Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/289b1d-08dd-4d53-b12d-7d4028a1bf59/1/4enkdUdIsI0CMuK2JcKBDlYZuT4.roa
File:                     4enkdUdIsI0CMuK2JcKBDlYZuT4.roa (raw, json)
Hash identifier:          qqLb0flwkL8Y0BP+8Nyog0oAUM4JF1Ez3yfsaDA/1Ng=
Subject key identifier:   E1:E9:E4:75:47:48:B0:8D:02:32:E2:B6:25:C2:81:0E:56:19:B9:3E
Certificate issuer:       /CN=a6f87cf4a15b9e7822455b3aa8af0b5ed3a299f7
Certificate serial:       018EAED58C30325C11A5222BF771FCF71CEE
Authority key identifier: A6:F8:7C:F4:A1:5B:9E:78:22:45:5B:3A:A8:AF:0B:5E:D3:A2:99:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pvh89KFbnngiRVs6qK8LXtOimfc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/289b1d-08dd-4d53-b12d-7d4028a1bf59/1/4enkdUdIsI0CMuK2JcKBDlYZuT4.roa
Signing time:             Fri 05 Apr 2024 15:16:54 +0000
ROA not before:           Fri 05 Apr 2024 15:16:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42831
IP address blocks:        81.92.192.0/22 maxlen: 22
                          91.109.112.0/21 maxlen: 21
                          94.46.184.0/22 maxlen: 22
                          94.46.192.0/22 maxlen: 22
                          94.46.207.0/24 maxlen: 24
                          94.46.220.0/22 maxlen: 22
                          94.46.244.0/22 maxlen: 22
                          185.99.252.0/24 maxlen: 24
                          185.99.253.0/24 maxlen: 24
                          185.99.254.0/24 maxlen: 24
                          185.109.168.0/22 maxlen: 22

Validation:               Failed, certificate revoked on Thu 18 Apr 2024 12:58:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:ae:d5:8c:30:32:5c:11:a5:22:2b:f7:71:fc:f7:1c:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a6f87cf4a15b9e7822455b3aa8af0b5ed3a299f7
        Validity
            Not Before: Apr  5 15:16:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e1e9e4754748b08d0232e2b625c2810e5619b93e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:34:ec:d6:4f:fe:a1:af:d3:fa:07:85:3c:37:
                    09:27:43:30:c8:66:74:41:ea:c7:b2:76:31:3d:99:
                    f3:b4:8e:d4:41:80:62:92:3f:b4:58:f2:1e:77:69:
                    34:ed:40:0f:7d:40:e6:a3:a4:14:70:1b:f2:44:36:
                    ee:46:44:ab:40:1a:2d:a8:cd:bb:c7:29:48:89:6f:
                    4a:67:b6:6f:d3:f1:52:5e:ba:f4:47:99:01:0a:3a:
                    d1:17:34:28:9b:b4:ba:61:16:80:3a:8c:e2:f3:05:
                    80:fd:b1:ca:8b:f6:5e:75:0f:66:01:cd:ab:37:a7:
                    67:16:b9:0b:84:cc:d2:e8:25:5f:e8:a6:73:97:c8:
                    8b:3a:2d:53:09:6f:13:74:46:7e:b8:0d:49:0b:65:
                    4f:f9:61:46:92:d2:7b:50:f0:13:43:23:37:48:c2:
                    c5:99:ec:dd:65:91:41:ab:60:d2:ed:6f:08:1a:6f:
                    c9:c6:87:cd:19:3d:b3:15:bf:89:a5:29:26:d8:5a:
                    aa:18:0b:61:c2:a2:96:0d:21:a6:7c:55:c3:62:74:
                    e5:44:76:7d:07:21:20:fa:6e:6f:2d:c0:16:d4:24:
                    fd:c2:67:58:39:d2:43:10:73:28:5a:26:3c:80:d6:
                    01:88:06:f4:c1:aa:e4:01:5c:99:30:17:86:59:39:
                    fd:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:E9:E4:75:47:48:B0:8D:02:32:E2:B6:25:C2:81:0E:56:19:B9:3E
            X509v3 Authority Key Identifier:
