Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/KEgPXPn-UCDMbr_gKqtoFxTUS2A.roa
File:                     KEgPXPn-UCDMbr_gKqtoFxTUS2A.roa (raw, json)
Hash identifier:          mwl9nqJ7etGj9Cd57z2eUjuWCBSipF10P5A94VrCJU8=
Subject key identifier:   28:48:0F:5C:F9:FE:50:20:CC:6E:BF:E0:2A:AB:68:17:14:D4:4B:60
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       018B8B7E0DF9C79353DCF465E6DFB6F92C39
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/KEgPXPn-UCDMbr_gKqtoFxTUS2A.roa
Signing time:             Wed 01 Nov 2023 15:26:15 +0000
ROA not before:           Wed 01 Nov 2023 15:26:15 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43260
IP address blocks:        45.94.171.0/24 maxlen: 24
                          2.56.108.0/24 maxlen: 24
                          2.56.110.0/24 maxlen: 24
                          45.88.139.0/24 maxlen: 24
                          193.30.241.0/24 maxlen: 24
                          77.83.39.0/24 maxlen: 24
                          85.209.120.0/23 maxlen: 24
                          195.177.95.0/24 maxlen: 24
                          45.138.183.0/24 maxlen: 24
                          45.81.114.0/24 maxlen: 24
                          195.62.24.0/24 maxlen: 24
                          45.81.113.0/24 maxlen: 24
                          45.81.115.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 02 Nov 2023 07:51:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:8b:7e:0d:f9:c7:93:53:dc:f4:65:e6:df:b6:f9:2c:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Nov  1 15:26:15 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=28480f5cf9fe5020cc6ebfe02aab681714d44b60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:ad:7f:03:81:58:ff:ad:82:34:38:62:72:38:
                    29:f3:85:8d:6b:97:5b:34:77:cb:e8:7f:b2:f1:11:
                    1e:e0:eb:01:f6:a8:ba:5e:31:ba:89:77:a9:e4:80:
                    59:c2:ac:1a:62:cb:5c:53:16:bf:e3:2f:c8:78:2a:
                    9f:c7:cf:9b:9a:de:e9:d7:26:e1:e8:d3:f5:02:be:
                    50:85:87:53:75:c6:dc:d2:69:5f:0c:6c:ed:e7:be:
                    0c:63:a6:5c:fe:94:50:4b:c4:47:3b:19:5d:fe:48:
                    60:c7:25:a1:3d:a2:55:13:9c:77:49:d4:32:8d:d0:
                    27:3b:6d:4f:3f:7c:f7:7b:0f:e8:3e:42:d9:9c:24:
                    b5:2a:76:d1:d4:69:38:f7:95:47:94:08:d6:d6:21:
                    2b:a7:c4:73:67:d9:06:e4:2c:9e:d2:69:3b:17:fb:
                    50:1b:c9:48:b1:ff:47:cd:a9:91:1a:d7:cd:9a:0b:
                    fe:64:77:80:58:ca:9d:d1:31:4e:56:9f:87:6c:d2:
                    7c:f8:5b:84:3b:55:c7:7c:4d:ea:65:fd:f3:b7:c8:
                    ec:3a:e8:85:34:e3:6c:b0:a6:df:19:89:dd:4d:bf:
                    c2:76:15:4a:d9:0c:3c:4a:62:d1:e2:c3:79:c0:2d:
                    02:4d:ca:29:fa:59:47:0e:2a:e4:23:14:9f:7f:02:
                    5f:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:48:0F:5C:F9:FE:50:20:CC:6E:BF:E0:2A:AB:68:17:14:D4:4B:60
