Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/ZsciNKz8hSdltoVLnW5sakMXk-0.roa
File:                     ZsciNKz8hSdltoVLnW5sakMXk-0.roa (raw, json)
Hash identifier:          UBCNqeSNEuPjZ0UOMgnR/7147edhYt46BTnIjHjnmOY=
Subject key identifier:   66:C7:22:34:AC:FC:85:27:65:B6:85:4B:9D:6E:6C:6A:43:17:93:ED
Certificate issuer:       /CN=eea02b197dbaf7deb74e0a27d9d4ecd3fae1e8ed
Certificate serial:       018871FDB3E048793614F9E2B0E195AB059D
Authority key identifier: EE:A0:2B:19:7D:BA:F7:DE:B7:4E:0A:27:D9:D4:EC:D3:FA:E1:E8:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7qArGX269963Tgon2dTs0_rh6O0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/ZsciNKz8hSdltoVLnW5sakMXk-0.roa
Signing time:             Wed 31 May 2023 13:27:11 +0000
ROA not before:           Wed 31 May 2023 13:27:11 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     57152
IP address blocks:        185.73.128.0/22 maxlen: 24
                          104.247.172.0/24 maxlen: 24
                          104.247.171.0/24 maxlen: 24
                          104.247.170.0/24 maxlen: 24
                          104.247.175.0/24 maxlen: 24
                          104.247.174.0/24 maxlen: 24
                          104.247.173.0/24 maxlen: 24
                          104.247.179.0/24 maxlen: 24
                          104.247.178.0/24 maxlen: 24
                          104.247.177.0/24 maxlen: 24
                          104.247.176.0/24 maxlen: 24
                          104.247.182.0/24 maxlen: 24
                          104.247.180.0/24 maxlen: 24
                          104.247.186.0/24 maxlen: 24
                          104.247.185.0/24 maxlen: 24
                          104.247.184.0/24 maxlen: 24
                          185.137.215.0/24 maxlen: 24
                          2a03:a5a0::/32 maxlen: 48

Validation:               Failed, certificate revoked on Mon 06 Nov 2023 13:57:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:71:fd:b3:e0:48:79:36:14:f9:e2:b0:e1:95:ab:05:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eea02b197dbaf7deb74e0a27d9d4ecd3fae1e8ed
        Validity
            Not Before: May 31 13:27:11 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=66c72234acfc852765b6854b9d6e6c6a431793ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:99:3d:13:d9:fc:0c:78:d9:81:b2:ca:93:1a:
                    55:a8:f9:93:e2:1d:93:f4:ae:b7:9a:b8:57:11:52:
                    17:b5:b7:8c:b3:f4:80:9f:b9:3a:22:db:d5:2e:d2:
                    a3:3b:d6:bf:cc:70:89:7d:7c:01:da:31:69:db:36:
                    49:91:50:f6:bf:b6:86:aa:2c:e3:a3:03:e4:61:13:
                    75:e2:4a:ad:81:91:e5:cb:58:d3:ae:af:95:aa:75:
                    c8:74:2f:6e:69:7d:24:80:93:ec:c3:16:99:71:eb:
                    54:e4:01:17:b3:f7:50:37:ea:6b:5c:72:19:17:b6:
                    4d:a7:34:e7:76:54:bb:f8:37:47:da:2e:b5:f7:34:
                    5a:b4:e8:b0:cd:9a:12:72:86:81:43:ef:b8:18:9e:
                    17:1c:fd:c9:3d:9c:a3:3d:28:33:37:8b:56:e2:40:
                    c6:3d:2d:45:30:d1:74:99:c9:5f:88:85:ba:50:eb:
                    36:06:7b:52:01:d0:3f:56:b4:61:4b:a4:08:d2:42:
                    cf:b8:0d:7b:0f:a5:28:01:39:dd:20:0f:73:34:97:
                    83:ec:f1:c5:3a:67:5e:6a:c1:60:cc:77:12:33:c1:
                    49:c1:10:63:ff:62:c3:4a:dc:79:49:7b:80:d3:d4:
                    d4:c0:9c:d1:38:7d:f1:3f:93:89:8d:68:6c:2c:12:
                    48:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:C7:22:34:AC:FC:85:27:65:B6:85:4B:9D:6E:6C:6A:43:17:93:ED
            X509v3 Authority Key Identifier:
                keyid:EE:A0:2B:19:7D:BA:F7:DE:B7:4E:0A:27:D9:D4:EC:D3:FA:E1:E8:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7qArGX269963Tgon2dTs0_rh6O0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/ZsciNKz8hSdltoVLnW5sakMXk-0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/7qArGX269963Tgon2dTs0_rh6O0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.247.170.0-104.247.180.255
                  104.247.182.0/24
                  104.247.184.0-104.247.186.255
                  185.73.128.0/22
                  185.137.215.0/24
                IPv6:
                  2a03:a5a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         b0:19:e1:3d:00:b1:5a:21:e1:8e:0d:5d:73:fd:a5:75:62:27:
         78:ea:a1:fe:46:e4:40:79:8a:13:35:b2:38:1a:05:c8:7d:44:
         ee:03:6f:2f:20:50:1a:44:3e:b2:3d:83:8d:32:bc:65:22:78:
         40:ec:02:ab:ce:98:55:64:e3:05:b7:78:6a:65:bc:8e:d0:52:
         e7:9b:32:c2:68:9c:e8:05:17:47:c2:a3:c0:a0:36:d1:41:9d:
         52:b8:bd:fa:fd:bb:70:87:a4:f0:ca:f2:d0:6b:32:c6:72:3c:
         99:2d:dd:b0:3c:a3:3d:6b:c3:21:05:ae:a2:81:89:86:22:03:
         e9:ec:1d:a6:cd:b1:34:9d:f9:2b:7e:93:f3:7a:11:5d:59:d0:
         8c:6b:4d:e9:b7:39:43:77:97:d3:cc:e8:d0:80:e9:83:86:a1:
         c1:4e:9b:f9:da:56:a3:7b:12:82:f2:32:c8:bf:57:f6:15:ac:
         16:b9:23:0b:20:27:d7:a4:96:c6:ff:1c:13:05:a6:2b:08:39:
         1e:07:84:cd:b7:7e:54:7c:7f:81:2f:a3:0a:c7:13:db:e5:54:
         1e:16:ce:eb:a6:60:c2:ee:fa:0b:4d:8d:04:fa:dd:24:cb:5c:
         ea:49:1f:b3:80:08:48:fe:e7:bd:a8:56:84:99:ce:69:21:79:
         46:06:ad:e8
-----BEGIN CERTIFICATE-----
MIIFNDCCBBygAwIBAgISAYhx/bPgSHk2FPnisOGVqwWdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYTAyYjE5N2RiYWY3ZGViNzRlMGEyN2Q5ZDRlY2QzZmFl
MWU4ZWQwHhcNMjMwNTMxMTMyNzExWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmM3MjIzNGFjZmM4NTI3NjViNjg1NGI5ZDZlNmM2YTQzMTc5M2VkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnpk9E9n8DHjZgbLKkxpVqPmT4h2T
9K63mrhXEVIXtbeMs/SAn7k6ItvVLtKjO9a/zHCJfXwB2jFp2zZJkVD2v7aGqizj
owPkYRN14kqtgZHly1jTrq+VqnXIdC9uaX0kgJPswxaZcetU5AEXs/dQN+prXHIZ
F7ZNpzTndlS7+DdH2i619zRatOiwzZoScoaBQ++4GJ4XHP3JPZyjPSgzN4tW4kDG
PS1FMNF0mclfiIW6UOs2BntSAdA/VrRhS6QI0kLPuA17D6UoATndIA9zNJeD7PHF
OmdeasFgzHcSM8FJwRBj/2LDStx5SXuA09TUwJzROH3xP5OJjWhsLBJI9QIDAQAB
o4ICQDCCAjwwHQYDVR0OBBYEFGbHIjSs/IUnZbaFS51ubGpDF5PtMB8GA1UdIwQY
MBaAFO6gKxl9uvfet04KJ9nU7NP64ejtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3FBckdYMjY5OTYzVGdvbjJkVHMwX3JoNk8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS85NzFiMTEtMjgwZS00Y2VkLWI5OWMt
YmJjY2FiOTEzYjVkLzEvWnNjaU5LejhoU2RsdG9WTG5XNXNha01Yay0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS85NzFiMTEtMjgwZS00Y2VkLWI5OWMtYmJjY2FiOTEzYjVk
LzEvN3FBckdYMjY5OTYzVGdvbjJkVHMwX3JoNk8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFYGCCsGAQUFBwEHAQH/BEcwRTA0BAIAATAuMAwDBAFo96oD
BABo97QDBABo97YwDAMEA2j3uAMEAGj3ugMEArlJgAMEALmJ1zANBAIAAjAHAwUA
KgOloDANBgkqhkiG9w0BAQsFAAOCAQEAsBnhPQCxWiHhjg1dc/2ldWIneOqh/kbk
QHmKEzWyOBoFyH1E7gNvLyBQGkQ+sj2DjTK8ZSJ4QOwCq86YVWTjBbd4amW8jtBS
55sywmic6AUXR8KjwKA20UGdUri9+v27cIek8Mry0GsyxnI8mS3dsDyjPWvDIQWu
ooGJhiID6ewdps2xNJ35K36T83oRXVnQjGtN6bc5Q3eX08zo0IDpg4ahwU6b+dpW
o3sSgvIyyL9X9hWsFrkjCyAn16SWxv8cEwWmKwg5HgeEzbd+VHx/gS+jCscT2+VU
HhbO66Zgwu76C02NBPrdJMtc6kkfs4AISP7nvahWhJnOaSF5Rgat6A==
-----END CERTIFICATE-----