                keyid:A6:F8:7C:F4:A1:5B:9E:78:22:45:5B:3A:A8:AF:0B:5E:D3:A2:99:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pvh89KFbnngiRVs6qK8LXtOimfc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/289b1d-08dd-4d53-b12d-7d4028a1bf59/1/4enkdUdIsI0CMuK2JcKBDlYZuT4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/289b1d-08dd-4d53-b12d-7d4028a1bf59/1/pvh89KFbnngiRVs6qK8LXtOimfc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.92.192.0/22
                  91.109.112.0/21
                  94.46.184.0/22
                  94.46.192.0/22
                  94.46.207.0/24
                  94.46.220.0/22
                  94.46.244.0/22
                  185.99.252.0-185.99.254.255
                  185.109.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         30:69:63:b2:b1:6f:bb:9e:8a:78:99:7b:68:43:29:a0:41:b7:
         53:f1:e1:16:af:a4:a2:28:78:9e:e0:bc:3f:c6:e1:dc:b9:1f:
         36:da:19:08:6d:20:82:fe:33:dd:f5:22:ee:0d:24:67:2b:66:
         03:ad:0a:b0:2d:93:22:5a:d7:ea:8b:96:4a:b2:08:7d:54:c4:
         7a:c0:cb:54:4b:2c:d2:91:f9:da:b3:64:2b:66:1e:55:6a:b9:
         0a:07:7e:25:10:b7:aa:0d:48:a0:ae:05:de:2e:72:d7:0e:d2:
         3e:1f:55:b1:14:b8:1f:64:81:d8:e1:b4:f1:42:25:08:7b:ca:
         02:b1:dd:75:58:54:2c:0e:ec:08:53:25:d7:0c:89:e0:bc:33:
         70:9e:88:c7:0d:e3:ce:b7:ab:77:b6:58:93:af:eb:91:4d:a3:
         69:22:9f:75:66:a4:bd:d1:f0:95:1c:13:de:60:f2:71:0f:df:
         bd:93:0e:16:5d:a7:a2:eb:27:13:80:ae:93:48:51:a3:eb:58:
         ca:82:72:cf:f1:72:ac:54:a3:68:67:ee:d9:54:77:b7:26:99:
         f6:2b:75:0f:c3:d1:df:a0:7c:57:f4:19:a6:bb:36:30:78:cf:
         1c:00:85:7a:db:37:5a:67:a2:39:2c:aa:07:74:61:58:b4:46:
         06:5b:ac:da
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAY6u1YwwMlwRpSIr93H89xzuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2Zjg3Y2Y0YTE1YjllNzgyMjQ1NWIzYWE4YWYwYjVlZDNh
Mjk5ZjcwHhcNMjQwNDA1MTUxNjU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWU5ZTQ3NTQ3NDhiMDhkMDIzMmUyYjYyNWMyODEwZTU2MTliOTNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvjTs1k/+oa/T+geFPDcJJ0MwyGZ0
QerHsnYxPZnztI7UQYBikj+0WPIed2k07UAPfUDmo6QUcBvyRDbuRkSrQBotqM27
xylIiW9KZ7Zv0/FSXrr0R5kBCjrRFzQom7S6YRaAOozi8wWA/bHKi/ZedQ9mAc2r
N6dnFrkLhMzS6CVf6KZzl8iLOi1TCW8TdEZ+uA1JC2VP+WFGktJ7UPATQyM3SMLF
mezdZZFBq2DS7W8IGm/JxofNGT2zFb+JpSkm2FqqGAthwqKWDSGmfFXDYnTlRHZ9
ByEg+m5vLcAW1CT9wmdYOdJDEHMoWiY8gNYBiAb0warkAVyZMBeGWTn9mwIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFOHp5HVHSLCNAjLitiXCgQ5WGbk+MB8GA1UdIwQY
MBaAFKb4fPShW554IkVbOqivC17Topn3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcHZoODlLRmJubmdpUlZzNnFLOExYdE9pbWZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My8yODliMWQtMDhkZC00ZDUzLWIxMmQt
N2Q0MDI4YTFiZjU5LzEvNGVua2RVZElzSTBDTXVLMkpjS0JEbFladVQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My8yODliMWQtMDhkZC00ZDUzLWIxMmQtN2Q0MDI4YTFiZjU5
LzEvcHZoODlLRmJubmdpUlZzNnFLOExYdE9pbWZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQCUVzAAwQD
W21wAwQCXi64AwQCXi7AAwQAXi7PAwQCXi7cAwQCXi70MAwDBAK5Y/wDBAC5Y/4D
BAK5bagwDQYJKoZIhvcNAQELBQADggEBADBpY7Kxb7ueiniZe2hDKaBBt1Px4Rav
pKIoeJ7gvD/G4dy5HzbaGQhtIIL+M931Iu4NJGcrZgOtCrAtkyJa1+qLlkqyCH1U
xHrAy1RLLNKR+dqzZCtmHlVquQoHfiUQt6oNSKCuBd4uctcO0j4fVbEUuB9kgdjh
tPFCJQh7ygKx3XVYVCwO7AhTJdcMieC8M3CeiMcN4863q3e2WJOv65FNo2kin3Vm
pL3R8JUcE95g8nEP372TDhZdp6LrJxOArpNIUaPrWMqCcs/xcqxUo2hn7tlUd7cm
mfYrdQ/D0d+gfFf0Gaa7NjB4zxwAhXrbN1pnojksqgd0YVi0RgZbrNo=
-----END CERTIFICATE-----