Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/JhzY6s2TmQ2AS4xsS7O3Gltz0Ao.roa
File:                     JhzY6s2TmQ2AS4xsS7O3Gltz0Ao.roa (raw, json)
Hash identifier:          bWwdIG0H0ypoen1Nnw628vKbblZivj+u9z8eZrx7/Io=
Subject key identifier:   26:1C:D8:EA:CD:93:99:0D:80:4B:8C:6C:4B:B3:B7:1A:5B:73:D0:0A
Certificate issuer:       /CN=67b5b02dc401666ee045ab90cc88817fe09d706a
Certificate serial:       018AB6B82A57473729B4290530CB91D593E8
Authority key identifier: 67:B5:B0:2D:C4:01:66:6E:E0:45:AB:90:CC:88:81:7F:E0:9D:70:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/JhzY6s2TmQ2AS4xsS7O3Gltz0Ao.roa
Signing time:             Thu 21 Sep 2023 07:50:37 +0000
ROA not before:           Thu 21 Sep 2023 07:50:37 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2914
IP address blocks:        163.171.254.0/24 maxlen: 24
                          163.171.77.0/24 maxlen: 24
                          163.171.90.0/24 maxlen: 24
                          163.171.91.0/24 maxlen: 24
                          185.27.228.0/24 maxlen: 24
                          163.171.246.0/24 maxlen: 24
                          163.171.253.0/24 maxlen: 24
                          163.171.251.0/24 maxlen: 24
                          163.171.247.0/24 maxlen: 24
                          148.253.239.0/24 maxlen: 24
                          148.253.240.0/24 maxlen: 24
                          148.253.242.0/24 maxlen: 24
                          148.253.243.0/24 maxlen: 24
                          148.253.241.0/24 maxlen: 24
                          148.253.249.0/24 maxlen: 24
                          148.253.250.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 15 Nov 2023 07:43:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:b6:b8:2a:57:47:37:29:b4:29:05:30:cb:91:d5:93:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67b5b02dc401666ee045ab90cc88817fe09d706a
        Validity
            Not Before: Sep 21 07:50:37 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=261cd8eacd93990d804b8c6c4bb3b71a5b73d00a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:62:78:c9:72:aa:e6:a2:71:9e:45:c4:3e:ab:
                    9c:bb:70:26:b7:74:8e:f9:c5:7a:dc:ca:8a:c3:2e:
                    5f:1f:d4:fe:d8:12:9f:0f:40:31:a8:73:c1:29:cd:
                    7c:4f:3e:31:34:af:b8:0e:f3:a5:70:b0:d9:b9:07:
                    04:3a:a7:5a:b3:f7:39:fd:a1:cf:f5:a4:35:3a:88:
                    ce:86:97:18:68:6a:65:d5:85:47:e3:fc:31:60:b5:
                    38:93:71:64:4e:19:93:c8:10:97:c8:e4:c1:bf:af:
                    5b:37:98:34:2b:c3:9a:09:80:3d:86:80:36:77:b2:
                    e4:79:c1:74:28:c0:24:86:cd:2c:10:f1:3d:22:2f:
                    de:75:04:85:9b:0e:a3:28:69:7b:53:4c:fa:29:f9:
                    7e:6b:b6:14:3d:fa:24:5d:b9:35:4d:cb:a7:93:5e:
                    0a:e6:f3:83:48:23:f0:54:7a:b3:5d:bb:30:11:88:
                    cd:47:51:a2:56:c7:e7:64:99:09:6a:2d:50:f3:1a:
                    71:22:4e:56:01:9b:9c:85:47:15:63:92:fb:c7:5a:
                    07:cb:f8:7e:c2:4b:95:b9:10:24:45:56:6b:f2:ba:
                    89:36:d0:98:c8:34:65:71:4d:84:d5:93:ba:9f:f5:
                    fb:00:3a:4e:aa:4c:ae:9e:e3:26:20:4f:03:5f:3c:
                    38:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:1C:D8:EA:CD:93:99:0D:80:4B:8C:6C:4B:B3:B7:1A:5B:73:D0:0A
