Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/b79a68-5b02-4097-a2e3-0a43b7a3eb54/1/BxDU91EmNmxDWp8eaCpb5tBUjV0.roa
File:                     BxDU91EmNmxDWp8eaCpb5tBUjV0.roa (raw, json)
Hash identifier:          jg0TjUCKtHjpyo2RRxsaRcucCPUhizhBf96P0NhiBK0=
Subject key identifier:   07:10:D4:F7:51:26:36:6C:43:5A:9F:1E:68:2A:5B:E6:D0:54:8D:5D
Certificate issuer:       /CN=66ed3ba68c78bff2c4724400ade6348482fb4364
Certificate serial:       018E648A3D340F44D3E822DAA40C1586B5F6
Authority key identifier: 66:ED:3B:A6:8C:78:BF:F2:C4:72:44:00:AD:E6:34:84:82:FB:43:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zu07pox4v_LEckQAreY0hIL7Q2Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/b79a68-5b02-4097-a2e3-0a43b7a3eb54/1/BxDU91EmNmxDWp8eaCpb5tBUjV0.roa
Signing time:             Fri 22 Mar 2024 05:02:44 +0000
ROA not before:           Fri 22 Mar 2024 05:02:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64289
IP address blocks:        185.225.24.0/24 maxlen: 24
                          185.225.26.0/24 maxlen: 24
                          192.189.157.0/24 maxlen: 24
                          2a14:3f80:8::/45 maxlen: 45
                          2a14:3f80:10::/45 maxlen: 45
                          2a14:3f80:18::/45 maxlen: 45
                          2a14:3f80:20::/45 maxlen: 45
                          2a14:3f80:28::/45 maxlen: 45
                          2a14:3f80:80::/45 maxlen: 45
                          2a14:3f80:88::/45 maxlen: 45
                          2a14:3f80:100::/45 maxlen: 45
                          2a14:3f80:108::/45 maxlen: 45
                          2a14:3f80:800::/38 maxlen: 38
                          2a14:3f80:c00::/38 maxlen: 38
                          2a14:3f80:1000::/38 maxlen: 38
                          2a14:3f80:1400::/38 maxlen: 38
                          2a14:3f80:1800::/38 maxlen: 38
                          2a14:3f80:2000::/38 maxlen: 38

Validation:               Failed, certificate revoked on Tue 02 Apr 2024 00:08:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:64:8a:3d:34:0f:44:d3:e8:22:da:a4:0c:15:86:b5:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66ed3ba68c78bff2c4724400ade6348482fb4364
        Validity
            Not Before: Mar 22 05:02:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0710d4f75126366c435a9f1e682a5be6d0548d5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:54:48:07:64:a7:30:40:87:a6:ca:c8:ff:25:
                    b6:3d:3b:82:35:a7:42:aa:b4:d0:53:4c:a0:3b:2c:
                    12:be:5a:72:74:4b:67:a0:6c:af:20:31:2c:54:9d:
                    b0:30:04:75:0a:04:f4:43:d4:8e:69:51:ef:dc:74:
                    5d:03:dc:6f:36:02:c3:63:a3:36:38:18:21:97:e7:
                    2e:4e:5f:5f:08:a2:74:ed:82:a0:c0:98:c4:01:bd:
                    c2:0e:dd:ee:fa:bd:2f:97:f4:f8:38:5e:f8:e1:af:
                    30:52:95:fd:08:e5:5c:cc:13:0a:0f:95:cb:8c:11:
                    c1:4c:b6:a6:88:28:4f:15:2d:1e:97:2f:7b:15:99:
                    a1:cd:a3:f7:5b:a6:a7:ac:85:2b:c7:a9:15:af:3f:
                    a8:64:fb:f4:5a:ed:04:5e:41:c9:3d:13:a3:c7:5e:
                    ef:eb:a6:2b:46:18:7b:8f:14:9b:12:07:c2:6e:1b:
                    29:5b:13:f4:10:88:86:f2:e0:d0:8f:df:35:0f:f0:
                    90:9e:7d:4d:47:8c:d9:81:6b:08:55:9c:1f:c0:3d:
                    ba:60:f0:3f:eb:b4:ae:cc:fa:fd:a5:b0:93:e0:8c:
                    09:cb:0b:5d:a2:c9:73:20:10:13:8a:e6:b1:74:e3:
                    eb:be:40:e6:5c:21:6d:e9:b1:3e:fb:1d:d9:50:b4:
                    ad:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:10:D4:F7:51:26:36:6C:43:5A:9F:1E:68:2A:5B:E6:D0:54:8D:5D
