Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/ZhxO26YvZi9wHMQoIOeR_KDsbus.roa
File:                     ZhxO26YvZi9wHMQoIOeR_KDsbus.roa (raw, json)
Hash identifier:          C5EVUJb4Y7mwlV7FdNKf4lwHTkUXhO2aaiwNS8DshD4=
Subject key identifier:   66:1C:4E:DB:A6:2F:66:2F:70:1C:C4:28:20:E7:91:FC:A0:EC:6E:EB
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       01880F2AE556815D0E69E6083B96302E7BCD
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/ZhxO26YvZi9wHMQoIOeR_KDsbus.roa
Signing time:             Fri 12 May 2023 08:54:09 +0000
ROA not before:           Fri 12 May 2023 08:54:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     3320
IP address blocks:        195.133.76.0/24 maxlen: 24
                          194.87.10.0/24 maxlen: 24
                          194.87.17.0/24 maxlen: 24
                          193.124.35.0/24 maxlen: 24
                          195.58.38.0/24 maxlen: 24
                          195.133.20.0/24 maxlen: 24
                          194.58.40.0/24 maxlen: 24
                          194.85.251.0/24 maxlen: 24
                          194.85.248.0/24 maxlen: 24
                          194.58.56.0/23 maxlen: 23
                          195.133.64.0/22 maxlen: 22
                          194.87.255.0/24 maxlen: 24
                          194.87.77.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sun 30 Jul 2023 17:15:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:0f:2a:e5:56:81:5d:0e:69:e6:08:3b:96:30:2e:7b:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: May 12 08:54:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=661c4edba62f662f701cc42820e791fca0ec6eeb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:6c:80:ee:d2:53:6b:a3:94:42:aa:63:f8:41:
                    2f:46:cd:6b:52:b7:3b:4f:00:15:2d:c7:3d:a1:0d:
                    6f:00:98:9a:67:e0:98:73:d4:29:80:a9:ef:88:ba:
                    6b:9a:eb:ef:16:1e:b6:06:2e:1f:be:6f:a0:5e:82:
                    32:8f:5b:4a:1b:c6:28:a5:9c:54:ae:21:3c:c8:3b:
                    be:84:4c:12:99:b6:dc:bc:5d:6b:63:48:bf:44:8c:
                    14:74:f0:88:a0:27:a3:67:8c:97:37:3d:34:b6:c9:
                    c3:79:c3:79:53:8f:4f:7d:b7:ac:21:d9:61:59:45:
                    67:79:3c:e6:ac:dc:88:ea:5a:2b:3c:a1:0d:0b:05:
                    55:d2:ba:6b:61:3e:3f:ba:f4:9f:74:52:a9:4b:81:
                    47:9d:49:a5:5c:19:2a:e0:47:5d:f6:6d:fd:84:bd:
                    b8:b4:03:64:a7:fc:c0:b9:a6:b2:19:47:45:da:de:
                    e2:50:8a:3e:55:59:40:2d:21:64:22:c3:f2:95:a1:
                    b6:e3:78:f7:09:5d:0d:44:e5:95:5f:c7:fc:11:e3:
                    a4:1f:36:61:0c:39:af:e4:0d:cd:67:7f:36:4e:e7:
                    97:23:10:db:a0:c6:65:a1:7d:6e:73:e2:db:fc:35:
                    26:17:b9:f1:8d:e2:eb:8e:1c:96:3b:e9:e1:06:c5:
                    91:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:1C:4E:DB:A6:2F:66:2F:70:1C:C4:28:20:E7:91:FC:A0:EC:6E:EB
