1YjcwHhcNMjQwOTAzMDgwNDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODU1Y2UxOGE2OTNlMjIyZTk1MGQwZmE4NDc2Y2ZmZDAxNmU4MzU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsee4AFVApiExKPlBfh1pXB35xAyr
n5tR6gvRbCzS92ySWbmngOmpqP9qKDs74UL2zq9t5as6IfWbJ+mYKuGNdU0I5uMZ
US4lvlH3JYm+65bUdkqQe3q1udmZltTlgfhCXSOTnUfAwdBYz8hp6MHSOZuejZte
xRjlrJdmMOJiLWCst82D2+khZ4Razn9279yYyrAiDeuJ2tYdjtTKba3CzczQgK/T
6KzVHD8OnA7PBdmrkTky6htkf4VvCy35K+A+p9CLe/65PsvqOtmacrIPa9JGvCl6
Ih0iANVEPPQkak7daJrBkCih9V2aWU03JEwRcy8x3RawTzxLqNZkGnxTNwIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFGhVzhimk+Ii6VDQ+oR2z/0BboNZMB8GA1UdIwQY
MBaAFEIAmCKEoFDZQdvrvQS10MkU9jW3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWdDWUlvU2dVTmxCMi11OUJMWFF5UlQyTmJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS9jNjg4MTktMmY5ZS00NGNlLTg4MTAt
NTFkYzJiMDk2ZGVmLzEvYUZYT0dLYVQ0aUxwVU5ENmhIYlBfUUZ1ZzFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS9jNjg4MTktMmY5ZS00NGNlLTg4MTAtNTFkYzJiMDk2ZGVm
LzEvUWdDWUlvU2dVTmxCMi11OUJMWFF5UlQyTmJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDAYBAIAATASAwQAJZxEAwQC
uWRUAwQBuaWqMCAEAgACMBowDwMEACoGFwMHACoGFwAABAMHACoGFwABADANBgkq
hkiG9w0BAQsFAAOCAQEAQNBgUef28ZcUgPQgngpuWUBtlSHZMTsjcSaNy5O+mO4J
mrEe7BQbWX9m/cfXxYE69K6G5q1neSWWBzPcgFkk8sf4sV5M8cjGrSfRSO1Q/eh8
BsxOTi4i0tBXtV6yVlveWNO6G83vuBwrxTJffArbXbuFnpxnjOW5+w6hGawr+Gin
PWg2KOPTH7l584m30gt7h8hutpVQHWTIqraLM94loG2CHEwbRwkUdsKfld5tg9sa
XPPjmhyFBeXsVJYUJA+C6lNArh2h5H+STWuiUD7pIvKJz+fNDFo4/GcAGJC11NP9
UguDO0gpZYACmLO0AxST5oewd9BqV7k+AaQvK796NQ==
-----END CERTIFICATE-----