Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/8Dli1oNxLsqDS9BrVzoedbWdDRc.roa
File:                     8Dli1oNxLsqDS9BrVzoedbWdDRc.roa (raw, json)
Hash identifier:          RQSQTmLA/hAJeHIXD54DUHMqEJgnSe+BBiAreNoQ6FE=
Subject key identifier:   F0:39:62:D6:83:71:2E:CA:83:4B:D0:6B:57:3A:1E:75:B5:9D:0D:17
Certificate issuer:       /CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
Certificate serial:       018CC94E1016DBC3ECDF5905E228FC312056
Authority key identifier: 29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/8Dli1oNxLsqDS9BrVzoedbWdDRc.roa
Signing time:             Tue 02 Jan 2024 08:33:05 +0000
ROA not before:           Tue 02 Jan 2024 08:33:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41944
IP address blocks:        185.14.92.0/24 maxlen: 24
                          185.14.93.0/24 maxlen: 24
                          43.251.161.0/24 maxlen: 24
                          176.100.37.0/24 maxlen: 24
                          176.100.36.0/24 maxlen: 24
                          176.100.38.0/24 maxlen: 24
                          37.114.33.0/24 maxlen: 24
                          37.114.43.0/24 maxlen: 24
                          37.114.48.0/24 maxlen: 24
                          37.114.50.0/24 maxlen: 24
                          37.114.49.0/24 maxlen: 24
                          37.114.51.0/24 maxlen: 24
                          37.114.55.0/24 maxlen: 24
                          37.114.63.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 17 May 2024 20:14:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:10:16:db:c3:ec:df:59:05:e2:28:fc:31:20:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
        Validity
            Not Before: Jan  2 08:33:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f03962d683712eca834bd06b573a1e75b59d0d17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:7e:cb:27:b1:38:1b:f6:6c:f6:8f:25:88:a3:
                    62:6c:b4:26:9f:b8:e6:11:e4:d4:13:ce:70:91:3c:
                    bf:90:b8:40:27:da:36:a5:f0:f5:89:d4:e6:78:0b:
                    97:cf:4a:46:f3:cd:6c:2d:2c:b8:70:80:f0:55:8d:
                    04:09:37:ac:dd:b5:ee:94:93:1a:ba:07:36:20:e9:
                    d8:87:e1:22:a2:52:c1:6c:3b:25:f7:b4:af:54:d1:
                    8d:e3:c8:31:78:72:46:f0:71:02:63:e9:2f:0d:37:
                    14:67:1b:7b:21:5e:da:38:39:37:8e:51:ed:21:89:
                    76:57:c8:37:06:f9:be:3e:62:fb:7f:52:52:7e:fb:
                    07:84:b0:10:4c:88:40:d5:82:2a:05:f0:a3:a4:6b:
                    ba:9b:e9:4d:e1:a6:b7:00:91:f3:2e:c8:4b:60:4f:
                    1a:2c:52:ff:4e:d7:06:f2:5c:ec:42:b5:05:ab:4f:
                    72:c9:6a:cb:60:c3:14:29:2d:15:51:b5:98:b4:5b:
                    3b:96:04:9c:ff:3c:21:cb:4e:9b:25:60:19:b6:e3:
                    42:cd:5a:ef:82:db:6d:e4:a5:c7:32:82:7c:c3:a4:
                    f9:ce:e9:bf:ae:f0:8b:99:cf:75:17:bb:87:8b:b4:
                    ef:fc:91:90:72:9b:a9:49:5d:60:e8:36:60:bf:5f:
                    df:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:39:62:D6:83:71:2E:CA:83:4B:D0:6B:57:3A:1E:75:B5:9D:0D:17
            X509v3 Authority Key Identifier:
                keyid:29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/8Dli1oNxLsqDS9BrVzoedbWdDRc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.114.33.0/24
                  37.114.43.0/24
                  37.114.48.0/22
                  37.114.55.0/24
                  37.114.63.0/24
                  43.251.161.0/24
                  176.100.36.0-176.100.38.255
                  185.14.92.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ad:d1:dd:9f:03:48:b0:90:12:4d:0c:1b:3f:8e:0e:7c:c7:4c:
         17:1b:a6:56:9f:8b:38:13:4d:30:ba:47:f9:8a:93:af:f6:89:
         25:fd:0a:83:91:0d:87:b6:21:fd:fb:67:40:e6:05:11:3b:fb:
         d4:30:fb:c6:34:a6:3f:51:65:d8:91:c4:d9:27:d5:bc:e0:2c:
         15:45:15:c8:f9:a0:8e:97:ed:eb:e6:fc:64:42:b3:d5:db:0a:
         3f:91:00:44:84:f9:9b:73:97:c0:4f:54:f3:64:04:dd:da:ed:
         c6:1b:36:13:2d:8f:55:ea:3d:e1:92:49:50:a0:e7:64:96:a3:
         98:91:63:05:ba:fc:59:2f:f6:4d:5a:9f:e3:6d:ea:a5:d9:4b:
         29:7b:02:f7:b7:62:01:b8:4c:87:ee:ec:fe:de:a3:42:6b:1b:
         e7:a2:18:2d:78:29:a3:4a:bb:57:4d:d2:4c:99:63:d4:53:36:
         7f:a3:b2:79:86:d2:c3:7c:cc:91:3d:63:e1:5d:f9:c7:11:2e:
         47:0a:cc:8f:bf:0b:1d:f9:bc:18:3e:d2:67:3f:3b:9d:ee:e6:
         2b:63:41:c3:a4:57:b3:17:37:33:e3:9f:b3:bc:01:63:44:3e:
         0e:f5:67:49:0a:c3:ca:e2:ca:8c:c0:c3:14:36:11:45:75:93:
         0f:a8:6b:4e
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYzJThAW28Ps31kF4ij8MSBWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NjU5M2I3NDdlNzZhNTY0OTI1MTFiYjM2MTJlNGQ1ZTRj
YmU3ZWMwHhcNMjQwMTAyMDgzMzA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDM5NjJkNjgzNzEyZWNhODM0YmQwNmI1NzNhMWU3NWI1OWQwZDE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh37LJ7E4G/Zs9o8liKNibLQmn7jm
EeTUE85wkTy/kLhAJ9o2pfD1idTmeAuXz0pG881sLSy4cIDwVY0ECTes3bXulJMa
ugc2IOnYh+EiolLBbDsl97SvVNGN48gxeHJG8HECY+kvDTcUZxt7IV7aODk3jlHt
IYl2V8g3Bvm+PmL7f1JSfvsHhLAQTIhA1YIqBfCjpGu6m+lN4aa3AJHzLshLYE8a
LFL/TtcG8lzsQrUFq09yyWrLYMMUKS0VUbWYtFs7lgSc/zwhy06bJWAZtuNCzVrv
gttt5KXHMoJ8w6T5zum/rvCLmc91F7uHi7Tv/JGQcpupSV1g6DZgv1/fzQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFPA5YtaDcS7Kg0vQa1c6HnW1nQ0XMB8GA1UdIwQY
MBaAFCllk7dH52pWSSURuzYS5NXky+fsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMt
MWI3Y2JiMDhkNzNmLzEvOERsaTFvTnhMc3FEUzlCclZ6b2VkYldkRFJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMtMWI3Y2JiMDhkNzNm
LzEvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQAJXIhAwQA
JXIrAwQCJXIwAwQAJXI3AwQAJXI/AwQAK/uhMAwDBAKwZCQDBACwZCYDBAG5Dlww
DQYJKoZIhvcNAQELBQADggEBAK3R3Z8DSLCQEk0MGz+ODnzHTBcbplafizgTTTC6
R/mKk6/2iSX9CoORDYe2If37Z0DmBRE7+9Qw+8Y0pj9RZdiRxNkn1bzgLBVFFcj5
oI6X7evm/GRCs9XbCj+RAESE+Ztzl8BPVPNkBN3a7cYbNhMtj1XqPeGSSVCg52SW
o5iRYwW6/Fkv9k1an+Nt6qXZSyl7Ave3YgG4TIfu7P7eo0JrG+eiGC14KaNKu1dN
0kyZY9RTNn+jsnmG0sN8zJE9Y+Fd+ccRLkcKzI+/Cx35vBg+0mc/O53u5itjQcOk
V7MXNzPjn7O8AWNEPg71Z0kKw8riyozAwxQ2EUV1kw+oa04=
-----END CERTIFICATE-----