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/ZhxO26YvZi9wHMQoIOeR_KDsbus.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.35.0/24
                  194.58.40.0/24
                  194.58.56.0/23
                  194.85.248.0/24
                  194.85.251.0/24
                  194.87.10.0/24
                  194.87.17.0/24
                  194.87.77.0/24
                  194.87.255.0/24
                  195.58.38.0/24
                  195.133.20.0/24
                  195.133.64.0/22
                  195.133.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:3d:e0:0a:25:9d:4b:47:c0:03:bd:4a:54:b3:dd:cc:8d:c6:
         8b:4e:65:4f:84:21:1f:5a:47:0e:07:25:a8:99:00:6a:50:83:
         be:50:ca:34:b1:9c:bf:dc:1c:da:a5:89:d4:cc:0c:c1:75:5c:
         61:08:a6:b8:79:43:5c:cf:0e:7a:ba:65:03:26:c6:85:4f:00:
         80:50:8e:e2:99:8b:16:98:fb:a1:96:60:2d:ac:b1:44:34:2c:
         1e:86:d2:a2:a6:2c:20:ed:0e:45:cd:8e:94:9e:8b:2f:46:9c:
         84:de:e2:72:ab:e5:bf:ee:a5:38:e5:70:ce:43:5f:6d:73:3b:
         02:c1:cc:06:1a:3a:fa:96:e2:74:42:60:9b:c5:33:6c:fe:7f:
         9e:f1:9c:46:7c:ee:79:c0:ea:d1:f5:4e:ce:c5:05:67:81:94:
         4d:11:70:b1:36:83:22:fa:4b:b3:d8:2a:4a:27:1d:60:16:f6:
         5b:75:fd:31:d9:12:67:ae:7d:53:15:52:f3:93:78:9c:2f:d7:
         e5:62:a8:b8:ee:c6:ed:02:db:25:25:fe:42:ea:59:38:90:6c:
         86:60:39:28:92:9b:c2:e5:35:fb:e1:08:4f:80:d8:0f:14:48:
         2b:8e:43:f9:c7:fa:11:24:52:30:60:87:af:43:20:ec:a6:87:
         ab:dd:d3:c9
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAYgPKuVWgV0OaeYIO5YwLnvNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwNTEyMDg1NDA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjFjNGVkYmE2MmY2NjJmNzAxY2M0MjgyMGU3OTFmY2EwZWM2ZWViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq2yA7tJTa6OUQqpj+EEvRs1rUrc7
TwAVLcc9oQ1vAJiaZ+CYc9QpgKnviLprmuvvFh62Bi4fvm+gXoIyj1tKG8YopZxU
riE8yDu+hEwSmbbcvF1rY0i/RIwUdPCIoCejZ4yXNz00tsnDecN5U49PfbesIdlh
WUVneTzmrNyI6lorPKENCwVV0rprYT4/uvSfdFKpS4FHnUmlXBkq4Edd9m39hL24
tANkp/zAuaayGUdF2t7iUIo+VVlALSFkIsPylaG243j3CV0NROWVX8f8EeOkHzZh
DDmv5A3NZ382TueXIxDboMZloX1uc+Lb/DUmF7nxjeLrjhyWO+nhBsWRiQIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFGYcTtumL2YvcBzEKCDnkfyg7G7rMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvWmh4TzI2WXZaaTl3SE1Rb0lPZVJfS0RzYnVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOAwQAwXwjAwQA
wjooAwQBwjo4AwQAwlX4AwQAwlX7AwQAwlcKAwQAwlcRAwQAwldNAwQAwlf/AwQA
wzomAwQAw4UUAwQCw4VAAwQAw4VMMA0GCSqGSIb3DQEBCwUAA4IBAQA3PeAKJZ1L
R8ADvUpUs93MjcaLTmVPhCEfWkcOByWomQBqUIO+UMo0sZy/3BzapYnUzAzBdVxh
CKa4eUNczw56umUDJsaFTwCAUI7imYsWmPuhlmAtrLFENCwehtKipiwg7Q5FzY6U
nosvRpyE3uJyq+W/7qU45XDOQ19tczsCwcwGGjr6luJ0QmCbxTNs/n+e8ZxGfO55
wOrR9U7OxQVngZRNEXCxNoMi+kuz2CpKJx1gFvZbdf0x2RJnrn1TFVLzk3icL9fl
Yqi47sbtAtslJf5C6lk4kGyGYDkokpvC5TX74QhPgNgPFEgrjkP5x/oRJFIwYIev
QyDspoer3dPJ
-----END CERTIFICATE-----