Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/4ksPQxC7G8FsvMmehJi9v52AZHc.roa
File:                     4ksPQxC7G8FsvMmehJi9v52AZHc.roa (raw, json)
Hash identifier:          LuiT5zBvQh1tDFDLc9C7UhmPTjb5YAXbxdZxoGdMKjU=
Subject key identifier:   E2:4B:0F:43:10:BB:1B:C1:6C:BC:C9:9E:84:98:BD:BF:9D:80:64:77
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       01886CBED2CED99BE16B82C5BE2732A5A5D7
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/4ksPQxC7G8FsvMmehJi9v52AZHc.roa
Signing time:             Tue 30 May 2023 13:00:25 +0000
ROA not before:           Tue 30 May 2023 13:00:25 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     49334
IP address blocks:        188.132.131.0/24 maxlen: 24
                          212.68.58.0/24 maxlen: 24
                          212.68.54.0/24 maxlen: 24
                          212.68.53.0/24 maxlen: 24
                          212.68.62.0/24 maxlen: 24
                          212.68.63.0/24 maxlen: 24
                          31.210.34.0/24 maxlen: 24
                          188.132.173.0/24 maxlen: 24
                          188.132.181.0/24 maxlen: 24
                          188.132.182.0/24 maxlen: 24
                          188.132.187.0/24 maxlen: 24
                          78.135.65.0/24 maxlen: 24
                          31.210.53.0/24 maxlen: 24
                          31.210.52.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 06:32:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:6c:be:d2:ce:d9:9b:e1:6b:82:c5:be:27:32:a5:a5:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: May 30 13:00:25 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e24b0f4310bb1bc16cbcc99e8498bdbf9d806477
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:b7:6d:ce:1c:c9:21:41:b0:44:b4:6c:4e:66:
                    91:bb:8c:3c:4a:24:ae:6a:48:5e:a7:dc:c3:79:15:
                    27:c7:eb:28:79:b9:3a:f2:8b:e8:22:d9:2e:bf:d3:
                    bb:7f:df:14:48:20:56:4d:ee:6b:8d:ae:d3:c9:1d:
                    44:f2:2e:e7:8e:70:54:28:42:53:bd:67:cb:3f:d2:
                    c1:db:89:18:6c:bc:f7:de:d4:55:d1:7b:5b:94:82:
                    ee:30:cf:ca:ca:d8:3e:0d:17:a1:a9:92:cf:6f:63:
                    63:fb:3b:c4:3c:9a:b4:f8:4f:97:19:8f:51:39:63:
                    a8:c1:e0:16:5b:32:da:da:91:71:d4:bf:99:7b:dd:
                    c3:f1:4c:00:6e:5c:4c:d6:28:e4:a3:4b:f0:bc:00:
                    cf:a5:12:90:64:61:8d:a3:59:2f:4d:28:d8:d0:dd:
                    2b:2a:ed:6c:68:ba:2f:0d:2d:14:56:46:08:91:74:
                    2c:62:dc:ab:12:5b:e0:79:34:6c:81:d6:8d:67:c5:
                    a8:0c:8d:0e:5c:26:38:7e:d8:79:60:50:80:5c:e7:
                    a9:0a:6c:2e:dd:5a:76:c2:c3:ef:5e:15:4f:dc:00:
                    ca:5c:c2:96:62:50:4f:02:90:bf:71:c1:eb:68:33:
                    41:53:50:ca:af:c2:18:99:a0:99:e7:2e:e6:b6:bb:
                    76:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:4B:0F:43:10:BB:1B:C1:6C:BC:C9:9E:84:98:BD:BF:9D:80:64:77
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/4ksPQxC7G8FsvMmehJi9v52AZHc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.210.34.0/24
                  31.210.52.0/23
                  78.135.65.0/24
                  188.132.131.0/24
                  188.132.173.0/24
                  188.132.181.0-188.132.182.255
                  188.132.187.0/24
                  212.68.53.0-212.68.54.255
                  212.68.58.0/24
                  212.68.62.0/23

    Signature Algorithm: sha256WithRSAEncryption
         34:a9:67:d6:ed:5c:51:6d:c1:8d:73:70:c1:e9:92:a3:9e:5c:
         3d:ea:c0:ea:9c:ef:15:d3:90:c0:f1:ed:08:2a:58:a6:5b:b7:
         41:d0:a9:59:81:0d:9c:7b:9c:3a:17:d8:4c:0d:b4:98:07:7e:
         18:dd:4d:dc:cf:a3:a1:8d:b2:14:6c:27:2d:8b:be:08:ff:bb:
         45:25:ea:b2:12:ee:60:b2:4f:24:c1:89:57:3c:18:3e:3b:6b:
         78:97:ae:70:79:51:31:9c:27:f3:14:48:3e:e1:eb:a4:8a:d0:
         5d:39:c8:b3:5a:59:46:d7:77:a2:2f:bf:46:3c:f4:ab:82:6b:
         fd:f1:6b:cd:be:c0:52:0a:19:7b:10:94:ba:a7:a9:5e:fb:34:
         a7:dc:92:e9:73:4d:de:49:78:f1:10:e8:97:72:91:af:d8:e6:
         b1:1c:8b:f1:2b:43:5e:38:d1:86:1b:80:4e:6c:06:c7:52:af:
         19:1f:b1:5b:d0:01:7f:73:c2:cf:7c:9b:fd:84:d3:09:41:cf:
         96:90:91:db:56:d2:e1:5f:e1:c5:1e:6a:36:e7:80:8e:7d:b5:
         d9:76:a9:8c:37:b7:a6:fc:7b:59:40:fe:63:30:e4:88:da:ec:
         e9:7b:6b:7b:82:65:64:3b:bb:23:63:30:79:1f:13:34:f2:90:
         f6:1e:61:1e
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAYhsvtLO2Zvha4LFvicypaXXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjMwNTMwMTMwMDI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjRiMGY0MzEwYmIxYmMxNmNiY2M5OWU4NDk4YmRiZjlkODA2NDc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1LdtzhzJIUGwRLRsTmaRu4w8SiSu
akhep9zDeRUnx+soebk68ovoItkuv9O7f98USCBWTe5rja7TyR1E8i7njnBUKEJT
vWfLP9LB24kYbLz33tRV0XtblILuMM/Kytg+DRehqZLPb2Nj+zvEPJq0+E+XGY9R
OWOoweAWWzLa2pFx1L+Ze93D8UwAblxM1ijko0vwvADPpRKQZGGNo1kvTSjY0N0r
Ku1saLovDS0UVkYIkXQsYtyrElvgeTRsgdaNZ8WoDI0OXCY4fth5YFCAXOepCmwu
3Vp2wsPvXhVP3ADKXMKWYlBPApC/ccHraDNBU1DKr8IYmaCZ5y7mtrt2EwIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFOJLD0MQuxvBbLzJnoSYvb+dgGR3MB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvNGtzUFF4QzdHOEZzdk1tZWhKaTl2NTJBWkhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAATBMAwQAH9IiAwQB
H9I0AwQATodBAwQAvISDAwQAvIStMAwDBAC8hLUDBAC8hLYDBAC8hLswDAMEANRE
NQMEANRENgMEANREOgMEAdREPjANBgkqhkiG9w0BAQsFAAOCAQEANKln1u1cUW3B
jXNwwemSo55cPerA6pzvFdOQwPHtCCpYplu3QdCpWYENnHucOhfYTA20mAd+GN1N
3M+joY2yFGwnLYu+CP+7RSXqshLuYLJPJMGJVzwYPjtreJeucHlRMZwn8xRIPuHr
pIrQXTnIs1pZRtd3oi+/Rjz0q4Jr/fFrzb7AUgoZexCUuqepXvs0p9yS6XNN3kl4
8RDol3KRr9jmsRyL8StDXjjRhhuATmwGx1KvGR+xW9ABf3PCz3yb/YTTCUHPlpCR
21bS4V/hxR5qNueAjn212XapjDe3pvx7WUD+YzDkiNrs6Xtre4JlZDu7I2MweR8T
NPKQ9h5hHg==
-----END CERTIFICATE-----