Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/g6uQMcRSmIQIO5FiE97evivKS0M.roa
File:                     g6uQMcRSmIQIO5FiE97evivKS0M.roa (raw, json)
Hash identifier:          L0CnVkbszuWMvfL9o2WpeEbkLKZ3vgLgiZXHgnBfSEw=
Subject key identifier:   83:AB:90:31:C4:52:98:84:08:3B:91:62:13:DE:DE:BE:2B:CA:4B:43
Certificate issuer:       /CN=73f210f1299a1e0aee71dc1d79e5fb12092d30a9
Certificate serial:       018D1D1463F047469DD899FB3631E29DF5D7
Authority key identifier: 73:F2:10:F1:29:9A:1E:0A:EE:71:DC:1D:79:E5:FB:12:09:2D:30:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c_IQ8SmaHgrucdwdeeX7EgktMKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/g6uQMcRSmIQIO5FiE97evivKS0M.roa
Signing time:             Thu 18 Jan 2024 14:58:12 +0000
ROA not before:           Thu 18 Jan 2024 14:58:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39521
IP address blocks:        45.10.16.0/23 maxlen: 23
                          45.10.18.0/23 maxlen: 23
                          45.88.5.0/24 maxlen: 24
                          45.88.6.0/24 maxlen: 24
                          45.88.7.0/24 maxlen: 24
                          45.95.40.0/22 maxlen: 22
                          45.130.100.0/22 maxlen: 22
                          83.229.23.0/24 maxlen: 24
                          83.229.34.0/24 maxlen: 24
                          95.178.107.0/24 maxlen: 24
                          185.144.56.0/22 maxlen: 24
                          188.191.48.0/22 maxlen: 22
                          217.194.153.0/24 maxlen: 24
                          2a05:e4c0::/29 maxlen: 32

Validation:               Failed, certificate revoked on Mon 29 Jan 2024 23:48:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:1d:14:63:f0:47:46:9d:d8:99:fb:36:31:e2:9d:f5:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73f210f1299a1e0aee71dc1d79e5fb12092d30a9
        Validity
            Not Before: Jan 18 14:58:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=83ab9031c4529884083b916213dedebe2bca4b43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:b5:f8:44:fa:99:5f:48:e9:4a:7e:61:27:c2:
                    f2:52:34:3b:89:72:a2:82:de:e5:21:68:53:02:fa:
                    41:76:47:a9:62:8b:18:39:6c:2b:01:21:e7:76:03:
                    37:60:bb:25:11:68:cd:b0:9b:5f:87:f1:8b:d5:bb:
                    dc:a5:ce:f5:80:0b:e3:ec:22:21:c4:27:e7:f5:25:
                    46:18:5b:37:0e:8b:ac:21:01:d2:8f:1c:bd:f4:28:
                    8a:dd:99:82:70:bf:56:90:c0:fe:88:fd:bb:8e:26:
                    ba:f4:9d:4b:a4:81:54:c0:db:f8:79:cc:6e:fa:8e:
                    3d:5f:16:df:83:41:1c:fc:a0:ae:9b:12:e4:a9:e0:
                    64:f2:08:de:ac:c9:53:2c:bd:0b:8c:9d:25:dc:a2:
                    2a:2b:a1:19:bf:ca:51:12:d9:1e:81:ea:2f:8c:d7:
                    13:e1:56:e0:2b:16:8b:04:1e:2f:f9:3b:1b:3f:40:
                    1a:63:be:62:d9:69:7f:93:d9:21:e3:cc:8b:6d:f3:
                    fd:81:d3:8b:ce:26:49:c8:03:ef:90:ae:ae:8f:58:
                    08:c8:3b:c0:fa:dc:0e:77:03:c4:4c:26:f8:18:c5:
                    9a:9f:15:4f:95:25:36:ac:62:0a:b7:e9:9f:a6:ad:
                    48:fb:e2:8c:0b:e0:ee:7d:0c:bb:86:28:50:84:99:
                    9b:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:AB:90:31:C4:52:98:84:08:3B:91:62:13:DE:DE:BE:2B:CA:4B:43
            X509v3 Authority Key Identifier:
                keyid:73:F2:10:F1:29:9A:1E:0A:EE:71:DC:1D:79:E5:FB:12:09:2D:30:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c_IQ8SmaHgrucdwdeeX7EgktMKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/g6uQMcRSmIQIO5FiE97evivKS0M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/c_IQ8SmaHgrucdwdeeX7EgktMKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.16.0/22
                  45.88.5.0-45.88.7.255
                  45.95.40.0/22
                  45.130.100.0/22
                  83.229.23.0/24
                  83.229.34.0/24
                  95.178.107.0/24
                  185.144.56.0/22
                  188.191.48.0/22
                  217.194.153.0/24
                IPv6:
                  2a05:e4c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         46:ab:1b:94:97:e2:67:28:81:14:c0:dd:43:d9:3c:44:a1:ea:
         77:aa:6c:9a:6d:2a:12:02:c7:d5:0a:8a:2f:49:6d:41:6b:78:
         c3:ec:83:f5:d8:06:0a:37:6b:df:1c:e3:d3:ed:27:f7:d9:c4:
         e6:fc:41:c6:5e:93:4b:0c:81:c6:a8:56:ce:64:85:35:5b:36:
         5c:a2:89:de:d1:3a:c2:9b:6c:e8:ea:4c:31:d2:f1:5f:23:15:
         24:42:bc:44:85:98:81:99:34:6f:aa:e1:f4:db:47:63:2a:77:
         be:12:e9:9f:99:8c:9c:a9:d6:c1:26:33:5e:d4:48:8c:51:2c:
         53:ad:71:79:6a:58:e5:f7:e1:ec:67:40:f7:8a:90:66:77:9f:
         de:8e:c0:9e:7e:88:33:1d:73:d5:2b:ec:ae:c4:9c:7f:5d:19:
         44:b6:1e:e4:78:cd:68:f7:c7:0e:a6:47:6c:35:30:d5:34:8b:
         18:26:ca:4f:68:03:d3:68:52:32:0d:55:bb:75:d0:11:42:13:
         8e:ac:72:d3:5e:df:be:f1:b8:a1:42:94:60:f4:3b:10:ab:14:
         24:d1:fd:b5:1c:d8:16:d4:cf:1f:d1:1b:12:2d:0c:c7:36:c4:
         e6:62:31:37:80:65:8b:29:78:50:8c:aa:a3:f2:3a:ed:93:76:
         71:8c:f0:a9
-----BEGIN CERTIFICATE-----
MIIFSjCCBDKgAwIBAgISAY0dFGPwR0ad2Jn7NjHinfXXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczZjIxMGYxMjk5YTFlMGFlZTcxZGMxZDc5ZTVmYjEyMDky
ZDMwYTkwHhcNMjQwMTE4MTQ1ODEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2FiOTAzMWM0NTI5ODg0MDgzYjkxNjIxM2RlZGViZTJiY2E0YjQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtLX4RPqZX0jpSn5hJ8LyUjQ7iXKi
gt7lIWhTAvpBdkepYosYOWwrASHndgM3YLslEWjNsJtfh/GL1bvcpc71gAvj7CIh
xCfn9SVGGFs3DousIQHSjxy99CiK3ZmCcL9WkMD+iP27jia69J1LpIFUwNv4ecxu
+o49Xxbfg0Ec/KCumxLkqeBk8gjerMlTLL0LjJ0l3KIqK6EZv8pREtkegeovjNcT
4VbgKxaLBB4v+TsbP0AaY75i2Wl/k9kh48yLbfP9gdOLziZJyAPvkK6uj1gIyDvA
+twOdwPETCb4GMWanxVPlSU2rGIKt+mfpq1I++KMC+DufQy7hihQhJmbrwIDAQAB
o4ICVjCCAlIwHQYDVR0OBBYEFIOrkDHEUpiECDuRYhPe3r4ryktDMB8GA1UdIwQY
MBaAFHPyEPEpmh4K7nHcHXnl+xIJLTCpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY19JUThTbWFIZ3J1Y2R3ZGVlWDdFZ2t0TUtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kYjFiNDgtMWNjNS00ODMzLTkzZDkt
Yjk0NjQ3MThiYTM3LzEvZzZ1UU1jUlNtSVFJTzVGaUU5N2V2aXZLUzBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kYjFiNDgtMWNjNS00ODMzLTkzZDktYjk0NjQ3MThiYTM3
LzEvY19JUThTbWFIZ3J1Y2R3ZGVlWDdFZ2t0TUtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGwGCCsGAQUFBwEHAQH/BF0wWzBKBAIAATBEAwQCLQoQMAwD
BAAtWAUDBAMtWAADBAItXygDBAItgmQDBABT5RcDBABT5SIDBABfsmsDBAK5kDgD
BAK8vzADBADZwpkwDQQCAAIwBwMFAyoF5MAwDQYJKoZIhvcNAQELBQADggEBAEar
G5SX4mcogRTA3UPZPESh6neqbJptKhICx9UKii9JbUFreMPsg/XYBgo3a98c49Pt
J/fZxOb8QcZek0sMgcaoVs5khTVbNlyiid7ROsKbbOjqTDHS8V8jFSRCvESFmIGZ
NG+q4fTbR2Mqd74S6Z+ZjJyp1sEmM17USIxRLFOtcXlqWOX34exnQPeKkGZ3n96O
wJ5+iDMdc9Ur7K7EnH9dGUS2HuR4zWj3xw6mR2w1MNU0ixgmyk9oA9NoUjINVbt1
0BFCE46sctNe377xuKFClGD0OxCrFCTR/bUc2BbUzx/RGxItDMc2xOZiMTeAZYsp
eFCMqqPyOu2TdnGM8Kk=
-----END CERTIFICATE-----