Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/_eMZuzXw7y2-wcrZ7qq-HSZT5xw.roa
File:                     _eMZuzXw7y2-wcrZ7qq-HSZT5xw.roa (raw, json)
Hash identifier:          HCqqT9SMzu8IUeObdlv02hd8FnPTYb1RiOlz67b04iI=
Subject key identifier:   FD:E3:19:BB:35:F0:EF:2D:BE:C1:CA:D9:EE:AA:BE:1D:26:53:E7:1C
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       018DC740B9C17563F89B6F7A294727624124
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/_eMZuzXw7y2-wcrZ7qq-HSZT5xw.roa
Signing time:             Tue 20 Feb 2024 16:02:04 +0000
ROA not before:           Tue 20 Feb 2024 16:02:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12722
IP address blocks:        2.59.48.0/24 maxlen: 24
                          37.221.80.0/24 maxlen: 24
                          45.11.22.0/24 maxlen: 24
                          45.14.220.0/24 maxlen: 24
                          45.14.221.0/24 maxlen: 24
                          45.80.120.0/22 maxlen: 22
                          94.158.188.0/24 maxlen: 24
                          176.124.34.0/24 maxlen: 24
                          185.212.112.0/24 maxlen: 24
                          193.3.18.0/24 maxlen: 24
                          194.32.240.0/24 maxlen: 24
                          195.18.26.0/24 maxlen: 24
                          195.69.148.0/24 maxlen: 24
                          195.69.150.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 21 Feb 2024 15:59:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c7:40:b9:c1:75:63:f8:9b:6f:7a:29:47:27:62:41:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Feb 20 16:02:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fde319bb35f0ef2dbec1cad9eeaabe1d2653e71c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:98:40:a9:9c:b8:1f:24:a4:33:dc:ed:67:81:
                    de:87:ec:0b:5e:69:bc:ae:45:91:8d:42:12:b2:fe:
                    c6:e9:21:0b:4c:b0:fd:2b:71:e6:6b:28:f9:3d:ca:
                    c3:85:57:9e:b2:56:96:81:dd:5a:6e:aa:21:f2:6f:
                    62:26:7f:c8:f9:c0:cb:02:f8:27:18:76:67:41:72:
                    38:8c:87:5f:ad:b1:ec:d3:02:16:0f:44:bf:9a:48:
                    fd:2f:20:17:49:aa:35:c5:03:8a:76:7d:a3:46:b7:
                    cf:80:48:a4:89:7a:95:28:dc:d1:44:1c:7f:22:8e:
                    de:f6:6b:fd:b4:6a:2a:13:e8:b8:fb:37:9d:5f:fb:
                    56:29:b0:b6:ac:f0:5c:77:9d:d4:4a:63:f0:e2:b9:
                    6c:67:ca:4f:76:56:8a:73:b0:a4:fd:09:79:45:61:
                    33:c8:83:6c:bb:e9:d7:be:8c:13:92:24:7c:10:d5:
                    9e:5e:0f:4d:57:bc:be:ca:5e:7e:e4:a0:ad:84:aa:
                    ad:81:11:17:5f:12:0f:a1:13:34:f8:73:af:1e:a3:
                    33:ad:0d:ec:9d:2a:1b:5d:68:90:8a:48:bc:57:35:
                    17:4d:18:05:2a:87:e9:cd:25:9d:ec:8c:82:90:31:
                    38:2c:c1:e0:81:8c:9a:c2:52:1a:49:ca:d8:87:e9:
                    db:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:E3:19:BB:35:F0:EF:2D:BE:C1:CA:D9:EE:AA:BE:1D:26:53:E7:1C
