Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/WFDuDATPq_SAh8DkEX4gKm14PWU.roa
File:                     WFDuDATPq_SAh8DkEX4gKm14PWU.roa (raw, json)
Hash identifier:          TM+tQ6Y9WZy8zl8sdopfx4OW64dMrj2NhWrC0oUSI2o=
Subject key identifier:   58:50:EE:0C:04:CF:AB:F4:80:87:C0:E4:11:7E:20:2A:6D:78:3D:65
Certificate issuer:       /CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Certificate serial:       0188E748EDDD23C343CBBBF6BDD8CB698C4A
Authority key identifier: 34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/WFDuDATPq_SAh8DkEX4gKm14PWU.roa
Signing time:             Fri 23 Jun 2023 08:04:56 +0000
ROA not before:           Fri 23 Jun 2023 08:04:56 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     174
IP address blocks:        185.55.4.0/22 maxlen: 23
                          176.96.88.0/22 maxlen: 22
                          176.103.240.0/21 maxlen: 22
                          176.116.232.0/22 maxlen: 22
                          185.55.142.0/23 maxlen: 23
                          185.55.140.0/23 maxlen: 23
                          185.55.140.0/22 maxlen: 22
                          46.173.240.0/21 maxlen: 21
                          178.212.184.0/22 maxlen: 22
                          178.212.184.0/21 maxlen: 21
                          178.212.188.0/22 maxlen: 22
                          176.102.124.0/22 maxlen: 22
                          176.102.120.0/22 maxlen: 22
                          176.102.120.0/21 maxlen: 21
                          91.233.0.0/23 maxlen: 23

Validation:               Failed, certificate revoked on Mon 18 Dec 2023 09:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:e7:48:ed:dd:23:c3:43:cb:bb:f6:bd:d8:cb:69:8c:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
        Validity
            Not Before: Jun 23 08:04:56 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5850ee0c04cfabf48087c0e4117e202a6d783d65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:bb:67:2d:11:dc:f2:4d:86:a2:52:63:fe:f5:
                    c7:c3:1e:25:9e:48:09:85:c1:e8:84:21:3b:2d:b0:
                    a3:50:0d:eb:b7:71:f0:d2:6a:de:98:90:74:23:90:
                    6f:35:ab:d9:be:93:7b:b9:d3:c6:dd:e4:94:b4:42:
                    86:8c:1a:f2:c8:22:f1:ec:d8:d1:23:cc:91:fb:f5:
                    3c:9b:2d:df:d0:a0:b4:c5:74:18:de:4d:3b:83:f2:
                    5e:74:5e:64:18:9d:c9:c8:0e:19:fe:c4:02:ab:f2:
                    fd:0f:b9:e0:e9:4b:ed:94:db:5e:45:29:50:83:f9:
                    29:90:92:c9:71:a5:67:09:d8:40:56:ec:81:92:99:
                    29:bd:ec:a3:62:16:fe:4c:c1:82:9d:97:76:be:78:
                    96:16:a5:58:ca:24:17:8c:b3:f9:93:5f:fc:de:92:
                    23:15:f2:34:0d:74:d7:2f:cd:98:c0:f2:08:53:4a:
                    95:12:f2:83:eb:f3:c5:1e:51:4e:20:10:38:b9:b7:
                    e5:32:ad:f6:87:b0:87:2f:10:6c:b1:23:df:39:93:
                    e1:a8:7d:c2:33:ee:28:40:3a:d9:15:5e:18:4d:4a:
                    35:46:0d:a2:ef:fe:89:5a:bb:d5:87:73:9a:1a:26:
                    83:e0:0f:1d:30:0c:e1:51:95:26:c6:a5:04:ed:8e:
                    e1:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:50:EE:0C:04:CF:AB:F4:80:87:C0:E4:11:7E:20:2A:6D:78:3D:65
            X509v3 Authority Key Identifier:
                keyid:34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/WFDuDATPq_SAh8DkEX4gKm14PWU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.173.240.0/21
                  91.233.0.0/23
                  176.96.88.0/22
                  176.102.120.0/21
                  176.103.240.0/21
                  176.116.232.0/22
                  178.212.184.0/21
                  185.55.4.0/22
                  185.55.140.0/22

    Signature Algorithm: sha256WithRSAEncryption
         73:a5:64:de:c9:50:39:50:e3:25:bc:9b:aa:54:94:b4:d6:60:
         82:02:cd:93:63:fe:e5:33:3a:8f:d1:90:e2:ba:bc:7a:70:e4:
         ab:b3:2e:75:21:52:d8:09:35:2e:69:e5:05:1d:a9:df:b5:69:
         5e:01:a1:c7:e6:34:c3:f7:20:47:0c:7c:d0:b5:11:32:13:2f:
         48:22:91:2f:c2:2c:73:6f:d9:09:36:82:9e:72:b2:ef:3e:06:
         3c:5d:3c:87:f2:22:ec:c9:61:7e:36:98:59:a3:5d:03:7f:9d:
         92:34:05:ae:be:7e:ef:8f:6c:f3:5b:c6:69:7d:2d:2f:24:6d:
         7e:63:13:4c:25:8d:b0:00:5e:c7:cf:3d:0a:e0:ff:7e:0d:9c:
         fc:34:36:db:3b:6f:24:73:27:a1:b1:4d:6a:08:a0:30:e1:1a:
         9f:83:7e:bb:f4:ee:cf:3d:a3:da:39:e6:ac:34:de:bd:b0:34:
         f6:ee:f1:75:7f:fd:cc:37:c1:7c:1b:a0:ca:cb:f6:c3:25:ee:
         5b:2b:24:c1:a4:77:67:50:e6:e4:9c:ab:bb:11:77:af:68:e7:
         0d:f1:58:86:93:e0:9e:9b:b4:b6:9c:8a:9b:84:3c:f1:ee:c2:
         f3:80:2b:10:12:dd:2c:f3:e1:78:74:a0:6f:38:5d:fd:db:d7:
         5f:93:d7:af
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYjnSO3dI8NDy7v2vdjLaYxKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0OWNiYmQ1YzJjZjQxOTVjYzZlYzdmMjFmNjA3NTgxYTAy
MjRkYWEwHhcNMjMwNjIzMDgwNDU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODUwZWUwYzA0Y2ZhYmY0ODA4N2MwZTQxMTdlMjAyYTZkNzgzZDY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkbtnLRHc8k2GolJj/vXHwx4lnkgJ
hcHohCE7LbCjUA3rt3Hw0mremJB0I5BvNavZvpN7udPG3eSUtEKGjBryyCLx7NjR
I8yR+/U8my3f0KC0xXQY3k07g/JedF5kGJ3JyA4Z/sQCq/L9D7ng6UvtlNteRSlQ
g/kpkJLJcaVnCdhAVuyBkpkpveyjYhb+TMGCnZd2vniWFqVYyiQXjLP5k1/83pIj
FfI0DXTXL82YwPIIU0qVEvKD6/PFHlFOIBA4ubflMq32h7CHLxBssSPfOZPhqH3C
M+4oQDrZFV4YTUo1Rg2i7/6JWrvVh3OaGiaD4A8dMAzhUZUmxqUE7Y7hQwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFFhQ7gwEz6v0gIfA5BF+ICpteD1lMB8GA1UdIwQY
MBaAFDScu9XCz0GVzG7H8h9gdYGgIk2qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUt
ZGMwNmRkODA1OTYwLzEvV0ZEdURBVFBxX1NBaDhEa0VYNGdLbTE0UFdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUtZGMwNmRkODA1OTYw
LzEvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQDLq3wAwQB
W+kAAwQCsGBYAwQDsGZ4AwQDsGfwAwQCsHToAwQDstS4AwQCuTcEAwQCuTeMMA0G
CSqGSIb3DQEBCwUAA4IBAQBzpWTeyVA5UOMlvJuqVJS01mCCAs2TY/7lMzqP0ZDi
urx6cOSrsy51IVLYCTUuaeUFHanftWleAaHH5jTD9yBHDHzQtREyEy9IIpEvwixz
b9kJNoKecrLvPgY8XTyH8iLsyWF+NphZo10Df52SNAWuvn7vj2zzW8ZpfS0vJG1+
YxNMJY2wAF7Hzz0K4P9+DZz8NDbbO28kcyehsU1qCKAw4Rqfg3679O7PPaPaOeas
NN69sDT27vF1f/3MN8F8G6DKy/bDJe5bKyTBpHdnUObknKu7EXevaOcN8ViGk+Ce
m7S2nIqbhDzx7sLzgCsQEt0s8+F4dKBvOF3929dfk9ev
-----END CERTIFICATE-----