Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/PPNCI1m9es_WySD5bObf1U___qQ.roa
File:                     PPNCI1m9es_WySD5bObf1U___qQ.roa (raw, json)
Hash identifier:          ehQ2T+4x1gln0oZxwZPjFfBxHc//u7KGDImnw3HL0PM=
Subject key identifier:   3C:F3:42:23:59:BD:7A:CF:D6:C9:20:F9:6C:E6:DF:D5:4F:FF:FE:A4
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       018CC8012E20CE9DED4C5CF53909D9BB374D
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/PPNCI1m9es_WySD5bObf1U___qQ.roa
Signing time:             Tue 02 Jan 2024 02:29:29 +0000
ROA not before:           Tue 02 Jan 2024 02:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59993
IP address blocks:        159.148.121.0/24 maxlen: 24
                          159.148.129.0/24 maxlen: 24
                          159.148.143.0/24 maxlen: 24
                          159.148.149.0/24 maxlen: 24
                          159.148.159.0/24 maxlen: 24
                          159.148.77.0/24 maxlen: 24
                          159.148.73.0/24 maxlen: 24
                          159.148.74.0/24 maxlen: 24
                          159.148.98.0/24 maxlen: 24
                          159.148.243.0/24 maxlen: 24
                          159.148.242.0/24 maxlen: 24
                          159.148.182.0/24 maxlen: 24
                          159.148.183.0/24 maxlen: 24
                          159.148.185.0/24 maxlen: 24
                          159.148.204.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 25 Mar 2024 19:14:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:2e:20:ce:9d:ed:4c:5c:f5:39:09:d9:bb:37:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Jan  2 02:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3cf3422359bd7acfd6c920f96ce6dfd54ffffea4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:19:c3:27:91:10:6d:e0:f4:63:b0:11:8e:29:
                    42:04:fc:70:c6:d2:13:d9:51:19:83:db:01:e9:35:
                    83:0c:68:d2:c7:e1:74:16:64:63:cd:9d:b8:12:8d:
                    42:6e:b0:82:43:3a:21:54:06:df:13:20:9a:a7:c8:
                    4c:c7:59:46:9e:22:9f:ef:30:92:5f:52:ae:58:c7:
                    8c:42:a0:61:08:50:0c:7c:11:81:b3:fa:78:a2:fa:
                    82:32:14:8c:88:71:10:5c:15:89:64:ba:8a:09:98:
                    4c:0d:9a:3b:13:68:96:1e:46:70:05:3c:7e:dc:25:
                    00:32:ba:36:53:c7:02:fb:70:19:f6:d0:0b:8a:2c:
                    5a:35:f3:eb:d3:9f:fd:f0:e0:96:4f:b5:87:40:ba:
                    c7:77:73:f9:c7:b2:40:bc:2f:17:65:e9:2b:6a:7f:
                    33:13:e2:f4:5f:60:d5:d9:85:47:e3:db:43:c4:83:
                    52:b8:50:2c:05:8e:c8:7e:b5:72:40:a2:3c:13:2c:
                    c2:d0:3e:ee:9a:92:ad:80:31:52:09:1a:27:84:73:
                    cc:27:c2:af:b0:10:ab:0e:10:29:d0:18:fc:27:02:
                    5f:5a:a4:df:e1:29:11:1a:fe:d7:24:61:24:13:9a:
                    98:8f:fc:ff:0e:97:0f:5e:f2:55:b9:c4:1a:7f:5a:
                    0b:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:F3:42:23:59:BD:7A:CF:D6:C9:20:F9:6C:E6:DF:D5:4F:FF:FE:A4
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/PPNCI1m9es_WySD5bObf1U___qQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.148.73.0-159.148.74.255
                  159.148.77.0/24
                  159.148.98.0/24
                  159.148.121.0/24
                  159.148.129.0/24
                  159.148.143.0/24
                  159.148.149.0/24
                  159.148.159.0/24
                  159.148.182.0/23
                  159.148.185.0/24
                  159.148.204.0/24
                  159.148.242.0/23

    Signature Algorithm: sha256WithRSAEncryption
         78:8e:d7:ba:1e:84:b1:a8:10:0f:ea:92:33:9d:a8:3e:68:e3:
         3b:74:06:7c:6b:bc:60:2f:60:b3:79:6a:b9:b7:62:af:62:7e:
         49:e1:ce:b7:74:f6:f4:eb:2b:50:d6:41:99:0b:3f:74:09:79:
         bb:e1:0e:fa:2e:41:0b:37:31:ae:98:8a:86:f9:91:0e:cc:c2:
         af:18:6f:28:87:93:67:11:ca:01:d0:0d:13:3d:38:a2:f9:7d:
         00:1b:68:2f:5f:44:18:bb:f6:f6:c0:27:57:9b:d0:25:d5:0d:
         3a:c0:15:2a:3f:6c:f5:1e:5b:0c:95:a0:59:24:2f:90:76:0d:
         73:64:07:e8:ff:9a:92:e1:7b:36:86:97:3d:c6:5f:d3:10:4e:
         4e:2e:ae:4a:ab:ed:45:9e:2e:4d:e5:ac:89:8b:b3:b3:37:db:
         53:31:7a:9b:90:07:d6:58:75:79:8d:22:76:1e:77:ee:1f:ba:
         b0:52:a1:5c:f9:05:e8:a8:1f:26:3f:6d:84:a6:90:57:e7:c7:
         cf:40:64:0c:7d:f5:b7:c1:f3:02:02:7f:af:36:9f:55:cd:4b:
         1e:9a:c2:8c:af:fb:03:22:59:96:08:d5:d1:b6:fe:be:49:a5:
         1e:20:5a:62:48:59:6c:08:c3:9a:8a:20:d1:1c:39:e7:3d:2f:
         28:c3:1b:6e
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAYzIAS4gzp3tTFz1OQnZuzdNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjQwMTAyMDIyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2YzNDIyMzU5YmQ3YWNmZDZjOTIwZjk2Y2U2ZGZkNTRmZmZmZWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0xnDJ5EQbeD0Y7ARjilCBPxwxtIT
2VEZg9sB6TWDDGjSx+F0FmRjzZ24Eo1CbrCCQzohVAbfEyCap8hMx1lGniKf7zCS
X1KuWMeMQqBhCFAMfBGBs/p4ovqCMhSMiHEQXBWJZLqKCZhMDZo7E2iWHkZwBTx+
3CUAMro2U8cC+3AZ9tALiixaNfPr05/98OCWT7WHQLrHd3P5x7JAvC8XZekran8z
E+L0X2DV2YVH49tDxINSuFAsBY7IfrVyQKI8EyzC0D7umpKtgDFSCRonhHPMJ8Kv
sBCrDhAp0Bj8JwJfWqTf4SkRGv7XJGEkE5qYj/z/DpcPXvJVucQaf1oLDwIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFDzzQiNZvXrP1skg+Wzm39VP//6kMB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvUFBOQ0kxbTllc19XeVNENWJPYmYxVV9fX3FRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDBWBAIAATBQMAwDBACflEkD
BACflEoDBACflE0DBACflGIDBACflHkDBACflIEDBACflI8DBACflJUDBACflJ8D
BAGflLYDBACflLkDBACflMwDBAGflPIwDQYJKoZIhvcNAQELBQADggEBAHiO17oe
hLGoEA/qkjOdqD5o4zt0BnxrvGAvYLN5arm3Yq9ifknhzrd09vTrK1DWQZkLP3QJ
ebvhDvouQQs3Ma6Yiob5kQ7Mwq8YbyiHk2cRygHQDRM9OKL5fQAbaC9fRBi79vbA
J1eb0CXVDTrAFSo/bPUeWwyVoFkkL5B2DXNkB+j/mpLhezaGlz3GX9MQTk4urkqr
7UWeLk3lrImLs7M321MxepuQB9ZYdXmNInYed+4furBSoVz5BeioHyY/bYSmkFfn
x89AZAx99bfB8wICf682n1XNSx6awoyv+wMiWZYI1dG2/r5JpR4gWmJIWWwIw5qK
INEcOec9LyjDG24=
-----END CERTIFICATE-----