Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/4307d1-b608-4581-992c-753741a80e94/1/6UWiy6ZzOQAckOTENzZpCKKwgms.roa
File:                     6UWiy6ZzOQAckOTENzZpCKKwgms.roa (raw, json)
Hash identifier:          ee9crrTKdtF4mMFl2F6QWIXI47O+TyRo7nhRNHrdY/Q=
Subject key identifier:   E9:45:A2:CB:A6:73:39:00:1C:90:E4:C4:37:36:69:08:A2:B0:82:6B
Certificate issuer:       /CN=07fa540a25432e2aa4dca057845c359d214886f7
Certificate serial:       018CC4934EB8755E09E6ACC4989C766FC106
Authority key identifier: 07:FA:54:0A:25:43:2E:2A:A4:DC:A0:57:84:5C:35:9D:21:48:86:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B_pUCiVDLiqk3KBXhFw1nSFIhvc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/4307d1-b608-4581-992c-753741a80e94/1/6UWiy6ZzOQAckOTENzZpCKKwgms.roa
Signing time:             Mon 01 Jan 2024 10:30:37 +0000
ROA not before:           Mon 01 Jan 2024 10:30:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     196922
IP address blocks:        46.232.186.0/24 maxlen: 24
                          46.232.184.0/21 maxlen: 21
                          46.232.184.0/24 maxlen: 24
                          46.232.185.0/24 maxlen: 24
                          46.232.190.0/24 maxlen: 24
                          46.232.187.0/24 maxlen: 24
                          46.232.191.0/24 maxlen: 24
                          178.248.240.0/24 maxlen: 24
                          178.248.245.0/24 maxlen: 24
                          178.248.246.0/24 maxlen: 24
                          178.248.243.0/24 maxlen: 24
                          178.248.244.0/24 maxlen: 24
                          178.248.241.0/24 maxlen: 24
                          178.248.240.0/21 maxlen: 21
                          178.248.242.0/24 maxlen: 24
                          185.115.24.0/22 maxlen: 24
                          185.115.24.0/23 maxlen: 23
                          178.248.247.0/24 maxlen: 24
                          185.115.26.0/23 maxlen: 23
                          185.115.26.128/27 maxlen: 27
                          2a02:1308::/29 maxlen: 32
                          2a02:1308::/32 maxlen: 32

Validation:               Failed, certificate revoked on Wed 10 Jan 2024 14:50:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:4e:b8:75:5e:09:e6:ac:c4:98:9c:76:6f:c1:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07fa540a25432e2aa4dca057845c359d214886f7
        Validity
            Not Before: Jan  1 10:30:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e945a2cba67339001c90e4c437366908a2b0826b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:d7:38:47:16:7c:3f:71:5f:c8:39:47:ad:a1:
                    f4:45:ed:72:97:cf:57:2d:f5:b4:1e:6b:66:8c:46:
                    62:9c:20:02:9a:15:ba:75:87:fc:45:8a:56:d1:99:
                    0d:bd:b4:3f:39:df:3b:cc:83:5e:65:24:91:fc:bd:
                    bd:80:ac:2b:28:65:65:c4:53:e1:19:50:98:d5:ff:
                    e4:b0:0d:5e:0d:a1:f9:e1:2b:fc:54:3a:71:88:66:
                    45:25:73:5b:05:11:27:ed:4b:73:2e:19:78:c2:b7:
                    26:ff:77:5c:e4:ea:50:f1:d6:ac:c1:1d:02:7b:ec:
                    0b:09:f4:56:e2:c8:c2:aa:73:cd:14:3f:3c:69:21:
                    94:85:34:85:3f:88:da:93:8a:62:3f:b9:7b:75:8c:
                    71:a3:f9:db:26:2b:a5:74:ea:79:82:53:74:6c:7b:
                    ef:d2:2e:4b:e5:c4:3b:49:22:1d:81:ef:ee:95:d2:
                    1e:44:d4:9e:63:c2:19:95:35:eb:8d:12:35:56:33:
                    cc:dc:f8:47:4b:33:25:07:e7:17:49:df:80:0d:ac:
                    92:f2:ba:78:4e:c2:d1:8d:b2:ee:4e:70:9d:65:24:
