Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/opUJfVwvF1_5vROUgFIl0grd5As.roa
File:                     opUJfVwvF1_5vROUgFIl0grd5As.roa (raw, json)
Hash identifier:          GB5TO3nOF2A8fLY0JdWjYvdBoq4DWiiv2pUuP8d5Fww=
Subject key identifier:   A2:95:09:7D:5C:2F:17:5F:F9:BD:13:94:80:52:25:D2:0A:DD:E4:0B
Certificate issuer:       /CN=458d12f095053c35876b88b47685d6435421fcf2
Certificate serial:       0186E798A97FB1F42BA17AFB8D45D3870F9E
Authority key identifier: 45:8D:12:F0:95:05:3C:35:87:6B:88:B4:76:85:D6:43:54:21:FC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RY0S8JUFPDWHa4i0doXWQ1Qh_PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/opUJfVwvF1_5vROUgFIl0grd5As.roa
Signing time:             Wed 15 Mar 2023 23:26:27 +0000
ROA not before:           Wed 15 Mar 2023 23:26:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     39378
IP address blocks:        194.76.226.0/24 maxlen: 24
                          79.132.130.0/24 maxlen: 24
                          79.132.131.0/24 maxlen: 24
                          79.132.134.0/24 maxlen: 24
                          185.219.220.0/23 maxlen: 23
                          185.219.222.0/24 maxlen: 24
                          185.219.223.0/24 maxlen: 24
                          185.158.251.0/24 maxlen: 24
                          185.212.44.0/24 maxlen: 24
                          185.212.45.0/24 maxlen: 24
                          185.212.46.0/24 maxlen: 24
                          185.212.47.0/24 maxlen: 24
                          91.241.93.0/24 maxlen: 24
                          2a0b:7140:5::/48 maxlen: 48
                          2a0b:7140::/48 maxlen: 48
                          2a07:fc00::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 06:32:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:e7:98:a9:7f:b1:f4:2b:a1:7a:fb:8d:45:d3:87:0f:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=458d12f095053c35876b88b47685d6435421fcf2
        Validity
            Not Before: Mar 15 23:26:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a295097d5c2f175ff9bd1394805225d20adde40b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:6b:cc:dc:13:06:8f:8b:b7:df:0b:38:ea:39:
                    ff:88:93:b9:31:3f:74:a3:93:d3:88:a6:66:50:ca:
                    f7:a7:e3:9d:7f:cd:55:ab:11:99:09:b8:4b:39:27:
                    24:98:c3:cc:14:29:78:b4:2e:8c:2c:78:0a:96:a0:
                    9a:da:46:77:ad:fb:03:bc:45:70:83:88:f7:a7:c3:
                    33:35:de:a7:18:d0:eb:42:ff:f2:f1:2a:83:9a:57:
                    6c:68:62:7b:34:44:71:49:ef:9f:e9:32:33:01:dc:
                    34:11:49:68:69:d3:f0:92:2e:e2:5a:5f:3f:29:40:
                    26:71:2a:36:66:bc:06:ea:af:31:36:fe:f9:66:51:
                    30:21:c9:8d:9c:50:d9:60:db:8e:33:6d:34:20:ae:
                    32:5d:8e:db:84:6e:d0:97:f6:62:6d:42:d8:7b:85:
                    0c:05:9b:ef:6e:44:9e:f4:d1:bb:60:c0:90:78:d5:
                    d3:89:0e:d3:af:bf:7b:95:be:27:45:46:2d:74:08:
                    ed:1e:e1:a4:c1:d9:9e:69:96:48:65:e7:7e:fb:9d:
                    fe:1e:d7:54:3f:e9:53:9b:ea:91:50:88:6c:da:71:
                    77:34:8d:1a:3e:1b:ef:bf:9f:cf:7a:b1:50:bf:c7:
                    55:96:6d:87:6b:a8:a8:4a:03:df:39:6a:08:1a:63:
                    5c:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:95:09:7D:5C:2F:17:5F:F9:BD:13:94:80:52:25:D2:0A:DD:E4:0B
            X509v3 Authority Key Identifier:
                keyid:45:8D:12:F0:95:05:3C:35:87:6B:88:B4:76:85:D6:43:54:21:FC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RY0S8JUFPDWHa4i0doXWQ1Qh_PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/opUJfVwvF1_5vROUgFIl0grd5As.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/RY0S8JUFPDWHa4i0doXWQ1Qh_PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.132.130.0/23
                  79.132.134.0/24
                  91.241.93.0/24
                  185.158.251.0/24
                  185.212.44.0/22
                  185.219.220.0/22
                  194.76.226.0/24
                IPv6:
                  2a07:fc00::/48
                  2a0b:7140::/48
                  2a0b:7140:5::/48

    Signature Algorithm: sha256WithRSAEncryption
         61:43:e6:8c:d0:d7:37:c0:b1:5d:be:03:91:f7:2d:95:83:31:
         8f:c9:4b:ad:25:b2:95:16:3b:89:0d:64:ad:bf:ba:85:f7:a0:
         7a:27:92:7b:23:a3:f0:ce:cf:b5:1f:14:a2:69:f2:b7:bb:cb:
         11:30:f3:05:04:5c:ca:51:46:24:c7:17:32:8a:13:e7:ca:75:
         4c:23:7c:36:b5:86:c4:cd:a5:9b:58:63:6c:3d:3f:d6:e8:76:
         2b:c0:71:5b:a1:5d:51:ab:05:9a:c1:08:27:c3:0c:3e:53:d1:
         ea:12:16:30:3a:d9:9b:27:95:7d:56:bd:0e:01:59:29:f4:23:
         35:b7:2b:ad:9e:67:9f:c4:aa:ad:4b:8a:64:77:2d:74:3c:57:
         41:a6:ac:c3:7a:cd:85:89:c2:ed:ba:15:a4:45:86:7e:c2:85:
         24:10:b8:2e:17:2b:bd:73:b0:1c:79:17:9d:a2:d3:b9:67:de:
         63:42:11:19:e2:55:26:2e:e7:c2:dd:d2:8e:25:0f:64:fd:db:
         09:62:18:7c:8c:3c:e1:00:bf:98:9b:79:d8:c2:95:93:8e:ef:
         c4:05:bd:8d:24:d4:47:7c:c7:59:17:a4:98:42:91:78:85:e8:
         f6:dc:64:2d:62:4f:68:ed:44:ac:62:41:e3:a8:d0:53:ab:af:
         9a:04:cf:17
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAYbnmKl/sfQroXr7jUXThw+eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1OGQxMmYwOTUwNTNjMzU4NzZiODhiNDc2ODVkNjQzNTQy
MWZjZjIwHhcNMjMwMzE1MjMyNjI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjk1MDk3ZDVjMmYxNzVmZjliZDEzOTQ4MDUyMjVkMjBhZGRlNDBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsGvM3BMGj4u33ws46jn/iJO5MT90
o5PTiKZmUMr3p+Odf81VqxGZCbhLOSckmMPMFCl4tC6MLHgKlqCa2kZ3rfsDvEVw
g4j3p8MzNd6nGNDrQv/y8SqDmldsaGJ7NERxSe+f6TIzAdw0EUloadPwki7iWl8/
KUAmcSo2ZrwG6q8xNv75ZlEwIcmNnFDZYNuOM200IK4yXY7bhG7Ql/ZibULYe4UM
BZvvbkSe9NG7YMCQeNXTiQ7Tr797lb4nRUYtdAjtHuGkwdmeaZZIZed++53+HtdU
P+lTm+qRUIhs2nF3NI0aPhvvv5/PerFQv8dVlm2Ha6ioSgPfOWoIGmNcFwIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFKKVCX1cLxdf+b0TlIBSJdIK3eQLMB8GA1UdIwQY
MBaAFEWNEvCVBTw1h2uItHaF1kNUIfzyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlkwUzhKVUZQRFdIYTRpMGRvWFdRMVFoX1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83Y2VjYzctZjYzZC00M2ZjLWIyMTkt
Mzk1NTk1OWVhZjgxLzEvb3BVSmZWd3ZGMV81dlJPVWdGSWwwZ3JkNUFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS83Y2VjYzctZjYzZC00M2ZjLWIyMTktMzk1NTk1OWVhZjgx
LzEvUlkwUzhKVUZQRFdIYTRpMGRvWFdRMVFoX1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTAwBAIAATAqAwQBT4SCAwQA
T4SGAwQAW/FdAwQAuZ77AwQCudQsAwQCudvcAwQAwkziMCEEAgACMBsDBwAqB/wA
AAADBwAqC3FAAAADBwAqC3FAAAUwDQYJKoZIhvcNAQELBQADggEBAGFD5ozQ1zfA
sV2+A5H3LZWDMY/JS60lspUWO4kNZK2/uoX3oHonknsjo/DOz7UfFKJp8re7yxEw
8wUEXMpRRiTHFzKKE+fKdUwjfDa1hsTNpZtYY2w9P9bodivAcVuhXVGrBZrBCCfD
DD5T0eoSFjA62ZsnlX1WvQ4BWSn0IzW3K62eZ5/Eqq1LimR3LXQ8V0GmrMN6zYWJ
wu26FaRFhn7ChSQQuC4XK71zsBx5F52i07ln3mNCERniVSYu58Ld0o4lD2T92wli
GHyMPOEAv5ibedjClZOO78QFvY0k1Ed8x1kXpJhCkXiF6PbcZC1iT2jtRKxiQeOo
0FOrr5oEzxc=
-----END CERTIFICATE-----