Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/f03cdc-2945-408c-8889-c69871f5d305/1/4CDk0TI2Jr3Iyr1qBHxDA5M59EY.roa
File:                     4CDk0TI2Jr3Iyr1qBHxDA5M59EY.roa (raw, json)
Hash identifier:          +/51xY+Z/IYrqNTveOQhI3uq7k9vcdnfpegMOY4qM+g=
Subject key identifier:   E0:20:E4:D1:32:36:26:BD:C8:CA:BD:6A:04:7C:43:03:93:39:F4:46
Certificate issuer:       /CN=5dedd6b0e36f4bd8f1d57e26cc1c2d18c6993c04
Certificate serial:       018997BBAD122286E4731580E68650643030
Authority key identifier: 5D:ED:D6:B0:E3:6F:4B:D8:F1:D5:7E:26:CC:1C:2D:18:C6:99:3C:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xe3WsONvS9jx1X4mzBwtGMaZPAQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/f03cdc-2945-408c-8889-c69871f5d305/1/4CDk0TI2Jr3Iyr1qBHxDA5M59EY.roa
Signing time:             Thu 27 Jul 2023 14:23:26 +0000
ROA not before:           Thu 27 Jul 2023 14:23:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     15987
IP address blocks:        188.246.0.0/23 maxlen: 24
                          188.246.0.0/19 maxlen: 22
                          185.112.252.0/22 maxlen: 24
                          188.246.17.0/24 maxlen: 24
                          188.246.23.0/24 maxlen: 24
                          46.41.14.0/24 maxlen: 24
                          46.41.32.0/24 maxlen: 24
                          46.41.47.0/24 maxlen: 24
                          217.144.128.0/24 maxlen: 24
                          217.144.129.0/24 maxlen: 24
                          217.144.128.0/20 maxlen: 20
                          217.144.143.0/24 maxlen: 24
                          46.41.0.0/18 maxlen: 22
                          2a02:a00:1009::/48 maxlen: 48
                          2a02:a00:1049::/48 maxlen: 48
                          2a02:a00:1f::/48 maxlen: 48
                          2a02:a00:f::/48 maxlen: 48
                          2a02:a00:d::/48 maxlen: 48
                          2a02:a00::/34 maxlen: 34
                          2a02:a00:3000::/36 maxlen: 36
                          2a02:a00::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 12:33:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:97:bb:ad:12:22:86:e4:73:15:80:e6:86:50:64:30:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5dedd6b0e36f4bd8f1d57e26cc1c2d18c6993c04
        Validity
            Not Before: Jul 27 14:23:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e020e4d1323626bdc8cabd6a047c43039339f446
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:ba:01:85:c2:79:43:d0:97:f2:fb:82:6b:74:
                    6e:fb:53:d8:4d:65:78:8b:98:44:1b:4e:da:15:42:
                    0f:16:db:f8:a5:d7:85:47:9d:d7:ed:75:52:59:f1:
                    b2:d5:1f:3f:0e:ad:ae:c6:17:c8:4c:b5:26:06:4c:
                    89:9a:31:e9:d2:88:bc:47:4c:5a:ff:a4:94:13:fe:
                    17:84:e1:ea:6f:7a:f9:c1:2f:71:0d:09:0b:52:32:
                    f9:16:04:88:98:62:f1:00:55:77:bb:d0:f8:f6:28:
                    5f:79:74:ca:d3:36:1a:d9:ae:9d:2b:44:99:43:83:
                    d9:ea:05:af:09:ae:0f:8b:e4:01:e7:01:ad:10:72:
                    a1:c0:8f:99:82:65:ee:e3:a8:ed:5e:46:e9:f8:ae:
                    06:1a:f8:d8:a9:9d:43:3f:78:45:6d:6c:16:5d:c4:
                    10:42:84:1a:e3:d1:a6:a1:48:df:49:95:87:5e:54:
                    76:d5:e1:ef:8e:6e:af:2a:b9:cc:e5:67:c5:fc:ee:
                    53:2b:38:ec:9a:c2:46:fe:17:66:5f:40:3d:27:83:
                    06:88:e6:b2:5b:7c:ee:4c:c3:45:e6:5e:21:c9:2c:
                    2c:3d:c6:98:85:ef:e3:21:81:65:5d:a5:0e:96:06:
