Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/L2esxA5A44YoyGpK7ocTlg-aOYM.roa
File:                     L2esxA5A44YoyGpK7ocTlg-aOYM.roa (raw, json)
Hash identifier:          4u2bq+LVIlNiKTAJkDv2Icr3rihDLNvJgrwMpAtfIvI=
Subject key identifier:   2F:67:AC:C4:0E:40:E3:86:28:C8:6A:4A:EE:87:13:96:0F:9A:39:83
Certificate issuer:       /CN=1b2c219f3c297b775880c3b651a2003f9be6de5e
Certificate serial:       018FBC27E6CB08B44943F34E58FF0572D940
Authority key identifier: 1B:2C:21:9F:3C:29:7B:77:58:80:C3:B6:51:A2:00:3F:9B:E6:DE:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/L2esxA5A44YoyGpK7ocTlg-aOYM.roa
Signing time:             Mon 27 May 2024 22:24:42 +0000
ROA not before:           Mon 27 May 2024 22:24:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210644
IP address blocks:        77.221.136.0/22 maxlen: 22
                          77.221.140.0/22 maxlen: 22
                          77.221.148.0/24 maxlen: 24
                          77.221.149.0/24 maxlen: 24
                          77.221.152.0/23 maxlen: 23
                          77.221.154.0/23 maxlen: 23
                          77.221.156.0/23 maxlen: 23
                          77.221.158.0/23 maxlen: 23
                          109.120.132.0/23 maxlen: 23
                          109.120.134.0/23 maxlen: 23
                          109.120.149.0/24 maxlen: 24
                          109.120.150.0/24 maxlen: 24
                          109.120.151.0/24 maxlen: 24
                          109.120.152.0/24 maxlen: 24
                          109.120.176.0/23 maxlen: 23
                          109.120.178.0/23 maxlen: 23
                          109.120.184.0/23 maxlen: 23
                          109.120.186.0/23 maxlen: 23
                          109.120.186.0/24 maxlen: 24
                          109.120.187.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 10 Jun 2024 17:53:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:bc:27:e6:cb:08:b4:49:43:f3:4e:58:ff:05:72:d9:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b2c219f3c297b775880c3b651a2003f9be6de5e
        Validity
            Not Before: May 27 22:24:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2f67acc40e40e38628c86a4aee8713960f9a3983
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:d6:73:80:26:09:2a:00:32:28:dc:a4:83:e2:
                    00:c8:f6:e3:c1:d5:4b:e7:a5:ca:c1:0d:29:e0:94:
                    6d:72:8f:69:77:25:e9:ed:d2:32:97:3a:ca:fb:8e:
                    57:21:6b:89:5a:2a:92:6f:ff:64:46:94:ba:01:59:
                    2c:21:76:7d:af:6f:1c:dd:11:2f:c5:6a:32:3e:6a:
                    aa:5c:c8:88:5c:d3:46:a8:f3:70:58:fa:e8:2f:59:
                    1c:9c:1a:a9:37:ea:80:48:e5:a0:89:69:72:b2:04:
                    f3:d7:fb:87:d0:6d:37:9d:cf:b6:75:2f:6c:99:e4:
                    1c:00:8f:bf:35:53:e4:38:fd:8b:7d:da:09:5f:74:
                    3d:99:83:4a:8b:80:50:44:d1:d8:17:87:6e:b1:88:
                    41:a2:dc:2f:0d:7b:71:9f:bd:5e:88:8b:66:a2:ab:
                    cf:e0:db:bb:61:ae:4a:d7:7e:36:85:d0:2d:77:bd:
                    51:7f:17:bb:fe:10:27:38:97:0a:76:00:f3:f6:ec:
                    f9:48:c4:61:52:10:0e:cc:3b:c5:56:c6:d8:3d:86:
                    f6:31:0c:76:94:93:10:9f:a2:88:86:91:cd:a6:36:
                    41:71:b5:e2:01:7b:ea:61:5f:11:3d:3a:e3:ff:e3:
                    a4:9b:a6:cd:ce:db:94:b2:c3:51:4e:69:ae:fc:ea:
                    8e:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:67:AC:C4:0E:40:E3:86:28:C8:6A:4A:EE:87:13:96:0F:9A:39:83
            X509v3 Authority Key Identifier:
                keyid:1B:2C:21:9F:3C:29:7B:77:58:80:C3:B6:51:A2:00:3F:9B:E6:DE:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/L2esxA5A44YoyGpK7ocTlg-aOYM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.221.136.0/21
                  77.221.148.0/23
                  77.221.152.0/21
                  109.120.132.0/22
                  109.120.149.0-109.120.152.255
                  109.120.176.0/22
                  109.120.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a8:b4:50:1a:a2:0b:85:26:f7:f9:e5:fe:c9:f4:63:06:2d:9f:
         32:fe:2f:1c:45:3a:43:12:1f:80:3b:d0:28:e4:6c:3c:3a:2b:
         e4:34:f8:74:40:91:1b:07:07:a0:32:32:2f:be:f6:95:03:1b:
         30:42:f3:1f:7a:2f:e3:c2:45:3b:55:df:22:55:69:35:d6:9e:
         75:39:10:9d:c1:1c:81:67:96:24:09:0d:d9:8c:3e:18:04:e0:
         0e:cf:50:bd:0b:02:47:28:ec:29:22:11:9f:8a:02:ff:10:6b:
         1f:15:84:e7:69:12:67:ca:5b:bf:f4:82:6b:67:51:ce:b0:0d:
         19:db:32:76:da:c5:6d:4d:8b:47:0b:0f:33:ec:4a:0b:ab:ec:
         22:c1:a4:9c:7e:02:a6:59:56:51:c1:3d:c9:99:eb:5d:17:c6:
         de:53:c7:a5:e1:26:de:25:b5:fc:81:13:c5:75:25:3a:cd:cd:
         66:e3:73:8f:d4:9a:a0:99:57:6d:b5:d7:07:3a:9b:03:1c:2f:
         8e:3e:06:b9:a1:02:cd:c3:b9:2f:cb:2e:33:fa:f6:8f:69:89:
         e2:b1:46:07:b0:d5:39:14:ee:08:8b:5d:92:c1:f1:9b:44:1e:
         ba:d9:0d:15:b9:99:2c:b8:c9:79:fb:8c:f9:a1:b7:f1:6b:36:
         0c:22:a9:b7
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAY+8J+bLCLRJQ/NOWP8FctlAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMmMyMTlmM2MyOTdiNzc1ODgwYzNiNjUxYTIwMDNmOWJl
NmRlNWUwHhcNMjQwNTI3MjIyNDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjY3YWNjNDBlNDBlMzg2MjhjODZhNGFlZTg3MTM5NjBmOWEzOTgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx9ZzgCYJKgAyKNykg+IAyPbjwdVL
56XKwQ0p4JRtco9pdyXp7dIylzrK+45XIWuJWiqSb/9kRpS6AVksIXZ9r28c3REv
xWoyPmqqXMiIXNNGqPNwWProL1kcnBqpN+qASOWgiWlysgTz1/uH0G03nc+2dS9s
meQcAI+/NVPkOP2LfdoJX3Q9mYNKi4BQRNHYF4dusYhBotwvDXtxn71eiItmoqvP
4Nu7Ya5K1342hdAtd71Rfxe7/hAnOJcKdgDz9uz5SMRhUhAOzDvFVsbYPYb2MQx2
lJMQn6KIhpHNpjZBcbXiAXvqYV8RPTrj/+Okm6bNztuUssNRTmmu/OqOwQIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFC9nrMQOQOOGKMhqSu6HE5YPmjmDMB8GA1UdIwQY
MBaAFBssIZ88KXt3WIDDtlGiAD+b5t5eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3l3aG56d3BlM2RZZ01PMlVhSUFQNXZtM2w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9iMTFhNDAtNDhlOS00ZTA2LWJmMTEt
OTJjODFmMjJlNzEyLzEvTDJlc3hBNUE0NFlveUdwSzdvY1RsZy1hT1lNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9iMTFhNDAtNDhlOS00ZTA2LWJmMTEtOTJjODFmMjJlNzEy
LzEvR3l3aG56d3BlM2RZZ01PMlVhSUFQNXZtM2w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQDTd2IAwQB
Td2UAwQDTd2YAwQCbXiEMAwDBABteJUDBABteJgDBAJteLADBAJteLgwDQYJKoZI
hvcNAQELBQADggEBAKi0UBqiC4Um9/nl/sn0YwYtnzL+LxxFOkMSH4A70CjkbDw6
K+Q0+HRAkRsHB6AyMi++9pUDGzBC8x96L+PCRTtV3yJVaTXWnnU5EJ3BHIFnliQJ
DdmMPhgE4A7PUL0LAkco7CkiEZ+KAv8Qax8VhOdpEmfKW7/0gmtnUc6wDRnbMnba
xW1Ni0cLDzPsSgur7CLBpJx+AqZZVlHBPcmZ610Xxt5Tx6XhJt4ltfyBE8V1JTrN
zWbjc4/UmqCZV2211wc6mwMcL44+BrmhAs3DuS/LLjP69o9pieKxRgew1TkU7giL
XZLB8ZtEHrrZDRW5mSy4yXn7jPmht/FrNgwiqbc=
-----END CERTIFICATE-----