                    c4:52:ce:dd:d8:9d:68:65:6a:c5:5b:2a:39:ba:7b:
                    b6:c4:4b:4d:f5:00:0e:1b:e1:32:73:c4:f1:a2:4f:
                    38:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:45:A2:CB:A6:73:39:00:1C:90:E4:C4:37:36:69:08:A2:B0:82:6B
            X509v3 Authority Key Identifier:
                keyid:07:FA:54:0A:25:43:2E:2A:A4:DC:A0:57:84:5C:35:9D:21:48:86:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B_pUCiVDLiqk3KBXhFw1nSFIhvc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/4307d1-b608-4581-992c-753741a80e94/1/6UWiy6ZzOQAckOTENzZpCKKwgms.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/4307d1-b608-4581-992c-753741a80e94/1/B_pUCiVDLiqk3KBXhFw1nSFIhvc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.232.184.0/21
                  178.248.240.0/21
                  185.115.24.0/22
                IPv6:
                  2a02:1308::/29

    Signature Algorithm: sha256WithRSAEncryption
         99:c8:e9:0b:56:fe:4d:cc:61:63:4d:05:d8:b9:98:0a:2b:78:
         ed:09:c9:11:9b:e0:60:4b:6b:1a:05:95:9c:0d:f7:b5:70:01:
         7b:22:e4:f7:d0:b2:be:9b:52:11:5f:b4:77:95:ff:e3:80:6c:
         a2:0d:08:2c:ae:36:50:60:fb:ad:97:7e:29:e9:da:ad:94:bb:
         79:b1:27:df:47:f5:dc:45:6d:f5:27:12:6e:31:12:d5:44:3f:
         a9:1c:fb:bc:fc:c2:be:64:e4:e1:9a:b3:bb:28:78:59:3d:77:
         a7:6d:62:dc:56:28:1f:39:3d:4a:0e:d4:91:99:fe:da:06:b3:
         0b:b2:04:5d:de:f3:52:d3:c1:c3:57:87:48:f1:90:a2:74:af:
         6d:21:72:c6:44:2b:1f:ef:27:ba:84:b4:b5:00:00:44:68:74:
         67:98:80:96:4b:26:b5:fd:34:e1:c3:7c:0a:39:bf:c9:cd:10:
         9b:ec:49:e7:f7:b4:d7:89:14:91:37:ed:1b:17:ab:96:f5:4d:
         25:cc:ba:bd:3d:b8:2a:3f:6e:c6:75:fc:7c:66:a7:4c:2b:cb:
         fe:f6:d6:6e:38:a7:91:aa:ec:4a:93:0a:66:b3:0b:0a:93:05:
         14:6e:27:1a:c4:89:57:6f:ac:81:b5:d6:b4:ae:7e:87:1d:5d:
         28:9f:7f:75
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYzEk064dV4J5qzEmJx2b8EGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3ZmE1NDBhMjU0MzJlMmFhNGRjYTA1Nzg0NWMzNTlkMjE0
ODg2ZjcwHhcNMjQwMTAxMTAzMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTQ1YTJjYmE2NzMzOTAwMWM5MGU0YzQzNzM2NjkwOGEyYjA4MjZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm9c4RxZ8P3FfyDlHraH0Re1yl89X
LfW0HmtmjEZinCACmhW6dYf8RYpW0ZkNvbQ/Od87zINeZSSR/L29gKwrKGVlxFPh
GVCY1f/ksA1eDaH54Sv8VDpxiGZFJXNbBREn7UtzLhl4wrcm/3dc5OpQ8daswR0C
e+wLCfRW4sjCqnPNFD88aSGUhTSFP4jak4piP7l7dYxxo/nbJiuldOp5glN0bHvv
0i5L5cQ7SSIdge/uldIeRNSeY8IZlTXrjRI1VjPM3PhHSzMlB+cXSd+ADayS8rp4
TsLRjbLuTnCdZSTEUs7d2J1oZWrFWyo5unu2xEtN9QAOG+Eyc8Txok84EQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFOlFosumczkAHJDkxDc2aQiisIJrMB8GA1UdIwQY
MBaAFAf6VAolQy4qpNygV4RcNZ0hSIb3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQl9wVUNpVkRMaXFrM0tCWGhGdzFuU0ZJaHZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC80MzA3ZDEtYjYwOC00NTgxLTk5MmMt
NzUzNzQxYTgwZTk0LzEvNlVXaXk2WnpPUUFja09URU56WnBDS0t3Z21zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC80MzA3ZDEtYjYwOC00NTgxLTk5MmMtNzUzNzQxYTgwZTk0
LzEvQl9wVUNpVkRMaXFrM0tCWGhGdzFuU0ZJaHZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDLui4AwQD
svjwAwQCuXMYMA0EAgACMAcDBQMqAhMIMA0GCSqGSIb3DQEBCwUAA4IBAQCZyOkL
Vv5NzGFjTQXYuZgKK3jtCckRm+BgS2saBZWcDfe1cAF7IuT30LK+m1IRX7R3lf/j
gGyiDQgsrjZQYPutl34p6dqtlLt5sSffR/XcRW31JxJuMRLVRD+pHPu8/MK+ZOTh
mrO7KHhZPXenbWLcVigfOT1KDtSRmf7aBrMLsgRd3vNS08HDV4dI8ZCidK9tIXLG
RCsf7ye6hLS1AABEaHRnmICWSya1/TThw3wKOb/JzRCb7Enn97TXiRSRN+0bF6uW
9U0lzLq9PbgqP27Gdfx8ZqdMK8v+9tZuOKeRquxKkwpmswsKkwUUbicaxIlXb6yB
tda0rn6HHV0on391
-----END CERTIFICATE-----