Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/06444c-9d9b-4c6b-950b-79c8987a8b1c/1/rh4RRoQ1WdDayewg7VpOOUUsMZg.roa
File:                     rh4RRoQ1WdDayewg7VpOOUUsMZg.roa (raw, json)
Hash identifier:          8KBCbt8Eb9pqRdAWcZK6VOQ/P3IykkOtdMIlDwKu1zI=
Subject key identifier:   AE:1E:11:46:84:35:59:D0:DA:C9:EC:20:ED:5A:4E:39:45:2C:31:98
Certificate issuer:       /CN=5a43e9e267956e7f262c17f0089f0f60ba7abefb
Certificate serial:       018BB40A05F4A43AC3015DC488F45CF077EF
Authority key identifier: 5A:43:E9:E2:67:95:6E:7F:26:2C:17:F0:08:9F:0F:60:BA:7A:BE:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WkPp4meVbn8mLBfwCJ8PYLp6vvs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/06444c-9d9b-4c6b-950b-79c8987a8b1c/1/rh4RRoQ1WdDayewg7VpOOUUsMZg.roa
Signing time:             Thu 09 Nov 2023 12:23:57 +0000
ROA not before:           Thu 09 Nov 2023 12:23:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43987
IP address blocks:        46.49.173.0/24 maxlen: 24
                          95.177.192.0/19 maxlen: 19
                          46.49.210.0/24 maxlen: 24
                          95.177.224.0/19 maxlen: 19
                          46.49.132.0/24 maxlen: 24
                          46.49.135.0/24 maxlen: 24
                          46.49.144.0/24 maxlen: 24
                          46.49.140.0/24 maxlen: 24
                          46.49.143.0/24 maxlen: 24
                          95.177.148.0/24 maxlen: 24
                          95.177.149.0/24 maxlen: 24
                          95.177.156.0/23 maxlen: 23
                          2a02:df5::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 20:29:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:b4:0a:05:f4:a4:3a:c3:01:5d:c4:88:f4:5c:f0:77:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a43e9e267956e7f262c17f0089f0f60ba7abefb
        Validity
            Not Before: Nov  9 12:23:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ae1e1146843559d0dac9ec20ed5a4e39452c3198
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:fe:8d:21:3b:da:cd:4f:69:e7:72:d5:fa:0c:
                    d9:21:4f:0b:3d:b4:c8:a9:cb:ba:b2:e3:2d:9e:88:
                    ff:a4:4e:35:62:54:e7:a0:e5:1c:93:bf:b9:11:e4:
                    7b:19:e1:ab:bc:e5:1e:3e:36:42:14:4b:32:51:39:
                    87:9f:3c:53:0c:3e:a4:bf:df:02:61:2b:e4:a1:2d:
                    ea:d1:2b:ec:64:b8:99:df:d3:73:27:44:7e:e5:48:
                    69:f2:97:6a:24:80:94:5c:47:81:11:c8:42:f4:41:
                    98:48:e3:54:b5:8a:b2:dd:fa:b1:d0:94:69:79:dd:
                    68:17:e8:3c:d0:d8:6a:01:b7:02:89:cf:52:69:c0:
                    52:42:75:df:ec:8b:a3:d4:47:a5:1b:9e:d6:83:b1:
                    40:1c:7e:a6:5e:05:20:b7:79:bf:88:d7:63:27:77:
                    14:ea:1c:0c:2b:5a:87:99:ac:00:97:96:d4:03:40:
                    c4:bb:88:7b:c4:bc:42:fc:3a:31:0f:b3:66:02:a7:
                    ef:d9:48:41:26:79:81:10:e0:13:3a:ed:18:00:35:
                    28:68:64:60:a4:88:ec:31:aa:80:79:f9:aa:42:75:
                    3c:88:d4:5b:9b:89:c9:12:51:9c:1e:1d:20:9a:6f:
                    17:dc:d5:9f:54:81:67:a6:ae:5a:11:aa:46:1e:c4:
                    10:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:1E:11:46:84:35:59:D0:DA:C9:EC:20:ED:5A:4E:39:45:2C:31:98
            X509v3 Authority Key Identifier:
                keyid:5A:43:E9:E2:67:95:6E:7F:26:2C:17:F0:08:9F:0F:60:BA:7A:BE:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WkPp4meVbn8mLBfwCJ8PYLp6vvs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/06444c-9d9b-4c6b-950b-79c8987a8b1c/1/rh4RRoQ1WdDayewg7VpOOUUsMZg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/06444c-9d9b-4c6b-950b-79c8987a8b1c/1/WkPp4meVbn8mLBfwCJ8PYLp6vvs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.49.132.0/24
                  46.49.135.0/24
                  46.49.140.0/24
                  46.49.143.0-46.49.144.255
                  46.49.173.0/24
                  46.49.210.0/24
                  95.177.148.0/23
                  95.177.156.0/23
                  95.177.192.0/18
                IPv6:
                  2a02:df5::/32

    Signature Algorithm: sha256WithRSAEncryption
         1e:7c:f4:4a:93:78:d4:bc:f2:d3:dc:7d:af:be:9a:2c:80:1b:
         5b:06:10:29:8b:f5:de:9e:2c:46:fd:79:0e:79:7f:66:38:3d:
         d3:0d:2e:16:af:d4:66:76:a1:ef:43:66:01:c9:e1:5b:72:c8:
         04:cd:50:75:f4:fa:79:82:11:9d:e9:5b:ab:47:ad:bf:64:29:
         88:b0:d4:0f:4a:20:a7:e7:07:70:70:c0:68:80:2d:a0:9a:17:
         ab:f5:4e:6f:b8:93:48:c5:fd:25:84:da:59:e1:94:d4:db:ac:
         4b:1b:72:51:d0:c0:a8:93:cd:6e:bf:08:de:2f:a1:4b:4a:44:
         d0:df:74:a1:80:96:99:bf:49:d7:7c:7b:60:f8:12:ed:44:37:
         21:a5:bc:43:2f:35:1f:25:f3:e6:06:95:17:bc:0f:07:6c:b7:
         ef:d5:ed:b4:0a:62:58:47:77:85:77:05:d9:69:85:a9:7e:47:
         fd:13:81:d9:f4:30:64:8c:d8:a5:54:9e:ac:8f:59:f6:37:10:
         c2:6f:09:2e:51:e1:90:49:bb:7c:ee:01:8f:de:8c:25:84:9a:
         df:c5:2e:2e:db:9a:49:8a:ea:5c:06:07:d5:e8:99:f3:cf:49:
         57:00:4e:52:de:0c:c6:dd:c4:dd:80:2d:cc:08:ee:9c:8c:13:
         13:a7:23:9e
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAYu0CgX0pDrDAV3EiPRc8HfvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhNDNlOWUyNjc5NTZlN2YyNjJjMTdmMDA4OWYwZjYwYmE3
YWJlZmIwHhcNMjMxMTA5MTIyMzU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTFlMTE0Njg0MzU1OWQwZGFjOWVjMjBlZDVhNGUzOTQ1MmMzMTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArP6NITvazU9p53LV+gzZIU8LPbTI
qcu6suMtnoj/pE41YlTnoOUck7+5EeR7GeGrvOUePjZCFEsyUTmHnzxTDD6kv98C
YSvkoS3q0SvsZLiZ39NzJ0R+5Uhp8pdqJICUXEeBEchC9EGYSONUtYqy3fqx0JRp
ed1oF+g80NhqAbcCic9SacBSQnXf7Iuj1EelG57Wg7FAHH6mXgUgt3m/iNdjJ3cU
6hwMK1qHmawAl5bUA0DEu4h7xLxC/DoxD7NmAqfv2UhBJnmBEOATOu0YADUoaGRg
pIjsMaqAefmqQnU8iNRbm4nJElGcHh0gmm8X3NWfVIFnpq5aEapGHsQQpQIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFK4eEUaENVnQ2snsIO1aTjlFLDGYMB8GA1UdIwQY
MBaAFFpD6eJnlW5/JiwX8AifD2C6er77MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2tQcDRtZVZibjhtTEJmd0NKOFBZTHA2dnZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC8wNjQ0NGMtOWQ5Yi00YzZiLTk1MGIt
NzljODk4N2E4YjFjLzEvcmg0UlJvUTFXZERheWV3ZzdWcE9PVVVzTVpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC8wNjQ0NGMtOWQ5Yi00YzZiLTk1MGItNzljODk4N2E4YjFj
LzEvV2tQcDRtZVZibjhtTEJmd0NKOFBZTHA2dnZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTBEBAIAATA+AwQALjGEAwQA
LjGHAwQALjGMMAwDBAAuMY8DBAAuMZADBAAuMa0DBAAuMdIDBAFfsZQDBAFfsZwD
BAZfscAwDQQCAAIwBwMFACoCDfUwDQYJKoZIhvcNAQELBQADggEBAB589EqTeNS8
8tPcfa++miyAG1sGECmL9d6eLEb9eQ55f2Y4PdMNLhav1GZ2oe9DZgHJ4VtyyATN
UHX0+nmCEZ3pW6tHrb9kKYiw1A9KIKfnB3BwwGiALaCaF6v1Tm+4k0jF/SWE2lnh
lNTbrEsbclHQwKiTzW6/CN4voUtKRNDfdKGAlpm/Sdd8e2D4Eu1ENyGlvEMvNR8l
8+YGlRe8Dwdst+/V7bQKYlhHd4V3Bdlphal+R/0Tgdn0MGSM2KVUnqyPWfY3EMJv
CS5R4ZBJu3zuAY/ejCWEmt/FLi7bmkmK6lwGB9XomfPPSVcATlLeDMbdxN2ALcwI
7pyMExOnI54=
-----END CERTIFICATE-----