Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/c57727-9396-4bf8-b25d-6a1e0ec71da8/1/wplwsy889I5ga1XiS0iqRkyLFpc.roa
File:                     wplwsy889I5ga1XiS0iqRkyLFpc.roa (raw, json)
Hash identifier:          xUFMIctyNV3QRORk6u98vsPhQYo8Wrprpy4wJhZdRcI=
Subject key identifier:   C2:99:70:B3:2F:3C:F4:8E:60:6B:55:E2:4B:48:AA:46:4C:8B:16:97
Certificate issuer:       /CN=d66738a8dadac2d0d3aeddb934f820066b9f5feb
Certificate serial:       01856E01FCB68E526479562654D33D8F3301
Authority key identifier: D6:67:38:A8:DA:DA:C2:D0:D3:AE:DD:B9:34:F8:20:06:6B:9F:5F:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1mc4qNrawtDTrt25NPggBmufX-s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/c57727-9396-4bf8-b25d-6a1e0ec71da8/1/wplwsy889I5ga1XiS0iqRkyLFpc.roa
Signing time:             Sun 01 Jan 2023 15:45:02 +0000
ROA not before:           Sun 01 Jan 2023 15:45:02 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     20771
IP address blocks:        88.210.192.0/18 maxlen: 18
                          37.233.128.0/17 maxlen: 17
                          80.241.244.0/22 maxlen: 22
                          80.241.252.0/24 maxlen: 24
                          185.19.96.0/22 maxlen: 22
                          185.19.96.0/23 maxlen: 23
                          185.19.98.0/23 maxlen: 23
                          80.241.184.0/24 maxlen: 24
                          212.72.130.0/24 maxlen: 24
                          85.117.32.0/19 maxlen: 19
                          85.117.32.0/20 maxlen: 20
                          85.117.48.0/20 maxlen: 20
                          134.90.0.0/17 maxlen: 17
                          89.232.0.0/19 maxlen: 19
                          78.139.128.0/18 maxlen: 18
                          176.73.0.0/16 maxlen: 16
                          2a02:23f0::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 12:29:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:01:fc:b6:8e:52:64:79:56:26:54:d3:3d:8f:33:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d66738a8dadac2d0d3aeddb934f820066b9f5feb
        Validity
            Not Before: Jan  1 15:45:02 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c29970b32f3cf48e606b55e24b48aa464c8b1697
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:ce:72:de:a9:cb:36:fa:14:16:f6:02:2c:44:
                    68:7f:fb:96:8c:0f:8a:87:a4:ed:9e:3f:f2:dc:d5:
                    8f:7b:bf:1e:e9:fd:7b:bd:0b:77:ae:2b:e3:0a:c5:
                    12:65:fc:3f:07:00:e9:15:fb:bf:eb:8b:00:0b:b1:
                    9d:2d:46:a2:79:e2:14:bc:f8:ef:72:6b:15:34:1e:
                    c9:4c:02:ab:99:4a:03:85:b4:48:9d:11:2e:b7:40:
                    71:cf:fb:b9:3a:71:bd:2b:93:7a:1b:93:58:90:bf:
                    a4:52:63:f8:56:c6:f5:b4:d6:79:bb:07:77:94:4d:
                    ce:3c:37:1e:63:96:1b:eb:eb:44:dd:68:e0:e4:43:
                    ba:af:c3:0d:5c:24:c3:fe:27:51:f9:e7:bb:d6:31:
                    7c:07:97:32:4c:50:d0:d4:1d:6e:8e:79:15:41:ed:
                    7b:b9:f0:85:1e:ea:ed:30:77:56:ab:cb:ec:4b:d3:
                    12:0f:4a:e2:09:13:4d:71:a9:1b:8f:2c:b9:d7:b0:
                    e5:72:43:6f:ab:b1:15:95:95:47:4b:6f:61:4c:07:
                    24:50:3d:43:c1:c2:9b:72:f1:ff:5a:0d:33:c9:c5:
                    fd:bb:e7:b3:1f:47:cd:97:54:ff:39:c2:17:37:35:
                    e1:85:b5:6e:43:f6:f1:9e:20:9e:10:b4:0e:5e:92:
                    1f:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:99:70:B3:2F:3C:F4:8E:60:6B:55:E2:4B:48:AA:46:4C:8B:16:97
            X509v3 Authority Key Identifier:
                keyid:D6:67:38:A8:DA:DA:C2:D0:D3:AE:DD:B9:34:F8:20:06:6B:9F:5F:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1mc4qNrawtDTrt25NPggBmufX-s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/c57727-9396-4bf8-b25d-6a1e0ec71da8/1/wplwsy889I5ga1XiS0iqRkyLFpc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/c57727-9396-4bf8-b25d-6a1e0ec71da8/1/1mc4qNrawtDTrt25NPggBmufX-s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.233.128.0/17
                  78.139.128.0/18
                  80.241.184.0/24
                  80.241.244.0/22
                  80.241.252.0/24
                  85.117.32.0/19
                  88.210.192.0/18
                  89.232.0.0/19
                  134.90.0.0/17
                  176.73.0.0/16
                  185.19.96.0/22
                  212.72.130.0/24
                IPv6:
                  2a02:23f0::/32

    Signature Algorithm: sha256WithRSAEncryption
         52:46:34:d3:b8:dd:49:65:3d:f5:d7:e5:e6:ea:d7:79:b3:2b:
         1c:2a:d0:f5:f0:75:c3:ba:0d:56:01:b7:70:9e:20:2b:93:37:
         48:fa:83:80:48:7d:43:3e:b4:a1:9d:03:6e:82:fe:08:a7:86:
         0f:b5:7d:0d:bc:ed:54:10:3d:56:66:bd:45:b4:6f:62:0a:10:
         e1:43:f0:31:9f:c2:d9:04:f9:16:85:02:3d:c6:b2:d0:55:4d:
         40:6d:49:b7:b2:20:38:e4:1e:eb:44:8b:1c:7e:2a:24:7e:06:
         0b:c9:70:78:5a:1a:e6:81:83:3a:f7:c9:c8:f9:c7:ef:e9:3b:
         06:7c:e3:ac:6c:dd:18:2e:13:ee:51:26:d9:5f:63:88:66:a6:
         7e:cf:f3:26:e3:c5:2e:08:1a:6e:a6:52:01:05:d0:87:5e:84:
         a8:83:ec:51:82:1d:14:a5:7d:e4:aa:27:62:e6:3d:54:e0:28:
         62:77:30:53:0e:65:ba:0a:93:6f:94:d1:39:fe:2f:a0:db:34:
         45:7b:3f:6a:11:88:21:80:3f:47:e5:b4:05:5b:62:03:83:ea:
         cd:29:c5:ac:81:13:d6:3f:e5:b8:b8:96:9d:53:0f:cf:f4:fc:
         ac:df:f3:c7:27:58:7f:38:1f:36:73:85:f1:0a:31:0f:3a:0b:
         77:ca:b3:84
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAYVuAfy2jlJkeVYmVNM9jzMBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2NjczOGE4ZGFkYWMyZDBkM2FlZGRiOTM0ZjgyMDA2NmI5
ZjVmZWIwHhcNMjMwMTAxMTU0NTAyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjk5NzBiMzJmM2NmNDhlNjA2YjU1ZTI0YjQ4YWE0NjRjOGIxNjk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgM5y3qnLNvoUFvYCLERof/uWjA+K
h6Ttnj/y3NWPe78e6f17vQt3rivjCsUSZfw/BwDpFfu/64sAC7GdLUaieeIUvPjv
cmsVNB7JTAKrmUoDhbRInREut0Bxz/u5OnG9K5N6G5NYkL+kUmP4Vsb1tNZ5uwd3
lE3OPDceY5Yb6+tE3Wjg5EO6r8MNXCTD/idR+ee71jF8B5cyTFDQ1B1ujnkVQe17
ufCFHurtMHdWq8vsS9MSD0riCRNNcakbjyy517DlckNvq7EVlZVHS29hTAckUD1D
wcKbcvH/Wg0zycX9u+ezH0fNl1T/OcIXNzXhhbVuQ/bxniCeELQOXpIfywIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFMKZcLMvPPSOYGtV4ktIqkZMixaXMB8GA1UdIwQY
MBaAFNZnOKja2sLQ067duTT4IAZrn1/rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMW1jNHFOcmF3dERUcnQyNU5QZ2dCbXVmWC1zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9jNTc3MjctOTM5Ni00YmY4LWIyNWQt
NmExZTBlYzcxZGE4LzEvd3Bsd3N5ODg5STVnYTFYaVMwaXFSa3lMRnBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9jNTc3MjctOTM5Ni00YmY4LWIyNWQtNmExZTBlYzcxZGE4
LzEvMW1jNHFOcmF3dERUcnQyNU5QZ2dCbXVmWC1zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBNBAIAATBHAwQHJemAAwQG
TouAAwQAUPG4AwQCUPH0AwQAUPH8AwQFVXUgAwQGWNLAAwQFWegAAwQHhloAAwMA
sEkDBAK5E2ADBADUSIIwDQQCAAIwBwMFACoCI/AwDQYJKoZIhvcNAQELBQADggEB
AFJGNNO43UllPfXX5ebq13mzKxwq0PXwdcO6DVYBt3CeICuTN0j6g4BIfUM+tKGd
A26C/ginhg+1fQ287VQQPVZmvUW0b2IKEOFD8DGfwtkE+RaFAj3GstBVTUBtSbey
IDjkHutEixx+KiR+BgvJcHhaGuaBgzr3ycj5x+/pOwZ846xs3RguE+5RJtlfY4hm
pn7P8ybjxS4IGm6mUgEF0IdehKiD7FGCHRSlfeSqJ2LmPVTgKGJ3MFMOZboKk2+U
0Tn+L6DbNEV7P2oRiCGAP0fltAVbYgOD6s0pxayBE9Y/5bi4lp1TD8/0/Kzf88cn
WH84HzZzhfEKMQ86C3fKs4Q=
-----END CERTIFICATE-----