Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/aba4-_AEa-xMNzdyWgNWhWFZobY.roa
File:                     aba4-_AEa-xMNzdyWgNWhWFZobY.roa (raw, json)
Hash identifier:          iayN8M11rj1bIPGsejMfv6P8Dp5J+/oFoKpLEeYm6mQ=
Subject key identifier:   69:B6:B8:FB:F0:04:6B:EC:4C:37:37:72:5A:03:56:85:61:59:A1:B6
Certificate issuer:       /CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Certificate serial:       018D78F7B0DF27A3B7543C981BAB3C5C5F16
Authority key identifier: 1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/aba4-_AEa-xMNzdyWgNWhWFZobY.roa
Signing time:             Mon 05 Feb 2024 11:11:54 +0000
ROA not before:           Mon 05 Feb 2024 11:11:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206509
IP address blocks:        62.164.128.0/18 maxlen: 18
                          62.164.144.0/21 maxlen: 21
                          62.164.192.0/21 maxlen: 21
                          86.54.0.0/16 maxlen: 16
                          193.108.169.0/24 maxlen: 24
                          194.62.44.0/22 maxlen: 22
                          194.164.97.0/24 maxlen: 24
                          194.164.114.0/24 maxlen: 24
                          194.164.181.0/24 maxlen: 24
                          195.26.224.0/19 maxlen: 19
                          195.200.0.0/19 maxlen: 19
                          213.254.171.0/24 maxlen: 24
                          213.254.178.0/24 maxlen: 24
                          213.254.185.0/24 maxlen: 24
                          217.154.0.0/16 maxlen: 16
                          2001:15e0::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 13 Feb 2024 15:24:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:78:f7:b0:df:27:a3:b7:54:3c:98:1b:ab:3c:5c:5f:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
        Validity
            Not Before: Feb  5 11:11:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=69b6b8fbf0046bec4c3737725a0356856159a1b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:6b:82:32:87:8c:c8:7e:09:fa:d6:e8:4f:32:
                    76:68:8e:36:4e:db:ac:57:ff:a1:ee:15:52:e2:6c:
                    6a:7b:07:01:9e:9c:2e:1d:5d:5a:b3:50:57:54:dd:
                    1c:d9:ef:44:ad:17:89:6b:45:f2:2f:f7:45:1f:fa:
                    10:cc:97:51:6c:ad:e5:df:c1:df:19:f9:a8:06:12:
                    9e:c4:15:9e:a2:e7:18:fe:34:97:8f:3f:12:1e:46:
                    32:8e:44:27:74:69:3f:b3:10:85:27:d0:3d:8e:e0:
                    f5:ad:67:f5:e1:63:0e:2f:ec:d9:5e:3d:2f:e4:c4:
                    3c:5d:73:95:a2:50:b5:6d:eb:a7:0b:9f:4a:2e:5e:
                    a1:15:64:49:c2:08:3b:e5:23:6f:e4:33:79:ee:06:
                    57:6e:b4:fb:93:eb:4b:b8:64:13:39:10:8d:22:75:
                    67:42:02:ed:5b:1e:ae:7f:be:63:cd:37:f7:18:f7:
                    dc:ef:b5:21:b1:1b:ce:8e:35:74:5d:a3:56:22:1c:
                    e8:04:77:1c:fb:bd:2b:ca:08:3d:f8:32:c1:51:e4:
                    aa:13:60:87:ad:45:87:32:e6:aa:ce:20:8f:28:0f:
                    d3:eb:86:f5:0c:18:f7:ae:2c:86:c2:ea:ec:3a:5c:
                    d5:02:7a:7f:a8:66:c6:ce:fc:fe:e4:bb:8b:62:76:
                    aa:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:B6:B8:FB:F0:04:6B:EC:4C:37:37:72:5A:03:56:85:61:59:A1:B6
            X509v3 Authority Key Identifier:
