Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/EKoqC2gB9XT1PoV0L0Xvt-Eskp8.roa
File:                     EKoqC2gB9XT1PoV0L0Xvt-Eskp8.roa (raw, json)
Hash identifier:          Z1sC+lUgzvX97vovRQUNm/J44R4Fd3h1DUWx9m7V89k=
Subject key identifier:   10:AA:2A:0B:68:01:F5:74:F5:3E:85:74:2F:45:EF:B7:E1:2C:92:9F
Certificate issuer:       /CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Certificate serial:       018FE01C632F1FF46D7D34EBF72302CDBFE0
Authority key identifier: D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/EKoqC2gB9XT1PoV0L0Xvt-Eskp8.roa
Signing time:             Mon 03 Jun 2024 21:58:27 +0000
ROA not before:           Mon 03 Jun 2024 21:58:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        62.164.224.0/20 maxlen: 20
                          66.9.96.0/20 maxlen: 24
                          77.223.192.0/21 maxlen: 24
                          77.223.200.0/23 maxlen: 24
                          79.139.64.0/23 maxlen: 24
                          83.142.200.0/21 maxlen: 24
                          93.119.184.0/21 maxlen: 24
                          94.101.103.0/24 maxlen: 24
                          95.178.8.0/21 maxlen: 24
                          116.50.16.0/21 maxlen: 24
                          121.127.56.0/21 maxlen: 24
                          176.222.48.0/22 maxlen: 24
                          192.200.192.0/19 maxlen: 24
                          198.145.112.0/22 maxlen: 24
                          212.32.96.0/20 maxlen: 24
Validation:               Failed, certificate revoked on Mon 10 Jun 2024 07:22:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:e0:1c:63:2f:1f:f4:6d:7d:34:eb:f7:23:02:cd:bf:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
        Validity
            Not Before: Jun  3 21:58:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=10aa2a0b6801f574f53e85742f45efb7e12c929f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:53:e3:f7:18:d3:32:3c:ed:34:64:e0:d2:f5:
                    81:ef:85:c0:cf:9c:63:7f:9c:e0:5a:11:a6:3d:c2:
                    a1:cb:6d:08:51:a1:c5:18:25:ea:26:9a:5c:2f:b8:
                    c6:f8:3b:18:3b:f3:57:69:0a:43:f1:59:3c:57:f1:
                    5e:fa:a7:0e:f7:89:88:85:ab:13:86:03:4f:94:64:
                    44:33:48:e0:9d:cf:81:55:97:b3:23:35:8c:12:af:
                    9d:79:70:93:88:3b:04:4d:46:bd:81:50:a0:be:9d:
                    15:8a:fc:bf:f0:16:5d:9f:07:61:d6:53:30:dc:1a:
                    66:e8:83:c3:c7:44:22:fe:15:00:7c:4e:b7:9a:5e:
                    ab:8c:c7:aa:ba:aa:84:e0:fe:c5:1c:dc:6b:a4:fb:
                    d1:8e:82:f9:2b:3a:64:da:6d:09:9c:4b:e9:33:69:
                    9f:79:a1:37:50:b8:7f:21:e9:33:26:3c:22:e4:b3:
                    3f:52:bd:ca:e5:47:05:52:6e:19:b9:a7:f7:9e:44:
                    a1:5a:48:c2:8a:81:82:70:2f:bb:fc:d7:07:e1:39:
                    5b:b0:ae:17:1d:f0:f0:19:43:dd:a7:3a:01:0d:23:
                    6b:c0:8a:54:0f:02:f5:57:13:4c:ed:c1:91:34:ba:
                    27:03:55:e6:e3:15:f0:21:15:2c:7a:03:f6:f6:00:
                    c3:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:AA:2A:0B:68:01:F5:74:F5:3E:85:74:2F:45:EF:B7:E1:2C:92:9F
            X509v3 Authority Key Identifier:
