Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/rwyGSbbrGjez4p0B5axSYls0kO4.roa
File:                     rwyGSbbrGjez4p0B5axSYls0kO4.roa (raw, json)
Hash identifier:          F/HbnoFkJth9zKk2TWETCiITL/o38dC9hx2jDKPQMIg=
Subject key identifier:   AF:0C:86:49:B6:EB:1A:37:B3:E2:9D:01:E5:AC:52:62:5B:34:90:EE
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       018DE5858206DDD56E9B1D9F2F000D4C6403
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/rwyGSbbrGjez4p0B5axSYls0kO4.roa
Signing time:             Mon 26 Feb 2024 13:05:48 +0000
ROA not before:           Mon 26 Feb 2024 13:05:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48749
IP address blocks:        80.96.106.0/24 maxlen: 24
                          80.96.236.0/23 maxlen: 23
                          81.180.36.0/23 maxlen: 23
                          81.180.94.0/23 maxlen: 23
                          81.180.172.0/23 maxlen: 23
                          81.180.204.0/23 maxlen: 23
                          81.180.252.0/23 maxlen: 23
                          81.181.173.0/24 maxlen: 24
                          85.120.44.0/23 maxlen: 23
                          85.121.18.0/23 maxlen: 23
                          85.121.36.0/23 maxlen: 23
                          85.122.84.0/23 maxlen: 23
                          194.102.216.0/24 maxlen: 24
                          217.156.91.0/24 maxlen: 24
                          217.156.108.0/23 maxlen: 23

Validation:               Failed, certificate revoked on Thu 29 Feb 2024 13:23:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:e5:85:82:06:dd:d5:6e:9b:1d:9f:2f:00:0d:4c:64:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Feb 26 13:05:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=af0c8649b6eb1a37b3e29d01e5ac52625b3490ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:be:8c:de:8c:35:c4:83:a5:b6:00:6c:77:32:
                    86:f6:42:ea:93:43:7d:e5:a5:96:b9:2d:2a:1e:b7:
                    8d:c8:2f:66:54:a0:05:29:26:26:ee:66:7c:fd:ae:
                    74:42:6e:d9:a9:7e:ba:60:84:69:4f:00:e1:d5:02:
                    82:b7:fb:e7:4c:9d:00:68:65:02:54:69:5a:70:51:
                    6f:55:2e:55:2b:0e:db:74:66:64:f1:b3:05:e5:8e:
                    fb:2d:e6:02:59:30:b4:08:28:9d:0b:b8:3b:80:56:
                    9e:1f:03:4d:ae:15:92:b0:f3:08:09:e4:1a:eb:89:
                    2c:13:71:92:91:55:92:a7:af:74:97:2c:23:c6:4e:
                    ba:14:c1:a1:e4:c5:b5:82:92:bc:b5:89:0b:05:00:
                    92:9c:3c:96:35:07:65:de:e2:dc:12:c4:59:01:57:
                    bf:4b:d7:25:8b:9f:da:fd:65:d4:d2:e2:8c:1a:8e:
                    08:09:ba:0d:0d:50:30:05:9f:63:87:aa:bf:f7:12:
                    37:d8:38:ec:e3:40:cb:40:94:c4:c8:99:c6:48:3c:
                    f0:8c:b1:a6:65:94:d0:e2:f6:f8:93:79:ba:ba:45:
                    e9:ed:73:de:43:a4:d3:45:e2:a6:7a:ef:87:60:47:
                    36:8d:9e:78:c0:49:c8:05:ff:80:56:4c:f7:ad:3d:
                    59:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:0C:86:49:B6:EB:1A:37:B3:E2:9D:01:E5:AC:52:62:5B:34:90:EE
