Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/lRIJH8wnmT-D469y86443tFwhlQ.roa
File:                     lRIJH8wnmT-D469y86443tFwhlQ.roa (raw, json)
Hash identifier:          A17qwFsqxuiUu4RjYl2WIpDLdxoBeJNLqn0645DnISc=
Subject key identifier:   95:12:09:1F:CC:27:99:3F:83:E3:AF:72:F3:AE:38:DE:D1:70:86:54
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       018D3B85FE392E849CC56C1D2F89F2B354CF
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/lRIJH8wnmT-D469y86443tFwhlQ.roa
Signing time:             Wed 24 Jan 2024 12:50:53 +0000
ROA not before:           Wed 24 Jan 2024 12:50:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34665
IP address blocks:        147.45.34.0/24 maxlen: 24
                          147.45.35.0/24 maxlen: 24
                          147.45.36.0/24 maxlen: 24
                          147.45.65.0/24 maxlen: 24
                          147.45.192.0/24 maxlen: 24
                          147.45.193.0/24 maxlen: 24
                          147.45.207.0/24 maxlen: 24
                          193.233.16.0/24 maxlen: 24
                          193.233.30.0/24 maxlen: 24
                          193.233.61.0/24 maxlen: 24
                          193.233.85.0/24 maxlen: 24
                          193.233.171.0/24 maxlen: 24
                          193.233.175.0/24 maxlen: 24
                          193.233.197.0/24 maxlen: 24
                          193.233.234.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Apr 2024 10:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:3b:85:fe:39:2e:84:9c:c5:6c:1d:2f:89:f2:b3:54:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jan 24 12:50:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9512091fcc27993f83e3af72f3ae38ded1708654
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:d8:99:96:bb:72:f7:24:55:a3:48:e1:19:68:
                    44:1a:f8:59:5d:33:f2:3b:49:a1:e4:95:c5:89:50:
                    83:c5:ed:7f:ed:d6:da:66:c2:7a:37:64:2f:8f:07:
                    5e:97:1b:a3:0d:a2:ce:a5:8c:1e:32:ca:e5:d4:fa:
                    6f:8c:f4:0b:5d:cc:61:4b:75:ed:1e:9d:9f:95:b3:
                    c8:df:58:6e:5d:1e:eb:10:e0:38:dd:b1:30:71:6e:
                    cc:4d:c6:13:ed:f5:2b:ae:ba:14:ce:cc:52:02:45:
                    5d:9d:9b:e1:88:33:b6:8a:fe:97:41:1a:db:fe:7d:
                    3e:75:ac:66:b7:7b:f2:1b:c4:0b:13:b5:38:3f:2e:
                    10:d7:11:1a:3b:e3:3a:4e:4a:df:98:6a:05:9c:a5:
                    e0:90:6b:5f:22:d2:08:c8:6f:be:b0:43:b5:9b:32:
                    2b:d9:ac:dc:67:b4:f1:3a:59:08:de:e7:b2:23:97:
                    89:fb:83:6f:fc:94:92:e6:84:96:ea:6e:9a:95:94:
                    50:f2:32:43:b2:e5:c7:d5:bb:0d:4f:13:21:b9:5a:
                    ff:76:89:1f:32:fc:f5:49:aa:ea:e3:a7:c5:dc:ff:
                    53:45:79:1e:c6:f5:1f:49:fb:23:45:d6:be:c5:d2:
                    bd:4b:c3:4d:bc:f4:4e:5a:af:f5:66:42:3c:92:d6:
                    8e:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:12:09:1F:CC:27:99:3F:83:E3:AF:72:F3:AE:38:DE:D1:70:86:54
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/lRIJH8wnmT-D469y86443tFwhlQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.45.34.0-147.45.36.255
                  147.45.65.0/24
                  147.45.192.0/23
                  147.45.207.0/24
                  193.233.16.0/24
                  193.233.30.0/24
                  193.233.61.0/24
                  193.233.85.0/24
                  193.233.171.0/24
                  193.233.175.0/24
                  193.233.197.0/24
                  193.233.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:c5:f7:c0:b3:da:19:6e:13:ca:bd:58:36:0f:82:6c:b7:ee:
         19:05:37:6a:7d:49:e3:4b:20:e1:1b:e9:d7:4b:b8:3d:3b:d4:
         c4:28:e7:5d:76:04:f2:ef:98:5f:5b:ec:35:2d:a7:34:25:fe:
         c2:3e:83:0b:ec:65:f8:a1:d2:c3:a7:95:92:71:82:a8:d0:57:
         2a:c9:19:4e:2b:85:02:1b:6d:fb:a5:d5:c6:66:31:e2:2c:80:
         ed:d0:71:d4:ac:6e:b9:70:2c:1f:8d:f9:7a:f3:a8:65:1d:1e:
         ac:96:c8:fa:32:d2:af:64:6f:50:60:75:f4:21:31:dc:87:f7:
         66:64:20:c2:e9:4a:37:d1:cd:d4:ba:61:27:24:72:0c:61:a5:
         75:fd:e5:e0:0e:3a:31:94:ad:42:1f:62:d2:14:b8:1f:01:71:
         2c:ae:c7:ec:4f:ab:30:90:f0:96:e2:41:fc:16:af:27:82:ca:
         88:91:30:d2:92:e1:6d:a3:a6:0e:db:60:7c:9e:ef:f5:9e:bd:
         fa:96:6d:d1:c3:88:73:ee:d1:8d:87:83:1d:7f:6d:ad:23:dc:
         fd:aa:f5:91:23:16:69:b2:31:29:79:04:8b:5e:ce:b5:ca:f0:
         28:cf:be:f9:e8:4d:e1:85:bc:f5:0b:7a:a8:96:c2:b2:e1:0a:
         e3:69:6b:0e
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAY07hf45LoScxWwdL4nys1TPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjQwMTI0MTI1MDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTEyMDkxZmNjMjc5OTNmODNlM2FmNzJmM2FlMzhkZWQxNzA4NjU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvNiZlrty9yRVo0jhGWhEGvhZXTPy
O0mh5JXFiVCDxe1/7dbaZsJ6N2QvjwdelxujDaLOpYweMsrl1PpvjPQLXcxhS3Xt
Hp2flbPI31huXR7rEOA43bEwcW7MTcYT7fUrrroUzsxSAkVdnZvhiDO2iv6XQRrb
/n0+daxmt3vyG8QLE7U4Py4Q1xEaO+M6TkrfmGoFnKXgkGtfItIIyG++sEO1mzIr
2azcZ7TxOlkI3ueyI5eJ+4Nv/JSS5oSW6m6alZRQ8jJDsuXH1bsNTxMhuVr/dokf
Mvz1Sarq46fF3P9TRXkexvUfSfsjRda+xdK9S8NNvPROWq/1ZkI8ktaOJwIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFJUSCR/MJ5k/g+OvcvOuON7RcIZUMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvbFJJSkg4d25tVC1ENDY5eTg2NDQzdEZ3aGxRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDBWBAIAATBQMAwDBAGTLSID
BACTLSQDBACTLUEDBAGTLcADBACTLc8DBADB6RADBADB6R4DBADB6T0DBADB6VUD
BADB6asDBADB6a8DBADB6cUDBADB6eowDQYJKoZIhvcNAQELBQADggEBADfF98Cz
2hluE8q9WDYPgmy37hkFN2p9SeNLIOEb6ddLuD071MQo5112BPLvmF9b7DUtpzQl
/sI+gwvsZfih0sOnlZJxgqjQVyrJGU4rhQIbbful1cZmMeIsgO3QcdSsbrlwLB+N
+XrzqGUdHqyWyPoy0q9kb1BgdfQhMdyH92ZkIMLpSjfRzdS6YSckcgxhpXX95eAO
OjGUrUIfYtIUuB8BcSyux+xPqzCQ8JbiQfwWryeCyoiRMNKS4W2jpg7bYHye7/We
vfqWbdHDiHPu0Y2Hgx1/ba0j3P2q9ZEjFmmyMSl5BItezrXK8CjPvvnoTeGFvPUL
eqiWwrLhCuNpaw4=
-----END CERTIFICATE-----