Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/3cd7ff-20d2-4cec-aeca-354399724b1e/1/qOx5HdiGVoSA5o7B6oxdfyC8nFw.roa
File:                     qOx5HdiGVoSA5o7B6oxdfyC8nFw.roa (raw, json)
Hash identifier:          q8fPL9Z0RRLKAVMoIPlqU6Ns17YNWG1QruxKLvQds0c=
Subject key identifier:   A8:EC:79:1D:D8:86:56:84:80:E6:8E:C1:EA:8C:5D:7F:20:BC:9C:5C
Certificate issuer:       /CN=ab30921d28c78ede81842f712e6cf72bde5a6080
Certificate serial:       018A88A30D40CE408393B904898FB938BC5D
Authority key identifier: AB:30:92:1D:28:C7:8E:DE:81:84:2F:71:2E:6C:F7:2B:DE:5A:60:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qzCSHSjHjt6BhC9xLmz3K95aYIA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/3cd7ff-20d2-4cec-aeca-354399724b1e/1/qOx5HdiGVoSA5o7B6oxdfyC8nFw.roa
Signing time:             Tue 12 Sep 2023 09:05:01 +0000
ROA not before:           Tue 12 Sep 2023 09:05:01 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     34960
IP address blocks:        194.126.145.0/24 maxlen: 24
                          194.126.144.0/23 maxlen: 23
                          194.126.144.0/24 maxlen: 24
                          185.122.48.0/22 maxlen: 22
                          185.122.48.0/24 maxlen: 24
                          5.149.4.0/24 maxlen: 24
                          5.149.3.0/24 maxlen: 24
                          5.149.2.0/24 maxlen: 24
                          5.149.1.0/24 maxlen: 24
                          5.149.0.0/24 maxlen: 24
                          5.149.0.0/21 maxlen: 21
                          185.120.92.0/24 maxlen: 24
                          5.149.7.0/24 maxlen: 24
                          5.149.6.0/24 maxlen: 24
                          5.149.5.0/24 maxlen: 24
                          2a01:48c0::/32 maxlen: 32
                          2a01:48c0:200::/40 maxlen: 40
                          2a01:48c0:100::/40 maxlen: 40
                          2a01:48c0::/40 maxlen: 40

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 20:31:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:88:a3:0d:40:ce:40:83:93:b9:04:89:8f:b9:38:bc:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab30921d28c78ede81842f712e6cf72bde5a6080
        Validity
            Not Before: Sep 12 09:05:01 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a8ec791dd886568480e68ec1ea8c5d7f20bc9c5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:ee:d3:e4:76:89:3d:6e:18:db:e0:06:fd:2a:
                    51:fe:5b:bb:88:20:c0:7b:c3:91:9f:b4:d8:50:29:
                    14:21:d9:64:ba:52:c5:e1:d6:15:43:a4:c2:53:b7:
                    5b:13:c1:b3:76:6c:c1:30:81:82:f9:c2:4c:e9:8e:
                    b9:12:8c:f5:4b:22:a7:36:8d:a2:6a:9c:5d:9f:02:
                    ae:cc:e4:f2:e9:00:fc:c8:4f:2f:36:1d:bc:43:91:
                    9a:ab:c0:cb:d1:54:67:8e:f2:cc:cb:e9:b3:ed:41:
                    9f:a3:44:32:e0:67:2e:68:77:ae:11:db:72:eb:78:
                    08:5f:85:5d:90:c8:0f:dd:e9:21:e6:7f:13:65:40:
                    79:6a:9b:47:63:20:83:c5:28:2d:47:e2:76:ed:9d:
                    fc:7d:4f:80:f1:42:7d:b2:7c:73:c5:1a:bb:ee:f6:
                    ad:fd:26:7d:cc:03:3b:9b:0f:ba:20:50:25:29:ad:
                    d1:a6:40:6c:0c:9e:68:54:9c:c1:7b:0c:5a:f1:ca:
                    7e:66:94:e0:c7:e1:b8:40:28:fc:b7:2f:22:3a:69:
                    08:7e:d3:fe:e5:1b:0e:16:e3:67:91:6e:84:ef:60:
                    10:a2:88:01:d1:9f:20:91:ba:5b:26:63:8a:a8:bd:
                    0e:4f:cf:13:d5:77:66:98:01:1f:03:7f:19:76:70:
                    44:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:EC:79:1D:D8:86:56:84:80:E6:8E:C1:EA:8C:5D:7F:20:BC:9C:5C
            X509v3 Authority Key Identifier:
                keyid:AB:30:92:1D:28:C7:8E:DE:81:84:2F:71:2E:6C:F7:2B:DE:5A:60:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qzCSHSjHjt6BhC9xLmz3K95aYIA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/3cd7ff-20d2-4cec-aeca-354399724b1e/1/qOx5HdiGVoSA5o7B6oxdfyC8nFw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/3cd7ff-20d2-4cec-aeca-354399724b1e/1/qzCSHSjHjt6BhC9xLmz3K95aYIA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.149.0.0/21
                  185.120.92.0/24
                  185.122.48.0/22
                  194.126.144.0/23
                IPv6:
                  2a01:48c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         8a:63:1a:1a:d6:8a:c5:64:01:fe:e6:db:dc:3f:f9:a4:8a:40:
         e5:73:3a:f9:9a:4b:38:59:b5:a8:85:5c:9a:f6:2f:10:a2:d2:
         3b:86:f3:4e:b5:09:93:65:03:d9:fa:d3:ab:df:a8:d2:56:99:
         0c:bd:c9:a9:26:00:71:da:1c:0b:65:87:bb:22:8b:61:9e:70:
         0f:88:2f:83:9f:f6:15:31:c0:16:1f:da:f9:52:65:46:53:75:
         2b:96:bf:29:d4:7b:45:6e:53:f3:a6:c4:df:74:4f:d7:45:90:
         8a:f2:1e:17:bd:9d:66:04:48:71:64:41:a4:2c:79:42:ed:01:
         79:22:8c:b4:7a:7a:71:0c:74:fa:de:80:52:1c:b0:1a:b8:ef:
         db:54:da:aa:7a:e2:85:c9:f3:4b:2a:a1:b4:60:8a:a2:03:7c:
         04:3d:37:9d:64:5b:6d:3f:43:60:21:aa:b5:b3:59:bb:84:00:
         05:a5:52:40:83:ba:e9:a1:af:7d:6e:9e:50:66:62:94:25:f1:
         49:15:08:cd:8a:55:13:6a:a6:d1:6a:4a:69:5e:02:09:36:14:
         ef:87:fa:00:25:83:f1:cd:1d:11:fa:3e:84:fa:04:a2:8d:e2:
         84:81:a8:a6:d3:5e:48:93:77:ed:b4:d5:67:1f:23:a0:db:58:
         6e:0d:31:55
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYqIow1AzkCDk7kEiY+5OLxdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMzA5MjFkMjhjNzhlZGU4MTg0MmY3MTJlNmNmNzJiZGU1
YTYwODAwHhcNMjMwOTEyMDkwNTAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGVjNzkxZGQ4ODY1Njg0ODBlNjhlYzFlYThjNWQ3ZjIwYmM5YzVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn+7T5HaJPW4Y2+AG/SpR/lu7iCDA
e8ORn7TYUCkUIdlkulLF4dYVQ6TCU7dbE8GzdmzBMIGC+cJM6Y65Eoz1SyKnNo2i
apxdnwKuzOTy6QD8yE8vNh28Q5Gaq8DL0VRnjvLMy+mz7UGfo0Qy4GcuaHeuEdty
63gIX4VdkMgP3ekh5n8TZUB5aptHYyCDxSgtR+J27Z38fU+A8UJ9snxzxRq77vat
/SZ9zAM7mw+6IFAlKa3RpkBsDJ5oVJzBewxa8cp+ZpTgx+G4QCj8ty8iOmkIftP+
5RsOFuNnkW6E72AQoogB0Z8gkbpbJmOKqL0OT88T1XdmmAEfA38ZdnBE4QIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFKjseR3YhlaEgOaOweqMXX8gvJxcMB8GA1UdIwQY
MBaAFKswkh0ox47egYQvcS5s9yveWmCAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXpDU0hTakhqdDZCaEM5eExtejNLOTVhWUlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS8zY2Q3ZmYtMjBkMi00Y2VjLWFlY2Et
MzU0Mzk5NzI0YjFlLzEvcU94NUhkaUdWb1NBNW83QjZveGRmeUM4bkZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS8zY2Q3ZmYtMjBkMi00Y2VjLWFlY2EtMzU0Mzk5NzI0YjFl
LzEvcXpDU0hTakhqdDZCaEM5eExtejNLOTVhWUlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQDBZUAAwQA
uXhcAwQCuXowAwQBwn6QMA0EAgACMAcDBQAqAUjAMA0GCSqGSIb3DQEBCwUAA4IB
AQCKYxoa1orFZAH+5tvcP/mkikDlczr5mks4WbWohVya9i8QotI7hvNOtQmTZQPZ
+tOr36jSVpkMvcmpJgBx2hwLZYe7IothnnAPiC+Dn/YVMcAWH9r5UmVGU3Urlr8p
1HtFblPzpsTfdE/XRZCK8h4XvZ1mBEhxZEGkLHlC7QF5Ioy0enpxDHT63oBSHLAa
uO/bVNqqeuKFyfNLKqG0YIqiA3wEPTedZFttP0NgIaq1s1m7hAAFpVJAg7rpoa99
bp5QZmKUJfFJFQjNilUTaqbRakppXgIJNhTvh/oAJYPxzR0R+j6E+gSijeKEgaim
015Ik3fttNVnHyOg21huDTFV
-----END CERTIFICATE-----