Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/f891c4-19ac-437c-b782-e1487a54c1e5/1/Y__xasHKcaoNfomSnmkQgtYaQJA.roa
File:                     Y__xasHKcaoNfomSnmkQgtYaQJA.roa (raw, json)
Hash identifier:          iDjRYaSTcZODX6tU9Jzxy02aNi4h4EXBcwc/Q5X7QiE=
Subject key identifier:   63:FF:F1:6A:C1:CA:71:AA:0D:7E:89:92:9E:69:10:82:D6:1A:40:90
Certificate issuer:       /CN=94a32e445c24ded9b85212d479b88008165ebdba
Certificate serial:       018CC42498F213198F907900F5BFA2DB3D39
Authority key identifier: 94:A3:2E:44:5C:24:DE:D9:B8:52:12:D4:79:B8:80:08:16:5E:BD:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lKMuRFwk3tm4UhLUebiACBZevbo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/f891c4-19ac-437c-b782-e1487a54c1e5/1/Y__xasHKcaoNfomSnmkQgtYaQJA.roa
Signing time:             Mon 01 Jan 2024 08:29:41 +0000
ROA not before:           Mon 01 Jan 2024 08:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29608
IP address blocks:        178.20.64.0/21 maxlen: 21
                          193.47.70.0/24 maxlen: 24
                          193.47.75.0/24 maxlen: 24
                          193.47.86.0/24 maxlen: 24
                          193.46.252.0/24 maxlen: 24
                          185.101.208.0/22 maxlen: 22
                          185.152.24.0/22 maxlen: 22
                          185.152.24.0/23 maxlen: 23
                          185.226.48.0/22 maxlen: 22
                          185.152.26.0/23 maxlen: 23
                          193.239.192.0/23 maxlen: 23
                          2a07:81c0::/29 maxlen: 29
                          2a01:40c0::/29 maxlen: 29
                          2a0f:8340::/29 maxlen: 29

Validation:               Failed, certificate revoked on Thu 01 Feb 2024 12:33:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:98:f2:13:19:8f:90:79:00:f5:bf:a2:db:3d:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94a32e445c24ded9b85212d479b88008165ebdba
        Validity
            Not Before: Jan  1 08:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=63fff16ac1ca71aa0d7e89929e691082d61a4090
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:98:8e:b0:85:33:f2:1c:50:3c:cb:7f:3c:31:
                    87:47:6a:9b:e0:2f:19:d1:b2:a2:42:9e:b6:0f:b9:
                    b1:c5:33:3a:0d:4f:8a:98:f5:21:e8:56:65:c7:d8:
                    80:6d:f7:23:64:43:28:78:af:9d:d4:6e:67:dc:a2:
                    d8:20:36:5f:c8:ec:e7:1a:f6:d9:bb:98:c7:15:e4:
                    14:44:02:d3:5b:84:89:43:af:30:50:c2:94:38:83:
                    a5:e3:cc:1a:1f:59:a9:c9:b5:1f:15:7b:76:20:2a:
                    36:ef:4a:f7:07:c2:bd:f1:86:cd:03:cf:e2:3c:43:
                    ca:e6:59:c5:81:2d:63:69:50:28:75:9f:d1:e7:84:
                    2f:13:81:90:5e:98:d3:04:ca:56:f5:ef:92:12:b1:
                    87:7f:ee:bc:56:97:aa:08:65:3a:c8:c7:b0:db:59:
                    2a:ab:0f:d4:8e:e4:55:47:ee:ac:91:21:89:32:65:
                    87:9c:4f:0b:b2:fb:87:9c:62:56:d1:e1:cd:be:de:
                    cb:c8:f4:7e:01:cf:64:35:4f:f6:d9:d8:14:fc:9d:
                    c3:e8:d0:de:d2:32:be:e2:87:21:9d:13:46:72:1f:
                    6a:15:50:1a:80:9d:08:d4:5d:28:35:90:f6:48:b0:
                    ed:68:1a:c0:7e:20:55:0d:66:b6:3e:60:23:de:b8:
                    24:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:FF:F1:6A:C1:CA:71:AA:0D:7E:89:92:9E:69:10:82:D6:1A:40:90
            X509v3 Authority Key Identifier:
