Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/e71e27-c687-4fd7-8180-4b2da197a7e6/1/z06xgk6FASqe2H1Z7uOB7xyA9fM.roa
File:                     z06xgk6FASqe2H1Z7uOB7xyA9fM.roa (raw, json)
Hash identifier:          Tl6vdD5U+ZWsJjEQxgWi4qS4XKLlbGySsk2FxBtM/Tc=
Subject key identifier:   CF:4E:B1:82:4E:85:01:2A:9E:D8:7D:59:EE:E3:81:EF:1C:80:F5:F3
Certificate issuer:       /CN=687726d38fcf2a7fbbb7bfc28d63fe3579ed211d
Certificate serial:       01894E6CCDFC1DFDE50353203791CD16839A
Authority key identifier: 68:77:26:D3:8F:CF:2A:7F:BB:B7:BF:C2:8D:63:FE:35:79:ED:21:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aHcm04_PKn-7t7_CjWP-NXntIR0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/e71e27-c687-4fd7-8180-4b2da197a7e6/1/z06xgk6FASqe2H1Z7uOB7xyA9fM.roa
Signing time:             Thu 13 Jul 2023 08:45:00 +0000
ROA not before:           Thu 13 Jul 2023 08:45:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     55002
IP address blocks:        185.170.88.0/24 maxlen: 24
                          185.170.90.0/24 maxlen: 24
                          194.11.166.0/24 maxlen: 24
                          194.11.164.0/24 maxlen: 24
                          193.8.190.0/24 maxlen: 24
                          193.8.191.0/24 maxlen: 24
                          193.134.94.0/24 maxlen: 24
                          193.73.208.0/24 maxlen: 24
                          2a09:5f80:2::/48 maxlen: 48
                          2a09:5f80::/48 maxlen: 48
                          2a09:5f80:3::/48 maxlen: 48
                          2001:67c:4f0::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 04:29:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:4e:6c:cd:fc:1d:fd:e5:03:53:20:37:91:cd:16:83:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=687726d38fcf2a7fbbb7bfc28d63fe3579ed211d
        Validity
            Not Before: Jul 13 08:45:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=cf4eb1824e85012a9ed87d59eee381ef1c80f5f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:0a:c0:d0:27:8b:c5:fe:ec:53:99:50:be:38:
                    6f:27:7c:38:eb:e2:1e:54:8a:19:5f:fd:08:aa:93:
                    1f:20:e9:c7:f1:af:f7:d4:f9:a0:d0:ee:b5:53:b8:
                    b2:4d:45:fd:61:ff:a3:a4:28:fc:29:34:bf:1c:c1:
                    52:a2:2f:a4:01:fb:ff:62:d9:51:68:19:23:6e:97:
                    a6:54:88:4f:f2:28:be:f7:0d:c2:22:45:71:46:b3:
                    5e:80:64:0a:73:61:cb:55:0f:33:09:8a:cc:16:a8:
                    57:87:84:1c:86:13:61:25:0d:23:ae:b0:ff:e0:5c:
                    cf:e1:d5:0d:a2:6c:ab:02:19:e4:c8:56:5b:9b:9c:
                    c6:b3:fb:ca:b8:bf:f7:ce:19:a4:06:9e:db:3f:fb:
                    e8:bd:ec:ae:18:90:72:2f:f7:74:14:11:3e:ff:17:
                    e9:04:a7:fe:88:5d:60:32:be:24:75:35:4e:a2:6d:
                    a4:7e:7f:da:11:09:03:c6:c5:34:fa:3a:2d:37:23:
                    82:62:63:7b:51:c3:20:eb:fa:10:89:a6:35:89:95:
                    46:8b:b3:af:99:f1:9f:bb:78:b3:9d:91:53:63:81:
                    30:6f:09:90:36:e8:6c:e5:8a:44:64:9e:54:b3:d4:
                    bc:b0:41:39:a3:29:42:19:e1:55:9e:cc:2c:f6:e8:
                    84:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:4E:B1:82:4E:85:01:2A:9E:D8:7D:59:EE:E3:81:EF:1C:80:F5:F3
            X509v3 Authority Key Identifier:
                keyid:68:77:26:D3:8F:CF:2A:7F:BB:B7:BF:C2:8D:63:FE:35:79:ED:21:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aHcm04_PKn-7t7_CjWP-NXntIR0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/e71e27-c687-4fd7-8180-4b2da197a7e6/1/z06xgk6FASqe2H1Z7uOB7xyA9fM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/e71e27-c687-4fd7-8180-4b2da197a7e6/1/aHcm04_PKn-7t7_CjWP-NXntIR0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.170.88.0/24
                  185.170.90.0/24
                  193.8.190.0/23
                  193.73.208.0/24
                  193.134.94.0/24
                  194.11.164.0/24
                  194.11.166.0/24
                IPv6:
                  2001:67c:4f0::/48
                  2a09:5f80::/48
                  2a09:5f80:2::/47

    Signature Algorithm: sha256WithRSAEncryption
         16:54:c8:8d:63:94:45:19:78:41:70:25:ab:d6:40:4e:df:19:
         a9:ed:93:14:66:bd:e2:e8:06:e3:e5:db:b2:ad:a9:6f:15:62:
         35:3e:f9:a6:cf:4b:13:13:75:37:a6:58:d0:f3:4d:96:a4:ce:
         da:b8:31:7d:ef:b6:9a:ff:d4:24:be:dc:02:c4:a1:5f:68:e0:
         e5:38:25:87:72:c3:c9:87:cf:c9:42:aa:12:63:13:58:55:dd:
         8b:3d:82:82:56:1c:e1:58:02:5f:8e:c6:88:ba:09:e1:ac:6d:
         86:70:0c:d5:e6:ef:75:cc:51:40:ef:c9:ec:a9:a2:e9:bc:4a:
         e4:29:94:a3:76:a8:ca:ec:f9:f1:44:e2:d4:a8:8c:26:7c:51:
         7b:36:7d:50:5c:96:b3:66:33:00:d5:50:5e:84:c6:02:4e:1d:
         86:33:bd:22:e0:db:d7:f2:8f:ad:9b:8f:01:04:45:fa:d4:10:
         ad:70:df:79:2d:91:33:4d:57:d9:46:44:aa:d2:fe:51:03:17:
         b1:dc:4f:e9:ee:b7:29:ef:52:2a:91:5c:b0:ea:f0:b5:2a:53:
         3d:aa:1c:c6:af:3a:73:ab:31:56:0f:65:c7:da:c8:ea:d8:ed:
         39:64:a6:50:55:94:d5:e8:09:26:db:ba:70:6a:02:35:a0:35:
         51:c0:09:04
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAYlObM38Hf3lA1MgN5HNFoOaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4NzcyNmQzOGZjZjJhN2ZiYmI3YmZjMjhkNjNmZTM1Nzll
ZDIxMWQwHhcNMjMwNzEzMDg0NTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjRlYjE4MjRlODUwMTJhOWVkODdkNTllZWUzODFlZjFjODBmNWYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkgrA0CeLxf7sU5lQvjhvJ3w46+Ie
VIoZX/0IqpMfIOnH8a/31Pmg0O61U7iyTUX9Yf+jpCj8KTS/HMFSoi+kAfv/YtlR
aBkjbpemVIhP8ii+9w3CIkVxRrNegGQKc2HLVQ8zCYrMFqhXh4QchhNhJQ0jrrD/
4FzP4dUNomyrAhnkyFZbm5zGs/vKuL/3zhmkBp7bP/voveyuGJByL/d0FBE+/xfp
BKf+iF1gMr4kdTVOom2kfn/aEQkDxsU0+jotNyOCYmN7UcMg6/oQiaY1iZVGi7Ov
mfGfu3iznZFTY4EwbwmQNuhs5YpEZJ5Us9S8sEE5oylCGeFVnsws9uiENwIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFM9OsYJOhQEqnth9We7jge8cgPXzMB8GA1UdIwQY
MBaAFGh3JtOPzyp/u7e/wo1j/jV57SEdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUhjbTA0X1BLbi03dDdfQ2pXUC1OWG50SVIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC9lNzFlMjctYzY4Ny00ZmQ3LTgxODAt
NGIyZGExOTdhN2U2LzEvejA2eGdrNkZBU3FlMkgxWjd1T0I3eHlBOWZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC9lNzFlMjctYzY4Ny00ZmQ3LTgxODAtNGIyZGExOTdhN2U2
LzEvYUhjbTA0X1BLbi03dDdfQ2pXUC1OWG50SVIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTAwBAIAATAqAwQAuapYAwQA
uapaAwQBwQi+AwQAwUnQAwQAwYZeAwQAwgukAwQAwgumMCEEAgACMBsDBwAgAQZ8
BPADBwAqCV+AAAADBwEqCV+AAAIwDQYJKoZIhvcNAQELBQADggEBABZUyI1jlEUZ
eEFwJavWQE7fGantkxRmveLoBuPl27KtqW8VYjU++abPSxMTdTemWNDzTZakztq4
MX3vtpr/1CS+3ALEoV9o4OU4JYdyw8mHz8lCqhJjE1hV3Ys9goJWHOFYAl+Oxoi6
CeGsbYZwDNXm73XMUUDvyeypoum8SuQplKN2qMrs+fFE4tSojCZ8UXs2fVBclrNm
MwDVUF6ExgJOHYYzvSLg29fyj62bjwEERfrUEK1w33ktkTNNV9lGRKrS/lEDF7Hc
T+nutynvUiqRXLDq8LUqUz2qHMavOnOrMVYPZcfayOrY7TlkplBVlNXoCSbbunBq
AjWgNVHACQQ=
-----END CERTIFICATE-----