Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/iHbm7-p98nCh_Ysv_5ERcpmF-GU.roa
File:                     iHbm7-p98nCh_Ysv_5ERcpmF-GU.roa (raw, json)
Hash identifier:          GFeQIjzTiucRO+ID8YV8geNuNDIgKSQN5TNX5SoKmT8=
Subject key identifier:   88:76:E6:EF:EA:7D:F2:70:A1:FD:8B:2F:FF:91:11:72:99:85:F8:65
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       0188D1F30104A0DE1A41B2E003ACB7117493
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/iHbm7-p98nCh_Ysv_5ERcpmF-GU.roa
Signing time:             Mon 19 Jun 2023 04:39:03 +0000
ROA not before:           Mon 19 Jun 2023 04:39:03 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     15731
IP address blocks:        86.107.51.0/24 maxlen: 24
                          188.241.137.0/24 maxlen: 24
                          37.153.158.0/24 maxlen: 24
                          94.198.171.0/24 maxlen: 24
                          92.114.32.0/24 maxlen: 24
                          77.81.88.0/24 maxlen: 24
                          89.45.35.0/24 maxlen: 24
                          188.214.107.0/24 maxlen: 24
                          89.35.130.0/23 maxlen: 23
                          89.35.131.0/24 maxlen: 24
                          176.223.188.0/24 maxlen: 24
                          46.102.237.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 19 Jun 2023 04:57:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:d1:f3:01:04:a0:de:1a:41:b2:e0:03:ac:b7:11:74:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jun 19 04:39:03 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8876e6efea7df270a1fd8b2fff9111729985f865
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:70:e3:64:21:ed:63:81:22:49:af:f9:3d:df:
                    4a:9b:7d:76:f2:d9:da:bd:78:b1:80:b0:9e:44:9d:
                    c6:9d:a8:36:fa:46:0a:e2:c8:76:1c:f3:ae:a7:25:
                    c9:2c:8a:dd:37:6a:4a:1d:71:64:94:3b:08:96:bc:
                    40:db:52:f4:a1:c3:88:9f:c0:d2:6b:12:f4:a5:bf:
                    e8:ef:3c:36:62:a0:1b:eb:09:bb:0a:ab:6f:d9:4e:
                    dd:71:0c:ed:d4:ad:18:1c:5f:b1:af:78:d3:ad:d0:
                    f7:41:d5:4c:b9:c7:e3:00:ea:9e:64:4e:c4:b8:08:
                    07:2c:3c:14:44:64:c3:e2:12:5f:90:2a:e7:0a:32:
                    5f:c5:2f:2d:a5:84:ed:77:54:92:32:09:da:43:76:
                    1c:91:b4:56:3d:18:a2:ee:ac:ba:20:e0:c4:28:45:
                    31:89:5d:bd:0d:55:7d:0f:7c:aa:35:6e:2b:9c:75:
                    b4:93:ef:2c:88:e0:f4:15:21:6f:37:82:f4:b9:c2:
                    99:f8:1b:55:7c:a4:1f:05:92:5d:47:76:52:f5:39:
                    c9:41:f4:10:68:9f:19:ef:91:ed:45:51:07:dc:50:
                    13:ba:8d:b0:0b:bd:b3:5e:b6:1c:2e:0b:76:b4:6d:
                    f4:5f:1e:19:df:85:fc:d5:c0:99:80:b8:56:ff:ca:
                    61:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:76:E6:EF:EA:7D:F2:70:A1:FD:8B:2F:FF:91:11:72:99:85:F8:65
