Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/09bAsh8B162ZU-Y1w5mgn6iRq1A.roa
File:                     09bAsh8B162ZU-Y1w5mgn6iRq1A.roa (raw, json)
Hash identifier:          jCCZQYf9WbyhZQIAwowItNYeIY1/mZH8ruyIKznBCgg=
Subject key identifier:   D3:D6:C0:B2:1F:01:D7:AD:99:53:E6:35:C3:99:A0:9F:A8:91:AB:50
Certificate issuer:       /CN=5588f197f97e8900755544e810cddef9d90fbc41
Certificate serial:       018E413DFC5B9CB967079C3118A88EBCF148
Authority key identifier: 55:88:F1:97:F9:7E:89:00:75:55:44:E8:10:CD:DE:F9:D9:0F:BC:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/09bAsh8B162ZU-Y1w5mgn6iRq1A.roa
Signing time:             Fri 15 Mar 2024 08:32:45 +0000
ROA not before:           Fri 15 Mar 2024 08:32:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     399587
IP address blocks:        46.3.32.0/19 maxlen: 24
                          46.3.32.0/20 maxlen: 20
                          46.3.48.0/21 maxlen: 24
                          46.3.56.0/21 maxlen: 24
                          46.3.80.0/21 maxlen: 22
                          46.3.96.0/20 maxlen: 24
                          46.3.120.0/21 maxlen: 22
                          46.3.160.0/22 maxlen: 24
                          46.3.164.0/22 maxlen: 24
                          46.3.208.0/21 maxlen: 21
                          46.3.216.0/21 maxlen: 22
                          46.3.216.0/22 maxlen: 24
                          46.3.222.0/24 maxlen: 24
                          46.3.224.0/21 maxlen: 22
                          46.232.20.0/22 maxlen: 24
                          46.232.64.0/22 maxlen: 24
                          80.243.128.0/21 maxlen: 24
                          80.243.128.0/23 maxlen: 24
                          80.243.130.0/23 maxlen: 24

Validation:               Failed, certificate revoked on Thu 21 Mar 2024 20:56:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:41:3d:fc:5b:9c:b9:67:07:9c:31:18:a8:8e:bc:f1:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5588f197f97e8900755544e810cddef9d90fbc41
        Validity
            Not Before: Mar 15 08:32:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d3d6c0b21f01d7ad9953e635c399a09fa891ab50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:bc:08:aa:16:97:58:8c:8f:47:85:cc:a0:39:
                    92:59:b8:7e:ad:4b:2b:7b:c0:38:ba:ad:26:49:72:
                    51:b3:2b:94:f7:b9:36:f7:6d:47:28:4b:a7:45:e4:
                    b5:e8:7f:67:a0:09:cf:97:20:cf:82:f9:2e:2e:f1:
                    30:ff:fc:5d:c6:99:2c:9b:1b:73:f2:2e:73:b6:82:
                    39:97:c5:56:fe:c5:63:ec:b9:d6:e6:8d:83:86:88:
                    d7:24:f9:9f:ff:9a:3a:b5:23:8e:35:55:20:b4:b0:
                    27:08:6a:c0:3e:07:d9:97:97:d4:6e:f3:a4:8c:c5:
                    3f:50:d2:47:8c:e4:9a:c9:e5:c2:98:c6:66:ff:c6:
                    81:86:76:29:91:c6:95:37:75:d8:ef:60:a7:cc:4b:
                    da:27:00:f6:56:dd:ee:02:96:df:22:1b:b4:46:1b:
                    f1:ca:39:0e:f9:89:69:ff:72:c7:d9:17:7f:5d:79:
                    7d:fd:f7:5a:31:7a:7c:f6:ef:f8:76:15:e0:c9:23:
                    5e:bb:71:88:74:03:69:ab:0b:6c:97:40:72:e6:81:
                    ef:8d:4e:7f:a9:6e:a7:6f:bb:9d:da:b7:5b:de:f3:
                    90:0e:e0:cf:12:85:6a:97:d3:f1:cb:58:fc:5e:75:
                    ce:80:b7:78:eb:52:b9:c3:49:25:cc:e5:71:a1:8f:
                    d8:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:D6:C0:B2:1F:01:D7:AD:99:53:E6:35:C3:99:A0:9F:A8:91:AB:50
            X509v3 Authority Key Identifier:
                keyid:55:88:F1:97:F9:7E:89:00:75:55:44:E8:10:CD:DE:F9:D9:0F:BC:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/09bAsh8B162ZU-Y1w5mgn6iRq1A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.3.32.0/19
                  46.3.80.0/21
                  46.3.96.0/20
                  46.3.120.0/21
                  46.3.160.0/21
                  46.3.208.0-46.3.231.255
                  46.232.20.0/22
                  46.232.64.0/22
                  80.243.128.0/21

    Signature Algorithm: sha256WithRSAEncryption
         6a:be:35:74:a8:ba:c6:3b:64:34:42:01:ef:3d:fb:14:44:43:
         4e:da:97:00:07:fe:d5:b7:42:aa:15:48:3e:30:f6:24:4d:be:
         f9:6e:65:31:c0:e6:e4:ae:a5:8b:78:4b:e6:8f:fc:28:a0:dc:
         92:3a:08:d6:e9:e4:53:dc:5f:da:b6:ba:85:5c:47:6f:d0:3e:
         2b:04:ce:82:51:51:6b:90:d7:cb:da:f2:45:2f:14:5a:3e:40:
         6a:3c:20:96:4b:56:09:8b:f7:db:78:f2:27:88:a2:82:2a:48:
         31:00:6d:c0:b7:96:10:39:4f:e0:c5:fc:3a:6f:01:02:07:6c:
         11:94:28:a3:59:7c:b7:2a:be:56:62:dc:4c:c5:2d:e4:39:95:
         55:e7:99:76:6e:ab:b8:d4:2c:1f:5c:02:7c:7e:a0:de:e9:2c:
         8d:3f:f4:5e:6a:d8:41:15:52:a6:d3:97:75:fa:ce:2a:af:7b:
         52:e3:3a:e2:0c:1b:bf:b5:5e:7f:77:cf:52:43:d8:70:23:29:
         17:44:78:1d:c4:7d:8b:e4:c9:b1:6e:dc:a9:85:22:b1:7c:29:
         6d:84:fa:86:59:47:64:3c:26:22:37:a0:34:cb:45:dc:36:5c:
         d1:4c:11:87:ec:ea:60:4f:cf:af:50:54:e7:f6:c9:24:03:7e:
         0c:19:47:b6
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAY5BPfxbnLlnB5wxGKiOvPFIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1ODhmMTk3Zjk3ZTg5MDA3NTU1NDRlODEwY2RkZWY5ZDkw
ZmJjNDEwHhcNMjQwMzE1MDgzMjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2Q2YzBiMjFmMDFkN2FkOTk1M2U2MzVjMzk5YTA5ZmE4OTFhYjUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkbwIqhaXWIyPR4XMoDmSWbh+rUsr
e8A4uq0mSXJRsyuU97k2921HKEunReS16H9noAnPlyDPgvkuLvEw//xdxpksmxtz
8i5ztoI5l8VW/sVj7LnW5o2DhojXJPmf/5o6tSOONVUgtLAnCGrAPgfZl5fUbvOk
jMU/UNJHjOSayeXCmMZm/8aBhnYpkcaVN3XY72CnzEvaJwD2Vt3uApbfIhu0Rhvx
yjkO+Ylp/3LH2Rd/XXl9/fdaMXp89u/4dhXgySNeu3GIdANpqwtsl0By5oHvjU5/
qW6nb7ud2rdb3vOQDuDPEoVql9Pxy1j8XnXOgLd461K5w0klzOVxoY/Y7QIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFNPWwLIfAdetmVPmNcOZoJ+okatQMB8GA1UdIwQY
MBaAFFWI8Zf5fokAdVVE6BDN3vnZD7xBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVllqeGxfbC1pUUIxVlVUb0VNM2UtZGtQdkVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi82MjI5ODEtOTY1MC00MjcxLTkyY2Et
N2NmZWY0Mjc2YTBmLzEvMDliQXNoOEIxNjJaVS1ZMXc1bWduNmlScTFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi82MjI5ODEtOTY1MC00MjcxLTkyY2EtN2NmZWY0Mjc2YTBm
LzEvVllqeGxfbC1pUUIxVlVUb0VNM2UtZGtQdkVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQFLgMgAwQD
LgNQAwQELgNgAwQDLgN4AwQDLgOgMAwDBAQuA9ADBAMuA+ADBAIu6BQDBAIu6EAD
BANQ84AwDQYJKoZIhvcNAQELBQADggEBAGq+NXSousY7ZDRCAe89+xREQ07alwAH
/tW3QqoVSD4w9iRNvvluZTHA5uSupYt4S+aP/Cig3JI6CNbp5FPcX9q2uoVcR2/Q
PisEzoJRUWuQ18va8kUvFFo+QGo8IJZLVgmL99t48ieIooIqSDEAbcC3lhA5T+DF
/DpvAQIHbBGUKKNZfLcqvlZi3EzFLeQ5lVXnmXZuq7jULB9cAnx+oN7pLI0/9F5q
2EEVUqbTl3X6ziqve1LjOuIMG7+1Xn93z1JD2HAjKRdEeB3EfYvkybFu3KmFIrF8
KW2E+oZZR2Q8JiI3oDTLRdw2XNFMEYfs6mBPz69QVOf2ySQDfgwZR7Y=
-----END CERTIFICATE-----