Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/FmfceeoJ-_OpQoAKtm41EG-W6zg.roa
File:                     FmfceeoJ-_OpQoAKtm41EG-W6zg.roa (raw, json)
Hash identifier:          d6Bf75qf4Q9OW1Dj9ytJe99aRt1laPzrEyOv20Ih8tE=
Subject key identifier:   16:67:DC:79:EA:09:FB:F3:A9:42:80:0A:B6:6E:35:10:6F:96:EB:38
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       018BB99D536A5C82D4F2C53C37640DFB9407
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/FmfceeoJ-_OpQoAKtm41EG-W6zg.roa
Signing time:             Fri 10 Nov 2023 14:22:57 +0000
ROA not before:           Fri 10 Nov 2023 14:22:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43260
IP address blocks:        45.94.171.0/24 maxlen: 24
                          2.56.108.0/24 maxlen: 24
                          2.56.110.0/24 maxlen: 24
                          45.88.139.0/24 maxlen: 24
                          193.30.241.0/24 maxlen: 24
                          77.83.39.0/24 maxlen: 24
                          85.209.120.0/23 maxlen: 24
                          193.57.41.0/24 maxlen: 24
                          195.177.95.0/24 maxlen: 24
                          45.81.114.0/24 maxlen: 24
                          195.62.24.0/24 maxlen: 24
                          45.81.113.0/24 maxlen: 24
                          45.81.115.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sun 12 Nov 2023 12:53:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:b9:9d:53:6a:5c:82:d4:f2:c5:3c:37:64:0d:fb:94:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Nov 10 14:22:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1667dc79ea09fbf3a942800ab66e35106f96eb38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:b8:d3:48:ee:04:3c:48:8f:4b:b7:a7:e9:a1:
                    f4:f2:db:cc:21:53:85:ec:df:06:da:73:bc:d2:4c:
                    fd:8d:3d:dc:01:8a:c9:ea:12:43:a5:b2:6e:5e:c7:
                    b9:e3:3c:e6:bb:e0:d2:0c:8d:a4:80:8a:1f:3c:74:
                    52:22:c0:e0:8a:39:b7:f8:d2:6f:fd:14:e8:9f:55:
                    4f:b8:d8:50:01:cd:9b:79:a9:48:9b:f5:f2:9b:a5:
                    85:4c:5a:81:45:f3:6d:e0:86:a9:c7:1e:09:56:60:
                    9f:99:df:eb:d9:55:b6:7d:34:14:dd:68:16:c4:0a:
                    ed:57:4d:31:bd:df:82:60:92:a1:a6:29:09:b4:98:
                    d6:e4:e3:82:71:8c:17:f7:a4:ad:25:ae:84:43:e2:
                    ff:db:ac:bc:ec:3d:d4:4c:66:4c:20:4b:b2:91:95:
                    ff:3f:eb:13:9e:41:e0:05:a9:27:2e:59:e7:8a:65:
                    a4:23:c5:76:cf:d0:87:75:3b:fb:39:ec:a7:d6:60:
                    99:74:d7:f5:87:2c:90:1b:af:6b:89:7a:9d:8a:18:
                    5a:e1:de:ee:24:2e:e7:01:9d:93:18:70:43:2c:b1:
                    7b:a7:9a:49:44:df:af:27:ed:bf:59:5a:28:41:2c:
                    01:81:45:05:29:3a:6e:df:35:9c:07:b1:cd:68:b4:
                    93:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:67:DC:79:EA:09:FB:F3:A9:42:80:0A:B6:6E:35:10:6F:96:EB:38
