Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/1bAbl9dVAckK3bGxTaFrysfx1n4.roa
File:                     1bAbl9dVAckK3bGxTaFrysfx1n4.roa (raw, json)
Hash identifier:          nAwoqP5EmWyegCW0i/R/xMBUaDbvQGV/LMEJSTnOZUo=
Subject key identifier:   D5:B0:1B:97:D7:55:01:C9:0A:DD:B1:B1:4D:A1:6B:CA:C7:F1:D6:7E
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       018CCAFE15159E44AA8BE3BC8F7DB8D461C5
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/1bAbl9dVAckK3bGxTaFrysfx1n4.roa
Signing time:             Tue 02 Jan 2024 16:24:58 +0000
ROA not before:           Tue 02 Jan 2024 16:24:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48678
IP address blocks:        188.132.129.0/24 maxlen: 24
                          188.132.153.0/24 maxlen: 24
                          77.92.145.0/24 maxlen: 24
                          77.92.146.0/24 maxlen: 24
                          77.92.153.0/24 maxlen: 24
                          188.132.168.0/24 maxlen: 24
                          31.210.48.0/24 maxlen: 24
                          31.210.50.0/24 maxlen: 24
                          188.132.186.0/24 maxlen: 24
                          188.132.185.0/24 maxlen: 24
                          78.135.66.0/24 maxlen: 24
                          188.132.199.0/24 maxlen: 24
                          188.132.201.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 16 Feb 2024 13:17:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:fe:15:15:9e:44:aa:8b:e3:bc:8f:7d:b8:d4:61:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: Jan  2 16:24:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d5b01b97d75501c90addb1b14da16bcac7f1d67e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:94:ae:28:77:c5:39:56:3e:ef:0d:36:50:18:
                    de:ad:1d:66:0e:bb:74:a3:52:56:74:22:cd:f8:ca:
                    9d:ca:3c:63:9e:02:23:0f:50:0d:6e:5e:d5:ba:60:
                    45:56:ef:83:c5:51:c7:99:2a:03:bf:f6:d2:d5:4e:
                    54:74:76:6a:58:ac:64:da:96:b0:22:94:79:1c:6d:
                    fc:40:49:e6:e3:6b:cd:cf:05:14:89:00:3d:d6:9b:
                    a7:b1:a2:2c:2c:9d:53:d0:be:39:8a:7a:ca:df:8c:
                    60:a5:d3:15:3d:bb:c1:12:81:c6:82:e4:8f:a1:7e:
                    b6:8a:94:2e:62:5c:e3:4f:7c:52:ea:61:6a:e3:e9:
                    ff:41:11:75:1c:ad:4c:de:cc:d2:8a:5c:6c:97:a5:
                    18:4a:cf:3a:80:a1:75:af:dc:21:7b:d4:5c:8e:0b:
                    b0:e1:87:34:41:b6:42:fb:1e:e2:50:27:6b:b9:7a:
                    ee:8d:c8:6b:b1:8f:30:a2:44:96:6e:a7:97:0b:83:
                    77:52:ef:da:95:4f:1c:29:f3:44:72:0b:f8:d1:bc:
                    21:76:16:a6:ea:fd:03:21:43:1e:03:3b:85:af:bc:
                    e0:e9:58:7e:6e:c8:ba:09:1d:9e:46:76:ba:b1:c9:
                    d8:ec:4e:80:28:7b:6d:9e:df:29:2a:1a:11:67:99:
                    fe:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:B0:1B:97:D7:55:01:C9:0A:DD:B1:B1:4D:A1:6B:CA:C7:F1:D6:7E
