Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/c45811-75ba-4dd7-a421-f36d9ee346d4/1/44kkRonE5QHb0UFPz9LHxqgamvc.roa
File:                     44kkRonE5QHb0UFPz9LHxqgamvc.roa (raw, json)
Hash identifier:          or5OP2GcJRfYIYIoOrFBIxWjFkbVCynoE1G5AEzywpY=
Subject key identifier:   E3:89:24:46:89:C4:E5:01:DB:D1:41:4F:CF:D2:C7:C6:A8:1A:9A:F7
Certificate issuer:       /CN=2e0a2316f4e9b58aa52deee5c7d1f4b84476ec86
Certificate serial:       018F1573FB206B991792E925FD34FC4B26F4
Authority key identifier: 2E:0A:23:16:F4:E9:B5:8A:A5:2D:EE:E5:C7:D1:F4:B8:44:76:EC:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LgojFvTptYqlLe7lx9H0uER27IY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/c45811-75ba-4dd7-a421-f36d9ee346d4/1/44kkRonE5QHb0UFPz9LHxqgamvc.roa
Signing time:             Thu 25 Apr 2024 13:31:13 +0000
ROA not before:           Thu 25 Apr 2024 13:31:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29545
IP address blocks:        86.111.37.0/24 maxlen: 24
                          86.111.38.0/24 maxlen: 24
                          86.111.39.0/24 maxlen: 24
                          86.111.40.0/22 maxlen: 22
                          86.111.40.0/24 maxlen: 24
                          86.111.41.0/24 maxlen: 24
                          86.111.50.0/23 maxlen: 23
                          86.111.50.0/24 maxlen: 24
                          213.163.229.0/24 maxlen: 24
                          213.163.232.0/24 maxlen: 24
                          213.163.233.0/24 maxlen: 24
                          213.163.236.0/23 maxlen: 23
                          213.163.238.0/24 maxlen: 24
                          213.163.242.0/23 maxlen: 23
                          213.163.244.0/23 maxlen: 23
                          213.163.248.0/23 maxlen: 23
                          213.163.254.0/24 maxlen: 24
                          2a00:1f88::/32 maxlen: 32
                          2a00:1f88:a402::/48 maxlen: 48

Validation:               Failed, certificate revoked on Thu 25 Apr 2024 17:28:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:15:73:fb:20:6b:99:17:92:e9:25:fd:34:fc:4b:26:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e0a2316f4e9b58aa52deee5c7d1f4b84476ec86
        Validity
            Not Before: Apr 25 13:31:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e389244689c4e501dbd1414fcfd2c7c6a81a9af7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:45:ed:c0:f5:a6:0d:f7:5f:95:c9:9a:91:9f:
                    45:f4:bc:ce:86:f3:fe:52:8e:18:76:5c:c4:11:5c:
                    c9:b3:41:ce:73:09:71:4a:f6:83:03:53:38:bf:d2:
                    c9:91:9f:13:e3:44:46:75:d6:57:1a:00:e6:cb:8c:
                    e1:2f:93:ed:64:d8:f0:af:5a:ab:e6:d1:7d:89:57:
                    8b:29:9c:a7:3f:b8:ec:9b:ce:bc:cb:fd:e1:e2:f1:
                    ee:71:91:d9:f2:42:d7:07:a3:ef:8c:25:04:42:dd:
                    9d:7f:8d:53:14:fe:ad:e2:bb:91:fc:c9:ba:48:d7:
                    91:48:3f:41:cd:26:52:3a:82:7a:90:d7:a6:38:8d:
                    96:d1:e1:9d:c7:7e:86:0a:14:79:ac:4a:77:ae:da:
                    17:fb:fc:ba:be:85:3f:fb:cf:46:5d:e7:cc:54:db:
                    e1:55:9a:88:1a:8f:ff:d6:1e:e3:56:d3:55:c1:5e:
                    45:cc:6b:62:7b:f3:b2:b9:eb:7d:7f:65:da:a5:df:
                    28:e6:9a:73:fb:00:ed:54:30:e9:43:36:e5:67:72:
                    7b:4b:44:b4:b5:d2:be:08:46:db:e3:71:2f:7e:e2:
                    26:0f:12:1e:4a:21:56:6b:d0:08:9a:d3:f4:fa:8d:
                    5a:2d:49:f9:17:6d:ac:ab:7d:9b:e6:14:33:d7:66:
                    7d:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:89:24:46:89:C4:E5:01:DB:D1:41:4F:CF:D2:C7:C6:A8:1A:9A:F7
