Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/c1b5ec-52ff-4ecb-b3fd-da95808ba2c1/1/KzagarXXK3l9EpO6gYBh5qLwXwg.roa
File:                     KzagarXXK3l9EpO6gYBh5qLwXwg.roa (raw, json)
Hash identifier:          Ia7ExvceknH7GHLbiBy3bjDyVhCLczhQdZ1EdXFmYmE=
Subject key identifier:   2B:36:A0:6A:B5:D7:2B:79:7D:12:93:BA:81:80:61:E6:A2:F0:5F:08
Certificate issuer:       /CN=86e99134171b5863f62f22b7d7abf740349528ec
Certificate serial:       01929A1A70368D03491056E7CEF18A72C44B
Authority key identifier: 86:E9:91:34:17:1B:58:63:F6:2F:22:B7:D7:AB:F7:40:34:95:28:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/humRNBcbWGP2LyK316v3QDSVKOw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/c1b5ec-52ff-4ecb-b3fd-da95808ba2c1/1/KzagarXXK3l9EpO6gYBh5qLwXwg.roa
Signing time:             Thu 17 Oct 2024 10:51:16 +0000
ROA not before:           Thu 17 Oct 2024 10:51:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60439
IP address blocks:        45.151.80.0/24 maxlen: 24
                          45.151.81.0/24 maxlen: 24
                          45.151.83.0/24 maxlen: 24
                          85.208.196.0/24 maxlen: 24
                          85.208.197.0/24 maxlen: 24
                          85.208.198.0/24 maxlen: 24
                          85.208.199.0/24 maxlen: 24
                          139.28.16.0/24 maxlen: 24
                          139.28.17.0/24 maxlen: 24
                          139.28.18.0/24 maxlen: 24
                          139.28.19.0/24 maxlen: 24
                          193.160.22.0/24 maxlen: 24
                          193.160.23.0/24 maxlen: 24
                          193.160.30.0/24 maxlen: 24
                          193.160.31.0/24 maxlen: 24
                          2a13:8240::/40 maxlen: 48
                          2a13:8240:100::/40 maxlen: 48

Validation:               Failed, certificate revoked on Fri 18 Oct 2024 09:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:9a:1a:70:36:8d:03:49:10:56:e7:ce:f1:8a:72:c4:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86e99134171b5863f62f22b7d7abf740349528ec
        Validity
            Not Before: Oct 17 10:51:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2b36a06ab5d72b797d1293ba818061e6a2f05f08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:d4:af:42:76:a2:94:df:8c:16:09:67:42:a3:
                    16:47:e1:b8:a2:e8:45:70:bb:f2:04:af:ab:6c:2a:
                    2a:63:b8:51:a5:e5:4a:4a:a0:5e:7c:61:dc:cb:21:
                    0f:b5:21:b7:b5:61:d7:f0:3d:cf:22:45:6c:a3:f7:
                    e4:0d:f3:b2:f8:6d:d4:b3:59:0a:4b:bc:49:03:aa:
                    be:6f:29:e3:d6:63:a0:af:0c:0f:84:1f:ea:3d:ec:
                    47:e0:8d:0b:67:ec:cf:07:f0:c4:34:0e:fb:e5:7f:
                    d9:e6:98:8b:42:71:d0:51:65:fb:ce:35:30:6a:ce:
                    86:30:9f:16:25:47:37:da:0e:3b:bc:a0:b7:86:db:
                    3a:c2:70:8c:46:f9:97:40:dd:5e:7d:e8:78:ec:8e:
                    81:e7:d8:0b:d1:e8:93:2c:b3:ef:61:a6:a9:ce:56:
                    75:69:76:70:af:7f:6a:d5:c2:9b:6d:6c:3e:76:33:
                    fe:2a:b7:9d:31:5e:1d:c5:55:83:9f:3d:5e:35:f1:
                    78:7d:7a:8c:29:14:ab:6f:56:8c:4f:b2:4f:75:f1:
                    a9:6f:54:fc:dc:a0:07:84:d9:7f:e7:fa:14:84:c0:
                    1f:dc:25:9c:5a:e9:c3:fb:e2:6e:b9:48:b5:a6:fb:
                    85:7b:5a:bc:e1:28:35:71:52:86:6c:d8:19:30:b2:
                    ea:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:36:A0:6A:B5:D7:2B:79:7D:12:93:BA:81:80:61:E6:A2:F0:5F:08
