Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/yyasZBlcWTJ-AQw2wvf5KOtpfa0.roa
File:                     yyasZBlcWTJ-AQw2wvf5KOtpfa0.roa (raw, json)
Hash identifier:          VvPIrB+7vJGNga7N/Efyfbv3ChVc8PXrWk+vAATKXQ4=
Subject key identifier:   CB:26:AC:64:19:5C:59:32:7E:01:0C:36:C2:F7:F9:28:EB:69:7D:AD
Certificate issuer:       /CN=015b6d1596ac0501a71a393447051a62ff1dda16
Certificate serial:       018B1F52B4EA5FEED5FC6E7958AFE5F767D9
Authority key identifier: 01:5B:6D:15:96:AC:05:01:A7:1A:39:34:47:05:1A:62:FF:1D:DA:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AVttFZasBQGnGjk0RwUaYv8d2hY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/yyasZBlcWTJ-AQw2wvf5KOtpfa0.roa
Signing time:             Wed 11 Oct 2023 15:19:55 +0000
ROA not before:           Wed 11 Oct 2023 15:19:55 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     47626
IP address blocks:        193.7.216.0/22 maxlen: 22
                          5.180.240.0/22 maxlen: 22
                          176.96.190.0/23 maxlen: 24
                          176.96.189.0/24 maxlen: 24
                          128.0.94.0/24 maxlen: 24
                          128.0.92.0/24 maxlen: 24
                          78.24.100.0/22 maxlen: 22
                          213.241.199.0/24 maxlen: 24
                          91.208.35.0/24 maxlen: 24
                          91.222.120.0/22 maxlen: 24
                          188.93.64.0/22 maxlen: 22
                          2a05:9c00::/29 maxlen: 29

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 04:29:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:1f:52:b4:ea:5f:ee:d5:fc:6e:79:58:af:e5:f7:67:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=015b6d1596ac0501a71a393447051a62ff1dda16
        Validity
            Not Before: Oct 11 15:19:55 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=cb26ac64195c59327e010c36c2f7f928eb697dad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:0a:89:8f:fd:02:b1:b1:3d:96:09:24:d0:46:
                    40:93:bc:ce:45:57:fa:c0:69:cf:3d:8c:4b:c1:d4:
                    6f:ca:e5:5d:9c:35:0b:6d:7f:57:34:07:66:f7:88:
                    82:e9:4c:a1:9b:6c:93:52:15:b3:1f:3c:77:3f:4e:
                    9a:bb:82:59:52:e6:f8:b9:40:50:14:36:54:11:ff:
                    a0:64:f4:e1:c0:f9:0f:2b:ec:4c:a9:43:7c:5e:ac:
                    41:f5:6a:00:92:ae:55:5f:fb:76:d3:c6:86:63:62:
                    52:c0:97:c0:41:81:a0:73:e9:1a:ba:97:d2:f1:e1:
                    a4:26:9b:64:8f:99:84:34:70:ce:23:48:b7:14:69:
                    be:e0:42:79:25:e0:8c:ad:af:90:94:ea:4e:ba:3c:
                    ae:13:c7:d6:0c:df:67:0d:48:9b:06:20:b6:fa:a3:
                    db:6a:57:73:9f:a1:70:ca:9f:33:ab:77:f9:2b:a0:
                    9e:7e:d9:9a:21:b3:5f:eb:c2:83:ff:23:b0:eb:93:
                    77:6a:19:7d:47:b7:ce:62:cd:70:3f:13:ce:dd:29:
                    0d:bb:3a:8a:d4:50:2e:82:83:16:33:75:f7:86:51:
                    3d:61:d7:88:7e:fb:b2:ed:a7:2e:b3:2a:f1:67:44:
                    85:67:03:f5:68:aa:0f:c7:01:95:84:e7:bf:3d:33:
                    fe:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:26:AC:64:19:5C:59:32:7E:01:0C:36:C2:F7:F9:28:EB:69:7D:AD
            X509v3 Authority Key Identifier:
                keyid:01:5B:6D:15:96:AC:05:01:A7:1A:39:34:47:05:1A:62:FF:1D:DA:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AVttFZasBQGnGjk0RwUaYv8d2hY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/yyasZBlcWTJ-AQw2wvf5KOtpfa0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/AVttFZasBQGnGjk0RwUaYv8d2hY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.240.0/22
                  78.24.100.0/22
                  91.208.35.0/24
                  91.222.120.0/22
                  128.0.92.0/24
                  128.0.94.0/24
                  176.96.189.0-176.96.191.255
                  188.93.64.0/22
                  193.7.216.0/22
                  213.241.199.0/24
                IPv6:
                  2a05:9c00::/29

    Signature Algorithm: sha256WithRSAEncryption
         8e:4a:64:68:b1:6a:cd:63:66:2b:65:6c:19:26:b7:8c:6b:1b:
         64:13:64:2a:9e:72:41:da:94:c0:72:1a:e8:bb:c9:bf:46:de:
         d9:e0:e8:c1:e4:be:4f:51:d8:93:0d:42:90:cc:75:e7:8c:73:
         4d:7c:42:af:ea:36:69:4d:05:ed:f2:75:b3:24:0b:e8:89:cf:
         06:ff:89:ef:a7:f9:f6:4b:9a:54:fd:77:8d:00:ab:9b:de:b3:
         c6:43:72:8a:fb:c3:e3:c5:42:d4:c3:9b:0f:b8:38:9f:fe:60:
         09:f4:f6:8c:46:97:2d:e1:4c:3c:2c:a8:26:32:dc:79:e2:9a:
         92:68:46:35:6b:05:1c:d4:a1:d3:e3:36:6a:d1:bc:20:17:dd:
         ba:9b:ec:5d:73:37:50:0e:8a:cb:8f:e6:80:08:e8:ba:9d:18:
         7b:e1:c2:6a:9f:e5:c9:c9:3b:0d:70:c3:b4:7a:0c:b1:d0:28:
         69:0c:7c:f3:ec:ad:20:91:5c:db:11:45:ba:ad:5e:79:c4:db:
         5c:a0:74:27:51:29:e0:ff:b9:2b:c5:66:a7:85:e3:c5:9b:5a:
         d6:20:ce:67:f7:c3:2e:59:36:26:c4:bc:7d:8c:ff:ba:4a:ba:
         ea:98:f5:59:d3:f5:f7:6d:bd:67:2a:e6:b1:1d:4e:b6:fc:50:
         cb:c6:35:1a
-----BEGIN CERTIFICATE-----
MIIFSjCCBDKgAwIBAgISAYsfUrTqX+7V/G55WK/l92fZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxNWI2ZDE1OTZhYzA1MDFhNzFhMzkzNDQ3MDUxYTYyZmYx
ZGRhMTYwHhcNMjMxMDExMTUxOTU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjI2YWM2NDE5NWM1OTMyN2UwMTBjMzZjMmY3ZjkyOGViNjk3ZGFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoQqJj/0CsbE9lgkk0EZAk7zORVf6
wGnPPYxLwdRvyuVdnDULbX9XNAdm94iC6Uyhm2yTUhWzHzx3P06au4JZUub4uUBQ
FDZUEf+gZPThwPkPK+xMqUN8XqxB9WoAkq5VX/t208aGY2JSwJfAQYGgc+kaupfS
8eGkJptkj5mENHDOI0i3FGm+4EJ5JeCMra+QlOpOujyuE8fWDN9nDUibBiC2+qPb
aldzn6Fwyp8zq3f5K6CeftmaIbNf68KD/yOw65N3ahl9R7fOYs1wPxPO3SkNuzqK
1FAugoMWM3X3hlE9YdeIfvuy7acusyrxZ0SFZwP1aKoPxwGVhOe/PTP+vQIDAQAB
o4ICVjCCAlIwHQYDVR0OBBYEFMsmrGQZXFkyfgEMNsL3+SjraX2tMB8GA1UdIwQY
MBaAFAFbbRWWrAUBpxo5NEcFGmL/HdoWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVZ0dEZaYXNCUUduR2prMFJ3VWFZdjhkMmhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC81MmE4OGYtZTlhMi00ODUxLTkxNDgt
ZmVlOGYzNzkwNTY3LzEveXlhc1pCbGNXVEotQVF3Mnd2ZjVLT3RwZmEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC81MmE4OGYtZTlhMi00ODUxLTkxNDgtZmVlOGYzNzkwNTY3
LzEvQVZ0dEZaYXNCUUduR2prMFJ3VWFZdjhkMmhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGwGCCsGAQUFBwEHAQH/BF0wWzBKBAIAATBEAwQCBbTwAwQC
ThhkAwQAW9AjAwQCW954AwQAgABcAwQAgABeMAwDBACwYL0DBAawYIADBAK8XUAD
BALBB9gDBADV8ccwDQQCAAIwBwMFAyoFnAAwDQYJKoZIhvcNAQELBQADggEBAI5K
ZGixas1jZitlbBkmt4xrG2QTZCqeckHalMByGui7yb9G3tng6MHkvk9R2JMNQpDM
deeMc018Qq/qNmlNBe3ydbMkC+iJzwb/ie+n+fZLmlT9d40Aq5ves8ZDcor7w+PF
QtTDmw+4OJ/+YAn09oxGly3hTDwsqCYy3HnimpJoRjVrBRzUodPjNmrRvCAX3bqb
7F1zN1AOisuP5oAI6LqdGHvhwmqf5cnJOw1ww7R6DLHQKGkMfPPsrSCRXNsRRbqt
XnnE21ygdCdRKeD/uSvFZqeF48WbWtYgzmf3wy5ZNibEvH2M/7pKuuqY9VnT9fdt
vWcq5rEdTrb8UMvGNRo=
-----END CERTIFICATE-----