            X509v3 Authority Key Identifier:
                keyid:2E:0A:23:16:F4:E9:B5:8A:A5:2D:EE:E5:C7:D1:F4:B8:44:76:EC:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LgojFvTptYqlLe7lx9H0uER27IY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/c45811-75ba-4dd7-a421-f36d9ee346d4/1/44kkRonE5QHb0UFPz9LHxqgamvc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/c45811-75ba-4dd7-a421-f36d9ee346d4/1/LgojFvTptYqlLe7lx9H0uER27IY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.111.37.0-86.111.43.255
                  86.111.50.0/23
                  213.163.229.0/24
                  213.163.232.0/23
                  213.163.236.0-213.163.238.255
                  213.163.242.0-213.163.245.255
                  213.163.248.0/23
                  213.163.254.0/24
                IPv6:
                  2a00:1f88::/32

    Signature Algorithm: sha256WithRSAEncryption
         61:5e:c1:a8:b0:58:a9:70:c5:d6:b5:34:fb:32:af:b3:9b:83:
         bf:e0:44:bf:b7:3f:47:68:a7:98:5d:f7:ac:f0:54:cd:6d:ca:
         a7:12:67:92:71:23:63:b9:4c:37:f5:d7:d1:5f:af:3d:8e:c4:
         e3:60:0d:77:e3:8f:7b:be:e7:73:3f:03:ff:85:fc:30:8b:46:
         a5:07:cf:af:bf:2a:c4:16:7f:73:14:cc:76:20:03:6f:13:68:
         7b:69:37:47:cb:5f:f7:2f:a3:14:16:e3:d1:00:52:06:99:4f:
         28:db:12:b1:4e:16:51:5e:47:c6:ef:7e:43:c6:90:91:de:69:
         e9:89:2d:93:72:8f:d6:f3:00:35:68:d6:b8:f9:90:79:2d:ca:
         6e:5a:b6:bb:78:36:29:ad:fe:f8:93:1e:0e:cd:51:7e:d8:79:
         05:34:7c:8a:66:36:48:a1:62:b8:20:e2:92:a5:b8:1a:2b:95:
         43:2e:1e:32:e3:ae:3f:c1:dd:8e:ff:d0:3c:71:8b:44:da:1a:
         ad:e7:32:f3:85:94:db:52:31:9c:3d:da:69:a2:1d:9f:e8:d7:
         8a:c1:b7:1c:0c:3d:1d:a6:a2:17:02:d2:8d:06:d2:ad:52:5d:
         f8:37:ba:5f:55:81:42:a5:89:69:0d:98:02:e1:5d:c9:90:f8:
         5c:fd:58:9b
-----BEGIN CERTIFICATE-----
MIIFTjCCBDagAwIBAgISAY8Vc/sga5kXkukl/TT8Syb0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMGEyMzE2ZjRlOWI1OGFhNTJkZWVlNWM3ZDFmNGI4NDQ3
NmVjODYwHhcNMjQwNDI1MTMzMTEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzg5MjQ0Njg5YzRlNTAxZGJkMTQxNGZjZmQyYzdjNmE4MWE5YWY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAokXtwPWmDfdflcmakZ9F9LzOhvP+
Uo4YdlzEEVzJs0HOcwlxSvaDA1M4v9LJkZ8T40RGddZXGgDmy4zhL5PtZNjwr1qr
5tF9iVeLKZynP7jsm868y/3h4vHucZHZ8kLXB6PvjCUEQt2df41TFP6t4ruR/Mm6
SNeRSD9BzSZSOoJ6kNemOI2W0eGdx36GChR5rEp3rtoX+/y6voU/+89GXefMVNvh
VZqIGo//1h7jVtNVwV5FzGtie/Oyuet9f2Xapd8o5ppz+wDtVDDpQzblZ3J7S0S0
tdK+CEbb43EvfuImDxIeSiFWa9AImtP0+o1aLUn5F22sq32b5hQz12Z98wIDAQAB
o4ICWjCCAlYwHQYDVR0OBBYEFOOJJEaJxOUB29FBT8/Sx8aoGpr3MB8GA1UdIwQY
MBaAFC4KIxb06bWKpS3u5cfR9LhEduyGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGdvakZ2VHB0WXFsTGU3bHg5SDB1RVIyN0lZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC9jNDU4MTEtNzViYS00ZGQ3LWE0MjEt
ZjM2ZDllZTM0NmQ0LzEvNDRra1JvbkU1UUhiMFVGUHo5TEh4cWdhbXZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC9jNDU4MTEtNzViYS00ZGQ3LWE0MjEtZjM2ZDllZTM0NmQ0
LzEvTGdvakZ2VHB0WXFsTGU3bHg5SDB1RVIyN0lZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHAGCCsGAQUFBwEHAQH/BGEwXzBOBAIAATBIMAwDBABWbyUD
BAJWbygDBAFWbzIDBADVo+UDBAHVo+gwDAMEAtWj7AMEANWj7jAMAwQB1aPyAwQB
1aP0AwQB1aP4AwQA1aP+MA0EAgACMAcDBQAqAB+IMA0GCSqGSIb3DQEBCwUAA4IB
AQBhXsGosFipcMXWtTT7Mq+zm4O/4ES/tz9HaKeYXfes8FTNbcqnEmeScSNjuUw3
9dfRX689jsTjYA134497vudzPwP/hfwwi0alB8+vvyrEFn9zFMx2IANvE2h7aTdH
y1/3L6MUFuPRAFIGmU8o2xKxThZRXkfG735DxpCR3mnpiS2Tco/W8wA1aNa4+ZB5
LcpuWra7eDYprf74kx4OzVF+2HkFNHyKZjZIoWK4IOKSpbgaK5VDLh4y464/wd2O
/9A8cYtE2hqt5zLzhZTbUjGcPdppoh2f6NeKwbccDD0dpqIXAtKNBtKtUl34N7pf
VYFCpYlpDZgC4V3JkPhc/Vib
-----END CERTIFICATE-----