                    7c:9d:7f:90:9a:53:2f:a4:a1:fe:a6:19:59:fa:39:
                    b0:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:20:E4:D1:32:36:26:BD:C8:CA:BD:6A:04:7C:43:03:93:39:F4:46
            X509v3 Authority Key Identifier:
                keyid:5D:ED:D6:B0:E3:6F:4B:D8:F1:D5:7E:26:CC:1C:2D:18:C6:99:3C:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xe3WsONvS9jx1X4mzBwtGMaZPAQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/f03cdc-2945-408c-8889-c69871f5d305/1/4CDk0TI2Jr3Iyr1qBHxDA5M59EY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/f03cdc-2945-408c-8889-c69871f5d305/1/Xe3WsONvS9jx1X4mzBwtGMaZPAQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.41.0.0/18
                  185.112.252.0/22
                  188.246.0.0/19
                  217.144.128.0/20
                IPv6:
                  2a02:a00::/32

    Signature Algorithm: sha256WithRSAEncryption
         8e:4c:98:94:ac:b0:f1:5a:dc:20:11:7b:4d:af:83:b2:7c:94:
         e2:fd:e9:84:6b:12:bb:dd:53:d7:e9:ca:e0:56:4c:bc:7e:cc:
         f6:d8:6e:13:29:a5:03:b7:5f:88:7e:fd:6c:61:a8:15:2d:18:
         04:dd:f0:1c:a7:91:0f:87:fa:aa:43:3a:90:bd:81:04:fb:cf:
         7f:15:bf:5b:e2:79:32:0d:7f:37:b0:85:ad:4e:3d:27:da:76:
         15:47:e3:c9:56:94:07:02:2d:5a:4c:73:01:9e:51:83:ea:cb:
         93:b4:6b:6b:aa:85:a1:b7:80:a8:6b:a8:e5:4c:35:15:bf:f0:
         99:71:90:62:9a:c5:d9:3a:27:88:b2:fe:c3:71:32:ca:4b:10:
         df:1d:b0:85:ff:3d:65:41:80:b5:ee:d6:9b:6e:8f:23:82:0f:
         51:41:f7:cc:50:a1:9c:46:65:21:63:99:71:7b:e6:21:7d:2b:
         94:db:98:88:10:38:af:36:b2:00:ed:6c:58:a1:ac:7a:74:9e:
         cd:eb:e1:f7:2a:43:2e:3b:03:77:e7:0a:0b:7a:7d:ec:11:68:
         89:1b:89:18:8f:5f:cb:35:36:5d:62:24:63:d2:35:d9:42:46:
         8e:ad:1f:b0:69:2b:26:7b:04:e6:b8:b9:d6:9e:3b:f9:cb:98:
         9a:e5:40:0c
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYmXu60SIobkcxWA5oZQZDAwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZWRkNmIwZTM2ZjRiZDhmMWQ1N2UyNmNjMWMyZDE4YzY5
OTNjMDQwHhcNMjMwNzI3MTQyMzI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDIwZTRkMTMyMzYyNmJkYzhjYWJkNmEwNDdjNDMwMzkzMzlmNDQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk7oBhcJ5Q9CX8vuCa3Ru+1PYTWV4
i5hEG07aFUIPFtv4pdeFR53X7XVSWfGy1R8/Dq2uxhfITLUmBkyJmjHp0oi8R0xa
/6SUE/4XhOHqb3r5wS9xDQkLUjL5FgSImGLxAFV3u9D49ihfeXTK0zYa2a6dK0SZ
Q4PZ6gWvCa4Pi+QB5wGtEHKhwI+ZgmXu46jtXkbp+K4GGvjYqZ1DP3hFbWwWXcQQ
QoQa49GmoUjfSZWHXlR21eHvjm6vKrnM5WfF/O5TKzjsmsJG/hdmX0A9J4MGiOay
W3zuTMNF5l4hySwsPcaYhe/jIYFlXaUOlgZ8nX+QmlMvpKH+phlZ+jmwxwIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFOAg5NEyNia9yMq9agR8QwOTOfRGMB8GA1UdIwQY
MBaAFF3t1rDjb0vY8dV+JswcLRjGmTwEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGUzV3NPTnZTOWp4MVg0bXpCd3RHTWFaUEFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9mMDNjZGMtMjk0NS00MDhjLTg4ODkt
YzY5ODcxZjVkMzA1LzEvNENEazBUSTJKcjNJeXIxcUJIeERBNU01OUVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9mMDNjZGMtMjk0NS00MDhjLTg4ODktYzY5ODcxZjVkMzA1
LzEvWGUzV3NPTnZTOWp4MVg0bXpCd3RHTWFaUEFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQGLikAAwQC
uXD8AwQFvPYAAwQE2ZCAMA0EAgACMAcDBQAqAgoAMA0GCSqGSIb3DQEBCwUAA4IB
AQCOTJiUrLDxWtwgEXtNr4OyfJTi/emEaxK73VPX6crgVky8fsz22G4TKaUDt1+I
fv1sYagVLRgE3fAcp5EPh/qqQzqQvYEE+89/Fb9b4nkyDX83sIWtTj0n2nYVR+PJ
VpQHAi1aTHMBnlGD6suTtGtrqoWht4Coa6jlTDUVv/CZcZBimsXZOieIsv7DcTLK
SxDfHbCF/z1lQYC17tabbo8jgg9RQffMUKGcRmUhY5lxe+YhfSuU25iIEDivNrIA
7WxYoax6dJ7N6+H3KkMuOwN35woLen3sEWiJG4kYj1/LNTZdYiRj0jXZQkaOrR+w
aSsmewTmuLnWnjv5y5ia5UAM
-----END CERTIFICATE-----