Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/0KGfFzuLPFdkMGetFhZxIXSyZ1U.roa
File:                     0KGfFzuLPFdkMGetFhZxIXSyZ1U.roa (raw, json)
Hash identifier:          dM1vc91nkqRoFCgz/TRIcO6mW2amaziX8j01ID1GzN0=
Subject key identifier:   D0:A1:9F:17:3B:8B:3C:57:64:30:67:AD:16:16:71:21:74:B2:67:55
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       019088C56EAE31F0648D0DE353E6B7D2742F
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/0KGfFzuLPFdkMGetFhZxIXSyZ1U.roa
Signing time:             Sat 06 Jul 2024 15:59:18 +0000
ROA not before:           Sat 06 Jul 2024 15:59:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215590
IP address blocks:        147.45.66.0/24 maxlen: 24
                          147.45.67.0/24 maxlen: 24
                          147.45.193.0/24 maxlen: 24
                          185.103.100.0/24 maxlen: 24
                          185.103.101.0/24 maxlen: 24
                          185.103.102.0/24 maxlen: 24
                          185.103.103.0/24 maxlen: 24
                          193.233.74.0/24 maxlen: 24
                          193.233.75.0/24 maxlen: 24
                          193.233.80.0/24 maxlen: 24
                          193.233.85.0/24 maxlen: 24
                          193.233.164.0/24 maxlen: 24
                          193.233.171.0/24 maxlen: 24
                          193.233.175.0/24 maxlen: 24
                          193.233.252.0/24 maxlen: 24
                          193.233.253.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sun 07 Jul 2024 19:30:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:88:c5:6e:ae:31:f0:64:8d:0d:e3:53:e6:b7:d2:74:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jul  6 15:59:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d0a19f173b8b3c57643067ad1616712174b26755
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:da:57:6c:74:8d:4c:b6:6d:42:2f:6c:5c:da:
                    6d:cf:2f:4f:70:36:58:cc:24:1f:c4:be:01:05:68:
                    4d:dc:4a:b5:17:29:97:f9:fd:52:74:1f:6c:a7:07:
                    d4:e4:55:43:ed:ce:b0:3b:d7:39:03:0e:66:3d:99:
                    32:94:e4:e5:1d:bd:c2:7f:38:51:be:4a:2b:9e:9f:
                    e5:98:3a:a9:87:fe:a7:c3:2d:60:4a:0e:63:cd:96:
                    82:ba:79:f4:9f:d0:73:8c:bc:84:f8:85:9c:eb:a0:
                    2d:d7:b9:e9:5d:bd:5c:37:be:09:09:02:a8:b0:ea:
                    f6:8f:0f:b1:73:f6:c1:51:bb:03:f5:62:44:a1:cd:
                    61:eb:e0:06:41:ff:a7:7b:f5:79:3e:0c:30:5b:bf:
                    43:64:c2:26:46:10:42:77:da:e5:1b:c8:5a:06:6e:
                    a6:d6:da:fb:18:b3:6f:d0:19:20:b3:1d:7a:9f:e0:
                    de:79:ad:62:f9:f5:f9:43:c3:d9:99:a3:5b:0a:17:
                    33:f6:53:7d:0a:c0:9e:70:4e:c2:d6:32:b3:40:60:
                    c1:a3:b1:61:45:ab:dc:82:15:e7:73:0f:67:da:6d:
                    79:33:e0:ad:45:43:d2:c0:ae:0f:44:e7:6c:e2:03:
                    84:e1:b2:0e:a0:1f:4d:ae:51:88:75:0a:b3:e3:44:
                    77:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:A1:9F:17:3B:8B:3C:57:64:30:67:AD:16:16:71:21:74:B2:67:55
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/0KGfFzuLPFdkMGetFhZxIXSyZ1U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.45.66.0/23
                  147.45.193.0/24
                  185.103.100.0/22
                  193.233.74.0/23
                  193.233.80.0/24
                  193.233.85.0/24
                  193.233.164.0/24
                  193.233.171.0/24
                  193.233.175.0/24
                  193.233.252.0/23

    Signature Algorithm: sha256WithRSAEncryption
         47:b5:1b:62:81:dc:46:48:8c:53:39:e0:28:78:22:8f:0b:e9:
         18:06:18:94:48:ea:b3:6c:26:c3:d5:16:65:38:2b:39:f3:b2:
         56:ce:84:9d:9a:55:70:88:ca:ce:f7:2d:38:1a:7d:0a:20:38:
         c3:97:0a:9c:d7:3e:c7:b3:51:64:44:a9:8f:da:25:57:39:0a:
         8a:82:d0:23:fd:6d:42:70:bc:ec:67:bb:62:5d:c5:7e:25:b7:
         06:ba:b4:cd:54:e7:96:16:3e:33:28:9d:27:ab:6d:75:fe:a4:
         04:72:45:e0:c3:96:5f:7f:1d:3d:e1:12:23:0f:a4:50:a8:c0:
         00:4c:3e:74:85:8b:7b:24:b1:63:5e:1a:89:e5:a3:35:51:32:
         c5:1d:e4:10:59:e5:3d:c6:5d:5a:e3:89:43:28:38:67:ac:5e:
         0e:9e:f3:01:1b:a8:61:24:a0:b2:34:38:29:13:b2:41:d0:92:
         29:59:ff:fe:de:c7:d8:cd:a8:57:d7:eb:5d:a2:a7:0d:79:d2:
         d1:33:ee:a6:c8:93:57:7d:88:91:d8:df:ca:d1:98:d4:00:cb:
         6f:3b:e1:6a:75:07:eb:5a:ce:da:e6:e6:fe:1f:65:ba:d7:e2:
         39:ff:58:55:61:00:87:fb:6b:f8:89:5c:8c:d4:a8:ae:d7:e6:
         2e:69:57:1d
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZCIxW6uMfBkjQ3jU+a30nQvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjQwNzA2MTU1OTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGExOWYxNzNiOGIzYzU3NjQzMDY3YWQxNjE2NzEyMTc0YjI2NzU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAttpXbHSNTLZtQi9sXNptzy9PcDZY
zCQfxL4BBWhN3Eq1FymX+f1SdB9spwfU5FVD7c6wO9c5Aw5mPZkylOTlHb3CfzhR
vkornp/lmDqph/6nwy1gSg5jzZaCunn0n9BzjLyE+IWc66At17npXb1cN74JCQKo
sOr2jw+xc/bBUbsD9WJEoc1h6+AGQf+ne/V5PgwwW79DZMImRhBCd9rlG8haBm6m
1tr7GLNv0Bkgsx16n+Deea1i+fX5Q8PZmaNbChcz9lN9CsCecE7C1jKzQGDBo7Fh
RavcghXncw9n2m15M+CtRUPSwK4PROds4gOE4bIOoB9NrlGIdQqz40R3dQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFNChnxc7izxXZDBnrRYWcSF0smdVMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvMEtHZkZ6dUxQRmRrTUdldEZoWnhJWFN5WjFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQBky1CAwQA
ky3BAwQCuWdkAwQBwelKAwQAwelQAwQAwelVAwQAwemkAwQAwemrAwQAwemvAwQB
wen8MA0GCSqGSIb3DQEBCwUAA4IBAQBHtRtigdxGSIxTOeAoeCKPC+kYBhiUSOqz
bCbD1RZlOCs587JWzoSdmlVwiMrO9y04Gn0KIDjDlwqc1z7Hs1FkRKmP2iVXOQqK
gtAj/W1CcLzsZ7tiXcV+JbcGurTNVOeWFj4zKJ0nq211/qQEckXgw5Zffx094RIj
D6RQqMAATD50hYt7JLFjXhqJ5aM1UTLFHeQQWeU9xl1a44lDKDhnrF4OnvMBG6hh
JKCyNDgpE7JB0JIpWf/+3sfYzahX1+tdoqcNedLRM+6myJNXfYiR2N/K0ZjUAMtv
O+FqdQfrWs7a5ub+H2W61+I5/1hVYQCH+2v4iVyM1Kiu1+YuaVcd
-----END CERTIFICATE-----