Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/bc1d14-15c8-48fd-9ec3-969c94de89a5/1/PoaOPf0ItpIu-4gJ4e3s3vDlX94.roa
File:                     PoaOPf0ItpIu-4gJ4e3s3vDlX94.roa (raw, json)
Hash identifier:          CLFdrk6aPXBLptZ/nIO2O3IVls8xUpDXtMhkrjG9urg=
Subject key identifier:   3E:86:8E:3D:FD:08:B6:92:2E:FB:88:09:E1:ED:EC:DE:F0:E5:5F:DE
Certificate issuer:       /CN=2452ab1d2d29bac9d52eb479de64c0700fc6724f
Certificate serial:       018BA2AF3F4FE77EE747C50685B3C4241DB8
Authority key identifier: 24:52:AB:1D:2D:29:BA:C9:D5:2E:B4:79:DE:64:C0:70:0F:C6:72:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JFKrHS0pusnVLrR53mTAcA_Gck8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/bc1d14-15c8-48fd-9ec3-969c94de89a5/1/PoaOPf0ItpIu-4gJ4e3s3vDlX94.roa
Signing time:             Mon 06 Nov 2023 03:31:15 +0000
ROA not before:           Mon 06 Nov 2023 03:31:15 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     202024
IP address blocks:        46.31.70.0/24 maxlen: 24
                          185.54.16.0/24 maxlen: 24
                          185.54.16.0/23 maxlen: 23
                          185.54.16.0/22 maxlen: 22
                          185.54.17.0/24 maxlen: 24
                          185.54.19.0/24 maxlen: 24
                          185.54.18.0/23 maxlen: 23
                          185.54.18.0/24 maxlen: 24
                          185.141.15.0/24 maxlen: 24
                          185.141.14.0/23 maxlen: 23
                          185.141.14.0/24 maxlen: 24
                          185.141.12.0/24 maxlen: 24
                          185.141.12.0/23 maxlen: 23
                          185.141.12.0/22 maxlen: 22
                          185.141.13.0/24 maxlen: 24
                          2a00:d30:16::/48 maxlen: 48

Validation:               Failed, certificate revoked on Fri 17 Nov 2023 04:25:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:a2:af:3f:4f:e7:7e:e7:47:c5:06:85:b3:c4:24:1d:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2452ab1d2d29bac9d52eb479de64c0700fc6724f
        Validity
            Not Before: Nov  6 03:31:15 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3e868e3dfd08b6922efb8809e1edecdef0e55fde
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:cf:15:bd:9e:c9:84:71:2e:97:a9:12:12:40:
                    9e:7c:83:cf:1b:5b:3c:c9:73:98:09:1c:d9:20:84:
                    1e:95:87:4f:9d:1f:8f:55:32:f5:0b:a7:17:86:c6:
                    dc:ba:11:fb:78:c1:b3:f5:a3:43:82:28:10:11:97:
                    32:c6:c7:0a:c2:93:5b:c0:b4:56:01:85:f8:9e:d0:
                    cb:ea:a3:bd:98:94:ec:fd:87:3c:10:98:ab:7f:b0:
                    4a:0a:6a:a4:b2:aa:e4:97:4b:38:ed:2e:18:ac:d0:
                    88:0f:c0:f9:03:fa:a4:7d:a6:a3:85:f1:ae:aa:ee:
                    85:84:ca:1c:e6:e2:eb:1e:73:ec:9b:d3:93:0c:c6:
                    04:3c:c1:6a:c1:98:0d:ef:fd:e1:af:10:f5:b1:37:
                    5c:cd:90:af:8c:29:66:ff:f8:e1:d7:64:43:34:8d:
                    29:b1:8c:c0:2f:32:e8:4c:92:ab:8e:bf:dc:1a:39:
                    33:cf:9f:1c:4a:8c:9f:59:e0:23:95:40:08:ac:45:
                    7c:1a:ef:6d:dd:7e:68:e4:fc:85:34:51:e0:17:c1:
                    ca:16:e7:61:19:21:ce:25:30:14:8e:98:50:e8:07:
                    4a:ae:9d:c0:4b:7b:c6:01:ba:c8:c4:68:fd:89:40:
                    ef:88:ab:78:75:db:c9:cb:8f:76:8b:a7:59:77:c6:
                    22:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:86:8E:3D:FD:08:B6:92:2E:FB:88:09:E1:ED:EC:DE:F0:E5:5F:DE
            X509v3 Authority Key Identifier:
                keyid:24:52:AB:1D:2D:29:BA:C9:D5:2E:B4:79:DE:64:C0:70:0F:C6:72:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JFKrHS0pusnVLrR53mTAcA_Gck8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/bc1d14-15c8-48fd-9ec3-969c94de89a5/1/PoaOPf0ItpIu-4gJ4e3s3vDlX94.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/bc1d14-15c8-48fd-9ec3-969c94de89a5/1/JFKrHS0pusnVLrR53mTAcA_Gck8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.31.70.0/24
                  185.54.16.0/22
                  185.141.12.0/22
                IPv6:
                  2a00:d30:16::/48

    Signature Algorithm: sha256WithRSAEncryption
         98:14:4b:21:b4:1e:0a:63:b2:a8:57:39:0e:88:59:f2:c4:90:
         a5:44:12:df:cc:68:97:c3:70:bb:c4:06:4a:a1:eb:bd:f2:80:
         2e:96:64:f1:b2:98:b2:a0:8f:92:91:ce:25:2e:10:aa:7a:a2:
         40:d2:db:99:ab:62:f2:38:07:a4:80:9c:bf:88:45:60:b0:f0:
         15:4b:7f:ae:41:ba:a7:73:1e:20:0a:74:21:de:f1:66:5a:c0:
         ed:87:d5:14:32:ba:7a:51:8b:80:b9:71:76:8f:6f:48:71:9d:
         72:87:c3:6a:c0:06:4a:1c:c3:64:40:23:e2:00:86:42:ab:fd:
         a2:e8:2c:77:37:eb:2a:b8:8c:1b:6f:87:93:15:e6:d0:d2:af:
         20:e0:a0:6c:b7:4a:32:9d:55:8f:e6:55:0a:f3:33:46:1d:ee:
         e3:ce:cc:22:60:b0:9d:24:43:07:71:af:3f:7c:c1:42:29:19:
         7d:60:bb:b7:c3:47:5f:bc:4d:8c:eb:ec:ba:42:87:1b:7c:c9:
         c8:03:41:ee:9c:23:fc:24:68:88:d2:a0:26:4e:8d:46:af:6e:
         ec:23:93:50:b3:69:ee:c6:3d:e6:eb:64:f1:f7:c7:2b:5d:11:
         ff:18:0b:1d:dc:c6:51:db:28:72:89:b5:ec:3c:60:c8:6d:bb:
         59:50:c9:27
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAYuirz9P537nR8UGhbPEJB24MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0NTJhYjFkMmQyOWJhYzlkNTJlYjQ3OWRlNjRjMDcwMGZj
NjcyNGYwHhcNMjMxMTA2MDMzMTE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTg2OGUzZGZkMDhiNjkyMmVmYjg4MDllMWVkZWNkZWYwZTU1ZmRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi88VvZ7JhHEul6kSEkCefIPPG1s8
yXOYCRzZIIQelYdPnR+PVTL1C6cXhsbcuhH7eMGz9aNDgigQEZcyxscKwpNbwLRW
AYX4ntDL6qO9mJTs/Yc8EJirf7BKCmqksqrkl0s47S4YrNCID8D5A/qkfaajhfGu
qu6FhMoc5uLrHnPsm9OTDMYEPMFqwZgN7/3hrxD1sTdczZCvjClm//jh12RDNI0p
sYzALzLoTJKrjr/cGjkzz58cSoyfWeAjlUAIrEV8Gu9t3X5o5PyFNFHgF8HKFudh
GSHOJTAUjphQ6AdKrp3AS3vGAbrIxGj9iUDviKt4ddvJy492i6dZd8YiowIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFD6Gjj39CLaSLvuICeHt7N7w5V/eMB8GA1UdIwQY
MBaAFCRSqx0tKbrJ1S60ed5kwHAPxnJPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkZLckhTMHB1c25WTHJSNTNtVEFjQV9HY2s4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9iYzFkMTQtMTVjOC00OGZkLTllYzMt
OTY5Yzk0ZGU4OWE1LzEvUG9hT1BmMEl0cEl1LTRnSjRlM3MzdkRsWDk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9iYzFkMTQtMTVjOC00OGZkLTllYzMtOTY5Yzk0ZGU4OWE1
LzEvSkZLckhTMHB1c25WTHJSNTNtVEFjQV9HY2s4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAYBAIAATASAwQALh9GAwQC
uTYQAwQCuY0MMA8EAgACMAkDBwAqAA0wABYwDQYJKoZIhvcNAQELBQADggEBAJgU
SyG0HgpjsqhXOQ6IWfLEkKVEEt/MaJfDcLvEBkqh673ygC6WZPGymLKgj5KRziUu
EKp6okDS25mrYvI4B6SAnL+IRWCw8BVLf65BuqdzHiAKdCHe8WZawO2H1RQyunpR
i4C5cXaPb0hxnXKHw2rABkocw2RAI+IAhkKr/aLoLHc36yq4jBtvh5MV5tDSryDg
oGy3SjKdVY/mVQrzM0Yd7uPOzCJgsJ0kQwdxrz98wUIpGX1gu7fDR1+8TYzr7LpC
hxt8ycgDQe6cI/wkaIjSoCZOjUavbuwjk1Czae7GPebrZPH3xytdEf8YCx3cxlHb
KHKJtew8YMhtu1lQySc=
-----END CERTIFICATE-----