Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/vMVg_49jQW_zPIsupKKHsahIxFk.roa
File:                     vMVg_49jQW_zPIsupKKHsahIxFk.roa (raw, json)
Hash identifier:          zi+REsLIACMz75iXeq1ROqgSGz12j8JkioRmZh1VXXY=
Subject key identifier:   BC:C5:60:FF:8F:63:41:6F:F3:3C:8B:2E:A4:A2:87:B1:A8:48:C4:59
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       018BAD73050C9D593459F501C90EE8759D91
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/vMVg_49jQW_zPIsupKKHsahIxFk.roa
Signing time:             Wed 08 Nov 2023 05:41:18 +0000
ROA not before:           Wed 08 Nov 2023 05:41:18 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43260
IP address blocks:        45.94.171.0/24 maxlen: 24
                          2.56.108.0/24 maxlen: 24
                          2.56.110.0/24 maxlen: 24
                          45.88.139.0/24 maxlen: 24
                          193.30.241.0/24 maxlen: 24
                          77.83.39.0/24 maxlen: 24
                          85.209.120.0/23 maxlen: 24
                          193.57.41.0/24 maxlen: 24
                          45.132.180.0/24 maxlen: 24
                          195.177.95.0/24 maxlen: 24
                          45.81.114.0/24 maxlen: 24
                          195.62.24.0/24 maxlen: 24
                          45.81.113.0/24 maxlen: 24
                          45.81.115.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 10 Nov 2023 14:22:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:ad:73:05:0c:9d:59:34:59:f5:01:c9:0e:e8:75:9d:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Nov  8 05:41:18 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=bcc560ff8f63416ff33c8b2ea4a287b1a848c459
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:b4:9b:f8:34:9b:b0:a2:3a:80:35:42:dc:69:
                    a3:cc:38:da:ec:7b:3a:3d:ab:f5:d9:51:48:a8:6d:
                    2d:72:a5:88:20:f4:03:fe:4c:f0:25:d2:87:2b:27:
                    10:33:61:d3:0d:ce:5f:0c:ac:91:6c:ae:00:7b:7d:
                    26:88:8a:af:ea:9c:9b:3a:ff:d5:eb:6f:cb:20:82:
                    d1:d4:89:84:6e:2f:87:2c:b2:a7:e4:40:f5:23:1c:
                    17:0f:31:0d:f1:d3:eb:8e:01:16:67:56:a9:fc:cc:
                    4a:dd:be:64:9b:b1:8e:77:27:65:69:a4:00:62:c8:
                    0b:8a:0f:3a:c1:08:00:56:14:5a:30:65:64:23:c2:
                    d2:78:f4:6a:a9:cc:91:82:d1:5b:28:c6:0b:7b:d5:
                    e7:55:95:2e:83:fc:7a:cf:06:1a:9c:d3:f9:20:57:
                    3a:58:cb:67:be:f5:85:4d:d8:71:bf:81:97:60:bf:
                    e0:ff:ed:83:66:ad:61:33:24:ab:19:09:b9:38:af:
                    23:56:4b:05:3b:6c:f4:2e:97:ec:60:3a:14:29:f3:
                    fe:ab:d8:58:7e:06:97:80:d6:c8:7b:78:d4:be:db:
                    12:82:8a:75:ef:59:ff:30:9a:91:5c:dd:d3:4c:99:
                    83:a9:5e:3a:3c:4e:be:0e:41:0b:20:eb:5a:d4:7e:
                    c9:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:C5:60:FF:8F:63:41:6F:F3:3C:8B:2E:A4:A2:87:B1:A8:48:C4:59
