Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/c8OVcsx-Sc2aN7DY1uPnYZR-7V8.roa
File:                     c8OVcsx-Sc2aN7DY1uPnYZR-7V8.roa (raw, json)
Hash identifier:          65f9tF2+h8KAq+LjsLNBqIp7Tx/+Q2tQBnK9H/ZrM7k=
Subject key identifier:   73:C3:95:72:CC:7E:49:CD:9A:37:B0:D8:D6:E3:E7:61:94:7E:ED:5F
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       018D3198C4025B46BB9F144454D86B95D244
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/c8OVcsx-Sc2aN7DY1uPnYZR-7V8.roa
Signing time:             Mon 22 Jan 2024 14:35:11 +0000
ROA not before:           Mon 22 Jan 2024 14:35:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        86.107.51.0/24 maxlen: 24
                          89.34.106.0/24 maxlen: 24
                          89.34.202.0/24 maxlen: 24
                          89.34.219.0/24 maxlen: 24
                          89.35.129.0/24 maxlen: 24
                          89.35.131.0/24 maxlen: 24
                          89.37.192.0/24 maxlen: 24
                          89.40.215.0/24 maxlen: 24
                          89.43.62.0/24 maxlen: 24
                          91.132.51.0/24 maxlen: 24
                          94.176.215.0/24 maxlen: 24
                          188.241.137.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 25 Jan 2024 16:37:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:31:98:c4:02:5b:46:bb:9f:14:44:54:d8:6b:95:d2:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jan 22 14:35:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=73c39572cc7e49cd9a37b0d8d6e3e761947eed5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:cd:d4:d5:c6:99:ae:e3:9d:ca:99:f7:7c:58:
                    d4:34:b5:86:47:14:82:f2:bd:66:90:99:7c:d9:77:
                    ef:44:2b:e4:05:fc:12:68:f3:ed:fe:ed:8b:dc:d2:
                    c7:b8:34:f3:22:61:c1:74:e5:5d:98:e8:81:79:cf:
                    b9:0d:51:ba:7d:e4:1b:96:9f:09:4f:b9:d3:7d:90:
                    c9:e6:5f:1b:95:db:90:3b:78:6c:d4:71:dd:b4:98:
                    c9:31:65:c4:e0:c5:67:57:05:9f:72:7b:13:9c:e3:
                    c4:e9:1b:3d:7b:51:ed:47:05:5a:2f:12:80:a6:95:
                    da:de:d8:0f:11:d9:af:e8:33:be:2c:2b:c9:7a:ae:
                    4e:35:fd:6b:aa:3b:c5:fb:4a:b4:04:d9:5e:32:b0:
                    b4:3a:b8:57:61:df:ba:44:4f:96:85:60:c8:c2:59:
                    3e:a3:f0:ff:54:55:70:50:eb:3d:d6:e6:0c:f3:6c:
                    5f:6d:ef:df:c0:90:84:93:7d:15:dc:d5:b2:67:6b:
                    d2:54:dd:a3:9c:7a:dc:40:7f:8a:db:e1:3b:4d:30:
                    d2:7c:1e:87:03:ec:8a:4c:91:7e:fd:8c:cf:0d:a5:
                    11:25:56:13:de:96:b5:4f:ed:3f:e6:f6:c0:c9:1c:
                    ca:71:97:93:07:ab:03:db:eb:b5:23:61:bd:2b:b2:
                    a5:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:C3:95:72:CC:7E:49:CD:9A:37:B0:D8:D6:E3:E7:61:94:7E:ED:5F