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/FmfceeoJ-_OpQoAKtm41EG-W6zg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.108.0/24
                  2.56.110.0/24
                  45.81.113.0-45.81.115.255
                  45.88.139.0/24
                  45.94.171.0/24
                  77.83.39.0/24
                  85.209.120.0/23
                  193.30.241.0/24
                  193.57.41.0/24
                  195.62.24.0/24
                  195.177.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:40:4e:c0:a0:8a:49:7d:5f:98:01:6f:bb:47:ec:90:1d:b1:
         01:89:9c:c5:7f:34:af:35:8f:15:1e:c5:4a:60:c1:1b:3d:75:
         73:e8:4c:a7:65:62:34:87:94:18:55:b3:05:86:a4:e8:0c:13:
         cf:d8:e1:60:d8:83:e7:85:5f:45:58:44:9c:b6:f5:f0:7b:dd:
         55:17:52:1a:5a:79:b9:4b:3c:ae:f3:3f:b3:10:21:98:95:e8:
         f2:38:63:b9:b1:f2:ed:42:da:7b:2a:ff:d5:f4:29:73:82:e0:
         e6:20:69:67:f0:00:50:77:f7:3c:1e:84:1c:95:29:f9:51:77:
         b3:d1:88:8b:90:81:22:82:d4:3a:e5:25:ec:30:c3:eb:8e:04:
         cb:e5:18:e1:fc:87:3f:14:c9:9b:b7:e8:f7:81:c9:76:fc:5d:
         81:0b:a4:e9:25:02:5e:ad:1c:3a:ef:09:d0:2f:1b:84:29:68:
         d2:63:87:94:11:6a:c0:02:0e:03:8a:92:73:3d:1c:4f:3c:9b:
         87:f1:98:9a:64:7b:18:b5:54:ca:99:01:06:98:9f:ac:51:0e:
         d6:4c:47:62:a6:8d:bf:bf:1f:7b:c6:29:64:79:03:9f:79:ff:
         97:aa:1e:41:1b:ef:f8:fd:7d:91:8f:8e:ca:56:ee:e4:ae:34:
         7c:76:73:b7
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYu5nVNqXILU8sU8N2QN+5QHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjMxMTEwMTQyMjU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjY3ZGM3OWVhMDlmYmYzYTk0MjgwMGFiNjZlMzUxMDZmOTZlYjM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmLjTSO4EPEiPS7en6aH08tvMIVOF
7N8G2nO80kz9jT3cAYrJ6hJDpbJuXse54zzmu+DSDI2kgIofPHRSIsDgijm3+NJv
/RTon1VPuNhQAc2bealIm/Xym6WFTFqBRfNt4Iapxx4JVmCfmd/r2VW2fTQU3WgW
xArtV00xvd+CYJKhpikJtJjW5OOCcYwX96StJa6EQ+L/26y87D3UTGZMIEuykZX/
P+sTnkHgBaknLlnnimWkI8V2z9CHdTv7Oeyn1mCZdNf1hyyQG69riXqdihha4d7u
JC7nAZ2TGHBDLLF7p5pJRN+vJ+2/WVooQSwBgUUFKTpu3zWcB7HNaLSTWwIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFBZn3HnqCfvzqUKACrZuNRBvlus4MB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvRm1mY2Vlb0otX09wUW9BS3RtNDFFRy1XNnpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQAAjhsAwQA
AjhuMAwDBAAtUXEDBAItUXADBAAtWIsDBAAtXqsDBABNUycDBAFV0XgDBADBHvED
BADBOSkDBADDPhgDBADDsV8wDQYJKoZIhvcNAQELBQADggEBABJATsCgikl9X5gB
b7tH7JAdsQGJnMV/NK81jxUexUpgwRs9dXPoTKdlYjSHlBhVswWGpOgME8/Y4WDY
g+eFX0VYRJy29fB73VUXUhpaeblLPK7zP7MQIZiV6PI4Y7mx8u1C2nsq/9X0KXOC
4OYgaWfwAFB39zwehByVKflRd7PRiIuQgSKC1DrlJewww+uOBMvlGOH8hz8UyZu3
6PeByXb8XYELpOklAl6tHDrvCdAvG4QpaNJjh5QRasACDgOKknM9HE88m4fxmJpk
exi1VMqZAQaYn6xRDtZMR2Kmjb+/H3vGKWR5A595/5eqHkEb7/j9fZGPjspW7uSu
NHx2c7c=
-----END CERTIFICATE-----