                keyid:94:A3:2E:44:5C:24:DE:D9:B8:52:12:D4:79:B8:80:08:16:5E:BD:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lKMuRFwk3tm4UhLUebiACBZevbo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/f891c4-19ac-437c-b782-e1487a54c1e5/1/Y__xasHKcaoNfomSnmkQgtYaQJA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/f891c4-19ac-437c-b782-e1487a54c1e5/1/lKMuRFwk3tm4UhLUebiACBZevbo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.20.64.0/21
                  185.101.208.0/22
                  185.152.24.0/22
                  185.226.48.0/22
                  193.46.252.0/24
                  193.47.70.0/24
                  193.47.75.0/24
                  193.47.86.0/24
                  193.239.192.0/23
                IPv6:
                  2a01:40c0::/29
                  2a07:81c0::/29
                  2a0f:8340::/29

    Signature Algorithm: sha256WithRSAEncryption
         86:eb:ee:e4:bc:23:b9:99:1e:93:fe:c4:f0:74:a3:b0:8c:de:
         67:f0:3b:fb:1a:4d:b6:75:68:22:fb:6d:54:b1:05:cb:b8:9b:
         bb:ba:97:ca:2e:86:98:8d:79:c0:24:a7:df:ae:01:ea:4c:ca:
         57:1b:98:36:62:49:8c:88:ae:18:70:15:27:00:6e:29:23:a3:
         71:84:68:32:e9:2d:48:a2:f1:71:aa:27:f7:7e:35:d0:2b:e4:
         87:eb:74:9f:62:8d:b3:f9:01:b2:53:6d:bb:05:f9:7e:5f:36:
         3d:fe:51:ab:7e:7f:5d:e2:72:de:54:93:02:b0:76:14:1e:8e:
         1f:36:c1:1a:6a:1b:1a:ec:33:72:b4:0b:29:57:7f:d8:32:0e:
         91:6b:4d:d1:cc:67:b6:46:bd:23:5c:6a:95:1f:ac:db:d7:32:
         9b:86:7d:2c:66:dc:6e:09:fa:20:99:eb:0f:e2:78:00:05:24:
         88:07:7b:62:c5:81:a5:4d:a8:dd:78:9d:7c:80:2d:bd:50:9e:
         27:78:91:4e:34:70:b9:1b:fa:da:f3:1b:92:8d:14:c7:68:43:
         e4:ee:4f:ad:0f:cf:25:9b:4c:1d:e7:dc:04:9d:8a:1a:fd:b6:
         5e:ea:e4:76:16:b9:1b:ad:f5:08:fd:b4:43:39:cb:4f:ab:6d:
         41:27:8f:d4
-----BEGIN CERTIFICATE-----
MIIFSjCCBDKgAwIBAgISAYzEJJjyExmPkHkA9b+i2z05MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0YTMyZTQ0NWMyNGRlZDliODUyMTJkNDc5Yjg4MDA4MTY1
ZWJkYmEwHhcNMjQwMTAxMDgyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2ZmZjE2YWMxY2E3MWFhMGQ3ZTg5OTI5ZTY5MTA4MmQ2MWE0MDkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxJiOsIUz8hxQPMt/PDGHR2qb4C8Z
0bKiQp62D7mxxTM6DU+KmPUh6FZlx9iAbfcjZEMoeK+d1G5n3KLYIDZfyOznGvbZ
u5jHFeQURALTW4SJQ68wUMKUOIOl48waH1mpybUfFXt2ICo270r3B8K98YbNA8/i
PEPK5lnFgS1jaVAodZ/R54QvE4GQXpjTBMpW9e+SErGHf+68VpeqCGU6yMew21kq
qw/UjuRVR+6skSGJMmWHnE8LsvuHnGJW0eHNvt7LyPR+Ac9kNU/22dgU/J3D6NDe
0jK+4ochnRNGch9qFVAagJ0I1F0oNZD2SLDtaBrAfiBVDWa2PmAj3rgkYwIDAQAB
o4ICVjCCAlIwHQYDVR0OBBYEFGP/8WrBynGqDX6Jkp5pEILWGkCQMB8GA1UdIwQY
MBaAFJSjLkRcJN7ZuFIS1Hm4gAgWXr26MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEtNdVJGd2szdG00VWhMVWViaUFDQlpldmJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9mODkxYzQtMTlhYy00MzdjLWI3ODIt
ZTE0ODdhNTRjMWU1LzEvWV9feGFzSEtjYW9OZm9tU25ta1FndFlhUUpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9mODkxYzQtMTlhYy00MzdjLWI3ODItZTE0ODdhNTRjMWU1
LzEvbEtNdVJGd2szdG00VWhMVWViaUFDQlpldmJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGwGCCsGAQUFBwEHAQH/BF0wWzA8BAIAATA2AwQDshRAAwQC
uWXQAwQCuZgYAwQCueIwAwQAwS78AwQAwS9GAwQAwS9LAwQAwS9WAwQBwe/AMBsE
AgACMBUDBQMqAUDAAwUDKgeBwAMFAyoPg0AwDQYJKoZIhvcNAQELBQADggEBAIbr
7uS8I7mZHpP+xPB0o7CM3mfwO/saTbZ1aCL7bVSxBcu4m7u6l8ouhpiNecAkp9+u
AepMylcbmDZiSYyIrhhwFScAbikjo3GEaDLpLUii8XGqJ/d+NdAr5IfrdJ9ijbP5
AbJTbbsF+X5fNj3+Uat+f13ict5UkwKwdhQejh82wRpqGxrsM3K0CylXf9gyDpFr
TdHMZ7ZGvSNcapUfrNvXMpuGfSxm3G4J+iCZ6w/ieAAFJIgHe2LFgaVNqN14nXyA
Lb1Qnid4kU40cLkb+trzG5KNFMdoQ+TuT60PzyWbTB3n3ASdihr9tl7q5HYWuRut
9Qj9tEM5y0+rbUEnj9Q=
-----END CERTIFICATE-----