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/c8OVcsx-Sc2aN7DY1uPnYZR-7V8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.107.51.0/24
                  89.34.106.0/24
                  89.34.202.0/24
                  89.34.219.0/24
                  89.35.129.0/24
                  89.35.131.0/24
                  89.37.192.0/24
                  89.40.215.0/24
                  89.43.62.0/24
                  91.132.51.0/24
                  94.176.215.0/24
                  188.241.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:24:25:f5:d9:a4:a8:5d:91:64:e6:96:b5:78:7c:90:5b:a3:
         b2:ab:2e:5b:2b:8c:0b:05:0f:c4:a8:47:8b:6f:27:60:b4:47:
         bb:a3:bc:8c:57:0a:58:ca:0a:7e:94:55:88:c8:6f:d0:0c:9a:
         f3:72:e2:50:a4:28:25:2c:13:a4:e4:e8:eb:28:ad:05:cd:14:
         d5:a0:6b:40:fe:b5:0a:c5:c4:0c:01:7d:94:37:71:d7:56:b1:
         ba:10:c9:17:29:ab:49:c6:24:04:92:0d:4a:5f:05:56:cf:0b:
         26:55:8c:90:93:ae:fb:71:b3:52:09:55:65:38:e7:0a:58:c1:
         41:5f:d4:5b:74:b0:99:d9:fa:c3:c2:f4:02:8b:3d:91:8c:64:
         2f:64:42:03:8d:e2:76:78:58:2d:92:a6:50:27:8b:8d:ec:53:
         dd:4a:f3:b6:ff:3f:c8:61:2e:92:6c:47:e9:7c:b5:f3:af:c8:
         2d:6d:94:5a:06:3c:98:75:0e:72:ad:4f:db:83:a5:b8:71:2f:
         40:7d:44:53:2a:d5:b2:2e:bb:73:a4:3c:4b:7f:76:54:ff:d5:
         e6:0f:1b:ee:51:b7:92:81:d0:66:fa:39:01:38:4c:65:fe:5e:
         81:86:50:80:8c:96:d8:a6:44:5a:ec:d8:44:c2:21:60:d5:b5:
         98:cc:41:6a
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAY0xmMQCW0a7nxREVNhrldJEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjQwMTIyMTQzNTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2MzOTU3MmNjN2U0OWNkOWEzN2IwZDhkNmUzZTc2MTk0N2VlZDVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAts3U1caZruOdypn3fFjUNLWGRxSC
8r1mkJl82XfvRCvkBfwSaPPt/u2L3NLHuDTzImHBdOVdmOiBec+5DVG6feQblp8J
T7nTfZDJ5l8blduQO3hs1HHdtJjJMWXE4MVnVwWfcnsTnOPE6Rs9e1HtRwVaLxKA
ppXa3tgPEdmv6DO+LCvJeq5ONf1rqjvF+0q0BNleMrC0OrhXYd+6RE+WhWDIwlk+
o/D/VFVwUOs91uYM82xfbe/fwJCEk30V3NWyZ2vSVN2jnHrcQH+K2+E7TTDSfB6H
A+yKTJF+/YzPDaURJVYT3pa1T+0/5vbAyRzKcZeTB6sD2+u1I2G9K7KlYQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFHPDlXLMfknNmjew2Nbj52GUfu1fMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvYzhPVmNzeC1TYzJhTjdEWTF1UG5ZWlItN1Y4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQAVmszAwQA
WSJqAwQAWSLKAwQAWSLbAwQAWSOBAwQAWSODAwQAWSXAAwQAWSjXAwQAWSs+AwQA
W4QzAwQAXrDXAwQAvPGJMA0GCSqGSIb3DQEBCwUAA4IBAQAoJCX12aSoXZFk5pa1
eHyQW6Oyqy5bK4wLBQ/EqEeLbydgtEe7o7yMVwpYygp+lFWIyG/QDJrzcuJQpCgl
LBOk5OjrKK0FzRTVoGtA/rUKxcQMAX2UN3HXVrG6EMkXKatJxiQEkg1KXwVWzwsm
VYyQk677cbNSCVVlOOcKWMFBX9RbdLCZ2frDwvQCiz2RjGQvZEIDjeJ2eFgtkqZQ
J4uN7FPdSvO2/z/IYS6SbEfpfLXzr8gtbZRaBjyYdQ5yrU/bg6W4cS9AfURTKtWy
LrtzpDxLf3ZU/9XmDxvuUbeSgdBm+jkBOExl/l6BhlCAjJbYpkRa7NhEwiFg1bWY
zEFq
-----END CERTIFICATE-----