Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/sQQf8Srd7O_qTYFcsreMG5JeEqg.roa
File:                     sQQf8Srd7O_qTYFcsreMG5JeEqg.roa (raw, json)
Hash identifier:          qhhGyIPNvteiVMtVYylaGNgdABEojTemtVGAgLiVEZk=
Subject key identifier:   B1:04:1F:F1:2A:DD:EC:EF:EA:4D:81:5C:B2:B7:8C:1B:92:5E:12:A8
Certificate issuer:       /CN=015b6d1596ac0501a71a393447051a62ff1dda16
Certificate serial:       01889F6F4F408AFCEC57C4B3C6374F8DE2AB
Authority key identifier: 01:5B:6D:15:96:AC:05:01:A7:1A:39:34:47:05:1A:62:FF:1D:DA:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AVttFZasBQGnGjk0RwUaYv8d2hY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/sQQf8Srd7O_qTYFcsreMG5JeEqg.roa
Signing time:             Fri 09 Jun 2023 09:14:12 +0000
ROA not before:           Fri 09 Jun 2023 09:14:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     3261
IP address blocks:        5.153.128.0/19 maxlen: 24
                          195.184.192.0/19 maxlen: 24
                          5.153.166.0/24 maxlen: 24
                          5.153.162.0/24 maxlen: 24
                          5.153.161.0/24 maxlen: 24
                          5.153.160.0/24 maxlen: 24
                          5.153.160.0/22 maxlen: 22
                          5.153.165.0/24 maxlen: 24
                          5.153.164.0/24 maxlen: 24
                          5.153.163.0/24 maxlen: 24
                          5.153.169.0/24 maxlen: 24
                          5.153.168.0/24 maxlen: 24
                          5.153.167.0/24 maxlen: 24
                          5.153.171.0/24 maxlen: 24
                          5.153.170.0/24 maxlen: 24
                          2.57.112.0/22 maxlen: 24
                          92.242.96.0/19 maxlen: 24
                          5.153.174.0/24 maxlen: 24
                          5.153.173.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 04:29:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:9f:6f:4f:40:8a:fc:ec:57:c4:b3:c6:37:4f:8d:e2:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=015b6d1596ac0501a71a393447051a62ff1dda16
        Validity
            Not Before: Jun  9 09:14:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b1041ff12addecefea4d815cb2b78c1b925e12a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:ff:6a:d8:ad:9d:bc:89:47:31:60:0c:ff:b6:
                    69:59:a9:4b:71:07:d6:47:4b:13:b1:bf:a5:56:a5:
                    45:35:b3:4c:39:ba:78:99:d3:61:9e:22:6b:80:44:
                    27:70:f4:2c:62:f4:1e:67:fd:bf:41:bf:16:ce:b2:
                    b2:a6:eb:06:73:fc:a4:29:25:89:89:59:aa:08:f8:
                    ec:e7:eb:e6:af:65:bc:34:d4:58:54:73:78:96:df:
                    02:45:71:7e:38:8a:47:1d:fd:d9:47:83:60:f2:68:
                    ec:e5:3f:16:83:59:eb:cd:fd:09:ce:0f:3b:4e:87:
                    df:7a:7f:ea:1c:ff:3c:93:2d:b1:e4:5d:c1:c0:4b:
                    9d:3c:d6:7f:66:2e:32:36:43:c2:e3:de:66:7a:d1:
                    41:b6:fd:72:d7:17:22:eb:bb:1f:70:d8:97:34:86:
                    00:b1:ed:8b:93:55:2a:34:6d:7e:12:c9:08:dd:47:
                    a6:63:d0:26:69:05:b3:70:63:82:00:4d:58:16:e0:
                    b6:d1:5e:c6:1f:81:e3:27:8d:3d:9f:be:81:87:7a:
                    0f:ba:28:79:77:a1:5a:0b:b7:c8:10:1e:3d:b8:1d:
                    01:ea:21:68:bb:7e:a9:f3:e4:20:13:65:68:f3:ff:
                    fc:00:19:c0:ef:39:73:5c:a6:9b:73:b1:bf:59:89:
                    5b:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:04:1F:F1:2A:DD:EC:EF:EA:4D:81:5C:B2:B7:8C:1B:92:5E:12:A8
            X509v3 Authority Key Identifier:
                keyid:01:5B:6D:15:96:AC:05:01:A7:1A:39:34:47:05:1A:62:FF:1D:DA:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AVttFZasBQGnGjk0RwUaYv8d2hY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/sQQf8Srd7O_qTYFcsreMG5JeEqg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/AVttFZasBQGnGjk0RwUaYv8d2hY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.112.0/22
                  5.153.128.0-5.153.171.255
                  5.153.173.0-5.153.174.255
                  92.242.96.0/19
                  195.184.192.0/19

    Signature Algorithm: sha256WithRSAEncryption
         71:6b:3d:bb:76:04:fc:ea:67:5f:3c:32:4e:c7:05:fb:3c:f3:
         e7:24:fc:6f:ae:52:83:9b:55:7a:bc:1a:ca:9b:3b:9c:bb:d1:
         87:be:7f:36:32:31:8f:fa:8d:82:ba:e1:c5:ef:37:38:8d:9f:
         a7:9a:13:b4:47:3e:84:16:e7:9e:bd:37:82:6d:42:84:62:b4:
         d3:15:2e:c8:51:7d:96:5f:b7:8c:4b:85:b8:a1:b2:15:d2:b7:
         38:c3:8f:23:62:82:24:13:06:46:98:f8:79:30:da:5e:58:93:
         dd:17:ff:1f:b8:b3:28:e4:b7:8d:2e:e7:47:f9:51:8b:21:96:
         69:37:0e:4e:da:a4:e4:8d:0f:87:0d:44:a2:01:8c:b2:38:d1:
         14:84:39:6b:12:26:73:7e:f1:75:75:13:1b:6e:ef:56:d9:5e:
         a7:b9:f6:b5:13:82:d3:db:b6:d4:88:a6:b2:b0:22:d1:4c:66:
         2c:25:9b:35:86:82:75:b8:bf:e2:21:e0:d0:af:08:3f:15:a0:
         b7:db:56:de:57:f9:55:ac:b0:b9:13:23:3d:7b:fb:7f:61:45:
         37:f9:a5:14:4e:e9:21:98:2e:2f:43:f5:58:94:a8:53:d1:3f:
         0d:9f:ec:54:e2:b6:d5:75:ba:fc:3c:be:bf:d5:c1:15:29:31:
         54:ed:c6:1f
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAYifb09AivzsV8SzxjdPjeKrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxNWI2ZDE1OTZhYzA1MDFhNzFhMzkzNDQ3MDUxYTYyZmYx
ZGRhMTYwHhcNMjMwNjA5MDkxNDEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTA0MWZmMTJhZGRlY2VmZWE0ZDgxNWNiMmI3OGMxYjkyNWUxMmE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjP9q2K2dvIlHMWAM/7ZpWalLcQfW
R0sTsb+lVqVFNbNMObp4mdNhniJrgEQncPQsYvQeZ/2/Qb8WzrKypusGc/ykKSWJ
iVmqCPjs5+vmr2W8NNRYVHN4lt8CRXF+OIpHHf3ZR4Ng8mjs5T8Wg1nrzf0Jzg87
Toffen/qHP88ky2x5F3BwEudPNZ/Zi4yNkPC495metFBtv1y1xci67sfcNiXNIYA
se2Lk1UqNG1+EskI3UemY9AmaQWzcGOCAE1YFuC20V7GH4HjJ409n76Bh3oPuih5
d6FaC7fIEB49uB0B6iFou36p8+QgE2Vo8//8ABnA7zlzXKabc7G/WYlb2wIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFLEEH/Eq3ezv6k2BXLK3jBuSXhKoMB8GA1UdIwQY
MBaAFAFbbRWWrAUBpxo5NEcFGmL/HdoWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVZ0dEZaYXNCUUduR2prMFJ3VWFZdjhkMmhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC81MmE4OGYtZTlhMi00ODUxLTkxNDgt
ZmVlOGYzNzkwNTY3LzEvc1FRZjhTcmQ3T19xVFlGY3NyZU1HNUplRXFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC81MmE4OGYtZTlhMi00ODUxLTkxNDgtZmVlOGYzNzkwNTY3
LzEvQVZ0dEZaYXNCUUduR2prMFJ3VWFZdjhkMmhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAATAuAwQCAjlwMAwD
BAcFmYADBAIFmagwDAMEAAWZrQMEAAWZrgMEBVzyYAMEBcO4wDANBgkqhkiG9w0B
AQsFAAOCAQEAcWs9u3YE/OpnXzwyTscF+zzz5yT8b65Sg5tVerwayps7nLvRh75/
NjIxj/qNgrrhxe83OI2fp5oTtEc+hBbnnr03gm1ChGK00xUuyFF9ll+3jEuFuKGy
FdK3OMOPI2KCJBMGRpj4eTDaXliT3Rf/H7izKOS3jS7nR/lRiyGWaTcOTtqk5I0P
hw1EogGMsjjRFIQ5axImc37xdXUTG27vVtlep7n2tROC09u21IimsrAi0UxmLCWb
NYaCdbi/4iHg0K8IPxWgt9tW3lf5VaywuRMjPXv7f2FFN/mlFE7pIZguL0P1WJSo
U9E/DZ/sVOK21XW6/Dy+v9XBFSkxVO3GHw==
-----END CERTIFICATE-----