Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/0771e1-39af-4353-947f-01facc747c24/1/Pk4oocXYWWHRAE2M9RrAeFtVlL8.roa
File:                     Pk4oocXYWWHRAE2M9RrAeFtVlL8.roa (raw, json)
Hash identifier:          EJH2N9qLryHCy+ZLzje0Q6eLKkrIFnioY1T/N/BEDeY=
Subject key identifier:   3E:4E:28:A1:C5:D8:59:61:D1:00:4D:8C:F5:1A:C0:78:5B:55:94:BF
Certificate issuer:       /CN=2d119754fc14ffe7968a6516bd49bdb25633b887
Certificate serial:       018CF37F134E166804C98D33525FF2523AEF
Authority key identifier: 2D:11:97:54:FC:14:FF:E7:96:8A:65:16:BD:49:BD:B2:56:33:B8:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LRGXVPwU_-eWimUWvUm9slYzuIc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/0771e1-39af-4353-947f-01facc747c24/1/Pk4oocXYWWHRAE2M9RrAeFtVlL8.roa
Signing time:             Wed 10 Jan 2024 13:10:40 +0000
ROA not before:           Wed 10 Jan 2024 13:10:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25160
IP address blocks:        185.121.76.0/22 maxlen: 22
                          185.135.164.0/22 maxlen: 22
                          185.135.166.0/24 maxlen: 24
                          94.126.43.0/24 maxlen: 24
                          94.126.47.0/24 maxlen: 24
                          178.18.116.0/23 maxlen: 23
                          178.18.119.0/24 maxlen: 24
                          31.28.70.0/24 maxlen: 24
                          31.28.65.0/24 maxlen: 24
                          31.28.68.0/24 maxlen: 24
                          31.28.67.0/24 maxlen: 24
                          31.28.72.0/24 maxlen: 24
                          31.28.75.0/24 maxlen: 24
                          31.28.84.0/23 maxlen: 23
                          31.28.80.0/22 maxlen: 22
                          31.28.86.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Thu 02 Jan 2025 13:49:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f3:7f:13:4e:16:68:04:c9:8d:33:52:5f:f2:52:3a:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d119754fc14ffe7968a6516bd49bdb25633b887
        Validity
            Not Before: Jan 10 13:10:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3e4e28a1c5d85961d1004d8cf51ac0785b5594bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:94:1a:f3:c5:92:b6:5e:00:97:de:23:c7:cd:
                    09:19:bd:27:82:98:de:e6:3e:77:aa:b7:2b:d3:59:
                    02:74:75:50:82:da:52:82:e3:64:dd:d4:c2:9a:8e:
                    dc:43:9a:1a:01:87:2d:83:d2:95:47:3f:0f:9f:92:
                    91:96:d4:48:d0:67:6b:48:2c:4f:97:a2:94:ed:f1:
                    39:b2:55:22:cd:e6:ae:40:1b:0e:98:c7:14:f4:aa:
                    61:11:d7:ae:be:6a:d6:ef:a0:32:f9:b7:aa:31:d2:
                    26:70:e0:50:01:49:64:7a:03:5b:09:83:47:98:a5:
                    05:82:f7:44:14:0e:4c:c1:bd:b7:c9:f7:bf:61:3c:
                    d1:59:5e:e4:b0:f9:f4:8f:1f:68:cb:88:4b:ef:4e:
                    7f:a7:51:0c:f1:44:d5:3e:34:d5:ca:51:04:b1:88:
                    e8:e4:73:48:29:97:ce:cf:46:57:8e:09:82:01:27:
                    dd:92:14:c3:62:78:0c:db:72:ac:8c:27:18:17:18:
                    60:9c:0b:2a:f7:62:30:5a:c7:13:06:c5:83:14:77:
                    ed:b2:7a:08:93:b2:2f:1e:00:c2:62:65:ae:78:48:
                    46:80:df:24:8f:b1:8e:d7:16:eb:cb:c9:56:47:bb:
                    bd:dc:af:cc:8b:4e:c9:d3:7c:29:a7:72:64:ac:2c:
                    08:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:4E:28:A1:C5:D8:59:61:D1:00:4D:8C:F5:1A:C0:78:5B:55:94:BF
            X509v3 Authority Key Identifier:
                keyid:2D:11:97:54:FC:14:FF:E7:96:8A:65:16:BD:49:BD:B2:56:33:B8:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LRGXVPwU_-eWimUWvUm9slYzuIc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/0771e1-39af-4353-947f-01facc747c24/1/Pk4oocXYWWHRAE2M9RrAeFtVlL8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/0771e1-39af-4353-947f-01facc747c24/1/LRGXVPwU_-eWimUWvUm9slYzuIc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.28.65.0/24
                  31.28.67.0-31.28.68.255
                  31.28.70.0/24
                  31.28.72.0/24
                  31.28.75.0/24
                  31.28.80.0-31.28.86.255
                  94.126.43.0/24
                  94.126.47.0/24
                  178.18.116.0/23
                  178.18.119.0/24
                  185.121.76.0/22
                  185.135.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         44:21:7d:33:93:19:bc:d4:a4:54:d4:8e:7b:79:d4:5a:df:df:
         e3:a9:a0:79:66:48:2f:18:ee:cf:3c:65:48:77:fe:a1:46:f3:
         5c:d0:5a:3e:1a:27:85:28:36:2e:e4:e0:8b:ec:97:6a:0a:3e:
         93:99:6f:7e:b5:7c:55:2e:15:9f:0a:6d:29:66:8c:f6:2d:27:
         b4:29:80:1a:43:b4:33:84:dc:d2:4c:cc:2c:61:b2:20:0a:c0:
         b5:b3:f5:1f:64:e1:1c:dd:04:c9:7c:82:b3:a1:8e:e6:cd:fb:
         d5:a7:bc:f2:e6:4e:28:3a:b8:0d:36:c0:6b:d9:b7:84:fd:55:
         d8:87:71:86:3b:67:8c:93:2b:80:31:72:21:2d:bf:ea:7d:b4:
         1b:64:77:e5:35:43:ac:5e:7a:ec:f9:08:44:bf:21:13:47:71:
         84:ee:43:40:87:29:23:78:ac:57:07:e0:19:db:b6:f0:15:cf:
         95:e1:a2:e7:9b:1c:10:7c:2b:90:b6:4b:05:ec:9e:3b:c7:2e:
         63:90:7e:42:0c:7b:1e:39:43:ce:7c:c7:86:01:1f:35:dd:a4:
         8d:dd:ea:ae:aa:cb:58:a9:68:80:7b:98:c7:cd:2c:3b:5e:25:
         d6:d1:a6:0e:ff:22:1c:d6:5e:6a:75:77:55:58:90:02:53:62:
         a0:41:30:83
-----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgISAYzzfxNOFmgEyY0zUl/yUjrvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkMTE5NzU0ZmMxNGZmZTc5NjhhNjUxNmJkNDliZGIyNTYz
M2I4ODcwHhcNMjQwMTEwMTMxMDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTRlMjhhMWM1ZDg1OTYxZDEwMDRkOGNmNTFhYzA3ODViNTU5NGJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq5Qa88WStl4Al94jx80JGb0ngpje
5j53qrcr01kCdHVQgtpSguNk3dTCmo7cQ5oaAYctg9KVRz8Pn5KRltRI0GdrSCxP
l6KU7fE5slUizeauQBsOmMcU9KphEdeuvmrW76Ay+beqMdImcOBQAUlkegNbCYNH
mKUFgvdEFA5Mwb23yfe/YTzRWV7ksPn0jx9oy4hL705/p1EM8UTVPjTVylEEsYjo
5HNIKZfOz0ZXjgmCASfdkhTDYngM23KsjCcYFxhgnAsq92IwWscTBsWDFHftsnoI
k7IvHgDCYmWueEhGgN8kj7GO1xbry8lWR7u93K/Mi07J03wpp3JkrCwIvwIDAQAB
o4ICWzCCAlcwHQYDVR0OBBYEFD5OKKHF2Flh0QBNjPUawHhbVZS/MB8GA1UdIwQY
MBaAFC0Rl1T8FP/nloplFr1JvbJWM7iHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFJHWFZQd1VfLWVXaW1VV3ZVbTlzbFl6dUljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS8wNzcxZTEtMzlhZi00MzUzLTk0N2Yt
MDFmYWNjNzQ3YzI0LzEvUGs0b29jWFlXV0hSQUUyTTlSckFlRnRWbEw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS8wNzcxZTEtMzlhZi00MzUzLTk0N2YtMDFmYWNjNzQ3YzI0
LzEvTFJHWFZQd1VfLWVXaW1VV3ZVbTlzbFl6dUljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHEGCCsGAQUFBwEHAQH/BGIwYDBeBAIAATBYAwQAHxxBMAwD
BAAfHEMDBAAfHEQDBAAfHEYDBAAfHEgDBAAfHEswDAMEBB8cUAMEAB8cVgMEAF5+
KwMEAF5+LwMEAbISdAMEALISdwMEArl5TAMEArmHpDANBgkqhkiG9w0BAQsFAAOC
AQEARCF9M5MZvNSkVNSOe3nUWt/f46mgeWZILxjuzzxlSHf+oUbzXNBaPhonhSg2
LuTgi+yXago+k5lvfrV8VS4VnwptKWaM9i0ntCmAGkO0M4Tc0kzMLGGyIArAtbP1
H2ThHN0EyXyCs6GO5s371ae88uZOKDq4DTbAa9m3hP1V2IdxhjtnjJMrgDFyIS2/
6n20G2R35TVDrF567PkIRL8hE0dxhO5DQIcpI3isVwfgGdu28BXPleGi55scEHwr
kLZLBeyeO8cuY5B+Qgx7HjlDznzHhgEfNd2kjd3qrqrLWKlogHuYx80sO14l1tGm
Dv8iHNZeanV3VViQAlNioEEwgw==
-----END CERTIFICATE-----