Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/GNoc8E7-B4cACE1Gj8qXtHr2Vcs.roa
File:                     GNoc8E7-B4cACE1Gj8qXtHr2Vcs.roa (raw, json)
Hash identifier:          yIVUakeGuv6DmgoWSdT4ZyRSncZc2+K/tb1p0jTz5ac=
Subject key identifier:   18:DA:1C:F0:4E:FE:07:87:00:08:4D:46:8F:CA:97:B4:7A:F6:55:CB
Certificate issuer:       /CN=73f210f1299a1e0aee71dc1d79e5fb12092d30a9
Certificate serial:       018CC348CAEC1DD25AD9D808E0E8FFFBF3C1
Authority key identifier: 73:F2:10:F1:29:9A:1E:0A:EE:71:DC:1D:79:E5:FB:12:09:2D:30:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c_IQ8SmaHgrucdwdeeX7EgktMKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/GNoc8E7-B4cACE1Gj8qXtHr2Vcs.roa
Signing time:             Mon 01 Jan 2024 04:29:36 +0000
ROA not before:           Mon 01 Jan 2024 04:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39521
IP address blocks:        185.144.56.0/22 maxlen: 24
                          45.95.40.0/22 maxlen: 22
                          83.229.23.0/24 maxlen: 24
                          188.191.48.0/22 maxlen: 22
                          5.22.204.0/22 maxlen: 22
                          217.194.153.0/24 maxlen: 24
                          83.229.34.0/24 maxlen: 24
                          45.130.100.0/22 maxlen: 22
                          95.178.107.0/24 maxlen: 24
                          45.10.16.0/23 maxlen: 23
                          45.10.18.0/23 maxlen: 23
                          45.88.5.0/24 maxlen: 24
                          45.88.6.0/24 maxlen: 24
                          45.88.7.0/24 maxlen: 24
                          2a05:e4c0::/29 maxlen: 32

Validation:               Failed, certificate revoked on Thu 18 Jan 2024 14:58:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:ca:ec:1d:d2:5a:d9:d8:08:e0:e8:ff:fb:f3:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73f210f1299a1e0aee71dc1d79e5fb12092d30a9
        Validity
            Not Before: Jan  1 04:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=18da1cf04efe078700084d468fca97b47af655cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:cf:8c:37:ac:b3:7b:67:81:f4:ef:3c:f9:74:
                    3e:d3:a4:ea:55:94:00:5f:e2:38:a3:0e:18:8c:79:
                    57:bf:04:59:81:bc:10:f3:21:1e:a3:d4:8c:04:38:
                    1f:dd:a5:dd:6f:56:e9:10:b3:8e:ff:31:80:9e:86:
                    f2:e4:42:a4:21:e3:ea:03:6f:83:a5:8a:d8:e1:f0:
                    09:cc:a5:8f:c4:24:46:dc:6c:28:80:2a:88:5d:73:
                    87:f8:f0:5f:e0:b1:d8:2f:91:5b:3f:38:aa:a1:bf:
                    bd:91:42:46:cd:7b:f7:b1:da:29:23:41:d3:dd:8b:
                    7e:50:d5:37:12:98:ac:8f:e4:e7:44:2d:6a:aa:ac:
                    88:71:39:68:56:16:c3:3c:68:56:43:f4:7d:de:43:
                    ac:a6:5a:ed:38:3d:6d:4a:35:73:31:cd:58:3e:f5:
                    4b:96:9a:9b:b9:cd:83:4e:b7:7b:f3:1b:e5:b9:b4:
                    aa:ed:8c:d8:80:9d:ce:1e:ab:67:44:e7:7c:27:9c:
                    1c:ea:99:04:8d:2a:54:7a:ca:78:33:8f:a1:b9:7b:
                    b9:d6:f9:5c:80:8c:ab:08:5b:f7:70:1e:c4:88:3b:
                    fa:4f:b9:2e:8a:64:57:87:2c:6d:54:0e:ef:ac:25:
                    cb:cf:a7:1d:b7:63:18:67:08:6f:6b:7c:a0:f8:d2:
                    86:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:DA:1C:F0:4E:FE:07:87:00:08:4D:46:8F:CA:97:B4:7A:F6:55:CB
            X509v3 Authority Key Identifier:
