Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/4307d1-b608-4581-992c-753741a80e94/1/QJ16XWdozqTo9fCtFIP4DHC8Hi0.roa
File:                     QJ16XWdozqTo9fCtFIP4DHC8Hi0.roa (raw, json)
Hash identifier:          TFrOrWdRGkvZwCoc2nue+tXsZgFAoE2r2cuBVEtRZqM=
Subject key identifier:   40:9D:7A:5D:67:68:CE:A4:E8:F5:F0:AD:14:83:F8:0C:70:BC:1E:2D
Certificate issuer:       /CN=07fa540a25432e2aa4dca057845c359d214886f7
Certificate serial:       018CF7C34D85661FF424110D4CB5C86ACD2D
Authority key identifier: 07:FA:54:0A:25:43:2E:2A:A4:DC:A0:57:84:5C:35:9D:21:48:86:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B_pUCiVDLiqk3KBXhFw1nSFIhvc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/4307d1-b608-4581-992c-753741a80e94/1/QJ16XWdozqTo9fCtFIP4DHC8Hi0.roa
Signing time:             Thu 11 Jan 2024 09:03:40 +0000
ROA not before:           Thu 11 Jan 2024 09:03:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     196922
IP address blocks:        46.232.186.0/24 maxlen: 24
                          46.232.184.0/24 maxlen: 24
                          46.232.184.0/21 maxlen: 24
                          46.232.185.0/24 maxlen: 24
                          46.232.189.0/24 maxlen: 24
                          46.232.190.0/24 maxlen: 24
                          46.232.188.0/24 maxlen: 24
                          46.232.191.0/24 maxlen: 24
                          46.232.187.0/24 maxlen: 24
                          178.248.240.0/24 maxlen: 24
                          178.248.241.0/24 maxlen: 24
                          178.248.240.0/21 maxlen: 21
                          178.248.242.0/24 maxlen: 24
                          178.248.245.0/24 maxlen: 24
                          178.248.246.0/24 maxlen: 24
                          178.248.243.0/24 maxlen: 24
                          178.248.244.0/24 maxlen: 24
                          185.115.24.0/22 maxlen: 24
                          185.115.24.0/23 maxlen: 23
                          178.248.247.0/24 maxlen: 24
                          185.115.26.128/27 maxlen: 27
                          185.115.26.0/23 maxlen: 23
                          2a02:1308::/29 maxlen: 32
                          2a02:1308::/32 maxlen: 32

Validation:               Failed, certificate revoked on Fri 12 Jan 2024 08:36:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f7:c3:4d:85:66:1f:f4:24:11:0d:4c:b5:c8:6a:cd:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07fa540a25432e2aa4dca057845c359d214886f7
        Validity
            Not Before: Jan 11 09:03:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=409d7a5d6768cea4e8f5f0ad1483f80c70bc1e2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:af:04:bb:7b:c6:f1:3a:84:7a:35:ee:1c:6f:
                    0b:5c:2a:14:ed:fa:a6:1b:03:dd:9a:48:da:f3:a3:
                    7d:41:e2:8b:c3:cf:8b:3a:9f:77:af:7e:39:a2:5f:
                    74:d3:2c:54:47:85:18:bb:7a:29:24:ab:a7:2f:35:
                    ee:d5:6e:a2:ab:30:2a:cd:4e:12:1d:5a:42:e2:25:
                    72:77:53:e2:d4:4e:d7:8d:a6:94:a1:6d:09:91:da:
                    be:15:4f:85:5a:4e:5f:8b:0d:d2:dd:0b:fc:81:49:
                    f6:73:83:58:9a:d2:44:00:dc:c3:77:8f:2d:a5:09:
                    4d:de:a3:38:08:87:17:3f:2c:94:aa:93:76:d2:7b:
                    92:69:74:1b:63:7a:e6:f3:19:50:9f:6f:80:7b:d2:
                    4a:90:f8:3c:98:f8:a9:d8:7e:5f:36:5f:b3:03:6f:
                    5c:ec:71:87:02:fc:b8:db:60:74:1e:b7:c5:94:bb:
                    54:43:9b:e5:df:9e:2c:21:c8:57:75:3f:43:cd:42:
                    cc:ab:a7:e9:fa:7f:dc:82:87:ea:c0:a8:fd:a2:ad:
                    65:21:e9:9d:8b:d6:15:a4:ca:06:12:b1:f7:67:7c:
                    36:aa:72:03:72:e4:20:b0:74:e1:c1:14:7d:85:96:
                    1a:5a:ff:29:3e:88:ff:8e:94:58:82:2a:64:4d:06:
                    7f:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:9D:7A:5D:67:68:CE:A4:E8:F5:F0:AD:14:83:F8:0C:70:BC:1E:2D
            X509v3 Authority Key Identifier:
                keyid:07:FA:54:0A:25:43:2E:2A:A4:DC:A0:57:84:5C:35:9D:21:48:86:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B_pUCiVDLiqk3KBXhFw1nSFIhvc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/4307d1-b608-4581-992c-753741a80e94/1/QJ16XWdozqTo9fCtFIP4DHC8Hi0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/4307d1-b608-4581-992c-753741a80e94/1/B_pUCiVDLiqk3KBXhFw1nSFIhvc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.232.184.0/21
                  178.248.240.0/21
                  185.115.24.0/22
                IPv6:
                  2a02:1308::/29

    Signature Algorithm: sha256WithRSAEncryption
         73:7b:e2:ac:d5:52:0d:e7:db:66:40:10:06:b6:fe:fb:d3:64:
         6e:5c:e0:4d:e6:ec:67:91:5b:d0:ab:00:9b:db:a3:b2:9c:dc:
         8f:09:b4:fa:85:b2:9c:50:92:7a:53:0b:ce:da:d7:2b:54:f7:
         df:d1:58:c1:92:60:bb:7e:6f:9b:9e:ef:d2:2b:0a:c2:d6:5b:
         b2:ad:85:19:bc:67:62:14:f0:e6:bd:5f:ad:63:d3:ec:88:e3:
         e0:b2:64:35:1e:24:d4:62:e8:0b:24:2d:23:b0:de:77:46:8a:
         b4:39:ef:b2:98:29:e0:4d:63:76:1e:4f:63:28:be:83:82:1b:
         73:1b:fd:c3:5e:e5:fe:0c:f2:6c:84:c6:02:36:af:b5:e2:af:
         1d:2b:fc:71:d6:8f:92:8a:6a:7e:7b:6e:de:cb:87:31:4d:29:
         94:cc:38:18:dc:e4:05:e6:8b:02:d4:bf:b4:c1:4c:06:a3:f6:
         b4:7c:a8:6e:65:9e:1f:9a:4f:ac:17:40:5d:64:95:d6:b9:8d:
         4a:cb:85:28:ef:de:cf:30:2a:55:70:8d:77:0b:5d:43:0e:d0:
         7c:18:22:c9:cc:d2:61:d8:68:08:a3:74:91:0b:c4:26:91:75:
         58:c2:01:a5:55:5b:8a:7d:1e:42:96:9a:49:8a:67:88:84:70:
         f0:c8:58:35
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYz3w02FZh/0JBENTLXIas0tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3ZmE1NDBhMjU0MzJlMmFhNGRjYTA1Nzg0NWMzNTlkMjE0
ODg2ZjcwHhcNMjQwMTExMDkwMzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDlkN2E1ZDY3NjhjZWE0ZThmNWYwYWQxNDgzZjgwYzcwYmMxZTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApK8Eu3vG8TqEejXuHG8LXCoU7fqm
GwPdmkja86N9QeKLw8+LOp93r345ol900yxUR4UYu3opJKunLzXu1W6iqzAqzU4S
HVpC4iVyd1Pi1E7XjaaUoW0Jkdq+FU+FWk5fiw3S3Qv8gUn2c4NYmtJEANzDd48t
pQlN3qM4CIcXPyyUqpN20nuSaXQbY3rm8xlQn2+Ae9JKkPg8mPip2H5fNl+zA29c
7HGHAvy422B0HrfFlLtUQ5vl354sIchXdT9DzULMq6fp+n/cgofqwKj9oq1lIemd
i9YVpMoGErH3Z3w2qnIDcuQgsHThwRR9hZYaWv8pPoj/jpRYgipkTQZ/jQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFECdel1naM6k6PXwrRSD+AxwvB4tMB8GA1UdIwQY
MBaAFAf6VAolQy4qpNygV4RcNZ0hSIb3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQl9wVUNpVkRMaXFrM0tCWGhGdzFuU0ZJaHZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC80MzA3ZDEtYjYwOC00NTgxLTk5MmMt
NzUzNzQxYTgwZTk0LzEvUUoxNlhXZG96cVRvOWZDdEZJUDRESEM4SGkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC80MzA3ZDEtYjYwOC00NTgxLTk5MmMtNzUzNzQxYTgwZTk0
LzEvQl9wVUNpVkRMaXFrM0tCWGhGdzFuU0ZJaHZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDLui4AwQD
svjwAwQCuXMYMA0EAgACMAcDBQMqAhMIMA0GCSqGSIb3DQEBCwUAA4IBAQBze+Ks
1VIN59tmQBAGtv7702RuXOBN5uxnkVvQqwCb26OynNyPCbT6hbKcUJJ6UwvO2tcr
VPff0VjBkmC7fm+bnu/SKwrC1luyrYUZvGdiFPDmvV+tY9PsiOPgsmQ1HiTUYugL
JC0jsN53Roq0Oe+ymCngTWN2Hk9jKL6DghtzG/3DXuX+DPJshMYCNq+14q8dK/xx
1o+Simp+e27ey4cxTSmUzDgY3OQF5osC1L+0wUwGo/a0fKhuZZ4fmk+sF0BdZJXW
uY1Ky4Uo797PMCpVcI13C11DDtB8GCLJzNJh2GgIo3SRC8QmkXVYwgGlVVuKfR5C
lppJimeIhHDwyFg1
-----END CERTIFICATE-----