Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/7a1274-03ac-494d-ba8e-cfcffa3c0665/1/BnWKMoGZUmrSqyCKXKl0HyAeIBw.roa
File:                     BnWKMoGZUmrSqyCKXKl0HyAeIBw.roa (raw, json)
Hash identifier:          ZMk4rRyxCmlo4vw+j70lLO/GxBBhRoeyFoK1N6FrpWU=
Subject key identifier:   06:75:8A:32:81:99:52:6A:D2:AB:20:8A:5C:A9:74:1F:20:1E:20:1C
Certificate issuer:       /CN=cd3e6492d4731520c1eedbcda29679500ac083ab
Certificate serial:       018F0A3667CDDBD3D05A7D0E3D283EA5F9B1
Authority key identifier: CD:3E:64:92:D4:73:15:20:C1:EE:DB:CD:A2:96:79:50:0A:C0:83:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zT5kktRzFSDB7tvNopZ5UArAg6s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/7a1274-03ac-494d-ba8e-cfcffa3c0665/1/BnWKMoGZUmrSqyCKXKl0HyAeIBw.roa
Signing time:             Tue 23 Apr 2024 09:08:08 +0000
ROA not before:           Tue 23 Apr 2024 09:08:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201843
IP address blocks:        2.58.224.0/24 maxlen: 24
                          2.58.225.0/24 maxlen: 24
                          2.58.226.0/24 maxlen: 24
                          2.58.227.0/24 maxlen: 24
                          185.61.204.0/24 maxlen: 24
                          185.61.205.0/24 maxlen: 24
                          185.61.206.0/23 maxlen: 23
                          185.133.96.0/24 maxlen: 24
                          185.133.97.0/24 maxlen: 24
                          185.133.98.0/24 maxlen: 24
                          185.133.99.0/24 maxlen: 24
                          185.191.64.0/24 maxlen: 24
                          185.191.65.0/24 maxlen: 24
                          185.191.66.0/24 maxlen: 24
                          185.191.67.0/24 maxlen: 24
                          185.238.48.0/23 maxlen: 23
                          185.238.48.0/24 maxlen: 24
                          185.238.49.0/24 maxlen: 24
                          185.238.50.0/24 maxlen: 24
                          185.238.51.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 20 May 2024 11:13:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:0a:36:67:cd:db:d3:d0:5a:7d:0e:3d:28:3e:a5:f9:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd3e6492d4731520c1eedbcda29679500ac083ab
        Validity
            Not Before: Apr 23 09:08:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=06758a328199526ad2ab208a5ca9741f201e201c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:fc:fa:66:c6:ad:98:4c:c8:2a:c6:e8:c8:0e:
                    cb:64:dc:3c:0f:dc:cd:b5:1e:20:49:a4:3c:d2:39:
                    16:90:12:1f:7b:a1:dc:0d:c9:a5:ba:64:20:27:27:
                    54:67:e6:aa:59:b1:1a:1b:2c:68:f5:21:2b:07:53:
                    e8:f3:f7:21:03:1b:2c:b2:f8:0a:30:85:30:a6:42:
                    fb:ff:e3:b8:0d:95:f8:02:1f:f8:95:a8:13:3c:c0:
                    38:29:ea:94:5c:7a:a8:81:93:44:15:90:0c:8d:55:
                    36:1b:ec:55:64:df:14:33:0b:98:61:a6:cb:fd:97:
                    4b:53:83:13:dd:e0:75:31:c0:6e:5e:83:ae:14:98:
                    d4:8d:7a:18:50:d1:b1:94:3c:e3:55:c1:10:50:88:
                    90:dd:6b:3c:7b:9c:c3:35:21:7d:e9:2f:58:49:34:
                    31:29:ed:ff:32:7e:3f:f5:c6:22:ee:01:7a:4b:71:
                    9f:bd:af:f3:1a:31:5c:14:68:8e:45:53:bd:0e:4b:
                    0b:14:79:e4:d0:10:44:9e:80:7e:e4:28:e2:fb:db:
                    f5:2c:8f:60:46:de:c7:63:dd:3a:d2:7e:01:13:76:
                    3e:6a:e1:82:c6:c1:27:a4:a5:57:15:df:4c:d5:b4:
