Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/27c919-ccce-46a9-84b3-ef81fca63029/1/Y3gT8w2sh9FSuJzoBVVf1fHEhZA.roa
File:                     Y3gT8w2sh9FSuJzoBVVf1fHEhZA.roa (raw, json)
Hash identifier:          zqD2OofylkK+esNACvcb29lDzf4c2NZp7+WCNwAgCUw=
Subject key identifier:   63:78:13:F3:0D:AC:87:D1:52:B8:9C:E8:05:55:5F:D5:F1:C4:85:90
Certificate issuer:       /CN=2e5664e02936cb5b5454d595c5382b7e7a0c7944
Certificate serial:       018CC2DB60B7C30C3B24B294A797CC61D8D8
Authority key identifier: 2E:56:64:E0:29:36:CB:5B:54:54:D5:95:C5:38:2B:7E:7A:0C:79:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LlZk4Ck2y1tUVNWVxTgrfnoMeUQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/27c919-ccce-46a9-84b3-ef81fca63029/1/Y3gT8w2sh9FSuJzoBVVf1fHEhZA.roa
Signing time:             Mon 01 Jan 2024 02:30:06 +0000
ROA not before:           Mon 01 Jan 2024 02:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34674
IP address blocks:        128.140.176.0/21 maxlen: 21
                          128.140.176.0/22 maxlen: 22
                          128.140.176.0/24 maxlen: 24
                          128.140.176.0/23 maxlen: 23
                          128.140.177.0/24 maxlen: 24
                          128.140.178.0/23 maxlen: 23
                          128.140.179.0/24 maxlen: 24
                          128.140.182.0/23 maxlen: 23
                          128.140.181.0/24 maxlen: 24
                          128.140.180.0/22 maxlen: 22
                          128.140.180.0/24 maxlen: 24
                          128.140.180.0/23 maxlen: 23
                          128.140.182.0/24 maxlen: 24
                          128.140.183.0/24 maxlen: 24
                          128.140.184.0/23 maxlen: 23
                          128.140.184.0/24 maxlen: 24
                          128.140.185.0/24 maxlen: 24
                          128.140.186.0/24 maxlen: 24
                          128.140.186.0/23 maxlen: 23
                          128.140.184.0/22 maxlen: 22
                          128.140.187.0/24 maxlen: 24
                          185.184.60.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 15 Mar 2024 08:03:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:60:b7:c3:0c:3b:24:b2:94:a7:97:cc:61:d8:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e5664e02936cb5b5454d595c5382b7e7a0c7944
        Validity
            Not Before: Jan  1 02:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=637813f30dac87d152b89ce805555fd5f1c48590
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:5e:0c:77:c5:29:e5:01:4e:65:a6:5c:4c:ed:
                    03:ba:fd:0f:22:5a:0f:da:3b:9a:9a:68:ba:09:f0:
                    ad:0b:7f:45:84:f5:9d:92:09:11:5b:3a:ce:b7:59:
                    b7:39:fc:a6:f8:67:08:58:d0:ae:fa:2b:a8:ad:67:
                    2b:c8:8f:57:25:40:4e:55:45:e8:78:60:68:38:dd:
                    ab:53:3b:c9:03:f8:73:3e:8b:cc:af:15:78:c7:ca:
                    2f:f6:d0:16:e9:f9:08:10:bd:2a:3d:99:c6:9a:39:
                    0d:95:c6:73:44:63:28:0c:df:0e:d5:90:20:9b:16:
                    2e:d6:eb:77:82:b9:93:7f:fc:35:14:3e:18:54:47:
                    85:c9:d9:46:61:f6:7f:60:03:b2:d1:5c:71:ac:48:
                    7e:de:65:4f:11:f2:78:7d:b6:c9:d9:76:4a:f2:af:
                    fb:bf:de:e3:e5:35:37:98:b5:12:f3:f1:45:23:c3:
                    08:c3:cc:28:30:aa:85:9e:32:f0:1f:cd:84:34:34:
                    b4:0f:4a:f2:d2:bb:9b:96:f2:8c:11:91:5c:b7:55:
                    67:d9:71:cc:44:d1:6e:8f:8b:2d:7b:ec:57:cb:78:
                    f7:27:40:b2:08:a6:4f:91:2a:3a:ee:75:6f:77:28:
                    46:6e:56:d9:cd:de:83:81:82:f7:9b:76:d8:4c:71:
                    0c:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:78:13:F3:0D:AC:87:D1:52:B8:9C:E8:05:55:5F:D5:F1:C4:85:90
            X509v3 Authority Key Identifier:
                keyid:2E:56:64:E0:29:36:CB:5B:54:54:D5:95:C5:38:2B:7E:7A:0C:79:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LlZk4Ck2y1tUVNWVxTgrfnoMeUQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/27c919-ccce-46a9-84b3-ef81fca63029/1/Y3gT8w2sh9FSuJzoBVVf1fHEhZA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/27c919-ccce-46a9-84b3-ef81fca63029/1/LlZk4Ck2y1tUVNWVxTgrfnoMeUQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  128.140.176.0-128.140.187.255
                  185.184.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:88:2f:4e:bb:aa:75:5b:35:b7:f3:9c:01:a5:14:96:92:db:
         5d:1c:27:6e:4f:2e:1f:5e:94:82:7f:37:95:b6:cc:8b:f1:c7:
         1b:5d:8b:16:55:86:1f:0c:66:65:3d:5f:32:50:5b:81:a7:de:
         1e:61:2f:af:a8:4e:2f:a0:07:39:a2:4a:0d:ba:52:b8:22:8b:
         50:4a:76:49:16:97:6c:7e:24:79:0f:35:91:06:5f:3c:d4:d2:
         3e:8a:ea:6c:59:fc:ae:ee:9e:bd:c0:3d:52:1f:70:4c:df:8a:
         4f:a3:30:a7:41:58:fd:db:41:dd:2b:a5:b7:47:8d:ef:57:4f:
         45:9b:cc:f6:ef:c3:f3:da:56:f3:92:94:33:84:74:99:df:7c:
         f2:25:1f:19:cb:cf:a7:75:a7:6b:e3:a4:23:c5:91:3f:66:c7:
         10:53:44:18:21:e2:50:17:8b:18:7a:cc:4b:46:47:65:24:e4:
         68:aa:ca:e2:46:23:6d:d3:f3:91:60:89:bf:0d:ca:61:85:e8:
         62:c6:43:31:85:c4:b6:c9:9c:52:10:5a:14:87:23:43:0e:1a:
         fc:92:0c:a3:13:fd:c8:31:c8:11:43:43:08:e0:54:0b:02:41:
         8d:2f:8a:df:06:74:09:14:15:37:41:9e:d7:9a:95:12:44:94:
         05:9b:f5:f7
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzC22C3www7JLKUp5fMYdjYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNTY2NGUwMjkzNmNiNWI1NDU0ZDU5NWM1MzgyYjdlN2Ew
Yzc5NDQwHhcNMjQwMTAxMDIzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Mzc4MTNmMzBkYWM4N2QxNTJiODljZTgwNTU1NWZkNWYxYzQ4NTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq14Md8Up5QFOZaZcTO0Duv0PIloP
2juammi6CfCtC39FhPWdkgkRWzrOt1m3Ofym+GcIWNCu+iuorWcryI9XJUBOVUXo
eGBoON2rUzvJA/hzPovMrxV4x8ov9tAW6fkIEL0qPZnGmjkNlcZzRGMoDN8O1ZAg
mxYu1ut3grmTf/w1FD4YVEeFydlGYfZ/YAOy0VxxrEh+3mVPEfJ4fbbJ2XZK8q/7
v97j5TU3mLUS8/FFI8MIw8woMKqFnjLwH82ENDS0D0ry0rublvKMEZFct1Vn2XHM
RNFuj4ste+xXy3j3J0CyCKZPkSo67nVvdyhGblbZzd6DgYL3m3bYTHEMjwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFGN4E/MNrIfRUric6AVVX9XxxIWQMB8GA1UdIwQY
MBaAFC5WZOApNstbVFTVlcU4K356DHlEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGxaazRDazJ5MXRVVk5XVnhUZ3Jmbm9NZVVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi8yN2M5MTktY2NjZS00NmE5LTg0YjMt
ZWY4MWZjYTYzMDI5LzEvWTNnVDh3MnNoOUZTdUp6b0JWVmYxZkhFaFpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi8yN2M5MTktY2NjZS00NmE5LTg0YjMtZWY4MWZjYTYzMDI5
LzEvTGxaazRDazJ5MXRVVk5XVnhUZ3Jmbm9NZVVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBASAjLAD
BAKAjLgDBAC5uDwwDQYJKoZIhvcNAQELBQADggEBABaIL067qnVbNbfznAGlFJaS
210cJ25PLh9elIJ/N5W2zIvxxxtdixZVhh8MZmU9XzJQW4Gn3h5hL6+oTi+gBzmi
Sg26Urgii1BKdkkWl2x+JHkPNZEGXzzU0j6K6mxZ/K7unr3APVIfcEzfik+jMKdB
WP3bQd0rpbdHje9XT0WbzPbvw/PaVvOSlDOEdJnffPIlHxnLz6d1p2vjpCPFkT9m
xxBTRBgh4lAXixh6zEtGR2Uk5GiqyuJGI23T85Fgib8NymGF6GLGQzGFxLbJnFIQ
WhSHI0MOGvySDKMT/cgxyBFDQwjgVAsCQY0vit8GdAkUFTdBntealRJElAWb9fc=
-----END CERTIFICATE-----