Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/7DQTVdp3S2O_IBU5OXsWE9I5Mz4.roa
File:                     7DQTVdp3S2O_IBU5OXsWE9I5Mz4.roa (raw, json)
Hash identifier:          mSlGKgNEzCBnEO75sjO75/2NX3uFY9Glcrh9btrqbrY=
Subject key identifier:   EC:34:13:55:DA:77:4B:63:BF:20:15:39:39:7B:16:13:D2:39:33:3E
Certificate issuer:       /CN=0548cedf17029ed98a108113c6c109ecaccd82ec
Certificate serial:       01856FF97129B87609F4793D3A0EF72F46BC
Authority key identifier: 05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/7DQTVdp3S2O_IBU5OXsWE9I5Mz4.roa
Signing time:             Mon 02 Jan 2023 00:54:56 +0000
ROA not before:           Mon 02 Jan 2023 00:54:56 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     42794
IP address blocks:        88.203.213.0/24 maxlen: 24
                          88.203.210.0/23 maxlen: 23
                          88.203.208.0/23 maxlen: 23
                          88.203.212.0/24 maxlen: 24
                          88.203.214.0/24 maxlen: 24
                          88.203.215.0/24 maxlen: 24
                          88.203.232.0/24 maxlen: 24
                          88.203.233.0/24 maxlen: 24
                          212.36.17.0/24 maxlen: 24
                          82.103.112.0/24 maxlen: 24
                          92.247.125.0/24 maxlen: 24
                          92.247.124.0/22 maxlen: 22
                          92.247.120.0/22 maxlen: 22
                          92.247.124.0/24 maxlen: 24
                          92.247.128.0/23 maxlen: 23
                          92.247.126.0/24 maxlen: 24
                          92.247.127.0/24 maxlen: 24
                          2a01:288:4004::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 18:29:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:f9:71:29:b8:76:09:f4:79:3d:3a:0e:f7:2f:46:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0548cedf17029ed98a108113c6c109ecaccd82ec
        Validity
            Not Before: Jan  2 00:54:56 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ec341355da774b63bf201539397b1613d239333e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:c3:f0:db:e1:21:ad:0d:f0:f5:14:5f:45:b5:
                    17:07:0d:0e:18:41:6c:5a:ad:86:6b:c6:e6:cf:80:
                    21:3c:f6:bc:69:15:c5:f1:9b:08:79:d8:0e:32:17:
                    df:04:af:33:86:9f:68:8b:a4:ba:3a:8a:6b:46:57:
                    89:8d:56:d9:6e:bb:44:27:19:7e:26:70:1b:21:54:
                    fd:d7:62:7d:4d:a8:b3:70:7f:62:2c:33:dc:86:dc:
                    03:f6:11:a9:05:78:5d:21:17:ef:e2:3d:95:cf:2f:
                    83:42:81:e3:b7:ce:cb:e1:55:db:50:16:d6:a7:54:
                    c9:f2:7c:3a:51:40:f3:43:10:17:70:16:c0:36:1b:
                    3c:ce:64:a9:90:3d:39:0f:59:3b:b3:14:48:a6:55:
                    c9:3c:a7:4b:a4:e0:cb:a5:9f:0d:2f:ce:64:cc:0e:
                    50:51:d6:55:e9:65:89:35:94:00:88:3f:00:5a:92:
                    66:a1:9a:6a:6f:22:3b:ec:19:4f:84:a6:63:cd:ab:
                    e1:71:b5:f4:63:c9:f5:12:93:6f:ec:2d:e0:4e:86:
                    06:cc:52:48:90:3a:91:37:e1:68:1b:a4:57:45:91:
                    0e:04:66:ef:aa:c9:f7:78:59:ec:e1:3d:83:0e:77:
                    78:b7:82:b4:98:48:f1:6d:85:09:27:21:ad:76:3d:
                    3e:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:34:13:55:DA:77:4B:63:BF:20:15:39:39:7B:16:13:D2:39:33:3E
            X509v3 Authority Key Identifier:
                keyid:05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/7DQTVdp3S2O_IBU5OXsWE9I5Mz4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.103.112.0/24
                  88.203.208.0/21
                  88.203.232.0/23
                  92.247.120.0-92.247.129.255
                  212.36.17.0/24
                IPv6:
                  2a01:288:4004::/48

    Signature Algorithm: sha256WithRSAEncryption
         2b:0f:23:00:49:73:cd:1a:1a:c9:30:5a:a4:45:4c:21:4f:54:
         83:e9:23:b1:6b:10:e9:6a:ae:83:7d:4f:13:33:41:43:ef:57:
         b8:c0:1e:4c:72:57:00:bc:74:c6:42:76:37:32:52:78:6d:c2:
         4f:af:b4:e1:7c:43:19:fd:a6:16:90:ef:02:4c:9c:b5:19:a1:
         88:76:12:b2:92:a1:33:73:20:00:f0:09:db:4e:30:50:e6:ea:
         d9:61:33:67:3f:d1:83:c1:db:f8:bf:f4:10:f3:50:a7:77:f1:
         aa:ba:19:2e:ee:ac:f7:81:01:2b:a9:da:bb:aa:39:23:81:00:
         41:4d:9f:fa:c0:4c:78:c8:2a:28:d8:d4:e8:b4:a5:c2:80:6f:
         84:29:1f:b6:13:fe:9b:b9:a0:9c:4a:1a:ed:5a:15:9f:df:a0:
         0c:5d:e4:2c:1b:c3:2a:26:1f:82:cb:2e:d1:ac:69:b5:3a:06:
         97:82:bd:47:ef:ef:2b:f2:be:55:8d:41:76:1a:51:50:36:30:
         2f:d1:3f:0c:91:5c:4f:ab:0d:d9:8e:82:34:b5:38:89:2c:ed:
         75:13:ad:a3:6d:41:e0:4c:b1:76:a4:67:63:ec:56:ee:ed:fb:
         e1:e6:90:bb:53:d1:d0:00:b8:60:9e:4a:b6:10:66:c0:af:63:
         5c:b9:c4:4d
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgISAYVv+XEpuHYJ9Hk9Og73L0a8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NDhjZWRmMTcwMjllZDk4YTEwODExM2M2YzEwOWVjYWNj
ZDgyZWMwHhcNMjMwMTAyMDA1NDU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzM0MTM1NWRhNzc0YjYzYmYyMDE1MzkzOTdiMTYxM2QyMzkzMzNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh8Pw2+EhrQ3w9RRfRbUXBw0OGEFs
Wq2Ga8bmz4AhPPa8aRXF8ZsIedgOMhffBK8zhp9oi6S6OoprRleJjVbZbrtEJxl+
JnAbIVT912J9TaizcH9iLDPchtwD9hGpBXhdIRfv4j2Vzy+DQoHjt87L4VXbUBbW
p1TJ8nw6UUDzQxAXcBbANhs8zmSpkD05D1k7sxRIplXJPKdLpODLpZ8NL85kzA5Q
UdZV6WWJNZQAiD8AWpJmoZpqbyI77BlPhKZjzavhcbX0Y8n1EpNv7C3gToYGzFJI
kDqRN+FoG6RXRZEOBGbvqsn3eFns4T2DDnd4t4K0mEjxbYUJJyGtdj0+3wIDAQAB
o4ICOjCCAjYwHQYDVR0OBBYEFOw0E1Xad0tjvyAVOTl7FhPSOTM+MB8GA1UdIwQY
MBaAFAVIzt8XAp7ZihCBE8bBCeyszYLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAt
N2ZiYmFlNmY5NDM3LzEvN0RRVFZkcDNTMk9fSUJVNU9Yc1dFOUk1TXo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAtN2ZiYmFlNmY5NDM3
LzEvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFAGCCsGAQUFBwEHAQH/BEEwPzAsBAIAATAmAwQAUmdwAwQD
WMvQAwQBWMvoMAwDBANc93gDBAFc94ADBADUJBEwDwQCAAIwCQMHACoBAohABDAN
BgkqhkiG9w0BAQsFAAOCAQEAKw8jAElzzRoayTBapEVMIU9Ug+kjsWsQ6Wqug31P
EzNBQ+9XuMAeTHJXALx0xkJ2NzJSeG3CT6+04XxDGf2mFpDvAkyctRmhiHYSspKh
M3MgAPAJ204wUObq2WEzZz/Rg8Hb+L/0EPNQp3fxqroZLu6s94EBK6nau6o5I4EA
QU2f+sBMeMgqKNjU6LSlwoBvhCkfthP+m7mgnEoa7VoVn9+gDF3kLBvDKiYfgssu
0axptToGl4K9R+/vK/K+VY1BdhpRUDYwL9E/DJFcT6sN2Y6CNLU4iSztdROto21B
4EyxdqRnY+xW7u374eaQu1PR0AC4YJ5KthBmwK9jXLnETQ==
-----END CERTIFICATE-----