Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/OuCJGL6StTy7dhKNW47XNN9DqIc.roa
File:                     OuCJGL6StTy7dhKNW47XNN9DqIc.roa (raw, json)
Hash identifier:          cCycYXfUtk8q7pVUptqffHembGckyU6rscjuIaYXLng=
Subject key identifier:   3A:E0:89:18:BE:92:B5:3C:BB:76:12:8D:5B:8E:D7:34:DF:43:A8:87
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       0187B8CBDBA26E76D1847BA1907CF00AF03D
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/OuCJGL6StTy7dhKNW47XNN9DqIc.roa
Signing time:             Tue 25 Apr 2023 14:23:00 +0000
ROA not before:           Tue 25 Apr 2023 14:23:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     7018
IP address blocks:        79.175.95.0/24 maxlen: 24
                          79.175.96.0/24 maxlen: 24
                          188.255.144.0/24 maxlen: 24
                          188.255.212.0/24 maxlen: 24
                          109.121.34.0/24 maxlen: 24
                          109.121.37.0/24 maxlen: 24
                          109.121.33.0/24 maxlen: 24
                          109.121.43.0/24 maxlen: 24
                          109.121.42.0/24 maxlen: 24
                          109.121.41.0/24 maxlen: 24
                          109.121.39.0/24 maxlen: 24
                          109.121.47.0/24 maxlen: 24
                          109.121.45.0/24 maxlen: 24
                          212.69.11.0/24 maxlen: 24
                          178.253.237.0/24 maxlen: 24
                          109.233.184.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 30 May 2023 07:38:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:b8:cb:db:a2:6e:76:d1:84:7b:a1:90:7c:f0:0a:f0:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Apr 25 14:23:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3ae08918be92b53cbb76128d5b8ed734df43a887
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:83:21:ae:55:cc:2d:1c:b4:b7:99:60:87:3a:
                    b1:7b:d2:0a:fe:c0:0a:31:2e:35:f1:e6:d8:63:7d:
                    3e:0a:6c:51:b6:84:7f:7b:45:eb:f5:06:14:69:a5:
                    10:98:76:45:82:fb:3f:f2:ff:d9:67:9c:0d:d4:f1:
                    e5:9f:9e:0a:a0:68:16:d1:14:57:de:05:d5:57:61:
                    46:e8:7c:25:e9:bf:f1:4f:13:1d:a9:12:b7:47:94:
                    b6:c4:f5:32:c3:9c:63:26:6f:3c:41:12:eb:88:d6:
                    61:2f:06:bf:b2:de:ca:b7:4c:ef:ec:8d:ca:60:9c:
                    47:07:c2:17:5c:b7:9b:45:2b:3f:58:42:b7:84:93:
                    94:6e:7a:0b:13:d1:6e:d3:ad:57:82:4a:fc:68:89:
                    e6:a7:4e:b1:48:03:f6:9a:45:9a:03:29:72:62:15:
                    a7:63:9c:09:1f:0e:1d:ed:22:37:0c:8c:fd:85:73:
                    3f:dd:a2:3e:6b:62:b9:da:be:7c:5d:e0:8c:0c:61:
                    07:ea:c6:c3:a9:60:6b:3f:fd:6f:6f:52:13:36:45:
                    68:ac:3c:23:2d:6b:03:58:58:a0:93:ca:8a:5b:7c:
                    ff:3f:2a:98:91:06:d3:de:c0:1f:f8:80:6e:46:39:
                    02:0a:8e:60:88:5e:32:58:74:9e:13:41:91:f4:f7:
                    71:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:E0:89:18:BE:92:B5:3C:BB:76:12:8D:5B:8E:D7:34:DF:43:A8:87
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/OuCJGL6StTy7dhKNW47XNN9DqIc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.175.95.0-79.175.96.255
                  109.121.33.0-109.121.34.255
                  109.121.37.0/24
                  109.121.39.0/24
                  109.121.41.0-109.121.43.255
                  109.121.45.0/24
                  109.121.47.0/24
                  109.233.184.0/24
                  178.253.237.0/24
                  188.255.144.0/24
                  188.255.212.0/24
                  212.69.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:ac:eb:4d:49:b0:2d:3f:07:f2:57:a0:ab:1b:40:af:f2:91:
         a4:e2:ab:d6:6a:e1:c9:37:a9:da:2b:5b:40:a0:f2:dd:de:e4:
         0b:56:4e:16:96:82:e3:8d:91:3e:2f:ee:1e:9c:a8:54:e9:44:
         38:9f:36:cb:11:73:22:34:43:b6:21:92:b3:9e:25:6b:07:0d:
         60:64:a7:5e:ea:35:83:a4:76:c5:af:31:f4:a2:2b:ba:93:47:
         ff:48:5d:96:73:76:eb:30:c2:17:79:c1:df:29:e2:eb:9b:39:
         aa:39:23:16:34:2f:cb:54:76:e7:f4:29:d6:1b:49:18:9c:d7:
         6c:33:75:90:a1:0c:36:cf:46:46:f8:d0:71:2f:cf:eb:34:61:
         20:78:2d:68:fd:50:1a:72:e9:34:26:16:1e:f5:c6:0f:12:f2:
         da:59:46:d0:3a:f5:82:2f:28:6d:b6:2a:4a:01:c0:65:3a:97:
         a8:da:01:fe:82:c9:e8:ce:54:0d:a9:98:f6:5c:6d:d3:43:af:
         1c:a3:c1:ef:75:b1:88:bc:dd:a6:81:89:10:5a:27:0f:10:76:
         a0:ba:ad:e9:c6:73:56:ad:a9:5a:0d:cc:7c:96:49:2b:b4:f3:
         db:cc:e9:c6:07:59:11:b8:33:61:9a:5b:1e:f7:ce:87:bf:75:
         39:68:ff:16
-----BEGIN CERTIFICATE-----
MIIFVzCCBD+gAwIBAgISAYe4y9uibnbRhHuhkHzwCvA9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjMwNDI1MTQyMzAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWUwODkxOGJlOTJiNTNjYmI3NjEyOGQ1YjhlZDczNGRmNDNhODg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAloMhrlXMLRy0t5lghzqxe9IK/sAK
MS418ebYY30+CmxRtoR/e0Xr9QYUaaUQmHZFgvs/8v/ZZ5wN1PHln54KoGgW0RRX
3gXVV2FG6Hwl6b/xTxMdqRK3R5S2xPUyw5xjJm88QRLriNZhLwa/st7Kt0zv7I3K
YJxHB8IXXLebRSs/WEK3hJOUbnoLE9Fu061Xgkr8aInmp06xSAP2mkWaAylyYhWn
Y5wJHw4d7SI3DIz9hXM/3aI+a2K52r58XeCMDGEH6sbDqWBrP/1vb1ITNkVorDwj
LWsDWFigk8qKW3z/PyqYkQbT3sAf+IBuRjkCCo5giF4yWHSeE0GR9PdxLwIDAQAB
o4ICYzCCAl8wHQYDVR0OBBYEFDrgiRi+krU8u3YSjVuO1zTfQ6iHMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvT3VDSkdMNlN0VHk3ZGhLTlc0N1hOTjlEcUljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHkGCCsGAQUFBwEHAQH/BGowaDBmBAIAATBgMAwDBABPr18D
BABPr2AwDAMEAG15IQMEAG15IgMEAG15JQMEAG15JzAMAwQAbXkpAwQCbXkoAwQA
bXktAwQAbXkvAwQAbem4AwQAsv3tAwQAvP+QAwQAvP/UAwQA1EULMA0GCSqGSIb3
DQEBCwUAA4IBAQAqrOtNSbAtPwfyV6CrG0Cv8pGk4qvWauHJN6naK1tAoPLd3uQL
Vk4WloLjjZE+L+4enKhU6UQ4nzbLEXMiNEO2IZKzniVrBw1gZKde6jWDpHbFrzH0
oiu6k0f/SF2Wc3brMMIXecHfKeLrmzmqOSMWNC/LVHbn9CnWG0kYnNdsM3WQoQw2
z0ZG+NBxL8/rNGEgeC1o/VAacuk0JhYe9cYPEvLaWUbQOvWCLyhttipKAcBlOpeo
2gH+gsnozlQNqZj2XG3TQ68co8HvdbGIvN2mgYkQWicPEHaguq3pxnNWralaDcx8
lkkrtPPbzOnGB1kRuDNhmlse986Hv3U5aP8W
-----END CERTIFICATE-----