Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/806532-54e9-4b49-b8a7-9e220f04a901/1/htkxxLenbnhpcofc6B-Fc2A-eec.roa
File:                     htkxxLenbnhpcofc6B-Fc2A-eec.roa (raw, json)
Hash identifier:          vK9UELlqBHd00ef5MyXePOZEmlJRaS84iY1jHIWZpMw=
Subject key identifier:   86:D9:31:C4:B7:A7:6E:78:69:72:87:DC:E8:1F:85:73:60:3E:79:E7
Certificate issuer:       /CN=a3674d5884a50a84e07dbdf6798ddcbb9cc2032e
Certificate serial:       0188E7DFFEBA5063AB95B98991B62DF20216
Authority key identifier: A3:67:4D:58:84:A5:0A:84:E0:7D:BD:F6:79:8D:DC:BB:9C:C2:03:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o2dNWISlCoTgfb32eY3cu5zCAy4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/806532-54e9-4b49-b8a7-9e220f04a901/1/htkxxLenbnhpcofc6B-Fc2A-eec.roa
Signing time:             Fri 23 Jun 2023 10:49:56 +0000
ROA not before:           Fri 23 Jun 2023 10:49:56 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     48158
IP address blocks:        176.58.41.0/24 maxlen: 24
                          176.58.40.0/23 maxlen: 24
                          176.58.39.0/24 maxlen: 24
                          176.58.38.0/23 maxlen: 24
                          176.58.43.0/24 maxlen: 24
                          176.58.42.0/24 maxlen: 24
                          176.58.48.0/23 maxlen: 23
                          176.58.47.0/24 maxlen: 24
                          176.58.46.0/24 maxlen: 24
                          176.58.45.0/24 maxlen: 24
                          176.58.50.0/24 maxlen: 24
                          176.58.55.0/24 maxlen: 24
                          176.58.54.0/24 maxlen: 24
                          176.58.53.0/24 maxlen: 24
                          176.58.52.0/24 maxlen: 24
                          176.58.57.0/24 maxlen: 24
                          176.58.56.0/24 maxlen: 24
                          146.255.212.0/22 maxlen: 24
                          146.255.216.0/21 maxlen: 24
                          185.190.190.0/24 maxlen: 24
                          212.124.96.0/22 maxlen: 24
                          212.124.100.0/22 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 20:31:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:e7:df:fe:ba:50:63:ab:95:b9:89:91:b6:2d:f2:02:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a3674d5884a50a84e07dbdf6798ddcbb9cc2032e
        Validity
            Not Before: Jun 23 10:49:56 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=86d931c4b7a76e78697287dce81f8573603e79e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:3f:2a:aa:37:9c:59:c1:57:a3:b2:be:91:98:
                    16:85:41:00:1b:68:3a:b8:12:aa:b4:6c:78:2f:66:
                    ae:1d:7e:85:80:ae:da:28:cd:8b:49:aa:17:a2:57:
                    a5:e9:69:a3:b2:7c:a9:ac:33:b4:aa:53:fd:5a:2c:
                    ef:72:f6:19:e0:06:87:76:7d:45:b8:26:74:4f:65:
                    b9:12:c8:d9:ca:01:35:99:fd:5b:cb:68:5e:98:71:
                    22:f5:64:61:1f:29:a0:b5:d9:1a:f5:3c:ee:fc:53:
                    a7:a8:0c:2d:bb:74:bb:24:81:95:b4:06:1b:2b:e6:
                    09:0c:20:79:40:f7:dc:11:99:d9:df:85:06:1e:34:
                    e5:20:24:47:1e:c2:f1:0a:dd:18:a1:56:d4:ae:63:
                    41:32:65:68:dc:d8:f5:66:6d:47:f2:2b:88:7c:7e:
                    28:8d:8c:c0:c8:de:ed:d6:96:5d:1c:97:e4:2d:36:
                    cb:8e:50:cc:04:5b:6c:d9:75:42:33:28:97:cd:76:
                    a6:26:8a:1e:0b:ed:ae:24:eb:7f:11:19:10:ac:c6:
                    a6:78:ea:dc:fd:82:8a:d0:c4:74:8d:7d:5a:b5:12:
                    6b:e3:66:61:7a:f2:f6:fa:b9:f1:8e:68:45:33:b5:
                    53:e7:fa:0e:78:67:08:b9:85:c5:71:d2:9c:a5:8e:
                    e6:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:D9:31:C4:B7:A7:6E:78:69:72:87:DC:E8:1F:85:73:60:3E:79:E7
            X509v3 Authority Key Identifier:
                keyid:A3:67:4D:58:84:A5:0A:84:E0:7D:BD:F6:79:8D:DC:BB:9C:C2:03:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o2dNWISlCoTgfb32eY3cu5zCAy4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/806532-54e9-4b49-b8a7-9e220f04a901/1/htkxxLenbnhpcofc6B-Fc2A-eec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/806532-54e9-4b49-b8a7-9e220f04a901/1/o2dNWISlCoTgfb32eY3cu5zCAy4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.255.212.0-146.255.223.255
                  176.58.38.0-176.58.43.255
                  176.58.45.0-176.58.50.255
                  176.58.52.0-176.58.57.255
                  185.190.190.0/24
                  212.124.96.0/21

    Signature Algorithm: sha256WithRSAEncryption
         8e:f2:2c:c4:61:d1:64:d8:0d:e7:a3:54:0a:d5:c4:69:35:1f:
         5e:b1:a8:30:ec:5e:42:40:cd:79:13:7e:a7:fa:cf:17:9c:88:
         c2:e9:a6:8a:cc:b7:66:00:c2:8d:ad:38:4d:78:f0:bd:92:51:
         fb:17:e8:23:89:a6:7f:71:01:4e:eb:4d:9a:6f:43:65:d5:7f:
         ab:ba:07:8d:46:8c:68:8d:e9:90:04:cb:5b:bd:f9:4e:34:b2:
         44:3e:c8:90:12:82:5a:cb:b4:37:1f:c8:3e:82:7c:77:7b:4c:
         56:9f:4f:e3:4d:2a:fe:78:85:dd:00:37:a3:6f:d6:0d:07:1e:
         b7:f8:e5:f4:d1:a1:06:52:fe:8f:c1:31:6d:2a:d6:0c:09:14:
         45:61:56:26:2e:e3:7d:c2:27:58:f4:04:2f:f7:bd:81:2f:43:
         6b:ea:c9:38:1f:6f:d4:48:e3:4d:54:a3:d1:e9:38:b2:09:1b:
         17:af:c5:1b:b5:ed:11:11:0a:13:7d:e6:d6:36:78:a2:42:a7:
         3d:b0:81:dd:fa:ed:73:0f:91:ef:c3:5e:37:93:5c:46:24:f1:
         03:bf:a0:ab:53:38:53:61:9a:67:57:7b:00:81:3b:0b:9c:a5:
         7c:33:b1:d5:65:cd:41:4f:bf:89:f4:a5:50:87:a0:ef:29:ad:
         b9:0b:ed:cc
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYjn3/66UGOrlbmJkbYt8gIWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzNjc0ZDU4ODRhNTBhODRlMDdkYmRmNjc5OGRkY2JiOWNj
MjAzMmUwHhcNMjMwNjIzMTA0OTU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmQ5MzFjNGI3YTc2ZTc4Njk3Mjg3ZGNlODFmODU3MzYwM2U3OWU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnT8qqjecWcFXo7K+kZgWhUEAG2g6
uBKqtGx4L2auHX6FgK7aKM2LSaoXolel6WmjsnyprDO0qlP9WizvcvYZ4AaHdn1F
uCZ0T2W5EsjZygE1mf1by2hemHEi9WRhHymgtdka9Tzu/FOnqAwtu3S7JIGVtAYb
K+YJDCB5QPfcEZnZ34UGHjTlICRHHsLxCt0YoVbUrmNBMmVo3Nj1Zm1H8iuIfH4o
jYzAyN7t1pZdHJfkLTbLjlDMBFts2XVCMyiXzXamJooeC+2uJOt/ERkQrMameOrc
/YKK0MR0jX1atRJr42ZhevL2+rnxjmhFM7VT5/oOeGcIuYXFcdKcpY7mvQIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFIbZMcS3p254aXKH3OgfhXNgPnnnMB8GA1UdIwQY
MBaAFKNnTViEpQqE4H299nmN3LucwgMuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzJkTldJU2xDb1RnZmIzMmVZM2N1NXpDQXk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84MDY1MzItNTRlOS00YjQ5LWI4YTct
OWUyMjBmMDRhOTAxLzEvaHRreHhMZW5ibmhwY29mYzZCLUZjMkEtZWVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84MDY1MzItNTRlOS00YjQ5LWI4YTctOWUyMjBmMDRhOTAx
LzEvbzJkTldJU2xDb1RnZmIzMmVZM2N1NXpDQXk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEMAwDBAKS/9QD
BAWS/8AwDAMEAbA6JgMEArA6KDAMAwQAsDotAwQAsDoyMAwDBAKwOjQDBAGwOjgD
BAC5vr4DBAPUfGAwDQYJKoZIhvcNAQELBQADggEBAI7yLMRh0WTYDeejVArVxGk1
H16xqDDsXkJAzXkTfqf6zxeciMLpporMt2YAwo2tOE148L2SUfsX6COJpn9xAU7r
TZpvQ2XVf6u6B41GjGiN6ZAEy1u9+U40skQ+yJASglrLtDcfyD6CfHd7TFafT+NN
Kv54hd0AN6Nv1g0HHrf45fTRoQZS/o/BMW0q1gwJFEVhViYu433CJ1j0BC/3vYEv
Q2vqyTgfb9RI401Uo9HpOLIJGxevxRu17RERChN95tY2eKJCpz2wgd367XMPke/D
XjeTXEYk8QO/oKtTOFNhmmdXewCBOwucpXwzsdVlzUFPv4n0pVCHoO8prbkL7cw=
-----END CERTIFICATE-----