Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/58ebb1-dbec-47f9-bb96-849cfcabb657/1/qwVZpjwQbAe15oH61vk6AH5zL5U.roa
File:                     qwVZpjwQbAe15oH61vk6AH5zL5U.roa (raw, json)
Hash identifier:          t6359Gdm5/ZF1KG6jJiELu4YlGsf9fI791O8u1z9BLY=
Subject key identifier:   AB:05:59:A6:3C:10:6C:07:B5:E6:81:FA:D6:F9:3A:00:7E:73:2F:95
Certificate issuer:       /CN=7e65dab23940cb394f9aaa664fea4d6f8f42e318
Certificate serial:       018A3CCCA675168EE7A878988AB812289144
Authority key identifier: 7E:65:DA:B2:39:40:CB:39:4F:9A:AA:66:4F:EA:4D:6F:8F:42:E3:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fmXasjlAyzlPmqpmT-pNb49C4xg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/58ebb1-dbec-47f9-bb96-849cfcabb657/1/qwVZpjwQbAe15oH61vk6AH5zL5U.roa
Signing time:             Mon 28 Aug 2023 15:39:19 +0000
ROA not before:           Mon 28 Aug 2023 15:39:19 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43541
IP address blocks:        185.64.216.0/22 maxlen: 22
                          185.59.208.0/22 maxlen: 22
                          93.185.96.0/20 maxlen: 20
                          46.243.48.0/24 maxlen: 24
                          46.243.48.0/21 maxlen: 21
                          185.14.252.0/22 maxlen: 22
                          46.243.53.0/24 maxlen: 24
                          46.243.55.0/24 maxlen: 24
                          217.16.176.0/20 maxlen: 20
                          178.251.184.0/21 maxlen: 21
                          78.24.8.0/21 maxlen: 21
                          185.115.2.0/24 maxlen: 24
                          185.115.1.0/24 maxlen: 24
                          2a00:1ed0::/32 maxlen: 32
                          2a00:1ed1::/32 maxlen: 32
                          2a00:1ed2::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 10:33:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:3c:cc:a6:75:16:8e:e7:a8:78:98:8a:b8:12:28:91:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e65dab23940cb394f9aaa664fea4d6f8f42e318
        Validity
            Not Before: Aug 28 15:39:19 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ab0559a63c106c07b5e681fad6f93a007e732f95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:1c:7a:0d:48:9d:f7:4a:12:91:2d:a0:d9:ba:
                    93:79:8d:30:7a:07:f7:67:77:f7:63:d9:5c:5e:da:
                    df:6f:b8:b1:9c:17:da:20:9c:ae:3b:bf:97:f6:87:
                    d0:b9:0e:8f:3c:56:eb:aa:a0:1e:51:d6:c1:b3:02:
                    ef:a4:62:7b:06:08:67:e2:96:0b:40:22:2b:1b:fd:
                    14:31:2b:a4:c5:f4:8d:a3:24:ac:ce:d5:a9:bf:e4:
                    45:03:0c:d6:48:f3:57:03:9d:71:6c:75:d0:c4:eb:
                    34:97:72:2b:44:31:fb:dd:43:4b:4a:96:6f:0f:9d:
                    dc:4d:08:62:0f:59:f5:c8:f8:03:6e:0a:43:40:57:
                    f5:60:de:be:f6:ac:83:ad:33:3d:8c:4f:79:34:4f:
                    c1:a1:f4:2f:07:db:91:62:cf:47:86:1e:58:0f:98:
                    c4:e6:51:f7:96:b0:c6:1f:dd:6e:3c:11:48:88:d0:
                    ea:f4:02:1a:ca:42:79:24:b9:80:09:ef:65:ba:8e:
                    70:7c:87:a1:2d:8f:68:24:a1:bd:34:96:3f:14:56:
                    db:47:0e:c4:4a:03:63:5c:66:2d:78:62:5e:5a:18:
                    5d:97:41:2e:24:5e:ff:e7:9f:09:4f:2a:b8:96:42:
                    33:40:6c:64:3d:5a:dd:d6:b2:47:92:90:97:45:71:
                    4a:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:05:59:A6:3C:10:6C:07:B5:E6:81:FA:D6:F9:3A:00:7E:73:2F:95
            X509v3 Authority Key Identifier:
                keyid:7E:65:DA:B2:39:40:CB:39:4F:9A:AA:66:4F:EA:4D:6F:8F:42:E3:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fmXasjlAyzlPmqpmT-pNb49C4xg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/58ebb1-dbec-47f9-bb96-849cfcabb657/1/qwVZpjwQbAe15oH61vk6AH5zL5U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/58ebb1-dbec-47f9-bb96-849cfcabb657/1/fmXasjlAyzlPmqpmT-pNb49C4xg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.243.48.0/21
                  78.24.8.0/21
                  93.185.96.0/20
                  178.251.184.0/21
                  185.14.252.0/22
                  185.59.208.0/22
                  185.64.216.0/22
                  185.115.1.0-185.115.2.255
                  217.16.176.0/20
                IPv6:
                  2a00:1ed0::-2a00:1ed2:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         3c:a0:e9:f0:36:13:47:54:0b:dd:db:67:1e:8e:f7:95:64:84:
         8b:b7:bb:40:1b:a2:4d:35:ff:26:94:e7:27:57:54:d7:8d:63:
         a9:e7:52:60:59:a4:d8:dc:ff:13:f6:73:bf:27:98:9f:4c:7a:
         fc:76:4a:d1:1b:b6:e2:ea:b7:b6:92:86:a8:23:22:59:24:cf:
         67:2b:1e:54:84:29:6f:df:07:e6:7a:3c:5f:ba:b0:2b:6d:92:
         20:42:ec:ff:fc:5c:98:40:bb:03:3f:67:57:c4:f9:8c:27:28:
         0f:8b:42:1e:10:2a:a6:05:1a:eb:a4:49:6c:34:69:62:36:2b:
         8a:cd:8e:1f:9a:ef:d1:39:7c:5b:d5:33:5a:fa:45:48:10:b4:
         b8:7a:df:12:80:45:29:42:c4:61:3f:7d:a2:9a:5f:12:9c:1c:
         22:24:ec:16:7a:cd:6b:08:02:bd:98:d7:ed:14:a9:90:d5:b7:
         9e:d4:af:92:ec:ae:57:9d:aa:29:52:4e:44:56:54:5f:d6:20:
         46:e8:ae:98:22:02:84:00:b3:0e:df:a7:21:96:94:d9:1b:c1:
         e5:08:bb:f2:a0:4e:9e:3c:ba:55:4b:4e:35:01:8d:ec:84:bc:
         87:02:4b:39:5a:bb:dc:c0:df:34:23:f9:aa:89:91:c1:3e:2a:
         f5:6d:32:64
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAYo8zKZ1Fo7nqHiYirgSKJFEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlNjVkYWIyMzk0MGNiMzk0ZjlhYWE2NjRmZWE0ZDZmOGY0
MmUzMTgwHhcNMjMwODI4MTUzOTE5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjA1NTlhNjNjMTA2YzA3YjVlNjgxZmFkNmY5M2EwMDdlNzMyZjk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhhx6DUid90oSkS2g2bqTeY0wegf3
Z3f3Y9lcXtrfb7ixnBfaIJyuO7+X9ofQuQ6PPFbrqqAeUdbBswLvpGJ7Bghn4pYL
QCIrG/0UMSukxfSNoySsztWpv+RFAwzWSPNXA51xbHXQxOs0l3IrRDH73UNLSpZv
D53cTQhiD1n1yPgDbgpDQFf1YN6+9qyDrTM9jE95NE/BofQvB9uRYs9Hhh5YD5jE
5lH3lrDGH91uPBFIiNDq9AIaykJ5JLmACe9luo5wfIehLY9oJKG9NJY/FFbbRw7E
SgNjXGYteGJeWhhdl0EuJF7/558JTyq4lkIzQGxkPVrd1rJHkpCXRXFKtQIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFKsFWaY8EGwHteaB+tb5OgB+cy+VMB8GA1UdIwQY
MBaAFH5l2rI5QMs5T5qqZk/qTW+PQuMYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZm1YYXNqbEF5emxQbXFwbVQtcE5iNDlDNHhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC81OGViYjEtZGJlYy00N2Y5LWJiOTYt
ODQ5Y2ZjYWJiNjU3LzEvcXdWWnBqd1FiQWUxNW9INjF2azZBSDV6TDVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC81OGViYjEtZGJlYy00N2Y5LWJiOTYtODQ5Y2ZjYWJiNjU3
LzEvZm1YYXNqbEF5emxQbXFwbVQtcE5iNDlDNHhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBEBAIAATA+AwQDLvMwAwQD
ThgIAwQEXblgAwQDsvu4AwQCuQ78AwQCuTvQAwQCuUDYMAwDBAC5cwEDBAC5cwID
BATZELAwFgQCAAIwEDAOAwUEKgAe0AMFACoAHtIwDQYJKoZIhvcNAQELBQADggEB
ADyg6fA2E0dUC93bZx6O95VkhIu3u0Abok01/yaU5ydXVNeNY6nnUmBZpNjc/xP2
c78nmJ9Mevx2StEbtuLqt7aShqgjIlkkz2crHlSEKW/fB+Z6PF+6sCttkiBC7P/8
XJhAuwM/Z1fE+YwnKA+LQh4QKqYFGuukSWw0aWI2K4rNjh+a79E5fFvVM1r6RUgQ
tLh63xKARSlCxGE/faKaXxKcHCIk7BZ6zWsIAr2Y1+0UqZDVt57Ur5LsrledqilS
TkRWVF/WIEborpgiAoQAsw7fpyGWlNkbweUIu/KgTp48ulVLTjUBjeyEvIcCSzla
u9zA3zQj+aqJkcE+KvVtMmQ=
-----END CERTIFICATE-----