                keyid:1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/aba4-_AEa-xMNzdyWgNWhWFZobY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/HQH03_1vumbN-MN0ybDwR1UnBd0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.164.128.0-62.164.199.255
                  86.54.0.0/16
                  193.108.169.0/24
                  194.62.44.0/22
                  194.164.97.0/24
                  194.164.114.0/24
                  194.164.181.0/24
                  195.26.224.0/19
                  195.200.0.0/19
                  213.254.171.0/24
                  213.254.178.0/24
                  213.254.185.0/24
                  217.154.0.0/16
                IPv6:
                  2001:15e0::/32

    Signature Algorithm: sha256WithRSAEncryption
         5c:12:0b:46:ed:b2:62:6b:b4:0e:99:e7:16:58:67:15:3f:0a:
         a7:e1:12:38:c9:c7:df:0b:62:24:74:71:ee:60:83:0d:9c:0a:
         ab:ef:9e:58:ec:18:69:ed:33:28:0d:96:2f:63:61:99:ab:28:
         ac:72:85:54:1e:3c:49:c5:c2:52:95:92:35:7f:ae:91:ec:a5:
         54:e0:a6:c9:e9:5a:6f:08:72:45:02:0d:86:42:04:8b:72:1c:
         3c:76:0a:8e:0b:d6:4b:e0:6d:a2:db:b0:39:2a:fb:33:3c:3d:
         7c:c1:05:62:87:a2:9c:cd:1a:47:12:de:bc:4a:93:93:6d:5d:
         90:b9:73:e1:0f:a3:cc:0c:57:54:f7:ef:78:10:6e:bf:b0:7d:
         e1:67:c9:30:f4:20:6c:c4:80:1b:fd:0c:ff:71:57:bf:3a:e1:
         40:47:29:9b:f1:62:25:18:5f:01:ff:37:8d:11:20:38:84:2f:
         f2:f3:c6:68:f0:d5:4f:72:db:b8:c3:92:6f:b7:ba:3d:e3:ad:
         26:1e:9a:06:27:aa:83:0f:a9:68:38:b5:d1:78:89:bd:e1:76:
         24:97:66:2e:81:ec:53:87:72:a1:a1:0b:50:bb:b2:ba:6a:63:
         69:f1:90:8a:b1:7c:5d:b7:3e:28:ab:3c:c2:b5:2c:f7:37:60:
         1f:2f:84:fc
-----BEGIN CERTIFICATE-----
MIIFWjCCBEKgAwIBAgISAY1497DfJ6O3VDyYG6s8XF8WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMDFmNGRmZmQ2ZmJhNjZjZGY4YzM3NGM5YjBmMDQ3NTUy
NzA1ZGQwHhcNMjQwMjA1MTExMTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWI2YjhmYmYwMDQ2YmVjNGMzNzM3NzI1YTAzNTY4NTYxNTlhMWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArmuCMoeMyH4J+tboTzJ2aI42Ttus
V/+h7hVS4mxqewcBnpwuHV1as1BXVN0c2e9ErReJa0XyL/dFH/oQzJdRbK3l38Hf
GfmoBhKexBWeoucY/jSXjz8SHkYyjkQndGk/sxCFJ9A9juD1rWf14WMOL+zZXj0v
5MQ8XXOVolC1beunC59KLl6hFWRJwgg75SNv5DN57gZXbrT7k+tLuGQTORCNInVn
QgLtWx6uf75jzTf3GPfc77UhsRvOjjV0XaNWIhzoBHcc+70rygg9+DLBUeSqE2CH
rUWHMuaqziCPKA/T64b1DBj3riyGwursOlzVAnp/qGbGzvz+5LuLYnaq3QIDAQAB
o4ICZjCCAmIwHQYDVR0OBBYEFGm2uPvwBGvsTDc3cloDVoVhWaG2MB8GA1UdIwQY
MBaAFB0B9N/9b7pmzfjDdMmw8EdVJwXdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUt
ZmU0YTAyY2FlZjdmLzEvYWJhNC1fQUVhLXhNTnpkeVdnTldoV0Zab2JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUtZmU0YTAyY2FlZjdm
LzEvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHwGCCsGAQUFBwEHAQH/BG0wazBaBAIAATBUMAwDBAc+pIAD
BAM+pMADAwBWNgMEAMFsqQMEAsI+LAMEAMKkYQMEAMKkcgMEAMKktQMEBcMa4AME
BcPIAAMEANX+qwMEANX+sgMEANX+uQMDANmaMA0EAgACMAcDBQAgARXgMA0GCSqG
SIb3DQEBCwUAA4IBAQBcEgtG7bJia7QOmecWWGcVPwqn4RI4ycffC2IkdHHuYIMN
nAqr755Y7Bhp7TMoDZYvY2GZqyiscoVUHjxJxcJSlZI1f66R7KVU4KbJ6VpvCHJF
Ag2GQgSLchw8dgqOC9ZL4G2i27A5KvszPD18wQVih6KczRpHEt68SpOTbV2QuXPh
D6PMDFdU9+94EG6/sH3hZ8kw9CBsxIAb/Qz/cVe/OuFARymb8WIlGF8B/zeNESA4
hC/y88Zo8NVPctu4w5Jvt7o9460mHpoGJ6qDD6loOLXReIm94XYkl2YugexTh3Kh
oQtQu7K6amNp8ZCKsXxdtz4oqzzCtSz3N2AfL4T8