                keyid:73:F2:10:F1:29:9A:1E:0A:EE:71:DC:1D:79:E5:FB:12:09:2D:30:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c_IQ8SmaHgrucdwdeeX7EgktMKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/GNoc8E7-B4cACE1Gj8qXtHr2Vcs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/c_IQ8SmaHgrucdwdeeX7EgktMKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.22.204.0/22
                  45.10.16.0/22
                  45.88.5.0-45.88.7.255
                  45.95.40.0/22
                  45.130.100.0/22
                  83.229.23.0/24
                  83.229.34.0/24
                  95.178.107.0/24
                  185.144.56.0/22
                  188.191.48.0/22
                  217.194.153.0/24
                IPv6:
                  2a05:e4c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         63:bf:e8:6f:69:15:31:7b:92:59:3a:e1:72:97:53:25:e8:98:
         e7:35:c5:f8:fe:7e:92:ef:28:40:81:c4:c5:a8:bf:6e:d4:05:
         fd:eb:7b:1d:0a:76:24:42:2b:f6:06:a7:c4:a7:0c:6e:9a:54:
         f4:a1:c1:7a:a0:16:30:39:14:75:5e:a6:c3:3f:f7:6c:36:5e:
         f5:a3:d9:a5:c4:bf:4c:9b:68:95:db:d6:13:f4:b5:76:07:a2:
         ec:0d:96:30:0b:50:24:54:d3:55:5d:65:cb:bc:a0:1f:ba:47:
         98:71:ad:fd:c9:4b:17:a3:05:5b:f1:31:71:92:73:99:f2:0a:
         96:c2:76:a6:01:1d:12:58:61:42:de:30:ae:4d:d4:51:08:07:
         39:91:17:15:06:60:a0:80:9b:cb:e2:f3:cc:ce:db:75:ac:9f:
         79:62:fd:7b:11:5a:bb:2c:1f:de:62:fb:ad:1e:41:c5:13:80:
         53:82:25:ef:ba:61:ef:0c:5f:23:5e:8b:42:c7:80:0d:63:c3:
         b7:81:bc:32:1c:d2:4d:f9:a0:7b:4b:58:fd:cb:fc:f1:c6:d6:
         b0:00:40:50:37:b0:41:f9:3a:7d:da:7a:b5:b2:7c:ed:b3:93:
         37:61:23:23:c8:7b:dd:f5:78:ed:a5:40:3d:f1:f0:15:dd:b9:
         a6:dd:c7:c3
-----BEGIN CERTIFICATE-----
MIIFUDCCBDigAwIBAgISAYzDSMrsHdJa2dgI4Oj/+/PBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczZjIxMGYxMjk5YTFlMGFlZTcxZGMxZDc5ZTVmYjEyMDky
ZDMwYTkwHhcNMjQwMTAxMDQyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGRhMWNmMDRlZmUwNzg3MDAwODRkNDY4ZmNhOTdiNDdhZjY1NWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgc+MN6yze2eB9O88+XQ+06TqVZQA
X+I4ow4YjHlXvwRZgbwQ8yEeo9SMBDgf3aXdb1bpELOO/zGAnoby5EKkIePqA2+D
pYrY4fAJzKWPxCRG3GwogCqIXXOH+PBf4LHYL5FbPziqob+9kUJGzXv3sdopI0HT
3Yt+UNU3Episj+TnRC1qqqyIcTloVhbDPGhWQ/R93kOsplrtOD1tSjVzMc1YPvVL
lpqbuc2DTrd78xvlubSq7YzYgJ3OHqtnROd8J5wc6pkEjSpUesp4M4+huXu51vlc
gIyrCFv3cB7EiDv6T7kuimRXhyxtVA7vrCXLz6cdt2MYZwhva3yg+NKGrwIDAQAB
o4ICXDCCAlgwHQYDVR0OBBYEFBjaHPBO/geHAAhNRo/Kl7R69lXLMB8GA1UdIwQY
MBaAFHPyEPEpmh4K7nHcHXnl+xIJLTCpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY19JUThTbWFIZ3J1Y2R3ZGVlWDdFZ2t0TUtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kYjFiNDgtMWNjNS00ODMzLTkzZDkt
Yjk0NjQ3MThiYTM3LzEvR05vYzhFNy1CNGNBQ0UxR2o4cVh0SHIyVmNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kYjFiNDgtMWNjNS00ODMzLTkzZDktYjk0NjQ3MThiYTM3
LzEvY19JUThTbWFIZ3J1Y2R3ZGVlWDdFZ2t0TUtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHIGCCsGAQUFBwEHAQH/BGMwYTBQBAIAATBKAwQCBRbMAwQC
LQoQMAwDBAAtWAUDBAMtWAADBAItXygDBAItgmQDBABT5RcDBABT5SIDBABfsmsD
BAK5kDgDBAK8vzADBADZwpkwDQQCAAIwBwMFAyoF5MAwDQYJKoZIhvcNAQELBQAD
ggEBAGO/6G9pFTF7klk64XKXUyXomOc1xfj+fpLvKECBxMWov27UBf3rex0KdiRC
K/YGp8SnDG6aVPShwXqgFjA5FHVepsM/92w2XvWj2aXEv0ybaJXb1hP0tXYHouwN
ljALUCRU01VdZcu8oB+6R5hxrf3JSxejBVvxMXGSc5nyCpbCdqYBHRJYYULeMK5N
1FEIBzmRFxUGYKCAm8vi88zO23Wsn3li/XsRWrssH95i+60eQcUTgFOCJe+6Ye8M
XyNei0LHgA1jw7eBvDIc0k35oHtLWP3L/PHG1rAAQFA3sEH5On3aerWyfO2zkzdh
IyPIe931eO2lQD3x8BXduabdx8M=
-----END CERTIFICATE-----