                    53:7d:9e:e2:18:a7:6b:ae:bc:2a:34:ef:c8:e0:b2:
                    9f:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:75:8A:32:81:99:52:6A:D2:AB:20:8A:5C:A9:74:1F:20:1E:20:1C
            X509v3 Authority Key Identifier:
                keyid:CD:3E:64:92:D4:73:15:20:C1:EE:DB:CD:A2:96:79:50:0A:C0:83:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zT5kktRzFSDB7tvNopZ5UArAg6s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/7a1274-03ac-494d-ba8e-cfcffa3c0665/1/BnWKMoGZUmrSqyCKXKl0HyAeIBw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/7a1274-03ac-494d-ba8e-cfcffa3c0665/1/zT5kktRzFSDB7tvNopZ5UArAg6s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.224.0/22
                  185.61.204.0/22
                  185.133.96.0/22
                  185.191.64.0/22
                  185.238.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         37:87:b7:d7:7a:16:42:31:df:fa:30:8e:b5:e9:80:cf:a4:1e:
         5c:a8:c4:39:53:50:6c:f1:7a:f1:46:4d:1b:05:6b:7b:f0:73:
         6a:5b:d6:47:9e:d9:f0:60:23:3c:69:18:05:2c:26:10:34:a1:
         29:9e:97:93:dc:28:44:f0:82:dd:4d:f8:f3:0f:2f:6e:60:45:
         88:79:ad:b9:9c:e3:54:19:c5:8d:b5:22:7a:0e:b0:47:d3:e6:
         23:a4:ed:c2:a9:66:8c:0d:de:8a:cd:36:6e:02:2b:5c:94:65:
         83:7c:fd:a0:53:62:54:b5:7a:ca:35:34:f8:bc:00:bf:04:76:
         3a:78:2a:62:1a:57:2f:af:ed:41:2a:1a:e9:ca:03:00:fb:2c:
         76:13:22:d9:94:eb:ae:d9:c3:f5:39:e9:de:60:83:82:08:1f:
         47:33:a8:cb:c2:57:8d:76:5d:34:f0:0f:d3:ca:07:05:01:1a:
         6b:10:ef:f4:f9:a0:f0:fc:6d:e9:1e:cc:08:7f:34:67:fd:4b:
         15:7e:7a:c1:de:87:37:f1:ff:85:be:9d:77:81:e9:26:8f:3f:
         92:7f:66:ff:b7:71:32:43:a4:5d:64:e2:34:34:69:5e:07:cc:
         d0:23:8d:18:77:86:4a:be:0e:63:f1:cc:09:33:5c:b3:c4:dd:
         f7:d3:29:bc
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAY8KNmfN29PQWn0OPSg+pfmxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkM2U2NDkyZDQ3MzE1MjBjMWVlZGJjZGEyOTY3OTUwMGFj
MDgzYWIwHhcNMjQwNDIzMDkwODA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjc1OGEzMjgxOTk1MjZhZDJhYjIwOGE1Y2E5NzQxZjIwMWUyMDFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPz6ZsatmEzIKsboyA7LZNw8D9zN
tR4gSaQ80jkWkBIfe6HcDcmlumQgJydUZ+aqWbEaGyxo9SErB1Po8/chAxsssvgK
MIUwpkL7/+O4DZX4Ah/4lagTPMA4KeqUXHqogZNEFZAMjVU2G+xVZN8UMwuYYabL
/ZdLU4MT3eB1McBuXoOuFJjUjXoYUNGxlDzjVcEQUIiQ3Ws8e5zDNSF96S9YSTQx
Ke3/Mn4/9cYi7gF6S3Gfva/zGjFcFGiORVO9DksLFHnk0BBEnoB+5Cji+9v1LI9g
Rt7HY9060n4BE3Y+auGCxsEnpKVXFd9M1bRTfZ7iGKdrrrwqNO/I4LKf7wIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFAZ1ijKBmVJq0qsgilypdB8gHiAcMB8GA1UdIwQY
MBaAFM0+ZJLUcxUgwe7bzaKWeVAKwIOrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelQ1a2t0UnpGU0RCN3R2Tm9wWjVVQXJBZzZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS83YTEyNzQtMDNhYy00OTRkLWJhOGUt
Y2ZjZmZhM2MwNjY1LzEvQm5XS01vR1pVbXJTcXlDS1hLbDBIeUFlSUJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS83YTEyNzQtMDNhYy00OTRkLWJhOGUtY2ZjZmZhM2MwNjY1
LzEvelQ1a2t0UnpGU0RCN3R2Tm9wWjVVQXJBZzZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQCAjrgAwQC
uT3MAwQCuYVgAwQCub9AAwQCue4wMA0GCSqGSIb3DQEBCwUAA4IBAQA3h7fXehZC
Md/6MI616YDPpB5cqMQ5U1Bs8XrxRk0bBWt78HNqW9ZHntnwYCM8aRgFLCYQNKEp
npeT3ChE8ILdTfjzDy9uYEWIea25nONUGcWNtSJ6DrBH0+YjpO3CqWaMDd6KzTZu
AitclGWDfP2gU2JUtXrKNTT4vAC/BHY6eCpiGlcvr+1BKhrpygMA+yx2EyLZlOuu
2cP1OeneYIOCCB9HM6jLwleNdl008A/TygcFARprEO/0+aDw/G3pHswIfzRn/UsV
fnrB3oc38f+Fvp13gekmjz+Sf2b/t3EyQ6RdZOI0NGleB8zQI40Yd4ZKvg5j8cwJ
M1yzxN330ym8
-----END CERTIFICATE-----