Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/a66f2d-ca2f-4bca-b27b-d846d106b5f7/1/OQ1OSjoKAgwgRjPH_7Sp101Zzc4.roa
File:                     OQ1OSjoKAgwgRjPH_7Sp101Zzc4.roa (raw, json)
Hash identifier:          RQcsC3uhQrMQ/cfzbnI/mB9rs5Pu0T8b2Ic3qouAmGo=
Subject key identifier:   39:0D:4E:4A:3A:0A:02:0C:20:46:33:C7:FF:B4:A9:D7:4D:59:CD:CE
Certificate issuer:       /CN=8a26f476d608625ad1fe06e52b974a9f66f0141a
Certificate serial:       0185718C2BB00BCED52C034FB79AAACA88F1
Authority key identifier: 8A:26:F4:76:D6:08:62:5A:D1:FE:06:E5:2B:97:4A:9F:66:F0:14:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iib0dtYIYlrR_gblK5dKn2bwFBo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/a66f2d-ca2f-4bca-b27b-d846d106b5f7/1/OQ1OSjoKAgwgRjPH_7Sp101Zzc4.roa
Signing time:             Mon 02 Jan 2023 08:14:49 +0000
ROA not before:           Mon 02 Jan 2023 08:14:49 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     15436
IP address blocks:        193.109.125.0/24 maxlen: 24
                          193.109.121.0/24 maxlen: 24
                          81.88.96.0/21 maxlen: 24
                          193.109.117.0/24 maxlen: 24
                          193.201.1.0/24 maxlen: 24
                          193.201.0.0/24 maxlen: 24
                          193.201.4.0/24 maxlen: 24
                          193.201.2.0/24 maxlen: 24
                          193.201.3.0/24 maxlen: 24
                          193.201.7.0/24 maxlen: 24
                          193.201.6.0/24 maxlen: 24
                          193.201.5.0/24 maxlen: 24
                          2a02:c18::/32 maxlen: 48
                          2a02:c18::/48 maxlen: 48
                          2a02:c18:2::/48 maxlen: 48
                          2a02:c18:6::/48 maxlen: 48
                          2a02:c18:1::/48 maxlen: 48
                          2a02:c18:7::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 14:35:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:8c:2b:b0:0b:ce:d5:2c:03:4f:b7:9a:aa:ca:88:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a26f476d608625ad1fe06e52b974a9f66f0141a
        Validity
            Not Before: Jan  2 08:14:49 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=390d4e4a3a0a020c204633c7ffb4a9d74d59cdce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:39:48:bb:fd:08:f6:9b:15:f4:a9:f2:b1:1d:
                    f7:47:80:65:97:90:78:68:52:dd:d0:8e:c1:08:3b:
                    d5:5c:b3:87:77:b7:e5:34:94:07:3a:a5:b0:fd:3b:
                    f6:19:00:38:08:8b:5e:b6:c9:f4:f0:4f:4e:21:11:
                    3a:47:9a:70:30:97:3b:90:e3:d4:a4:ad:18:c1:d2:
                    b1:72:64:ed:8e:2c:4b:4b:50:8e:1e:11:1c:0d:17:
                    af:71:d2:f9:3c:0d:cb:d6:4c:99:1a:fe:c4:19:82:
                    43:fc:0a:83:0c:f7:e2:aa:7c:cb:cc:cc:35:5a:4b:
                    5b:ed:6d:2e:bf:1c:24:39:da:5c:b1:ab:48:69:74:
                    ce:d6:47:21:52:77:a1:58:2a:97:89:c8:88:0b:0b:
                    39:3f:92:f2:3c:41:37:c7:20:2b:f7:91:19:3e:f8:
                    97:b5:c2:f0:ed:c6:9f:2a:b1:1b:14:2b:78:e8:ea:
                    69:f1:a7:44:d3:be:da:9d:69:f1:96:40:81:32:4c:
                    c0:2f:79:ba:14:eb:ec:95:c2:0f:1b:f9:74:77:13:
                    ee:2f:85:fc:63:f6:91:33:5a:b8:97:4b:07:60:88:
                    ff:54:ed:f6:41:02:37:d7:3c:83:4d:70:a4:eb:e7:
                    8b:cf:17:25:c9:34:e1:e2:2d:90:79:92:da:15:ca:
                    fb:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:0D:4E:4A:3A:0A:02:0C:20:46:33:C7:FF:B4:A9:D7:4D:59:CD:CE
            X509v3 Authority Key Identifier:
                keyid:8A:26:F4:76:D6:08:62:5A:D1:FE:06:E5:2B:97:4A:9F:66:F0:14:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iib0dtYIYlrR_gblK5dKn2bwFBo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/a66f2d-ca2f-4bca-b27b-d846d106b5f7/1/OQ1OSjoKAgwgRjPH_7Sp101Zzc4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/a66f2d-ca2f-4bca-b27b-d846d106b5f7/1/iib0dtYIYlrR_gblK5dKn2bwFBo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.88.96.0/21
                  193.109.117.0/24
                  193.109.121.0/24
                  193.109.125.0/24
                  193.201.0.0/21
                IPv6:
                  2a02:c18::/32

    Signature Algorithm: sha256WithRSAEncryption
         7e:27:47:0c:8e:56:44:59:89:d9:0c:3a:ab:ef:57:e6:c6:27:
         1d:31:10:15:47:9e:f3:e1:e7:f5:70:78:dc:17:0b:48:97:85:
         5f:61:e5:a5:1f:94:fd:66:a0:24:29:b1:70:e6:a6:63:06:91:
         52:eb:e7:78:9f:67:b3:78:97:b0:ff:52:4f:09:db:a5:6e:4b:
         56:b9:ab:61:2b:54:8a:a8:7d:e7:ac:df:49:5c:c0:e9:0c:fb:
         b8:74:1d:35:be:ca:38:73:02:9f:b4:c3:2c:69:ed:33:0d:f7:
         e8:a4:1e:a7:86:f6:e4:58:0c:f0:01:4d:30:17:bc:37:27:03:
         05:56:d2:da:5b:de:15:ec:10:7d:90:c2:fb:94:78:6c:24:98:
         e1:77:a6:e9:d4:0b:4d:09:87:53:e4:88:3f:38:ce:9a:07:9c:
         1b:b5:d8:b9:cd:ca:d6:18:7b:dd:53:e5:3e:7f:54:92:ef:66:
         38:aa:bd:b2:8e:9c:e1:7d:ce:14:55:c5:11:9d:43:7d:9c:37:
         74:c6:06:77:78:23:3f:f4:59:d3:8d:c2:cb:2a:af:82:46:97:
         74:06:05:66:00:15:24:f7:9b:0d:77:6d:27:e8:38:63:9c:cf:
         e3:54:6d:0e:af:6f:58:22:0f:16:b4:15:45:92:46:10:d2:e9:
         b3:a7:d2:ba
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYVxjCuwC87VLANPt5qqyojxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhMjZmNDc2ZDYwODYyNWFkMWZlMDZlNTJiOTc0YTlmNjZm
MDE0MWEwHhcNMjMwMTAyMDgxNDQ5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTBkNGU0YTNhMGEwMjBjMjA0NjMzYzdmZmI0YTlkNzRkNTljZGNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0zlIu/0I9psV9KnysR33R4Bll5B4
aFLd0I7BCDvVXLOHd7flNJQHOqWw/Tv2GQA4CItetsn08E9OIRE6R5pwMJc7kOPU
pK0YwdKxcmTtjixLS1COHhEcDRevcdL5PA3L1kyZGv7EGYJD/AqDDPfiqnzLzMw1
Wktb7W0uvxwkOdpcsatIaXTO1kchUnehWCqXiciICws5P5LyPEE3xyAr95EZPviX
tcLw7cafKrEbFCt46Opp8adE077anWnxlkCBMkzAL3m6FOvslcIPG/l0dxPuL4X8
Y/aRM1q4l0sHYIj/VO32QQI31zyDTXCk6+eLzxclyTTh4i2QeZLaFcr7IwIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFDkNTko6CgIMIEYzx/+0qddNWc3OMB8GA1UdIwQY
MBaAFIom9HbWCGJa0f4G5SuXSp9m8BQaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWliMGR0WUlZbHJSX2dibEs1ZEtuMmJ3RkJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi9hNjZmMmQtY2EyZi00YmNhLWIyN2It
ZDg0NmQxMDZiNWY3LzEvT1ExT1Nqb0tBZ3dnUmpQSF83U3AxMDFaemM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi9hNjZmMmQtY2EyZi00YmNhLWIyN2ItZDg0NmQxMDZiNWY3
LzEvaWliMGR0WUlZbHJSX2dibEs1ZEtuMmJ3RkJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQDUVhgAwQA
wW11AwQAwW15AwQAwW19AwQDwckAMA0EAgACMAcDBQAqAgwYMA0GCSqGSIb3DQEB
CwUAA4IBAQB+J0cMjlZEWYnZDDqr71fmxicdMRAVR57z4ef1cHjcFwtIl4VfYeWl
H5T9ZqAkKbFw5qZjBpFS6+d4n2ezeJew/1JPCdulbktWuathK1SKqH3nrN9JXMDp
DPu4dB01vso4cwKftMMsae0zDffopB6nhvbkWAzwAU0wF7w3JwMFVtLaW94V7BB9
kML7lHhsJJjhd6bp1AtNCYdT5Ig/OM6aB5wbtdi5zcrWGHvdU+U+f1SS72Y4qr2y
jpzhfc4UVcURnUN9nDd0xgZ3eCM/9FnTjcLLKq+CRpd0BgVmABUk95sNd20n6Dhj
nM/jVG0Or29YIg8WtBVFkkYQ0umzp9K6
-----END CERTIFICATE-----