                keyid:D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/EKoqC2gB9XT1PoV0L0Xvt-Eskp8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.164.224.0/20
                  66.9.96.0/20
                  77.223.192.0-77.223.201.255
                  79.139.64.0/23
                  83.142.200.0/21
                  93.119.184.0/21
                  94.101.103.0/24
                  95.178.8.0/21
                  116.50.16.0/21
                  121.127.56.0/21
                  176.222.48.0/22
                  192.200.192.0/19
                  198.145.112.0/22
                  212.32.96.0/20

    Signature Algorithm: sha256WithRSAEncryption
         45:79:ec:ba:3f:bb:8e:06:b1:7b:13:66:6b:4e:d7:ac:20:30:
         e7:de:5c:03:0b:3c:fe:97:41:77:04:bf:53:62:10:76:cd:f1:
         21:63:c8:24:90:9d:15:21:11:79:af:5b:69:8e:a2:2b:18:39:
         fe:b7:80:5e:30:6a:80:74:87:ac:d1:a6:46:90:6b:f4:d9:28:
         68:39:77:05:df:9f:00:51:95:78:39:e1:86:8f:4a:f5:ce:78:
         41:a5:32:67:67:93:87:f8:47:02:a0:73:32:f8:3d:c9:70:aa:
         07:cf:a3:1f:82:83:af:be:e7:1e:e8:bf:e5:37:8e:fe:e1:c3:
         5e:39:d2:b9:65:3d:fb:ec:b2:64:96:e9:59:2c:e1:4d:78:9e:
         95:dd:be:8f:80:4c:66:82:ad:ed:3d:7a:76:81:48:b6:20:3d:
         bc:79:85:b5:2c:dd:e2:e5:60:e0:78:58:2d:27:57:a4:0c:1e:
         97:21:2d:63:62:9c:3d:62:eb:57:90:f7:0a:4f:8f:d7:2f:0f:
         be:3d:c0:54:94:20:39:b8:ee:55:7f:f1:33:1a:4a:70:e3:27:
         6a:b7:36:68:9d:4e:13:b4:c7:00:37:ad:0b:e8:d6:25:1c:65:
         3d:18:89:37:a2:61:a5:ea:4e:c2:28:11:1c:7a:56:0b:d2:8c:
         f3:a5:d7:cd
-----BEGIN CERTIFICATE-----
MIIFUzCCBDugAwIBAgISAY/gHGMvH/RtfTTr9yMCzb/gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OGEyN2Y0NGIxMDQwNGM1MmY2ZmZjNGUwOGRjODJiZjhi
NWRlZTQwHhcNMjQwNjAzMjE1ODI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMGFhMmEwYjY4MDFmNTc0ZjUzZTg1NzQyZjQ1ZWZiN2UxMmM5MjlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyFPj9xjTMjztNGTg0vWB74XAz5xj
f5zgWhGmPcKhy20IUaHFGCXqJppcL7jG+DsYO/NXaQpD8Vk8V/Fe+qcO94mIhasT
hgNPlGREM0jgnc+BVZezIzWMEq+deXCTiDsETUa9gVCgvp0Vivy/8BZdnwdh1lMw
3Bpm6IPDx0Qi/hUAfE63ml6rjMequqqE4P7FHNxrpPvRjoL5Kzpk2m0JnEvpM2mf
eaE3ULh/IekzJjwi5LM/Ur3K5UcFUm4Zuaf3nkShWkjCioGCcC+7/NcH4TlbsK4X
HfDwGUPdpzoBDSNrwIpUDwL1VxNM7cGRNLonA1Xm4xXwIRUsegP29gDDoQIDAQAB
o4ICXzCCAlswHQYDVR0OBBYEFBCqKgtoAfV09T6FdC9F77fhLJKfMB8GA1UdIwQY
MBaAFNSKJ/RLEEBMUvb/xOCNyCv4td7kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYt
NTlmNTk4NGI2NGVhLzEvRUtvcUMyZ0I5WFQxUG9WMEwwWHZ0LUVza3A4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYtNTlmNTk4NGI2NGVh
LzEvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHUGCCsGAQUFBwEHAQH/BGYwZDBiBAIAATBcAwQEPqTgAwQE
QglgMAwDBAZN38ADBAFN38gDBAFPi0ADBANTjsgDBANdd7gDBABeZWcDBANfsggD
BAN0MhADBAN5fzgDBAKw3jADBAXAyMADBALGkXADBATUIGAwDQYJKoZIhvcNAQEL
BQADggEBAEV57Lo/u44GsXsTZmtO16wgMOfeXAMLPP6XQXcEv1NiEHbN8SFjyCSQ
nRUhEXmvW2mOoisYOf63gF4waoB0h6zRpkaQa/TZKGg5dwXfnwBRlXg54YaPSvXO
eEGlMmdnk4f4RwKgczL4PclwqgfPox+Cg6++5x7ov+U3jv7hw1450rllPfvssmSW
6Vks4U14npXdvo+ATGaCre09enaBSLYgPbx5hbUs3eLlYOB4WC0nV6QMHpchLWNi
nD1i61eQ9wpPj9cvD749wFSUIDm47lV/8TMaSnDjJ2q3NmidThO0xwA3rQvo1iUc
ZT0YiTeiYaXqTsIoERx6VgvSjPOl180=
-----END CERTIFICATE-----