Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/28d600-a869-4ab1-9b2e-446019966a19/1/aQfP6Fsm43bZGpILNX247wXttRY.roa
File:                     aQfP6Fsm43bZGpILNX247wXttRY.roa (raw, json)
Hash identifier:          3XSjlenzhsrLvsypMDPsFsI4H6mLKsNJOJvKUILjJ4c=
Subject key identifier:   69:07:CF:E8:5B:26:E3:76:D9:1A:92:0B:35:7D:B8:EF:05:ED:B5:16
Certificate issuer:       /CN=e0574c2878d6b536139b895f08c9c6db18e12a9b
Certificate serial:       018D5516E3639D5C838971C6C8E0CDEA3A32
Authority key identifier: E0:57:4C:28:78:D6:B5:36:13:9B:89:5F:08:C9:C6:DB:18:E1:2A:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4FdMKHjWtTYTm4lfCMnG2xjhKps.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/28d600-a869-4ab1-9b2e-446019966a19/1/aQfP6Fsm43bZGpILNX247wXttRY.roa
Signing time:             Mon 29 Jan 2024 11:59:39 +0000
ROA not before:           Mon 29 Jan 2024 11:59:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21500
IP address blocks:        62.106.68.0/24 maxlen: 24
                          81.17.130.0/24 maxlen: 24
                          81.17.140.0/24 maxlen: 24
                          81.17.142.0/24 maxlen: 24
                          85.90.200.0/22 maxlen: 22
                          92.118.136.0/22 maxlen: 22
                          92.118.224.0/24 maxlen: 24
                          92.118.225.0/24 maxlen: 24
                          92.118.226.0/24 maxlen: 24
                          195.69.184.0/22 maxlen: 24
                          195.234.220.0/22 maxlen: 22
                          2a06:6200::/29 maxlen: 29

Validation:               Failed, certificate revoked on Mon 04 Mar 2024 05:46:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:55:16:e3:63:9d:5c:83:89:71:c6:c8:e0:cd:ea:3a:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0574c2878d6b536139b895f08c9c6db18e12a9b
        Validity
            Not Before: Jan 29 11:59:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6907cfe85b26e376d91a920b357db8ef05edb516
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:32:9d:c8:3f:52:e1:9a:36:06:a5:d7:52:e7:
                    81:29:52:7b:b7:8b:f3:10:7e:7f:d9:74:c8:3d:59:
                    3f:a4:bd:c4:6a:5d:81:ca:9a:f5:ef:af:8e:94:fd:
                    9f:d7:c5:43:5a:2d:2e:ea:3c:3b:8f:1a:d9:25:b5:
                    9e:17:66:3a:51:09:c9:c1:e7:8e:b6:f2:ad:54:c2:
                    c4:76:b9:7a:21:5f:ac:1e:99:71:7b:15:c1:58:fa:
                    8c:87:be:20:bb:05:a4:b4:6f:fa:96:ff:9a:80:00:
                    25:13:62:c5:35:02:24:9a:45:a5:5b:8d:59:45:aa:
                    3a:e1:40:2c:23:90:63:fa:62:ce:80:49:13:c9:2f:
                    b9:9f:61:f5:69:f0:ed:34:6e:b6:99:27:91:8b:29:
                    a0:23:4c:4d:dc:36:a9:36:65:21:8c:ef:75:60:27:
                    88:e1:14:40:8c:8b:c5:82:b4:41:36:fb:ab:bc:26:
                    da:66:4e:85:c8:ae:e7:bb:3e:46:e0:aa:d8:cf:53:
                    1a:40:d3:a8:ce:4f:81:7b:4d:2c:1b:c7:4f:e3:6f:
                    44:49:bd:bc:36:8c:8b:d5:c2:99:01:a0:80:b4:7e:
                    fa:99:0e:55:be:27:dc:1a:3e:63:30:1c:c3:d3:ce:
                    5d:ed:2d:39:47:f9:8f:87:b7:51:b9:06:00:df:53:
                    3d:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:07:CF:E8:5B:26:E3:76:D9:1A:92:0B:35:7D:B8:EF:05:ED:B5:16
            X509v3 Authority Key Identifier:
                keyid:E0:57:4C:28:78:D6:B5:36:13:9B:89:5F:08:C9:C6:DB:18:E1:2A:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4FdMKHjWtTYTm4lfCMnG2xjhKps.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/28d600-a869-4ab1-9b2e-446019966a19/1/aQfP6Fsm43bZGpILNX247wXttRY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/28d600-a869-4ab1-9b2e-446019966a19/1/4FdMKHjWtTYTm4lfCMnG2xjhKps.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.106.68.0/24
                  81.17.130.0/24
                  81.17.140.0/24
                  81.17.142.0/24
                  85.90.200.0/22
                  92.118.136.0/22
                  92.118.224.0-92.118.226.255
                  195.69.184.0/22
                  195.234.220.0/22
                IPv6:
                  2a06:6200::/29

    Signature Algorithm: sha256WithRSAEncryption
         51:12:52:cf:98:42:d5:0d:9d:1e:a0:0d:65:d8:f5:cc:d6:d0:
         5e:87:bc:72:0c:7b:43:8b:7d:10:2e:15:9b:73:fe:8f:9a:09:
         81:05:78:8a:e6:65:df:41:34:f5:14:da:e5:d1:a0:0d:16:68:
         75:94:83:67:3e:be:b8:bc:30:a3:d9:91:4c:5c:1b:66:a0:73:
         71:9b:24:51:b9:6a:15:91:26:e9:cd:bb:e0:91:3b:3b:37:dd:
         a6:73:b1:c5:c4:c8:67:e3:d1:c9:89:68:66:83:55:5d:3f:d8:
         77:e1:11:c5:19:35:90:12:d4:4a:f6:71:4c:f1:bc:23:ef:75:
         15:53:e5:96:0c:37:e1:e3:f9:bb:7d:72:77:c0:46:3f:0c:fa:
         02:f0:f9:51:52:0c:de:22:6c:6c:21:0f:27:e8:6c:96:d9:57:
         db:a8:74:b9:d0:cf:8d:56:97:47:6f:dc:23:2c:2e:de:2f:08:
         48:7e:88:e6:b6:7e:db:9f:a5:87:d0:c5:f9:82:14:ce:bd:a4:
         56:c2:5b:8a:80:bd:e0:a5:c1:c3:d1:84:a5:3c:c0:9e:0a:77:
         bb:60:bc:07:59:c0:ec:45:8a:27:67:ab:c2:71:6a:e8:88:9c:
         06:51:8f:54:e2:77:82:3b:a9:d3:8c:65:22:df:e5:23:ba:29:
         e4:3c:4c:dd
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAY1VFuNjnVyDiXHGyODN6joyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwNTc0YzI4NzhkNmI1MzYxMzliODk1ZjA4YzljNmRiMThl
MTJhOWIwHhcNMjQwMTI5MTE1OTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTA3Y2ZlODViMjZlMzc2ZDkxYTkyMGIzNTdkYjhlZjA1ZWRiNTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAojKdyD9S4Zo2BqXXUueBKVJ7t4vz
EH5/2XTIPVk/pL3Eal2Bypr176+OlP2f18VDWi0u6jw7jxrZJbWeF2Y6UQnJweeO
tvKtVMLEdrl6IV+sHplxexXBWPqMh74guwWktG/6lv+agAAlE2LFNQIkmkWlW41Z
Rao64UAsI5Bj+mLOgEkTyS+5n2H1afDtNG62mSeRiymgI0xN3DapNmUhjO91YCeI
4RRAjIvFgrRBNvurvCbaZk6FyK7nuz5G4KrYz1MaQNOozk+Be00sG8dP429ESb28
NoyL1cKZAaCAtH76mQ5VvifcGj5jMBzD085d7S05R/mPh7dRuQYA31M9NQIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFGkHz+hbJuN22RqSCzV9uO8F7bUWMB8GA1UdIwQY
MBaAFOBXTCh41rU2E5uJXwjJxtsY4SqbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEZkTUtIald0VFlUbTRsZkNNbkcyeGpoS3BzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC8yOGQ2MDAtYTg2OS00YWIxLTliMmUt
NDQ2MDE5OTY2YTE5LzEvYVFmUDZGc200M2JaR3BJTE5YMjQ3d1h0dFJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC8yOGQ2MDAtYTg2OS00YWIxLTliMmUtNDQ2MDE5OTY2YTE5
LzEvNEZkTUtIald0VFlUbTRsZkNNbkcyeGpoS3BzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTBEBAIAATA+AwQAPmpEAwQA
URGCAwQAURGMAwQAURGOAwQCVVrIAwQCXHaIMAwDBAVcduADBABcduIDBALDRbgD
BALD6twwDQQCAAIwBwMFAyoGYgAwDQYJKoZIhvcNAQELBQADggEBAFESUs+YQtUN
nR6gDWXY9czW0F6HvHIMe0OLfRAuFZtz/o+aCYEFeIrmZd9BNPUU2uXRoA0WaHWU
g2c+vri8MKPZkUxcG2agc3GbJFG5ahWRJunNu+CROzs33aZzscXEyGfj0cmJaGaD
VV0/2HfhEcUZNZAS1Er2cUzxvCPvdRVT5ZYMN+Hj+bt9cnfARj8M+gLw+VFSDN4i
bGwhDyfobJbZV9uodLnQz41Wl0dv3CMsLt4vCEh+iOa2ftufpYfQxfmCFM69pFbC
W4qAveClwcPRhKU8wJ4Kd7tgvAdZwOxFiidnq8JxauiInAZRj1Tid4I7qdOMZSLf
5SO6KeQ8TN0=
-----END CERTIFICATE-----