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/_eMZuzXw7y2-wcrZ7qq-HSZT5xw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.48.0/24
                  37.221.80.0/24
                  45.11.22.0/24
                  45.14.220.0/23
                  45.80.120.0/22
                  94.158.188.0/24
                  176.124.34.0/24
                  185.212.112.0/24
                  193.3.18.0/24
                  194.32.240.0/24
                  195.18.26.0/24
                  195.69.148.0/24
                  195.69.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:4f:35:fa:81:a8:58:58:cd:5c:67:a6:56:fc:08:cf:da:39:
         e4:52:3e:93:95:46:c9:1f:dd:71:75:b2:47:29:13:4e:7d:17:
         3a:e2:26:e8:9a:be:e9:f0:78:3e:17:82:2a:4b:06:84:19:52:
         d3:3b:93:66:4e:b8:87:c4:f8:8d:8c:03:64:ee:4d:6a:e1:f2:
         a5:18:48:0d:15:16:b2:42:20:05:92:c4:79:50:eb:d7:39:94:
         de:f8:c3:2f:9e:83:c3:9e:a5:50:ab:cc:39:b0:af:bd:9a:47:
         b7:bc:a1:76:37:e4:f4:92:1a:1c:40:ce:6d:86:af:db:9d:63:
         4c:21:27:58:8f:ea:9f:81:e9:23:90:63:06:e4:05:6b:17:c9:
         18:41:48:56:42:2e:bc:d1:ef:31:7d:75:a5:01:97:1e:ad:77:
         9a:c6:7c:5b:17:a7:53:b3:03:fc:1b:4a:c1:2e:8d:02:7d:c0:
         f7:d5:91:01:2b:7f:05:c5:28:40:1d:39:a0:cc:6a:91:56:09:
         ab:44:aa:71:5e:3d:e9:54:86:cf:a9:59:07:3c:ee:a1:18:1c:
         75:d9:fd:a5:6f:9c:9c:8a:9a:12:1c:f6:11:69:01:3a:76:29:
         78:a6:1c:b9:d2:ab:50:40:8a:9e:a9:28:e7:5d:1f:44:1a:44:
         33:84:4a:ff
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAY3HQLnBdWP4m296KUcnYkEkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjQwMjIwMTYwMjA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGUzMTliYjM1ZjBlZjJkYmVjMWNhZDllZWFhYmUxZDI2NTNlNzFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqJhAqZy4HySkM9ztZ4Heh+wLXmm8
rkWRjUISsv7G6SELTLD9K3Hmayj5PcrDhVeeslaWgd1abqoh8m9iJn/I+cDLAvgn
GHZnQXI4jIdfrbHs0wIWD0S/mkj9LyAXSao1xQOKdn2jRrfPgEikiXqVKNzRRBx/
Io7e9mv9tGoqE+i4+zedX/tWKbC2rPBcd53USmPw4rlsZ8pPdlaKc7Ck/Ql5RWEz
yINsu+nXvowTkiR8ENWeXg9NV7y+yl5+5KCthKqtgREXXxIPoRM0+HOvHqMzrQ3s
nSobXWiQiki8VzUXTRgFKofpzSWd7IyCkDE4LMHggYyawlIaScrYh+nbewIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFP3jGbs18O8tvsHK2e6qvh0mU+ccMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvX2VNWnV6WHc3eTItd2NyWjdxcS1IU1pUNXh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOAwQAAjswAwQA
Jd1QAwQALQsWAwQBLQ7cAwQCLVB4AwQAXp68AwQAsHwiAwQAudRwAwQAwQMSAwQA
wiDwAwQAwxIaAwQAw0WUAwQAw0WWMA0GCSqGSIb3DQEBCwUAA4IBAQCVTzX6gahY
WM1cZ6ZW/AjP2jnkUj6TlUbJH91xdbJHKRNOfRc64ibomr7p8Hg+F4IqSwaEGVLT
O5NmTriHxPiNjANk7k1q4fKlGEgNFRayQiAFksR5UOvXOZTe+MMvnoPDnqVQq8w5
sK+9mke3vKF2N+T0khocQM5thq/bnWNMISdYj+qfgekjkGMG5AVrF8kYQUhWQi68
0e8xfXWlAZcerXeaxnxbF6dTswP8G0rBLo0CfcD31ZEBK38FxShAHTmgzGqRVgmr
RKpxXj3pVIbPqVkHPO6hGBx12f2lb5ycipoSHPYRaQE6dil4phy50qtQQIqeqSjn
XR9EGkQzhEr/
-----END CERTIFICATE-----