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/vMVg_49jQW_zPIsupKKHsahIxFk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.108.0/24
                  2.56.110.0/24
                  45.81.113.0-45.81.115.255
                  45.88.139.0/24
                  45.94.171.0/24
                  45.132.180.0/24
                  77.83.39.0/24
                  85.209.120.0/23
                  193.30.241.0/24
                  193.57.41.0/24
                  195.62.24.0/24
                  195.177.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:2f:65:52:c0:44:15:72:54:ea:a2:df:1f:5a:e1:a0:58:36:
         a6:3f:f0:83:2f:cc:b7:76:eb:08:c2:a3:17:e9:7b:a0:54:99:
         a7:fb:34:16:b8:c1:99:54:bd:22:97:fa:51:6c:9d:86:01:05:
         27:23:2c:f7:b2:d6:fc:9c:97:55:a8:08:f2:4e:59:ab:5a:9c:
         7d:fb:80:ae:2e:25:3b:d5:7b:05:e9:38:00:8a:48:9d:69:d9:
         7b:51:a4:17:71:1b:3e:38:ca:cc:6e:1d:59:2a:55:9f:86:1c:
         e0:44:63:57:09:07:ea:bc:cc:79:87:9d:d9:4b:17:98:e9:d3:
         cd:28:28:20:e5:08:3b:b9:b0:ec:64:2b:b0:2f:dc:29:c4:ad:
         56:8d:f7:34:e6:0a:7f:e0:14:f9:8e:17:f3:24:85:f6:f1:f6:
         c8:d5:99:dc:03:6a:3b:c1:3b:3b:62:55:8c:ca:8f:22:1b:f8:
         b4:03:c4:6a:70:cf:0b:df:3d:a8:3f:75:4d:11:f5:42:cf:9f:
         cd:92:bb:f8:85:b2:b3:7a:8e:20:6e:5a:bb:69:0c:31:ed:ab:
         d7:9a:70:51:a4:b5:61:16:16:1d:fe:71:0a:b6:7e:d3:ea:aa:
         80:2c:2a:42:c2:7d:57:12:9b:d4:40:8e:44:e0:86:bb:61:dc:
         63:d1:78:21
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAYutcwUMnVk0WfUByQ7odZ2RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjMxMTA4MDU0MTE4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2M1NjBmZjhmNjM0MTZmZjMzYzhiMmVhNGEyODdiMWE4NDhjNDU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkrSb+DSbsKI6gDVC3GmjzDja7Hs6
Pav12VFIqG0tcqWIIPQD/kzwJdKHKycQM2HTDc5fDKyRbK4Ae30miIqv6pybOv/V
62/LIILR1ImEbi+HLLKn5ED1IxwXDzEN8dPrjgEWZ1ap/MxK3b5km7GOdydlaaQA
YsgLig86wQgAVhRaMGVkI8LSePRqqcyRgtFbKMYLe9XnVZUug/x6zwYanNP5IFc6
WMtnvvWFTdhxv4GXYL/g/+2DZq1hMySrGQm5OK8jVksFO2z0LpfsYDoUKfP+q9hY
fgaXgNbIe3jUvtsSgop171n/MJqRXN3TTJmDqV46PE6+DkELIOta1H7JvQIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFLzFYP+PY0Fv8zyLLqSih7GoSMRZMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvdk1WZ180OWpRV196UElzdXBLS0hzYWhJeEZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDBWBAIAATBQAwQAAjhsAwQA
AjhuMAwDBAAtUXEDBAItUXADBAAtWIsDBAAtXqsDBAAthLQDBABNUycDBAFV0XgD
BADBHvEDBADBOSkDBADDPhgDBADDsV8wDQYJKoZIhvcNAQELBQADggEBAB4vZVLA
RBVyVOqi3x9a4aBYNqY/8IMvzLd26wjCoxfpe6BUmaf7NBa4wZlUvSKX+lFsnYYB
BScjLPey1vycl1WoCPJOWatanH37gK4uJTvVewXpOACKSJ1p2XtRpBdxGz44ysxu
HVkqVZ+GHOBEY1cJB+q8zHmHndlLF5jp080oKCDlCDu5sOxkK7Av3CnErVaN9zTm
Cn/gFPmOF/Mkhfbx9sjVmdwDajvBOztiVYzKjyIb+LQDxGpwzwvfPag/dU0R9ULP
n82Su/iFsrN6jiBuWrtpDDHtq9eacFGktWEWFh3+cQq2ftPqqoAsKkLCfVcSm9RA
jkTghrth3GPReCE=
-----END CERTIFICATE-----