Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/e71e27-c687-4fd7-8180-4b2da197a7e6/1/LHrlGDfPW5XPoFBH1dtkKl4YI9Y.roa
File:                     LHrlGDfPW5XPoFBH1dtkKl4YI9Y.roa (raw, json)
Hash identifier:          eDFL2ckjVRcLbQZPzmGxDujTixIwruJ4b+v+hej2oDw=
Subject key identifier:   2C:7A:E5:18:37:CF:5B:95:CF:A0:50:47:D5:DB:64:2A:5E:18:23:D6
Certificate issuer:       /CN=687726d38fcf2a7fbbb7bfc28d63fe3579ed211d
Certificate serial:       01893F547AEB726E1A37A9496ADB1251EF4E
Authority key identifier: 68:77:26:D3:8F:CF:2A:7F:BB:B7:BF:C2:8D:63:FE:35:79:ED:21:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aHcm04_PKn-7t7_CjWP-NXntIR0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/e71e27-c687-4fd7-8180-4b2da197a7e6/1/LHrlGDfPW5XPoFBH1dtkKl4YI9Y.roa
Signing time:             Mon 10 Jul 2023 10:24:08 +0000
ROA not before:           Mon 10 Jul 2023 10:24:08 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     48038
IP address blocks:        185.170.88.0/24 maxlen: 24
                          185.170.90.0/24 maxlen: 24
                          193.8.190.0/23 maxlen: 23
                          193.8.190.0/24 maxlen: 24
                          193.8.191.0/24 maxlen: 24
                          194.11.164.0/24 maxlen: 24
                          194.11.166.0/24 maxlen: 24
                          193.134.94.0/24 maxlen: 24
                          193.73.208.0/24 maxlen: 24
                          2a09:5f80:3::/48 maxlen: 48
                          2a09:5f80:2::/48 maxlen: 48
                          2a09:5f80::/48 maxlen: 48
                          2001:67c:4f0::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 04:29:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:3f:54:7a:eb:72:6e:1a:37:a9:49:6a:db:12:51:ef:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=687726d38fcf2a7fbbb7bfc28d63fe3579ed211d
        Validity
            Not Before: Jul 10 10:24:08 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2c7ae51837cf5b95cfa05047d5db642a5e1823d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:ce:c0:35:03:50:e2:15:60:2e:88:ba:c5:d0:
                    c7:29:fc:54:7e:f5:ab:8f:ad:83:15:d1:db:e9:4c:
                    11:0c:8a:2b:74:d4:a6:a5:44:95:4e:cf:d2:3a:7f:
                    11:f1:7c:6f:b7:f4:09:e2:c0:e9:ac:68:dc:7a:bf:
                    f2:ec:1a:fa:cf:0b:37:13:51:a0:4f:ca:cc:62:2e:
                    54:58:5a:bb:c8:39:2f:55:9f:68:03:b2:bd:c1:27:
                    fa:19:f9:9d:a1:96:99:5b:f4:73:47:51:72:d1:b9:
                    21:c5:60:7e:59:52:ac:1d:aa:45:38:cf:27:a2:03:
                    2e:9f:a5:3f:1e:8b:1e:10:b9:ee:59:c3:43:1c:01:
                    01:39:59:20:b7:56:c7:a6:b0:5c:dd:9d:0d:41:57:
                    55:c7:1e:d0:76:63:a9:0c:ef:1c:b2:1e:27:d6:bf:
                    4d:7a:43:45:b8:d7:4c:50:8e:4d:6a:fd:9a:43:e8:
                    35:eb:fe:8f:a9:b7:d3:7b:87:3b:ca:e6:c3:84:a7:
                    3c:ba:81:27:01:db:be:dc:96:59:ff:3a:2d:5c:51:
                    44:08:4d:7a:51:f4:87:b2:0d:3e:2f:e5:67:12:e6:
                    ca:cb:c0:81:25:7a:62:65:67:5e:c6:6f:46:a9:8f:
                    4a:4a:92:7e:1d:4e:62:10:57:7f:5e:4c:31:bd:b1:
                    e2:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:7A:E5:18:37:CF:5B:95:CF:A0:50:47:D5:DB:64:2A:5E:18:23:D6
            X509v3 Authority Key Identifier:
                keyid:68:77:26:D3:8F:CF:2A:7F:BB:B7:BF:C2:8D:63:FE:35:79:ED:21:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aHcm04_PKn-7t7_CjWP-NXntIR0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/e71e27-c687-4fd7-8180-4b2da197a7e6/1/LHrlGDfPW5XPoFBH1dtkKl4YI9Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/e71e27-c687-4fd7-8180-4b2da197a7e6/1/aHcm04_PKn-7t7_CjWP-NXntIR0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.170.88.0/24
                  185.170.90.0/24
                  193.8.190.0/23
                  193.73.208.0/24
                  193.134.94.0/24
                  194.11.164.0/24
                  194.11.166.0/24
                IPv6:
                  2001:67c:4f0::/48
                  2a09:5f80::/48
                  2a09:5f80:2::/47

    Signature Algorithm: sha256WithRSAEncryption
         01:f6:c6:f9:ed:a7:7e:9b:24:d2:4c:5c:5e:b6:3a:2c:c2:71:
         3a:b0:d9:ae:99:e0:df:50:85:e5:40:bd:cf:b9:a5:32:6a:6a:
         44:d7:39:58:7c:c5:1c:42:db:86:fb:cd:eb:06:cb:e7:b8:4e:
         3c:71:a9:df:8f:f0:08:d1:c0:7c:32:7e:62:19:c7:da:10:f6:
         4d:dc:45:ee:0f:c2:18:74:40:56:01:ae:76:61:5c:c4:16:80:
         ee:b6:c6:77:b3:b5:93:27:4c:18:8b:e3:21:19:e5:cb:8a:02:
         f1:49:95:50:f8:8a:c7:39:2a:88:48:cd:18:1c:83:30:7c:95:
         69:a5:c8:96:4f:ed:de:fa:70:67:15:3e:71:34:82:10:f8:4a:
         46:f0:4d:1c:60:0d:25:37:2d:67:e2:7b:71:0f:6c:c8:33:17:
         25:22:db:3d:fd:bf:e9:67:24:e4:32:32:65:13:08:69:b0:d8:
         9a:f3:25:1b:fd:2f:44:87:0b:61:2d:8e:ec:2c:8c:e1:73:e2:
         f9:72:8a:7d:53:18:dd:66:e2:ae:81:ad:e1:64:86:94:ed:4c:
         7d:97:7d:17:24:6e:0f:9f:ff:4c:45:72:f3:48:d4:7d:c9:99:
         7b:b5:08:07:1d:df:41:a9:8c:b8:ff:0b:37:c2:e6:5b:92:c4:
         20:ef:f2:61
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAYk/VHrrcm4aN6lJatsSUe9OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4NzcyNmQzOGZjZjJhN2ZiYmI3YmZjMjhkNjNmZTM1Nzll
ZDIxMWQwHhcNMjMwNzEwMTAyNDA4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzdhZTUxODM3Y2Y1Yjk1Y2ZhMDUwNDdkNWRiNjQyYTVlMTgyM2Q2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm87ANQNQ4hVgLoi6xdDHKfxUfvWr
j62DFdHb6UwRDIordNSmpUSVTs/SOn8R8Xxvt/QJ4sDprGjcer/y7Br6zws3E1Gg
T8rMYi5UWFq7yDkvVZ9oA7K9wSf6GfmdoZaZW/RzR1Fy0bkhxWB+WVKsHapFOM8n
ogMun6U/HoseELnuWcNDHAEBOVkgt1bHprBc3Z0NQVdVxx7QdmOpDO8csh4n1r9N
ekNFuNdMUI5Nav2aQ+g16/6PqbfTe4c7yubDhKc8uoEnAdu+3JZZ/zotXFFECE16
UfSHsg0+L+VnEubKy8CBJXpiZWdexm9GqY9KSpJ+HU5iEFd/XkwxvbHiowIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFCx65Rg3z1uVz6BQR9XbZCpeGCPWMB8GA1UdIwQY
MBaAFGh3JtOPzyp/u7e/wo1j/jV57SEdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUhjbTA0X1BLbi03dDdfQ2pXUC1OWG50SVIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC9lNzFlMjctYzY4Ny00ZmQ3LTgxODAt
NGIyZGExOTdhN2U2LzEvTEhybEdEZlBXNVhQb0ZCSDFkdGtLbDRZSTlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC9lNzFlMjctYzY4Ny00ZmQ3LTgxODAtNGIyZGExOTdhN2U2
LzEvYUhjbTA0X1BLbi03dDdfQ2pXUC1OWG50SVIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTAwBAIAATAqAwQAuapYAwQA
uapaAwQBwQi+AwQAwUnQAwQAwYZeAwQAwgukAwQAwgumMCEEAgACMBsDBwAgAQZ8
BPADBwAqCV+AAAADBwEqCV+AAAIwDQYJKoZIhvcNAQELBQADggEBAAH2xvntp36b
JNJMXF62OizCcTqw2a6Z4N9QheVAvc+5pTJqakTXOVh8xRxC24b7zesGy+e4Tjxx
qd+P8AjRwHwyfmIZx9oQ9k3cRe4Pwhh0QFYBrnZhXMQWgO62xneztZMnTBiL4yEZ
5cuKAvFJlVD4isc5KohIzRgcgzB8lWmlyJZP7d76cGcVPnE0ghD4SkbwTRxgDSU3
LWfie3EPbMgzFyUi2z39v+lnJOQyMmUTCGmw2JrzJRv9L0SHC2EtjuwsjOFz4vly
in1TGN1m4q6BreFkhpTtTH2XfRckbg+f/0xFcvNI1H3JmXu1CAcd30GpjLj/CzfC
5luSxCDv8mE=
-----END CERTIFICATE-----