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/rwyGSbbrGjez4p0B5axSYls0kO4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.96.106.0/24
                  80.96.236.0/23
                  81.180.36.0/23
                  81.180.94.0/23
                  81.180.172.0/23
                  81.180.204.0/23
                  81.180.252.0/23
                  81.181.173.0/24
                  85.120.44.0/23
                  85.121.18.0/23
                  85.121.36.0/23
                  85.122.84.0/23
                  194.102.216.0/24
                  217.156.91.0/24
                  217.156.108.0/23

    Signature Algorithm: sha256WithRSAEncryption
         bf:44:ab:ce:f1:6a:80:26:4d:d8:bb:56:fa:13:92:9c:e2:6a:
         ea:ca:9f:a2:1a:32:31:e2:c0:f4:26:ce:2f:bf:d7:af:06:9f:
         ec:78:ac:c2:3b:41:f8:e4:6a:89:95:0a:f5:62:99:f3:c4:b9:
         8f:0b:0d:44:9d:ef:29:68:9c:47:9e:9d:b6:f6:c3:e4:cc:5a:
         a0:39:35:50:04:db:eb:e1:a2:84:bc:f0:8e:51:ba:a5:4b:e9:
         d8:91:68:28:a2:db:fd:cd:1c:62:33:3e:7c:d9:f2:ad:c7:59:
         e3:3e:7f:9d:a1:d3:33:a6:cb:13:ae:7a:97:1e:50:78:45:fb:
         b4:a3:50:19:53:85:5e:76:b6:8e:79:0f:ba:68:ff:62:4a:77:
         3e:10:df:58:6b:f6:63:a1:67:89:cf:04:93:a6:93:07:d7:a6:
         d8:eb:d0:ef:26:2e:96:0d:1a:19:3e:fd:a8:45:a8:fc:cb:bf:
         ed:97:1f:8c:96:3d:4f:40:8d:19:00:40:7d:39:41:2e:b6:e0:
         b8:01:91:10:e0:2c:a6:dc:f3:2c:37:d3:77:97:17:e2:8e:2b:
         65:ca:56:7d:04:bd:ca:a2:4f:f0:a9:e3:13:91:88:14:ea:98:
         3f:ca:17:49:e4:c6:0f:c1:18:a9:0e:52:95:e9:28:84:54:52:
         e8:7a:e8:c5
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISAY3lhYIG3dVumx2fLwANTGQDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjQwMjI2MTMwNTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjBjODY0OWI2ZWIxYTM3YjNlMjlkMDFlNWFjNTI2MjViMzQ5MGVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhL6M3ow1xIOltgBsdzKG9kLqk0N9
5aWWuS0qHreNyC9mVKAFKSYm7mZ8/a50Qm7ZqX66YIRpTwDh1QKCt/vnTJ0AaGUC
VGlacFFvVS5VKw7bdGZk8bMF5Y77LeYCWTC0CCidC7g7gFaeHwNNrhWSsPMICeQa
64ksE3GSkVWSp690lywjxk66FMGh5MW1gpK8tYkLBQCSnDyWNQdl3uLcEsRZAVe/
S9cli5/a/WXU0uKMGo4ICboNDVAwBZ9jh6q/9xI32Djs40DLQJTEyJnGSDzwjLGm
ZZTQ4vb4k3m6ukXp7XPeQ6TTReKmeu+HYEc2jZ54wEnIBf+AVkz3rT1Z+QIDAQAB
o4ICXTCCAlkwHQYDVR0OBBYEFK8Mhkm26xo3s+KdAeWsUmJbNJDuMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvcnd5R1NiYnJHamV6NHAwQjVheFNZbHMwa080LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHMGCCsGAQUFBwEHAQH/BGQwYjBgBAIAATBaAwQAUGBqAwQB
UGDsAwQBUbQkAwQBUbReAwQBUbSsAwQBUbTMAwQBUbT8AwQAUbWtAwQBVXgsAwQB
VXkSAwQBVXkkAwQBVXpUAwQAwmbYAwQA2ZxbAwQB2ZxsMA0GCSqGSIb3DQEBCwUA
A4IBAQC/RKvO8WqAJk3Yu1b6E5Kc4mrqyp+iGjIx4sD0Js4vv9evBp/seKzCO0H4
5GqJlQr1YpnzxLmPCw1Ene8paJxHnp229sPkzFqgOTVQBNvr4aKEvPCOUbqlS+nY
kWgootv9zRxiMz582fKtx1njPn+dodMzpssTrnqXHlB4Rfu0o1AZU4VedraOeQ+6
aP9iSnc+EN9Ya/ZjoWeJzwSTppMH16bY69DvJi6WDRoZPv2oRaj8y7/tlx+Mlj1P
QI0ZAEB9OUEutuC4AZEQ4Cym3PMsN9N3lxfijitlylZ9BL3Kok/wqeMTkYgU6pg/
yhdJ5MYPwRipDlKV6SiEVFLoeujF
-----END CERTIFICATE-----