Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/_n8rauC0ICGFVoRMX2S4Mi29nsA.roa
File:                     _n8rauC0ICGFVoRMX2S4Mi29nsA.roa (raw, json)
Hash identifier:          dSQGAC8QnIj7rvewaviQiQwyjRQhv9Yt+EqmIWQ7r/w=
Subject key identifier:   FE:7F:2B:6A:E0:B4:20:21:85:56:84:4C:5F:64:B8:32:2D:BD:9E:C0
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       018D5666E47C2BA0273CC0424AD353C820C6
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/_n8rauC0ICGFVoRMX2S4Mi29nsA.roa
Signing time:             Mon 29 Jan 2024 18:06:39 +0000
ROA not before:           Mon 29 Jan 2024 18:06:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        79.175.95.0/24 maxlen: 24
                          79.175.96.0/24 maxlen: 24
                          109.121.33.0/24 maxlen: 24
                          109.121.36.0/24 maxlen: 24
                          109.121.37.0/24 maxlen: 24
                          109.121.38.0/24 maxlen: 24
                          109.121.39.0/24 maxlen: 24
                          109.121.40.0/24 maxlen: 24
                          109.121.42.0/24 maxlen: 24
                          109.121.43.0/24 maxlen: 24
                          109.121.45.0/24 maxlen: 24
                          109.121.47.0/24 maxlen: 24
                          109.233.184.0/24 maxlen: 24
                          109.233.185.0/24 maxlen: 24
                          178.253.237.0/24 maxlen: 24
                          188.255.212.0/24 maxlen: 24
                          212.69.11.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sun 17 Mar 2024 14:02:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:56:66:e4:7c:2b:a0:27:3c:c0:42:4a:d3:53:c8:20:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Jan 29 18:06:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fe7f2b6ae0b420218556844c5f64b8322dbd9ec0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:63:1c:6a:1a:f4:2f:2e:7b:3b:c9:eb:de:95:
                    1b:2d:1a:ac:38:e2:42:74:15:49:e3:72:8e:ad:ef:
                    78:a9:81:81:80:e0:88:b0:50:7e:9e:07:33:45:0b:
                    5c:32:67:bc:46:b7:f6:9c:77:ce:05:a4:12:ac:68:
                    0b:57:8a:23:1b:d2:0c:74:26:ab:81:57:10:a0:b8:
                    81:5b:98:26:8c:37:37:a8:f7:12:37:c3:5f:22:69:
                    32:f1:bd:38:64:ec:60:a1:39:e7:7f:f9:b9:44:10:
                    99:b2:d9:57:6f:cd:cd:92:d0:f7:5c:0c:c5:ff:c0:
                    b8:44:f5:15:0b:38:1f:86:cc:a0:23:68:33:78:c4:
                    23:64:f9:4b:8f:4a:7f:e0:07:18:b9:98:39:06:3f:
                    24:47:c4:36:26:e0:10:d7:ac:5b:55:e9:c2:e1:3a:
                    fb:ba:bd:57:d1:56:d3:5a:95:09:31:6d:7c:ca:48:
                    0f:4c:87:7e:40:a0:45:96:c5:a7:6e:1a:9b:4f:cd:
                    d8:03:fe:55:d9:d3:41:82:e9:57:a9:2c:f1:39:e6:
                    87:55:10:b6:7b:30:52:c5:d5:3b:eb:50:bf:79:42:
                    92:d7:8d:af:d4:34:8d:f1:11:35:17:5e:ae:1d:1c:
                    4b:54:25:c4:53:0b:94:0f:fa:9e:1a:28:3e:06:ef:
                    44:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:7F:2B:6A:E0:B4:20:21:85:56:84:4C:5F:64:B8:32:2D:BD:9E:C0
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/_n8rauC0ICGFVoRMX2S4Mi29nsA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.175.95.0-79.175.96.255
                  109.121.33.0/24
                  109.121.36.0-109.121.40.255
                  109.121.42.0/23
                  109.121.45.0/24
                  109.121.47.0/24
                  109.233.184.0/23
                  178.253.237.0/24
                  188.255.212.0/24
                  212.69.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:01:fc:09:80:d2:93:6b:f0:e6:de:72:7a:be:0d:4c:35:3b:
         b5:e2:0e:78:58:70:dc:f9:77:7f:95:0c:63:58:f0:cd:99:3d:
         8a:2c:f9:15:8e:b8:65:07:f6:f6:12:78:72:31:af:4a:e8:d6:
         3c:0e:b2:96:12:9c:46:a0:25:66:d5:36:7e:8f:12:2a:6e:28:
         07:a7:71:77:50:e0:ec:94:b1:5c:08:a9:13:66:b1:f5:ff:64:
         86:b6:51:28:c7:cb:e7:e0:e9:ec:7a:7c:6e:2a:97:ec:77:7a:
         43:fe:69:21:f1:c3:67:83:09:73:11:8b:fd:91:f8:40:4a:31:
         3c:f7:22:54:85:e7:92:32:19:61:b0:dd:3f:1b:15:7f:4d:2c:
         b1:7f:bf:e5:3d:39:6f:a7:5d:f8:21:36:7e:8e:a0:36:fa:5b:
         f3:b1:85:c3:a5:b4:ef:20:e0:f4:8f:a2:85:e8:0a:c1:26:7d:
         a4:1f:fc:1b:82:58:21:ad:33:66:b4:a4:a1:75:ed:1e:54:24:
         50:33:06:2b:1a:0b:02:91:05:fa:2f:c3:cc:07:f8:81:84:6e:
         5a:bb:7d:e3:28:74:03:d6:9f:50:14:d6:8e:1e:4a:77:81:67:
         3d:40:9b:a6:5b:a6:41:a9:7e:97:44:97:0c:64:16:f8:1b:6a:
         4f:55:45:ac
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAY1WZuR8K6AnPMBCStNTyCDGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjQwMTI5MTgwNjM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTdmMmI2YWUwYjQyMDIxODU1Njg0NGM1ZjY0YjgzMjJkYmQ5ZWMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoGMcahr0Ly57O8nr3pUbLRqsOOJC
dBVJ43KOre94qYGBgOCIsFB+ngczRQtcMme8Rrf2nHfOBaQSrGgLV4ojG9IMdCar
gVcQoLiBW5gmjDc3qPcSN8NfImky8b04ZOxgoTnnf/m5RBCZstlXb83NktD3XAzF
/8C4RPUVCzgfhsygI2gzeMQjZPlLj0p/4AcYuZg5Bj8kR8Q2JuAQ16xbVenC4Tr7
ur1X0VbTWpUJMW18ykgPTId+QKBFlsWnbhqbT83YA/5V2dNBgulXqSzxOeaHVRC2
ezBSxdU761C/eUKS142v1DSN8RE1F16uHRxLVCXEUwuUD/qeGig+Bu9EVwIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFP5/K2rgtCAhhVaETF9kuDItvZ7AMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvX244cmF1QzBJQ0dGVm9STVgyUzRNaTI5bnNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAATBMMAwDBABPr18D
BABPr2ADBABteSEwDAMEAm15JAMEAG15KAMEAW15KgMEAG15LQMEAG15LwMEAW3p
uAMEALL97QMEALz/1AMEANRFCzANBgkqhkiG9w0BAQsFAAOCAQEAQgH8CYDSk2vw
5t5yer4NTDU7teIOeFhw3Pl3f5UMY1jwzZk9iiz5FY64ZQf29hJ4cjGvSujWPA6y
lhKcRqAlZtU2fo8SKm4oB6dxd1Dg7JSxXAipE2ax9f9khrZRKMfL5+Dp7Hp8biqX
7Hd6Q/5pIfHDZ4MJcxGL/ZH4QEoxPPciVIXnkjIZYbDdPxsVf00ssX+/5T05b6dd
+CE2fo6gNvpb87GFw6W07yDg9I+ihegKwSZ9pB/8G4JYIa0zZrSkoXXtHlQkUDMG
KxoLApEF+i/DzAf4gYRuWrt94yh0A9afUBTWjh5Kd4FnPUCbplumQal+l0SXDGQW
+BtqT1VFrA==
-----END CERTIFICATE-----