Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/mTUuMouDLgt56unSnw6levDuRcM.roa
File:                     mTUuMouDLgt56unSnw6levDuRcM.roa (raw, json)
Hash identifier:          GNSvneHU6TmAxezIIMdeRg/Prm9OQTocJm9W62UbSlo=
Subject key identifier:   99:35:2E:32:8B:83:2E:0B:79:EA:E9:D2:9F:0E:A5:7A:F0:EE:45:C3
Certificate issuer:       /CN=d08da9cf00d4d58b854ffc62010f235b06df354a
Certificate serial:       018BF0AFE79FABF24116DC070093561590A0
Authority key identifier: D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/mTUuMouDLgt56unSnw6levDuRcM.roa
Signing time:             Tue 21 Nov 2023 07:02:21 +0000
ROA not before:           Tue 21 Nov 2023 07:02:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     202592
IP address blocks:        185.96.56.0/22 maxlen: 24
                          194.38.48.0/22 maxlen: 24
                          193.168.200.0/22 maxlen: 24
                          193.160.220.0/22 maxlen: 24
                          185.136.16.0/22 maxlen: 24
                          147.185.196.0/23 maxlen: 24
                          147.185.206.0/23 maxlen: 24
                          207.244.196.0/22 maxlen: 24
                          43.240.148.0/22 maxlen: 24
                          207.244.208.0/22 maxlen: 24
                          45.12.100.0/22 maxlen: 24
                          2a07:5b40::/29 maxlen: 48
                          2a05:ff00::/29 maxlen: 48

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 00:31:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:f0:af:e7:9f:ab:f2:41:16:dc:07:00:93:56:15:90:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d08da9cf00d4d58b854ffc62010f235b06df354a
        Validity
            Not Before: Nov 21 07:02:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=99352e328b832e0b79eae9d29f0ea57af0ee45c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:9b:72:8f:0e:eb:da:c3:19:f3:42:6d:b9:e4:
                    49:c4:9d:62:23:9a:22:09:01:58:d9:b8:08:2f:a7:
                    e9:2a:e2:1c:33:f3:fe:f1:5e:42:4a:e8:6e:f3:64:
                    57:88:eb:97:48:cf:5f:15:1f:df:74:d0:74:c8:83:
                    e0:8b:0a:51:c7:db:9d:f5:a6:04:ad:14:82:c3:6d:
                    42:4a:e2:97:48:9c:0b:a7:51:f6:5d:69:f8:77:f6:
                    be:1b:22:3c:68:8b:c0:23:79:0d:29:95:23:74:69:
                    cd:57:63:95:7c:ba:10:df:4f:9a:fa:21:44:15:15:
                    60:42:9d:04:0e:b2:84:63:b8:4a:f3:ae:0e:92:18:
                    a6:4a:f3:74:17:60:65:52:3c:bf:49:dd:6a:35:96:
                    2f:8b:37:bd:48:d3:4f:42:54:8b:3b:a4:6c:1e:ee:
                    8e:f2:cc:4d:2a:8a:88:2f:b9:2a:9f:c3:48:06:fc:
                    2f:87:2e:da:55:60:5f:7b:fb:3b:df:30:af:d9:8a:
                    d2:46:4f:ac:7f:a2:aa:b8:80:11:e0:21:72:16:5c:
                    a4:49:b7:c5:f0:c5:d8:a0:7a:d6:ea:26:38:2d:5c:
                    16:41:f5:cd:42:cc:2f:5b:2c:84:22:21:59:b1:da:
                    71:23:ba:a0:40:a3:32:dc:58:ae:cf:cc:ea:d9:4f:
                    9d:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:35:2E:32:8B:83:2E:0B:79:EA:E9:D2:9F:0E:A5:7A:F0:EE:45:C3
            X509v3 Authority Key Identifier:
                keyid:D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/mTUuMouDLgt56unSnw6levDuRcM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.240.148.0/22
                  45.12.100.0/22
                  147.185.196.0/23
                  147.185.206.0/23
                  185.96.56.0/22
                  185.136.16.0/22
                  193.160.220.0/22
                  193.168.200.0/22
                  194.38.48.0/22
                  207.244.196.0/22
                  207.244.208.0/22
                IPv6:
                  2a05:ff00::/29
                  2a07:5b40::/29

    Signature Algorithm: sha256WithRSAEncryption
         85:2b:15:ed:cb:55:09:f1:11:61:6b:0d:01:cd:c6:f6:b3:00:
         3d:15:50:3e:7e:68:e9:99:81:ad:fe:de:be:64:5a:90:85:95:
         ea:1e:bb:0f:79:df:c6:b4:8d:e8:58:02:9e:8b:5f:bc:b1:c1:
         55:9d:62:47:0a:ce:89:a9:c2:67:9a:dd:b4:a5:2f:a9:1a:07:
         38:65:ac:3f:73:d6:38:dc:86:d4:0b:58:9e:6c:2a:e5:88:64:
         b3:c8:68:89:bd:96:85:54:22:b6:17:87:ef:4f:5f:d7:2c:a0:
         d7:25:f8:a1:7e:60:d6:46:7d:0b:fc:6b:64:95:35:ca:72:c0:
         bf:5b:67:b2:3e:11:22:65:d1:5c:08:59:d7:0d:32:97:6f:92:
         f1:36:6e:71:0d:1e:28:3f:99:5c:8b:b7:07:d0:e9:c0:30:15:
         59:6b:12:8e:4e:0a:dd:a3:ac:47:17:f7:79:a3:d0:6b:e9:bf:
         c4:97:8c:01:3a:ec:bd:ed:8c:73:5a:de:cd:a3:8d:f0:ba:51:
         54:2f:65:7f:1f:1a:23:31:d2:52:71:97:82:86:83:66:be:da:
         51:3a:a3:77:65:74:33:67:e7:23:ee:d6:83:95:cc:cb:58:0e:
         c3:32:80:f5:cd:7c:48:8f:1f:bd:53:b6:f7:62:b4:4d:f8:f6:
         41:67:9c:8d
-----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgISAYvwr+efq/JBFtwHAJNWFZCgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwOGRhOWNmMDBkNGQ1OGI4NTRmZmM2MjAxMGYyMzViMDZk
ZjM1NGEwHhcNMjMxMTIxMDcwMjIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTM1MmUzMjhiODMyZTBiNzllYWU5ZDI5ZjBlYTU3YWYwZWU0NWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhJtyjw7r2sMZ80JtueRJxJ1iI5oi
CQFY2bgIL6fpKuIcM/P+8V5CSuhu82RXiOuXSM9fFR/fdNB0yIPgiwpRx9ud9aYE
rRSCw21CSuKXSJwLp1H2XWn4d/a+GyI8aIvAI3kNKZUjdGnNV2OVfLoQ30+a+iFE
FRVgQp0EDrKEY7hK864OkhimSvN0F2BlUjy/Sd1qNZYvize9SNNPQlSLO6RsHu6O
8sxNKoqIL7kqn8NIBvwvhy7aVWBfe/s73zCv2YrSRk+sf6KquIAR4CFyFlykSbfF
8MXYoHrW6iY4LVwWQfXNQswvWyyEIiFZsdpxI7qgQKMy3Fiuz8zq2U+dLwIDAQAB
o4ICWzCCAlcwHQYDVR0OBBYEFJk1LjKLgy4Leerp0p8OpXrw7kXDMB8GA1UdIwQY
MBaAFNCNqc8A1NWLhU/8YgEPI1sG3zVKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYt
MjBlMTk3ODBjYjJlLzEvbVRVdU1vdURMZ3Q1NnVuU253NmxldkR1UmNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYtMjBlMTk3ODBjYjJl
LzEvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHEGCCsGAQUFBwEHAQH/BGIwYDBIBAIAATBCAwQCK/CUAwQC
LQxkAwQBk7nEAwQBk7nOAwQCuWA4AwQCuYgQAwQCwaDcAwQCwajIAwQCwiYwAwQC
z/TEAwQCz/TQMBQEAgACMA4DBQMqBf8AAwUDKgdbQDANBgkqhkiG9w0BAQsFAAOC
AQEAhSsV7ctVCfERYWsNAc3G9rMAPRVQPn5o6ZmBrf7evmRakIWV6h67D3nfxrSN
6FgCnotfvLHBVZ1iRwrOianCZ5rdtKUvqRoHOGWsP3PWONyG1AtYnmwq5Yhks8ho
ib2WhVQitheH709f1yyg1yX4oX5g1kZ9C/xrZJU1ynLAv1tnsj4RImXRXAhZ1w0y
l2+S8TZucQ0eKD+ZXIu3B9DpwDAVWWsSjk4K3aOsRxf3eaPQa+m/xJeMATrsve2M
c1rezaON8LpRVC9lfx8aIzHSUnGXgoaDZr7aUTqjd2V0M2fnI+7Wg5XMy1gOwzKA
9c18SI8fvVO292K0Tfj2QWecjQ==
-----END CERTIFICATE-----