Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/016156-093e-405b-9b2d-a5749d2346e7/1/Ptsua9s_XnkGXLeobRl9uaMBj_0.roa
File:                     Ptsua9s_XnkGXLeobRl9uaMBj_0.roa (raw, json)
Hash identifier:          /p56PmhxcUT5gML/4o0blAvPWot1HXHh2mIY21are6Y=
Subject key identifier:   3E:DB:2E:6B:DB:3F:5E:79:06:5C:B7:A8:6D:19:7D:B9:A3:01:8F:FD
Certificate issuer:       /CN=36c3c4565743ae57bd2aea9a363c2b3c3e250f72
Certificate serial:       018EE7E285681979B1E96264E02BD40BF4DF
Authority key identifier: 36:C3:C4:56:57:43:AE:57:BD:2A:EA:9A:36:3C:2B:3C:3E:25:0F:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsPEVldDrle9KuqaNjwrPD4lD3I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/016156-093e-405b-9b2d-a5749d2346e7/1/Ptsua9s_XnkGXLeobRl9uaMBj_0.roa
Signing time:             Tue 16 Apr 2024 17:09:25 +0000
ROA not before:           Tue 16 Apr 2024 17:09:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203059
IP address blocks:        45.91.120.0/24 maxlen: 24
                          45.95.211.0/24 maxlen: 24
                          91.218.77.0/24 maxlen: 24
                          134.255.242.0/24 maxlen: 24
                          185.53.33.0/24 maxlen: 24
                          185.231.228.0/22 maxlen: 22
                          185.234.101.0/24 maxlen: 24
                          185.253.62.0/23 maxlen: 23
                          194.156.132.0/23 maxlen: 23
                          194.156.132.0/24 maxlen: 24
                          194.156.133.0/24 maxlen: 24
                          194.156.150.0/23 maxlen: 23
                          194.156.150.0/24 maxlen: 24
                          194.156.151.0/24 maxlen: 24
                          2a13:5080::/29 maxlen: 29

Validation:               Failed, certificate revoked on Fri 19 Apr 2024 20:05:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e7:e2:85:68:19:79:b1:e9:62:64:e0:2b:d4:0b:f4:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c3c4565743ae57bd2aea9a363c2b3c3e250f72
        Validity
            Not Before: Apr 16 17:09:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3edb2e6bdb3f5e79065cb7a86d197db9a3018ffd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:9a:c3:e9:63:dc:e8:ef:ad:b2:b2:79:a9:43:
                    d8:1b:6e:83:b1:d6:02:e4:ce:02:0b:c6:b1:f3:62:
                    4c:ce:3e:d0:34:fe:47:d3:bd:1b:b7:92:2d:f6:5e:
                    78:1f:e3:f7:57:f0:97:70:72:6d:63:80:9b:84:87:
                    da:0b:fe:ca:f5:43:ca:9e:3c:09:62:44:eb:48:59:
                    a0:9b:6a:46:4c:54:6e:62:38:6c:87:93:cc:0b:69:
                    99:da:87:de:24:5e:70:08:b0:b8:fb:12:20:cc:ec:
                    e5:6c:44:17:af:ff:df:27:0f:8e:42:37:24:03:55:
                    eb:12:0f:95:04:94:10:4f:91:ff:8e:76:64:9c:7d:
                    a6:9e:c9:bf:4d:15:61:7e:5e:02:f8:6d:5f:d9:9d:
                    4e:7a:44:8e:66:a6:d3:38:e8:10:a8:c9:53:13:a2:
                    c3:d2:24:b2:d3:bb:a7:69:72:1d:38:f1:82:0d:e6:
                    e6:99:b4:28:d7:9b:d3:c0:c0:f6:f4:bd:f3:02:f5:
                    20:a3:c9:5c:95:20:06:c6:fa:2c:36:f6:54:5c:ec:
                    01:17:36:98:2a:f0:88:b8:67:bb:c3:ba:fc:5a:ae:
                    68:9a:28:30:ab:db:36:4f:45:ef:7f:69:25:b6:8e:
                    db:bf:11:75:80:16:1a:a2:71:af:b5:7d:d0:0b:d0:
                    a0:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:DB:2E:6B:DB:3F:5E:79:06:5C:B7:A8:6D:19:7D:B9:A3:01:8F:FD
            X509v3 Authority Key Identifier:
                keyid:36:C3:C4:56:57:43:AE:57:BD:2A:EA:9A:36:3C:2B:3C:3E:25:0F:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsPEVldDrle9KuqaNjwrPD4lD3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/016156-093e-405b-9b2d-a5749d2346e7/1/Ptsua9s_XnkGXLeobRl9uaMBj_0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/016156-093e-405b-9b2d-a5749d2346e7/1/NsPEVldDrle9KuqaNjwrPD4lD3I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.120.0/24
                  45.95.211.0/24
                  91.218.77.0/24
                  134.255.242.0/24
                  185.53.33.0/24
                  185.231.228.0/22
                  185.234.101.0/24
                  185.253.62.0/23
                  194.156.132.0/23
                  194.156.150.0/23
                IPv6:
                  2a13:5080::/29

    Signature Algorithm: sha256WithRSAEncryption
         66:7b:10:80:93:cd:e3:08:7b:e1:ae:4b:d7:e4:fd:71:93:f3:
         be:df:ae:ab:0c:77:ae:23:10:29:c5:f5:7c:9c:43:08:39:74:
         d9:87:d9:2d:ab:71:69:76:14:e3:dd:36:b8:c0:bb:a8:49:f6:
         59:d6:21:87:2b:e9:84:8e:26:5e:4e:67:6a:1a:eb:c1:f1:72:
         00:96:d4:7a:e3:c1:9c:30:b3:26:74:ec:20:74:dd:f9:a6:92:
         3b:d5:00:0e:7a:51:9b:36:72:4a:37:d6:91:9e:09:ba:e1:a5:
         9e:25:7d:66:c7:8c:ab:72:0d:c0:0f:f4:8a:cc:3b:23:da:09:
         36:ae:ec:b3:90:b0:bb:16:57:da:f1:23:a1:4c:af:f2:a9:de:
         d2:36:1e:67:aa:a4:c1:0b:fb:8f:b2:ea:32:12:f0:e9:91:d5:
         f4:bb:ce:57:94:d0:09:d3:14:9a:3c:b9:a9:12:ae:56:e6:ac:
         81:c2:c7:c5:5b:84:43:f3:49:d0:4f:bc:f0:52:a3:ab:c0:ee:
         05:c6:c3:6a:30:1d:6b:1e:3a:3a:58:82:bb:a3:c8:50:c0:01:
         97:02:ee:f2:fa:fd:1a:45:09:ac:d0:1d:2f:9e:41:1b:57:20:
         5a:fa:a1:75:33:6a:a1:7b:ad:2b:e2:06:73:5d:3e:eb:15:74:
         b3:9d:19:f7
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgISAY7n4oVoGXmx6WJk4CvUC/TfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzNjNDU2NTc0M2FlNTdiZDJhZWE5YTM2M2MyYjNjM2Uy
NTBmNzIwHhcNMjQwNDE2MTcwOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWRiMmU2YmRiM2Y1ZTc5MDY1Y2I3YTg2ZDE5N2RiOWEzMDE4ZmZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw5rD6WPc6O+tsrJ5qUPYG26DsdYC
5M4CC8ax82JMzj7QNP5H070bt5It9l54H+P3V/CXcHJtY4CbhIfaC/7K9UPKnjwJ
YkTrSFmgm2pGTFRuYjhsh5PMC2mZ2ofeJF5wCLC4+xIgzOzlbEQXr//fJw+OQjck
A1XrEg+VBJQQT5H/jnZknH2mnsm/TRVhfl4C+G1f2Z1OekSOZqbTOOgQqMlTE6LD
0iSy07unaXIdOPGCDebmmbQo15vTwMD29L3zAvUgo8lclSAGxvosNvZUXOwBFzaY
KvCIuGe7w7r8Wq5omigwq9s2T0Xvf2klto7bvxF1gBYaonGvtX3QC9CghQIDAQAB
o4ICTjCCAkowHQYDVR0OBBYEFD7bLmvbP155Bly3qG0ZfbmjAY/9MB8GA1UdIwQY
MBaAFDbDxFZXQ65XvSrqmjY8Kzw+JQ9yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNQRVZsZERybGU5S3VxYU5qd3JQRDRsRDNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8wMTYxNTYtMDkzZS00MDViLTliMmQt
YTU3NDlkMjM0NmU3LzEvUHRzdWE5c19YbmtHWExlb2JSbDl1YU1Cal8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8wMTYxNTYtMDkzZS00MDViLTliMmQtYTU3NDlkMjM0NmU3
LzEvTnNQRVZsZERybGU5S3VxYU5qd3JQRDRsRDNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGQGCCsGAQUFBwEHAQH/BFUwUzBCBAIAATA8AwQALVt4AwQA
LV/TAwQAW9pNAwQAhv/yAwQAuTUhAwQCuefkAwQAueplAwQBuf0+AwQBwpyEAwQB
wpyWMA0EAgACMAcDBQMqE1CAMA0GCSqGSIb3DQEBCwUAA4IBAQBmexCAk83jCHvh
rkvX5P1xk/O+366rDHeuIxApxfV8nEMIOXTZh9ktq3FpdhTj3Ta4wLuoSfZZ1iGH
K+mEjiZeTmdqGuvB8XIAltR648GcMLMmdOwgdN35ppI71QAOelGbNnJKN9aRngm6
4aWeJX1mx4yrcg3AD/SKzDsj2gk2ruyzkLC7Flfa8SOhTK/yqd7SNh5nqqTBC/uP
suoyEvDpkdX0u85XlNAJ0xSaPLmpEq5W5qyBwsfFW4RD80nQT7zwUqOrwO4FxsNq
MB1rHjo6WIK7o8hQwAGXAu7y+v0aRQms0B0vnkEbVyBa+qF1M2qhe60r4gZzXT7r
FXSznRn3
-----END CERTIFICATE-----