Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/77fe48-d1f1-449a-807d-4c19ec5b57ca/1/MHjg9Z082zuUESZN41wrtBtwv28.roa
File:                     MHjg9Z082zuUESZN41wrtBtwv28.roa (raw, json)
Hash identifier:          cI68f9d4QW1vZG1sqlrIZIWDrruzT0HSPujTuKeYK7s=
Subject key identifier:   30:78:E0:F5:9D:3C:DB:3B:94:11:26:4D:E3:5C:2B:B4:1B:70:BF:6F
Certificate issuer:       /CN=09cd218abcdf66e79500ab913cd21cf06e405d4e
Certificate serial:       01880440B53DD265D4E877B81DA087C97929
Authority key identifier: 09:CD:21:8A:BC:DF:66:E7:95:00:AB:91:3C:D2:1C:F0:6E:40:5D:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Cc0hirzfZueVAKuRPNIc8G5AXU4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/77fe48-d1f1-449a-807d-4c19ec5b57ca/1/MHjg9Z082zuUESZN41wrtBtwv28.roa
Signing time:             Wed 10 May 2023 06:02:09 +0000
ROA not before:           Wed 10 May 2023 06:02:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     41810
IP address blocks:        80.240.64.0/24 maxlen: 24
                          80.240.65.0/24 maxlen: 24
                          80.240.66.0/24 maxlen: 24
                          80.240.67.0/24 maxlen: 24
                          80.240.68.0/24 maxlen: 24
                          80.240.69.0/24 maxlen: 24
                          80.240.70.0/24 maxlen: 24
                          80.240.71.0/24 maxlen: 24
                          80.240.73.0/24 maxlen: 24
                          80.240.74.0/24 maxlen: 24
                          80.240.75.0/24 maxlen: 24
                          80.240.76.0/24 maxlen: 24
                          80.240.77.0/24 maxlen: 24
                          80.240.78.0/24 maxlen: 24
                          80.240.72.0/24 maxlen: 24
                          82.167.176.0/22 maxlen: 22
                          82.167.184.0/21 maxlen: 21
                          82.167.128.0/21 maxlen: 21
                          82.167.136.0/21 maxlen: 21

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 16:29:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:04:40:b5:3d:d2:65:d4:e8:77:b8:1d:a0:87:c9:79:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=09cd218abcdf66e79500ab913cd21cf06e405d4e
        Validity
            Not Before: May 10 06:02:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3078e0f59d3cdb3b9411264de35c2bb41b70bf6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:f9:8a:13:9d:a9:4a:b6:27:9d:2c:aa:5e:88:
                    9b:ed:9d:11:fb:ef:80:e5:2a:d4:f5:94:58:5c:37:
                    b5:e3:a5:8b:78:50:26:99:c2:90:8b:b9:55:a4:47:
                    4d:8f:b9:a3:22:f1:1f:26:e3:4e:0b:87:c9:e4:36:
                    b4:5c:71:7d:cd:7e:07:17:e5:5d:87:b5:77:c7:e6:
                    0d:c3:73:93:23:36:d2:4b:95:ee:20:d5:1f:d8:b0:
                    03:9e:e9:a0:22:06:b4:ce:42:aa:3f:81:93:f7:60:
                    8b:8c:e4:c3:9a:37:15:20:ae:bd:04:be:3a:05:a1:
                    2f:e3:35:18:5d:83:35:e6:1c:c8:f4:2f:08:4b:18:
                    9a:e2:cd:a7:95:91:90:e7:f4:4d:69:bd:75:1f:fb:
                    05:fe:3f:04:ae:b6:b7:52:4b:8d:4a:23:0b:bb:69:
                    d2:80:87:fd:01:4f:b3:b6:d0:52:ae:f3:2b:f2:71:
                    da:e4:e3:52:ab:63:ac:f4:8a:4a:59:23:b2:b7:f8:
                    00:1a:d4:02:1f:43:b2:f4:ba:b9:e0:13:46:67:e2:
                    11:82:c3:0a:f4:e9:6e:3e:a6:29:b7:40:6d:fa:76:
                    dc:f8:c1:12:bb:c2:79:b0:65:4b:44:34:49:83:69:
                    64:9a:7e:19:c5:77:47:0e:5e:95:0a:87:84:d5:79:
                    f4:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:78:E0:F5:9D:3C:DB:3B:94:11:26:4D:E3:5C:2B:B4:1B:70:BF:6F
            X509v3 Authority Key Identifier:
                keyid:09:CD:21:8A:BC:DF:66:E7:95:00:AB:91:3C:D2:1C:F0:6E:40:5D:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Cc0hirzfZueVAKuRPNIc8G5AXU4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/77fe48-d1f1-449a-807d-4c19ec5b57ca/1/MHjg9Z082zuUESZN41wrtBtwv28.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/77fe48-d1f1-449a-807d-4c19ec5b57ca/1/Cc0hirzfZueVAKuRPNIc8G5AXU4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.240.64.0-80.240.78.255
                  82.167.128.0/20
                  82.167.176.0/22
                  82.167.184.0/21

    Signature Algorithm: sha256WithRSAEncryption
         78:37:16:2d:22:25:a1:f2:a7:71:de:93:6a:c6:bd:dc:24:3d:
         69:b5:f5:e3:67:b8:12:b3:55:88:ca:e4:3c:61:09:16:c0:2d:
         2e:f5:4e:19:a5:40:a4:99:9e:59:81:8c:a3:ac:c5:6a:2e:f6:
         31:88:78:8e:20:ad:b8:83:8a:0b:65:28:4c:c4:f7:68:c5:bc:
         3b:e7:04:ab:2b:b7:8d:e0:05:5c:80:45:d5:eb:31:f5:d4:07:
         69:7e:b5:9a:bb:8f:e0:67:84:6a:66:fb:b3:18:a7:99:d7:74:
         9c:5c:60:34:9e:86:fd:b1:91:bd:f7:2d:52:8b:6d:5a:80:c7:
         f9:87:4c:dd:95:9d:83:38:35:c0:8f:aa:98:e8:11:4c:dc:bc:
         57:1b:56:a1:d3:c0:8e:08:66:c2:c0:c4:3f:59:f6:1c:77:04:
         ce:12:f8:14:e8:ad:04:98:8b:02:e4:77:6e:d6:76:78:3b:26:
         72:02:c6:55:3e:bd:98:4e:cc:4b:98:27:66:53:9e:48:e6:59:
         4a:49:82:6c:b3:cc:d5:fd:f2:b4:50:d4:06:69:db:17:25:f4:
         df:31:9e:c8:a7:64:f1:7b:b5:bb:9c:cd:fe:93:9d:3b:65:db:
         35:66:6e:12:05:aa:af:7d:6f:d1:ef:eb:da:47:da:13:19:32:
         04:ac:ee:9d
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAYgEQLU90mXU6He4HaCHyXkpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5Y2QyMThhYmNkZjY2ZTc5NTAwYWI5MTNjZDIxY2YwNmU0
MDVkNGUwHhcNMjMwNTEwMDYwMjA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDc4ZTBmNTlkM2NkYjNiOTQxMTI2NGRlMzVjMmJiNDFiNzBiZjZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1vmKE52pSrYnnSyqXoib7Z0R+++A
5SrU9ZRYXDe146WLeFAmmcKQi7lVpEdNj7mjIvEfJuNOC4fJ5Da0XHF9zX4HF+Vd
h7V3x+YNw3OTIzbSS5XuINUf2LADnumgIga0zkKqP4GT92CLjOTDmjcVIK69BL46
BaEv4zUYXYM15hzI9C8ISxia4s2nlZGQ5/RNab11H/sF/j8Erra3UkuNSiMLu2nS
gIf9AU+zttBSrvMr8nHa5ONSq2Os9IpKWSOyt/gAGtQCH0Oy9Lq54BNGZ+IRgsMK
9OluPqYpt0Bt+nbc+MESu8J5sGVLRDRJg2lkmn4ZxXdHDl6VCoeE1Xn0lQIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFDB44PWdPNs7lBEmTeNcK7QbcL9vMB8GA1UdIwQY
MBaAFAnNIYq832bnlQCrkTzSHPBuQF1OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2MwaGlyemZadWVWQUt1UlBOSWM4RzVBWFU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi83N2ZlNDgtZDFmMS00NDlhLTgwN2Qt
NGMxOWVjNWI1N2NhLzEvTUhqZzlaMDgyenVVRVNaTjQxd3J0QnR3djI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi83N2ZlNDgtZDFmMS00NDlhLTgwN2QtNGMxOWVjNWI1N2Nh
LzEvQ2MwaGlyemZadWVWQUt1UlBOSWM4RzVBWFU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgMAwDBAZQ8EAD
BABQ8E4DBARSp4ADBAJSp7ADBANSp7gwDQYJKoZIhvcNAQELBQADggEBAHg3Fi0i
JaHyp3Hek2rGvdwkPWm19eNnuBKzVYjK5DxhCRbALS71ThmlQKSZnlmBjKOsxWou
9jGIeI4grbiDigtlKEzE92jFvDvnBKsrt43gBVyARdXrMfXUB2l+tZq7j+BnhGpm
+7MYp5nXdJxcYDSehv2xkb33LVKLbVqAx/mHTN2VnYM4NcCPqpjoEUzcvFcbVqHT
wI4IZsLAxD9Z9hx3BM4S+BTorQSYiwLkd27Wdng7JnICxlU+vZhOzEuYJ2ZTnkjm
WUpJgmyzzNX98rRQ1AZp2xcl9N8xnsinZPF7tbuczf6TnTtl2zVmbhIFqq99b9Hv
69pH2hMZMgSs7p0=
-----END CERTIFICATE-----