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/KEgPXPn-UCDMbr_gKqtoFxTUS2A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.108.0/24
                  2.56.110.0/24
                  45.81.113.0-45.81.115.255
                  45.88.139.0/24
                  45.94.171.0/24
                  45.138.183.0/24
                  77.83.39.0/24
                  85.209.120.0/23
                  193.30.241.0/24
                  195.62.24.0/24
                  195.177.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:14:34:30:8e:7c:b2:33:71:b0:81:c5:a3:8b:bb:6e:52:c0:
         32:98:81:2c:7b:4a:50:e6:8b:79:6f:6d:7d:2a:47:6f:31:72:
         5b:0a:0b:17:9f:35:f6:5a:44:3d:08:98:50:27:dc:f4:6d:66:
         05:52:35:32:2e:11:ea:01:9c:3c:e9:a3:9f:9c:91:d0:3c:28:
         4f:46:06:be:85:b1:7a:92:c6:6c:51:e2:7b:28:c3:9a:67:b0:
         a6:ac:17:0c:28:76:9d:f9:3c:82:b4:49:d8:25:8c:29:c0:4c:
         df:1a:6b:ec:07:78:7b:0e:39:ca:fc:d6:ec:e0:d7:26:7a:9d:
         25:aa:29:21:6f:73:fc:45:ff:ef:51:b0:8a:0f:55:b9:2b:8b:
         06:c5:90:de:36:59:29:45:cf:2a:d1:78:02:2f:8e:f7:9e:26:
         22:db:37:78:16:ab:18:54:c6:06:d0:41:f7:c5:77:7d:e6:e5:
         3e:13:c9:a4:b9:0d:58:fb:6c:24:d2:d2:e0:8b:f2:c6:26:5b:
         54:e5:26:95:fb:ca:29:33:3c:da:35:3c:16:38:5b:13:32:74:
         aa:e0:94:44:b6:bd:c2:dd:44:7c:f8:5f:65:1e:49:e7:09:33:
         ae:fb:f2:bd:be:fb:41:24:33:ea:66:05:a3:78:62:bc:98:4c:
         ad:e7:da:8e
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYuLfg35x5NT3PRl5t+2+Sw5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjMxMTAxMTUyNjE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODQ4MGY1Y2Y5ZmU1MDIwY2M2ZWJmZTAyYWFiNjgxNzE0ZDQ0YjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyK1/A4FY/62CNDhicjgp84WNa5db
NHfL6H+y8REe4OsB9qi6XjG6iXep5IBZwqwaYstcUxa/4y/IeCqfx8+bmt7p1ybh
6NP1Ar5QhYdTdcbc0mlfDGzt574MY6Zc/pRQS8RHOxld/khgxyWhPaJVE5x3SdQy
jdAnO21PP3z3ew/oPkLZnCS1KnbR1Gk495VHlAjW1iErp8RzZ9kG5Cye0mk7F/tQ
G8lIsf9HzamRGtfNmgv+ZHeAWMqd0TFOVp+HbNJ8+FuEO1XHfE3qZf3zt8jsOuiF
NONssKbfGYndTb/CdhVK2Qw8SmLR4sN5wC0CTcop+llHDirkIxSffwJf9wIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFChID1z5/lAgzG6/4CqraBcU1EtgMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvS0VnUFhQbi1VQ0RNYnJfZ0txdG9GeFRVUzJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQAAjhsAwQA
AjhuMAwDBAAtUXEDBAItUXADBAAtWIsDBAAtXqsDBAAtircDBABNUycDBAFV0XgD
BADBHvEDBADDPhgDBADDsV8wDQYJKoZIhvcNAQELBQADggEBAJMUNDCOfLIzcbCB
xaOLu25SwDKYgSx7SlDmi3lvbX0qR28xclsKCxefNfZaRD0ImFAn3PRtZgVSNTIu
EeoBnDzpo5+ckdA8KE9GBr6FsXqSxmxR4nsow5pnsKasFwwodp35PIK0SdgljCnA
TN8aa+wHeHsOOcr81uzg1yZ6nSWqKSFvc/xF/+9RsIoPVbkriwbFkN42WSlFzyrR
eAIvjveeJiLbN3gWqxhUxgbQQffFd33m5T4TyaS5DVj7bCTS0uCL8sYmW1TlJpX7
yikzPNo1PBY4WxMydKrglES2vcLdRHz4X2UeSecJM6778r2++0EkM+pmBaN4YryY
TK3n2o4=
-----END CERTIFICATE-----