            X509v3 Authority Key Identifier:
                keyid:67:B5:B0:2D:C4:01:66:6E:E0:45:AB:90:CC:88:81:7F:E0:9D:70:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/JhzY6s2TmQ2AS4xsS7O3Gltz0Ao.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Z7WwLcQBZm7gRauQzIiBf-CdcGo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  148.253.239.0-148.253.243.255
                  148.253.249.0-148.253.250.255
                  163.171.77.0/24
                  163.171.90.0/23
                  163.171.246.0/23
                  163.171.251.0/24
                  163.171.253.0-163.171.254.255
                  185.27.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:43:0e:4b:eb:03:7c:c4:17:f9:70:6e:a2:f9:a5:74:36:61:
         72:5b:c1:ff:d5:88:ea:eb:47:ec:38:60:56:80:96:3f:bd:37:
         1f:10:d2:9b:f8:7b:d7:e1:cc:99:3b:57:e2:83:d8:06:05:71:
         ed:67:48:39:10:b9:31:88:ff:8b:21:fe:d4:7e:63:ca:9c:8f:
         e0:35:5a:0f:e0:d7:94:18:8f:62:24:72:3e:31:97:1b:94:22:
         b8:3c:c7:25:a4:7b:8c:3e:b7:95:9e:89:b4:83:3e:8f:49:79:
         38:a6:11:fe:6f:ac:99:9d:87:8d:a6:ce:32:dc:62:c9:44:e0:
         e9:ed:02:c5:cc:88:bd:e0:05:f5:18:33:c9:44:f2:8a:6e:d3:
         0d:e8:79:21:1a:67:13:9e:04:4f:81:5e:a9:d1:96:ad:cb:32:
         e5:f2:9c:70:4a:29:6c:fd:f9:88:0b:49:51:46:b2:4c:e3:e1:
         68:e8:94:7f:67:5c:1d:1d:9d:9c:13:92:aa:65:96:1f:6e:98:
         10:32:d5:e9:3f:c0:dd:7f:e4:3d:ef:a0:37:a0:5b:bb:fb:6a:
         dd:0f:c0:a2:fd:ed:1a:4b:cc:96:1f:78:3f:0f:97:48:29:de:
         ea:ef:75:32:ef:59:3d:99:e6:fa:25:4e:c2:86:12:57:5d:a4:
         14:b4:7d:cd
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYq2uCpXRzcptCkFMMuR1ZPoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3YjViMDJkYzQwMTY2NmVlMDQ1YWI5MGNjODg4MTdmZTA5
ZDcwNmEwHhcNMjMwOTIxMDc1MDM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjFjZDhlYWNkOTM5OTBkODA0YjhjNmM0YmIzYjcxYTViNzNkMDBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGJ4yXKq5qJxnkXEPqucu3Amt3SO
+cV63MqKwy5fH9T+2BKfD0AxqHPBKc18Tz4xNK+4DvOlcLDZuQcEOqdas/c5/aHP
9aQ1OojOhpcYaGpl1YVH4/wxYLU4k3FkThmTyBCXyOTBv69bN5g0K8OaCYA9hoA2
d7LkecF0KMAkhs0sEPE9Ii/edQSFmw6jKGl7U0z6Kfl+a7YUPfokXbk1Tcunk14K
5vODSCPwVHqzXbswEYjNR1GiVsfnZJkJai1Q8xpxIk5WAZuchUcVY5L7x1oHy/h+
wkuVuRAkRVZr8rqJNtCYyDRlcU2E1ZO6n/X7ADpOqkyunuMmIE8DXzw4HQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFCYc2OrNk5kNgEuMbEuztxpbc9AKMB8GA1UdIwQY
MBaAFGe1sC3EAWZu4EWrkMyIgX/gnXBqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjdXd0xjUUJabTdnUmF1UXpJaUJmLUNkY0dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82NGEzZGUtODEyYS00YWNlLTgxNGQt
YjVkODg4YWRmZDM3LzEvSmh6WTZzMlRtUTJBUzR4c1M3TzNHbHR6MEFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82NGEzZGUtODEyYS00YWNlLTgxNGQtYjVkODg4YWRmZDM3
LzEvWjdXd0xjUUJabTdnUmF1UXpJaUJmLUNkY0dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIMAwDBACU/e8D
BAKU/fAwDAMEAJT9+QMEAJT9+gMEAKOrTQMEAaOrWgMEAaOr9gMEAKOr+zAMAwQA
o6v9AwQAo6v+AwQAuRvkMA0GCSqGSIb3DQEBCwUAA4IBAQA2Qw5L6wN8xBf5cG6i
+aV0NmFyW8H/1Yjq60fsOGBWgJY/vTcfENKb+HvX4cyZO1fig9gGBXHtZ0g5ELkx
iP+LIf7UfmPKnI/gNVoP4NeUGI9iJHI+MZcblCK4PMclpHuMPreVnom0gz6PSXk4
phH+b6yZnYeNps4y3GLJRODp7QLFzIi94AX1GDPJRPKKbtMN6HkhGmcTngRPgV6p
0ZatyzLl8pxwSils/fmIC0lRRrJM4+Fo6JR/Z1wdHZ2cE5KqZZYfbpgQMtXpP8Dd
f+Q976A3oFu7+2rdD8Ci/e0aS8yWH3g/D5dIKd7q73Uy71k9meb6JU7ChhJXXaQU
tH3N
-----END CERTIFICATE-----