Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/DdoY2IQrL6yB2rsLNZ8pSiSCkw4.roa
File:                     DdoY2IQrL6yB2rsLNZ8pSiSCkw4.roa (raw, json)
Hash identifier:          A2YbCXl2aDpJZi+lxo/lzptYLd99PBQQlv6EJvrJk6w=
Subject key identifier:   0D:DA:18:D8:84:2B:2F:AC:81:DA:BB:0B:35:9F:29:4A:24:82:93:0E
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       018DB2110AD0F916C72E0D53575269B954A8
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/DdoY2IQrL6yB2rsLNZ8pSiSCkw4.roa
Signing time:             Fri 16 Feb 2024 13:17:57 +0000
ROA not before:           Fri 16 Feb 2024 13:17:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48678
IP address blocks:        31.210.48.0/24 maxlen: 24
                          31.210.50.0/24 maxlen: 24
                          77.92.145.0/24 maxlen: 24
                          77.92.146.0/24 maxlen: 24
                          77.92.153.0/24 maxlen: 24
                          78.135.66.0/24 maxlen: 24
                          188.132.129.0/24 maxlen: 24
                          188.132.153.0/24 maxlen: 24
                          188.132.168.0/24 maxlen: 24
                          188.132.183.0/24 maxlen: 24
                          188.132.184.0/24 maxlen: 24
                          188.132.185.0/24 maxlen: 24
                          188.132.186.0/24 maxlen: 24
                          188.132.199.0/24 maxlen: 24
                          188.132.201.0/24 maxlen: 24
                          188.132.206.0/24 maxlen: 24
                          188.132.207.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 23 Feb 2024 00:29:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:b2:11:0a:d0:f9:16:c7:2e:0d:53:57:52:69:b9:54:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: Feb 16 13:17:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0dda18d8842b2fac81dabb0b359f294a2482930e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:6b:ff:96:93:a0:a3:d4:57:89:59:c8:9c:bb:
                    7b:3e:3d:fd:96:fb:74:72:ec:8c:49:ae:19:5d:fc:
                    6b:9e:fe:44:96:65:ac:91:91:54:85:64:b3:5d:0a:
                    b9:a1:f5:65:9f:ad:a9:b6:e1:4b:73:c6:6f:29:59:
                    4f:12:49:87:26:56:5b:a3:0d:b6:5a:dc:d7:6e:79:
                    f1:b6:a9:31:3b:5f:10:54:c5:4b:ba:d9:ca:0a:a5:
                    84:52:f4:4e:ec:e5:16:26:c6:df:34:b3:ca:9e:3f:
                    cb:83:1d:7e:00:87:b1:13:32:0c:68:45:25:99:09:
                    12:37:12:6d:e6:a3:30:47:f8:06:67:18:bf:af:ac:
                    64:5c:7f:32:74:ed:21:9f:79:ed:64:a8:d3:90:db:
                    f5:68:61:2d:d9:83:d7:74:c8:d1:04:57:0b:64:bb:
                    2c:e1:59:f2:97:7f:fe:6c:09:e4:8f:30:f2:30:0d:
                    04:32:97:a6:de:4d:29:ae:43:05:ab:fe:5a:b7:cf:
                    1a:3f:d4:8c:64:a4:43:cf:6a:1a:5b:89:53:4a:64:
                    c7:c3:19:d9:21:ef:1f:40:75:84:27:e0:8d:08:f3:
                    5e:c6:1e:19:fa:71:8b:97:c5:31:d9:59:a2:3f:05:
                    7f:78:ec:86:ef:39:8c:7c:d8:dd:45:13:06:0c:31:
                    63:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:DA:18:D8:84:2B:2F:AC:81:DA:BB:0B:35:9F:29:4A:24:82:93:0E
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/DdoY2IQrL6yB2rsLNZ8pSiSCkw4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.210.48.0/24
                  31.210.50.0/24
                  77.92.145.0-77.92.146.255
                  77.92.153.0/24
                  78.135.66.0/24
                  188.132.129.0/24
                  188.132.153.0/24
                  188.132.168.0/24
                  188.132.183.0-188.132.186.255
                  188.132.199.0/24
                  188.132.201.0/24
                  188.132.206.0/23

    Signature Algorithm: sha256WithRSAEncryption
         86:18:c2:c9:a5:b6:f7:89:46:f7:3b:5e:71:b4:6b:17:df:0c:
         b5:55:06:5d:45:6a:4c:d4:a9:00:ab:0a:96:24:9f:84:88:be:
         44:02:12:06:7d:24:30:9c:e4:d6:32:d8:9f:0e:91:b2:5d:d5:
         59:ae:c5:b6:58:2e:cd:06:a4:df:d7:0c:f2:53:b1:93:d6:09:
         c9:2f:ed:1e:55:c2:ae:95:7e:75:f2:c1:e9:b0:67:8c:80:b5:
         34:8b:28:5c:cf:3b:bd:50:6a:f9:c7:36:6f:3e:66:0b:8d:2e:
         70:45:d2:35:e8:74:fa:01:43:18:af:bf:61:41:9d:76:ac:cb:
         24:56:3b:3c:06:aa:20:ff:24:d3:29:01:7b:b3:cd:b7:59:b7:
         a7:2a:85:cd:ba:a4:4b:ba:30:54:e3:23:38:0c:cb:8e:86:62:
         72:54:c7:48:3e:9b:99:da:2e:f5:27:14:f0:43:1d:15:e9:57:
         25:a1:2a:10:ef:02:fb:9f:82:bd:8c:4f:ad:34:0a:60:f6:34:
         2f:05:e9:0f:e7:72:cd:9d:93:5f:d4:7f:6f:ef:5d:74:25:b3:
         e0:2a:fe:79:9c:66:e2:30:eb:b4:21:e3:b2:c8:66:63:b9:ac:
         5f:70:74:d0:15:b1:be:aa:ff:8d:ae:e4:58:47:19:99:05:ed:
         ef:ac:c5:5b
-----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgISAY2yEQrQ+RbHLg1TV1JpuVSoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjQwMjE2MTMxNzU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGRhMThkODg0MmIyZmFjODFkYWJiMGIzNTlmMjk0YTI0ODI5MzBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlGv/lpOgo9RXiVnInLt7Pj39lvt0
cuyMSa4ZXfxrnv5ElmWskZFUhWSzXQq5ofVln62ptuFLc8ZvKVlPEkmHJlZbow22
WtzXbnnxtqkxO18QVMVLutnKCqWEUvRO7OUWJsbfNLPKnj/Lgx1+AIexEzIMaEUl
mQkSNxJt5qMwR/gGZxi/r6xkXH8ydO0hn3ntZKjTkNv1aGEt2YPXdMjRBFcLZLss
4Vnyl3/+bAnkjzDyMA0EMpem3k0prkMFq/5at88aP9SMZKRDz2oaW4lTSmTHwxnZ
Ie8fQHWEJ+CNCPNexh4Z+nGLl8Ux2VmiPwV/eOyG7zmMfNjdRRMGDDFj6wIDAQAB
o4ICWzCCAlcwHQYDVR0OBBYEFA3aGNiEKy+sgdq7CzWfKUokgpMOMB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvRGRvWTJJUXJMNnlCMnJzTE5aOHBTaVNDa3c0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHEGCCsGAQUFBwEHAQH/BGIwYDBeBAIAATBYAwQAH9IwAwQA
H9IyMAwDBABNXJEDBABNXJIDBABNXJkDBABOh0IDBAC8hIEDBAC8hJkDBAC8hKgw
DAMEALyEtwMEALyEugMEALyExwMEALyEyQMEAbyEzjANBgkqhkiG9w0BAQsFAAOC
AQEAhhjCyaW294lG9ztecbRrF98MtVUGXUVqTNSpAKsKliSfhIi+RAISBn0kMJzk
1jLYnw6Rsl3VWa7FtlguzQak39cM8lOxk9YJyS/tHlXCrpV+dfLB6bBnjIC1NIso
XM87vVBq+cc2bz5mC40ucEXSNeh0+gFDGK+/YUGddqzLJFY7PAaqIP8k0ykBe7PN
t1m3pyqFzbqkS7owVOMjOAzLjoZiclTHSD6bmdou9ScU8EMdFelXJaEqEO8C+5+C
vYxPrTQKYPY0LwXpD+dyzZ2TX9R/b+9ddCWz4Cr+eZxm4jDrtCHjsshmY7msX3B0
0BWxvqr/ja7kWEcZmQXt76zFWw==
-----END CERTIFICATE-----