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/1bAbl9dVAckK3bGxTaFrysfx1n4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.210.48.0/24
                  31.210.50.0/24
                  77.92.145.0-77.92.146.255
                  77.92.153.0/24
                  78.135.66.0/24
                  188.132.129.0/24
                  188.132.153.0/24
                  188.132.168.0/24
                  188.132.185.0-188.132.186.255
                  188.132.199.0/24
                  188.132.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:a4:bd:98:cf:f5:48:3a:6b:0e:0e:8c:36:2c:35:4c:87:de:
         1a:f2:af:ff:a2:b0:b6:bc:89:d9:bc:34:88:26:aa:82:db:79:
         1c:03:8d:2b:78:b2:57:57:42:24:a0:c7:02:ff:48:de:bf:6b:
         5d:f7:3a:2e:c2:3a:85:b6:09:b2:67:47:d4:ee:aa:c2:ec:f3:
         14:4b:6e:cf:bf:9f:79:20:b6:5d:39:29:ff:67:15:dc:cb:de:
         bb:bd:96:1a:d0:54:cd:a7:d5:d1:ac:9a:c5:17:8e:b6:e4:1a:
         7b:06:87:1d:f7:81:00:6c:1b:46:49:af:4e:a7:b8:0d:c1:2c:
         f3:10:ec:42:c7:17:29:98:c1:4d:87:25:d2:0e:7c:7b:f1:0b:
         fd:1d:61:04:46:29:1d:f8:0c:89:92:0e:71:ae:07:77:33:7c:
         c7:dc:4c:73:2e:75:6d:ef:a0:78:76:ef:f8:2a:e3:68:f5:0b:
         e7:bf:5d:4b:41:79:c6:d6:43:ce:97:27:30:07:44:d9:e9:e2:
         3a:ee:91:04:a4:53:1e:0e:38:0e:80:a3:62:a3:1b:d5:57:9b:
         3e:a0:a1:6c:40:35:22:6c:28:e3:a0:64:9c:50:b2:05:bd:b0:
         d5:b9:e8:a4:2f:87:23:44:66:72:08:68:14:88:ae:34:45:b1:
         40:df:68:4e
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAYzK/hUVnkSqi+O8j3241GHFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjQwMTAyMTYyNDU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWIwMWI5N2Q3NTUwMWM5MGFkZGIxYjE0ZGExNmJjYWM3ZjFkNjdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmJSuKHfFOVY+7w02UBjerR1mDrt0
o1JWdCLN+MqdyjxjngIjD1ANbl7VumBFVu+DxVHHmSoDv/bS1U5UdHZqWKxk2paw
IpR5HG38QEnm42vNzwUUiQA91punsaIsLJ1T0L45inrK34xgpdMVPbvBEoHGguSP
oX62ipQuYlzjT3xS6mFq4+n/QRF1HK1M3szSilxsl6UYSs86gKF1r9whe9Rcjguw
4Yc0QbZC+x7iUCdruXrujchrsY8wokSWbqeXC4N3Uu/alU8cKfNEcgv40bwhdham
6v0DIUMeAzuFr7zg6Vh+bsi6CR2eRna6scnY7E6AKHttnt8pKhoRZ5n+jwIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFNWwG5fXVQHJCt2xsU2ha8rH8dZ+MB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvMWJBYmw5ZFZBY2tLM2JHeFRhRnJ5c2Z4MW40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjBYBAIAATBSAwQAH9IwAwQA
H9IyMAwDBABNXJEDBABNXJIDBABNXJkDBABOh0IDBAC8hIEDBAC8hJkDBAC8hKgw
DAMEALyEuQMEALyEugMEALyExwMEALyEyTANBgkqhkiG9w0BAQsFAAOCAQEAU6S9
mM/1SDprDg6MNiw1TIfeGvKv/6KwtryJ2bw0iCaqgtt5HAONK3iyV1dCJKDHAv9I
3r9rXfc6LsI6hbYJsmdH1O6qwuzzFEtuz7+feSC2XTkp/2cV3Mveu72WGtBUzafV
0ayaxReOtuQaewaHHfeBAGwbRkmvTqe4DcEs8xDsQscXKZjBTYcl0g58e/EL/R1h
BEYpHfgMiZIOca4HdzN8x9xMcy51be+geHbv+CrjaPUL579dS0F5xtZDzpcnMAdE
2eniOu6RBKRTHg44DoCjYqMb1VebPqChbEA1Imwo46BknFCyBb2w1bnopC+HI0Rm
cghoFIiuNEWxQN9oTg==
-----END CERTIFICATE-----