            X509v3 Authority Key Identifier:
                keyid:66:ED:3B:A6:8C:78:BF:F2:C4:72:44:00:AD:E6:34:84:82:FB:43:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zu07pox4v_LEckQAreY0hIL7Q2Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/b79a68-5b02-4097-a2e3-0a43b7a3eb54/1/BxDU91EmNmxDWp8eaCpb5tBUjV0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/b79a68-5b02-4097-a2e3-0a43b7a3eb54/1/Zu07pox4v_LEckQAreY0hIL7Q2Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.225.24.0/24
                  185.225.26.0/24
                  192.189.157.0/24
                IPv6:
                  2a14:3f80:8::-2a14:3f80:2f:ffff:ffff:ffff:ffff:ffff
                  2a14:3f80:80::/44
                  2a14:3f80:100::/44
                  2a14:3f80:800::-2a14:3f80:1bff:ffff:ffff:ffff:ffff:ffff
                  2a14:3f80:2000::/38

    Signature Algorithm: sha256WithRSAEncryption
         04:3d:0c:eb:c8:6d:bf:3b:15:05:41:92:fc:20:4c:0b:eb:b4:
         30:43:05:a8:2c:a4:ba:ce:aa:9f:1d:59:3d:e3:d6:a7:7b:3d:
         18:ea:5a:d2:95:c6:5a:01:20:5c:2c:7f:77:06:6c:f0:4e:15:
         8a:5d:19:a8:92:3d:0c:1e:5a:69:7a:36:b5:e8:55:91:b7:f4:
         2d:fe:6b:b3:50:8a:af:93:50:13:10:c6:d0:6a:1d:fa:32:77:
         8a:19:99:ca:04:38:4b:21:52:eb:20:83:91:ca:e8:08:e2:d7:
         0f:8b:32:b9:70:11:5e:43:83:8f:99:82:df:83:ea:27:af:1c:
         61:5d:9c:06:79:41:de:92:f4:54:78:30:b4:16:4f:cb:2e:ff:
         08:6c:96:17:70:8b:c0:24:a0:b0:3c:78:48:05:9c:35:18:9c:
         ff:1e:7b:7f:d4:86:a7:7f:1c:e7:1d:79:0e:1f:17:46:5b:17:
         71:83:e5:8f:2f:52:bc:bd:77:b2:68:60:7d:a7:06:a7:9e:04:
         bf:b1:71:48:e9:9d:d8:05:a9:9b:8b:98:b1:61:db:eb:67:7a:
         f4:af:16:67:72:f3:b1:13:c5:f4:7b:75:4a:b8:c8:af:16:7d:
         95:6e:cc:dc:7f:cd:dd:45:1b:06:d8:9e:04:62:74:74:39:58:
         1b:cd:d2:c7
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISAY5kij00D0TT6CLapAwVhrX2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZWQzYmE2OGM3OGJmZjJjNDcyNDQwMGFkZTYzNDg0ODJm
YjQzNjQwHhcNMjQwMzIyMDUwMjQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzEwZDRmNzUxMjYzNjZjNDM1YTlmMWU2ODJhNWJlNmQwNTQ4ZDVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhFRIB2SnMECHpsrI/yW2PTuCNadC
qrTQU0ygOywSvlpydEtnoGyvIDEsVJ2wMAR1CgT0Q9SOaVHv3HRdA9xvNgLDY6M2
OBghl+cuTl9fCKJ07YKgwJjEAb3CDt3u+r0vl/T4OF744a8wUpX9COVczBMKD5XL
jBHBTLamiChPFS0ely97FZmhzaP3W6anrIUrx6kVrz+oZPv0Wu0EXkHJPROjx17v
66YrRhh7jxSbEgfCbhspWxP0EIiG8uDQj981D/CQnn1NR4zZgWsIVZwfwD26YPA/
67SuzPr9pbCT4IwJywtdoslzIBATiuaxdOPrvkDmXCFt6bE++x3ZULSt4QIDAQAB
o4ICXTCCAlkwHQYDVR0OBBYEFAcQ1PdRJjZsQ1qfHmgqW+bQVI1dMB8GA1UdIwQY
MBaAFGbtO6aMeL/yxHJEAK3mNISC+0NkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnUwN3BveDR2X0xFY2tRQXJlWTBoSUw3UTJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9iNzlhNjgtNWIwMi00MDk3LWEyZTMt
MGE0M2I3YTNlYjU0LzEvQnhEVTkxRW1ObXhEV3A4ZWFDcGI1dEJValYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9iNzlhNjgtNWIwMi00MDk3LWEyZTMtMGE0M2I3YTNlYjU0
LzEvWnUwN3BveDR2X0xFY2tRQXJlWTBoSUw3UTJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHMGCCsGAQUFBwEHAQH/BGQwYjAYBAIAATASAwQAueEYAwQA
ueEaAwQAwL2dMEYEAgACMEAwEgMHAyoUP4AACAMHBCoUP4AAIAMHBCoUP4AAgAMH
BCoUP4ABADAQAwYDKhQ/gAgDBgIqFD+AGAMGAioUP4AgMA0GCSqGSIb3DQEBCwUA
A4IBAQAEPQzryG2/OxUFQZL8IEwL67QwQwWoLKS6zqqfHVk949anez0Y6lrSlcZa
ASBcLH93BmzwThWKXRmokj0MHlppeja16FWRt/Qt/muzUIqvk1ATEMbQah36MneK
GZnKBDhLIVLrIIORyugI4tcPizK5cBFeQ4OPmYLfg+onrxxhXZwGeUHekvRUeDC0
Fk/LLv8IbJYXcIvAJKCwPHhIBZw1GJz/Hnt/1IanfxznHXkOHxdGWxdxg+WPL1K8
vXeyaGB9pwanngS/sXFI6Z3YBambi5ixYdvrZ3r0rxZncvOxE8X0e3VKuMivFn2V
bszcf83dRRsG2J4EYnR0OVgbzdLH
-----END CERTIFICATE-----