Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/fc7c82-3159-4d54-a0a1-35171aedd313/1/M40iCNL4phMIhOLUADhhGaTx6y0.roa
File:                     M40iCNL4phMIhOLUADhhGaTx6y0.roa (raw, json)
Hash identifier:          rxrysGYVOV9taTrPbWm14+XUPxG5WoCWBghrg0StdlU=
Subject key identifier:   33:8D:22:08:D2:F8:A6:13:08:84:E2:D4:00:38:61:19:A4:F1:EB:2D
Certificate issuer:       /CN=b64074aa8449830da9b20b3afb0682d3c032f9fe
Certificate serial:       018CC7957E10BD5BC0993623F300AE7CB021
Authority key identifier: B6:40:74:AA:84:49:83:0D:A9:B2:0B:3A:FB:06:82:D3:C0:32:F9:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tkB0qoRJgw2psgs6-waC08Ay-f4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/fc7c82-3159-4d54-a0a1-35171aedd313/1/M40iCNL4phMIhOLUADhhGaTx6y0.roa
Signing time:             Tue 02 Jan 2024 00:31:52 +0000
ROA not before:           Tue 02 Jan 2024 00:31:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43893
IP address blocks:        185.9.164.0/24 maxlen: 24
                          185.9.166.0/23 maxlen: 23
                          185.84.240.0/24 maxlen: 24
                          185.84.242.0/24 maxlen: 24
                          185.84.248.0/24 maxlen: 24
                          185.84.249.0/24 maxlen: 24
                          2001:67c:1001::/48 maxlen: 48
                          2a03:4bc0:2900::/48 maxlen: 48
                          2a03:4bc0:1000::/48 maxlen: 48
                          2a03:4bc0:2200::/48 maxlen: 48
                          2a03:4bc0:2100::/48 maxlen: 48
                          2a03:4bc0:2000::/48 maxlen: 48
                          2a03:4bc0:3160::/48 maxlen: 48
                          2a03:4bc0:1001::/48 maxlen: 48
                          2001:67c:1000::/48 maxlen: 48
                          2001:67c:1000::/47 maxlen: 47
Validation:               Failed, certificate revoked on Thu 02 Jan 2025 07:49:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:7e:10:bd:5b:c0:99:36:23:f3:00:ae:7c:b0:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b64074aa8449830da9b20b3afb0682d3c032f9fe
        Validity
            Not Before: Jan  2 00:31:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=338d2208d2f8a6130884e2d400386119a4f1eb2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:a8:b7:e7:83:6a:2f:ef:b3:9d:f2:fd:43:4e:
                    70:85:85:2e:29:c3:d3:4f:b3:10:28:d7:78:51:00:
                    05:72:d2:93:49:7b:8d:ca:bb:58:fd:52:e7:b4:97:
                    46:97:2e:5d:56:20:b2:b9:09:64:06:25:f8:db:bc:
                    d7:2a:48:7e:e5:6a:92:8d:e4:31:1e:5e:78:18:61:
                    8c:b6:6b:5d:03:ee:2d:8c:af:c3:b1:60:26:a6:a0:
                    b4:a0:dd:13:6d:67:c4:fe:b9:98:c2:7b:0e:8c:2f:
                    de:af:91:7c:b2:c4:c2:91:d7:b0:a9:01:f1:76:11:
                    97:7f:48:6a:6f:28:4d:61:97:2f:ce:23:f4:ed:15:
                    ad:be:51:ca:da:1c:8c:11:8f:71:1c:c2:bd:51:1b:
                    8e:1b:35:6b:b8:81:cc:0c:a7:15:d2:c0:07:81:6d:
                    d8:32:61:cb:84:6f:8b:d1:b8:a3:68:01:76:25:d6:
                    f2:12:ba:1d:f8:3c:f0:4c:6c:e7:c3:20:f3:62:b0:
                    5c:21:b3:3b:7b:c9:92:43:a2:0f:06:47:38:5c:8c:
                    0f:9f:ec:df:31:d1:1e:37:3d:55:7a:83:db:9e:8b:
                    52:87:dd:48:4e:b8:e9:f5:53:0c:f0:76:1c:7d:64:
                    3f:84:a3:e4:e5:a1:f0:f4:76:c9:19:15:80:bb:58:
                    45:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:8D:22:08:D2:F8:A6:13:08:84:E2:D4:00:38:61:19:A4:F1:EB:2D
            X509v3 Authority Key Identifier:
                keyid:B6:40:74:AA:84:49:83:0D:A9:B2:0B:3A:FB:06:82:D3:C0:32:F9:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tkB0qoRJgw2psgs6-waC08Ay-f4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/fc7c82-3159-4d54-a0a1-35171aedd313/1/M40iCNL4phMIhOLUADhhGaTx6y0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/fc7c82-3159-4d54-a0a1-35171aedd313/1/tkB0qoRJgw2psgs6-waC08Ay-f4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.9.164.0/24
                  185.9.166.0/23
                  185.84.240.0/24
                  185.84.242.0/24
                  185.84.248.0/23
                IPv6:
                  2001:67c:1000::/47
                  2a03:4bc0:1000::/47
                  2a03:4bc0:2000::/48
                  2a03:4bc0:2100::/48
                  2a03:4bc0:2200::/48
                  2a03:4bc0:2900::/48
                  2a03:4bc0:3160::/48

    Signature Algorithm: sha256WithRSAEncryption
         15:20:9f:cd:80:9e:a3:2b:8b:fc:2b:09:3a:e3:13:60:84:43:
         dc:fa:b5:f3:93:cf:62:62:ac:88:f1:19:f4:3b:8a:75:99:5f:
         c4:ed:c3:22:5e:6a:09:8b:31:b1:a4:52:2c:bb:73:12:aa:05:
         3b:be:3a:a6:ba:cc:ff:9b:71:6a:20:27:74:15:ec:a5:31:3d:
         e9:e5:f1:33:cb:86:a5:10:fe:cd:cc:a6:54:0e:5c:a0:3f:ea:
         fe:0d:fd:e4:9f:eb:7e:df:c4:7d:c4:46:59:ab:9a:ed:f0:74:
         aa:a7:01:12:79:76:69:0f:5e:2c:1d:90:1e:ab:fe:7a:c9:30:
         f5:68:63:41:c3:7a:ff:b2:f5:61:08:01:da:0a:80:ef:e8:80:
         19:e8:35:a9:e6:b2:17:af:6c:3f:21:7b:4b:88:82:72:dc:cc:
         b0:29:11:59:16:bc:0d:15:4c:09:06:05:c8:d4:51:2c:18:ad:
         5a:22:0b:06:60:96:42:5a:8f:4c:87:45:7a:e7:06:4b:d6:1c:
         91:8a:fd:9a:42:70:33:8e:0a:f4:7d:33:c5:76:4b:2b:0e:0c:
         fa:2c:9f:1c:33:65:7e:9e:19:0d:cc:69:0e:30:37:e7:bd:89:
         f9:68:98:bf:45:18:1d:aa:8c:90:34:3d:67:3c:03:25:c4:4c:
         cb:19:23:15
-----BEGIN CERTIFICATE-----
MIIFXDCCBESgAwIBAgISAYzHlX4QvVvAmTYj8wCufLAhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2NDA3NGFhODQ0OTgzMGRhOWIyMGIzYWZiMDY4MmQzYzAz
MmY5ZmUwHhcNMjQwMTAyMDAzMTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzhkMjIwOGQyZjhhNjEzMDg4NGUyZDQwMDM4NjExOWE0ZjFlYjJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg6i354NqL++znfL9Q05whYUuKcPT
T7MQKNd4UQAFctKTSXuNyrtY/VLntJdGly5dViCyuQlkBiX427zXKkh+5WqSjeQx
Hl54GGGMtmtdA+4tjK/DsWAmpqC0oN0TbWfE/rmYwnsOjC/er5F8ssTCkdewqQHx
dhGXf0hqbyhNYZcvziP07RWtvlHK2hyMEY9xHMK9URuOGzVruIHMDKcV0sAHgW3Y
MmHLhG+L0bijaAF2JdbyErod+DzwTGznwyDzYrBcIbM7e8mSQ6IPBkc4XIwPn+zf
MdEeNz1VeoPbnotSh91ITrjp9VMM8HYcfWQ/hKPk5aHw9HbJGRWAu1hFFQIDAQAB
o4ICaDCCAmQwHQYDVR0OBBYEFDONIgjS+KYTCITi1AA4YRmk8estMB8GA1UdIwQY
MBaAFLZAdKqESYMNqbILOvsGgtPAMvn+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGtCMHFvUkpndzJwc2dzNi13YUMwOEF5LWY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi9mYzdjODItMzE1OS00ZDU0LWEwYTEt
MzUxNzFhZWRkMzEzLzEvTTQwaUNOTDRwaE1JaE9MVUFEaGhHYVR4NnkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi9mYzdjODItMzE1OS00ZDU0LWEwYTEtMzUxNzFhZWRkMzEz
LzEvdGtCMHFvUkpndzJwc2dzNi13YUMwOEF5LWY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH4GCCsGAQUFBwEHAQH/BG8wbTAkBAIAATAeAwQAuQmkAwQB
uQmmAwQAuVTwAwQAuVTyAwQBuVT4MEUEAgACMD8DBwEgAQZ8EAADBwEqA0vAEAAD
BwAqA0vAIAADBwAqA0vAIQADBwAqA0vAIgADBwAqA0vAKQADBwAqA0vAMWAwDQYJ
KoZIhvcNAQELBQADggEBABUgn82AnqMri/wrCTrjE2CEQ9z6tfOTz2JirIjxGfQ7
inWZX8TtwyJeagmLMbGkUiy7cxKqBTu+Oqa6zP+bcWogJ3QV7KUxPenl8TPLhqUQ
/s3MplQOXKA/6v4N/eSf637fxH3ERlmrmu3wdKqnARJ5dmkPXiwdkB6r/nrJMPVo
Y0HDev+y9WEIAdoKgO/ogBnoNanmshevbD8he0uIgnLczLApEVkWvA0VTAkGBcjU
USwYrVoiCwZglkJaj0yHRXrnBkvWHJGK/ZpCcDOOCvR9M8V2SysODPosnxwzZX6e
GQ3MaQ4wN+e9iflomL9FGB2qjJA0PWc8AyXETMsZIxU=
-----END CERTIFICATE-----