            X509v3 Authority Key Identifier:
                keyid:86:E9:91:34:17:1B:58:63:F6:2F:22:B7:D7:AB:F7:40:34:95:28:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/humRNBcbWGP2LyK316v3QDSVKOw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/c1b5ec-52ff-4ecb-b3fd-da95808ba2c1/1/KzagarXXK3l9EpO6gYBh5qLwXwg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/c1b5ec-52ff-4ecb-b3fd-da95808ba2c1/1/humRNBcbWGP2LyK316v3QDSVKOw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.80.0/23
                  45.151.83.0/24
                  85.208.196.0/22
                  139.28.16.0/22
                  193.160.22.0/23
                  193.160.30.0/23
                IPv6:
                  2a13:8240::/39

    Signature Algorithm: sha256WithRSAEncryption
         ae:bf:2f:ad:8b:3a:1d:0b:78:cc:f8:a4:da:46:a9:bc:03:c0:
         62:81:32:60:c1:7b:28:88:31:d2:82:e1:79:35:68:cc:fc:13:
         99:ec:d7:5e:31:6c:2a:66:cb:aa:dd:57:7b:71:b4:78:3d:01:
         37:69:b4:83:13:49:95:2e:7a:52:02:cf:74:28:7d:39:10:41:
         9e:70:a7:34:6f:45:a6:d2:0a:41:21:9d:a2:21:9d:fb:44:f9:
         04:35:93:07:1a:45:c1:9f:f9:91:17:bf:8b:74:e9:70:57:ab:
         6b:74:27:97:c1:5e:b3:be:c9:71:fc:38:ec:cb:4a:2e:bd:94:
         ec:eb:ea:54:c2:81:86:40:56:31:6d:87:7a:8e:f1:46:e0:b4:
         40:94:a4:88:48:e7:b8:7a:45:e5:18:10:34:b4:a7:ed:44:22:
         93:b9:a6:58:dc:39:d7:2c:cd:de:cb:c1:2b:d0:63:ec:00:aa:
         c5:63:b5:12:da:8f:7b:76:cd:3a:0c:c1:62:dc:b5:94:a0:b2:
         51:c5:8e:af:ca:22:94:7f:6d:29:82:7f:a6:47:69:af:e4:75:
         ca:8c:75:05:00:13:ec:4b:e2:93:e4:36:5a:24:11:77:f2:99:
         ae:f0:d0:28:3f:f5:0c:8d:a2:47:0c:85:87:7d:6d:e7:12:f7:
         7b:9b:c8:5b
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAZKaGnA2jQNJEFbnzvGKcsRLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZTk5MTM0MTcxYjU4NjNmNjJmMjJiN2Q3YWJmNzQwMzQ5
NTI4ZWMwHhcNMjQxMDE3MTA1MTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjM2YTA2YWI1ZDcyYjc5N2QxMjkzYmE4MTgwNjFlNmEyZjA1ZjA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuNSvQnailN+MFglnQqMWR+G4ouhF
cLvyBK+rbCoqY7hRpeVKSqBefGHcyyEPtSG3tWHX8D3PIkVso/fkDfOy+G3Us1kK
S7xJA6q+bynj1mOgrwwPhB/qPexH4I0LZ+zPB/DENA775X/Z5piLQnHQUWX7zjUw
as6GMJ8WJUc32g47vKC3hts6wnCMRvmXQN1efeh47I6B59gL0eiTLLPvYaapzlZ1
aXZwr39q1cKbbWw+djP+KredMV4dxVWDnz1eNfF4fXqMKRSrb1aMT7JPdfGpb1T8
3KAHhNl/5/oUhMAf3CWcWunD++JuuUi1pvuFe1q84Sg1cVKGbNgZMLLqJQIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFCs2oGq11yt5fRKTuoGAYeai8F8IMB8GA1UdIwQY
MBaAFIbpkTQXG1hj9i8it9er90A0lSjsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHVtUk5CY2JXR1AyTHlLMzE2djNRRFNWS093LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9jMWI1ZWMtNTJmZi00ZWNiLWIzZmQt
ZGE5NTgwOGJhMmMxLzEvS3phZ2FyWFhLM2w5RXBPNmdZQmg1cUx3WHdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9jMWI1ZWMtNTJmZi00ZWNiLWIzZmQtZGE5NTgwOGJhMmMx
LzEvaHVtUk5CY2JXR1AyTHlLMzE2djNRRFNWS093LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDAqBAIAATAkAwQBLZdQAwQA
LZdTAwQCVdDEAwQCixwQAwQBwaAWAwQBwaAeMA4EAgACMAgDBgEqE4JAADANBgkq
hkiG9w0BAQsFAAOCAQEArr8vrYs6HQt4zPik2kapvAPAYoEyYMF7KIgx0oLheTVo
zPwTmezXXjFsKmbLqt1Xe3G0eD0BN2m0gxNJlS56UgLPdCh9ORBBnnCnNG9FptIK
QSGdoiGd+0T5BDWTBxpFwZ/5kRe/i3TpcFera3Qnl8Fes77Jcfw47MtKLr2U7Ovq
VMKBhkBWMW2Heo7xRuC0QJSkiEjnuHpF5RgQNLSn7UQik7mmWNw51yzN3svBK9Bj
7ACqxWO1EtqPe3bNOgzBYty1lKCyUcWOr8oilH9tKYJ/pkdpr+R1yox1BQAT7Evi
k+Q2WiQRd/KZrvDQKD/1DI2iRwyFh31t5xL3e5vIWw==