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/iHbm7-p98nCh_Ysv_5ERcpmF-GU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.153.158.0/24
                  46.102.237.0/24
                  77.81.88.0/24
                  86.107.51.0/24
                  89.35.130.0/23
                  89.45.35.0/24
                  92.114.32.0/24
                  94.198.171.0/24
                  176.223.188.0/24
                  188.214.107.0/24
                  188.241.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:cf:64:b3:59:b7:c4:33:65:b3:2d:f4:96:12:66:cd:c1:8f:
         dc:8a:7e:31:20:b2:6d:ea:c6:be:3d:97:f5:79:08:1a:35:79:
         c0:d8:ed:b5:37:ac:22:d2:c8:d2:24:ff:5e:8e:d1:9d:4b:e8:
         94:04:78:6f:0b:b9:a8:11:61:77:3f:9d:0c:68:28:56:a4:3f:
         4d:70:c9:ca:6b:52:b8:8f:9c:e0:73:c3:ab:fd:6a:c9:b9:34:
         40:35:fa:7c:d0:a0:d9:26:3c:f6:97:46:1b:cd:f5:c8:e5:4f:
         42:e5:7a:92:c0:e1:7e:90:27:97:df:2b:d0:4a:7e:21:d4:a4:
         d8:cc:1e:ba:44:2f:3c:92:bb:9c:c6:79:29:44:19:c8:2d:b3:
         15:b2:e4:b0:5b:40:3f:0a:3b:8d:f7:bf:bd:6d:88:84:a9:7a:
         e8:28:26:be:94:54:49:8b:94:02:bb:12:46:44:5d:bb:36:80:
         23:2d:2a:83:46:c7:28:26:84:65:fd:37:a7:d1:b2:34:cd:be:
         55:73:5a:2d:33:38:fe:15:e4:10:00:1c:e1:bf:0b:4c:d4:e1:
         64:7b:8c:79:49:23:67:d0:67:80:fa:26:df:13:7a:88:42:ba:
         61:36:bd:4a:e4:73:bc:5a:ea:26:7c:87:2c:fa:8c:63:de:0d:
         3b:c8:ad:10
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYjR8wEEoN4aQbLgA6y3EXSTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjMwNjE5MDQzOTAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODc2ZTZlZmVhN2RmMjcwYTFmZDhiMmZmZjkxMTE3Mjk5ODVmODY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnXDjZCHtY4EiSa/5Pd9Km3128tna
vXixgLCeRJ3Gnag2+kYK4sh2HPOupyXJLIrdN2pKHXFklDsIlrxA21L0ocOIn8DS
axL0pb/o7zw2YqAb6wm7Cqtv2U7dcQzt1K0YHF+xr3jTrdD3QdVMucfjAOqeZE7E
uAgHLDwURGTD4hJfkCrnCjJfxS8tpYTtd1SSMgnaQ3YckbRWPRii7qy6IODEKEUx
iV29DVV9D3yqNW4rnHW0k+8siOD0FSFvN4L0ucKZ+BtVfKQfBZJdR3ZS9TnJQfQQ
aJ8Z75HtRVEH3FATuo2wC72zXrYcLgt2tG30Xx4Z34X81cCZgLhW/8ph4wIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFIh25u/qffJwof2LL/+REXKZhfhlMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvaUhibTctcDk4bkNoX1lzdl81RVJjcG1GLUdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQAJZmeAwQA
LmbtAwQATVFYAwQAVmszAwQBWSOCAwQAWS0jAwQAXHIgAwQAXsarAwQAsN+8AwQA
vNZrAwQAvPGJMA0GCSqGSIb3DQEBCwUAA4IBAQASz2SzWbfEM2WzLfSWEmbNwY/c
in4xILJt6sa+PZf1eQgaNXnA2O21N6wi0sjSJP9ejtGdS+iUBHhvC7moEWF3P50M
aChWpD9NcMnKa1K4j5zgc8Or/WrJuTRANfp80KDZJjz2l0YbzfXI5U9C5XqSwOF+
kCeX3yvQSn4h1KTYzB66RC88krucxnkpRBnILbMVsuSwW0A/CjuN97+9bYiEqXro
KCa+lFRJi5QCuxJGRF27NoAjLSqDRscoJoRl/Ten0bI0zb5Vc1otMzj+FeQQABzh
vwtM1OFke4x5SSNn0GeA+ibfE3qIQrphNr1K5HO8WuomfIcs+oxj3g07yK0Q
-----END CERTIFICATE-----