Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/JfgdzvfMHbk-B1xwWsPcs6bAeJs.roa
File:                     JfgdzvfMHbk-B1xwWsPcs6bAeJs.roa (raw, json)
Hash identifier:          BKicu8DGxCmo47Ba19KUlaENi1UYDH6C1GXoJY9dhq0=
Subject key identifier:   25:F8:1D:CE:F7:CC:1D:B9:3E:07:5C:70:5A:C3:DC:B3:A6:C0:78:9B
Certificate issuer:       /CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Certificate serial:       018E7B1D0D19CDCA340D8A424A136C2A6C5A
Authority key identifier: 6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/JfgdzvfMHbk-B1xwWsPcs6bAeJs.roa
Signing time:             Tue 26 Mar 2024 14:14:45 +0000
ROA not before:           Tue 26 Mar 2024 14:14:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6762
IP address blocks:        88.221.28.0/22 maxlen: 22
                          88.221.100.0/22 maxlen: 22
                          92.122.68.0/22 maxlen: 22
                          92.122.225.0/24 maxlen: 24
                          92.122.248.0/22 maxlen: 22
                          92.123.48.0/24 maxlen: 24
                          92.123.106.0/24 maxlen: 24
                          92.123.208.0/22 maxlen: 22
                          95.100.128.0/22 maxlen: 22
                          95.101.68.0/22 maxlen: 22
                          95.101.114.0/24 maxlen: 24
                          95.101.156.0/22 maxlen: 22
                          2a02:26f0:9700::/48 maxlen: 48

Validation:               Failed, certificate revoked on Wed 27 Mar 2024 10:54:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:7b:1d:0d:19:cd:ca:34:0d:8a:42:4a:13:6c:2a:6c:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
        Validity
            Not Before: Mar 26 14:14:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=25f81dcef7cc1db93e075c705ac3dcb3a6c0789b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:fb:89:b1:ad:dc:ce:c5:d0:5d:6a:80:e8:f8:
                    2c:9b:98:74:49:7e:8a:fe:5a:73:00:73:bf:79:3b:
                    b4:f7:94:23:e4:22:fc:84:87:c7:30:29:02:da:cd:
                    a0:b6:85:fd:d0:15:2b:e2:ff:c9:98:ca:b8:55:5b:
                    c9:f1:53:e0:76:0d:30:77:60:25:ed:5e:7d:39:4d:
                    bf:4f:f6:24:a4:b1:9d:6c:76:05:75:ef:14:5c:7a:
                    5e:11:6a:d6:c6:4e:89:0e:6a:f2:4b:b8:30:8f:a0:
                    01:e4:f3:47:6a:b8:ec:63:af:c4:01:3b:b6:c1:98:
                    b5:bd:ab:37:c6:4c:12:dd:03:1f:1e:8b:69:63:2a:
                    8d:4e:81:41:32:ee:e0:96:e1:b9:c0:c4:c8:20:dd:
                    7b:25:6c:81:b6:c4:ec:96:50:82:22:e1:e8:1a:83:
                    99:8c:17:c3:2d:7b:d9:31:97:36:e7:e4:0a:a3:af:
                    85:f1:ad:5b:57:dc:e9:f6:87:63:c2:90:b3:b9:7b:
                    2a:8c:f3:f0:a7:ce:e0:25:34:92:c7:11:bc:94:98:
                    b7:ff:e3:2d:fd:c7:7a:5f:b0:4d:fb:3b:49:c9:be:
                    1a:50:76:5c:fe:0a:05:11:74:8b:f0:f3:86:ee:f3:
                    46:99:6b:59:56:44:bf:3c:a9:5b:80:62:6b:82:77:
                    45:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:F8:1D:CE:F7:CC:1D:B9:3E:07:5C:70:5A:C3:DC:B3:A6:C0:78:9B
            X509v3 Authority Key Identifier:
                keyid:6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/JfgdzvfMHbk-B1xwWsPcs6bAeJs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.221.28.0/22
                  88.221.100.0/22
                  92.122.68.0/22
                  92.122.225.0/24
                  92.122.248.0/22
                  92.123.48.0/24
                  92.123.106.0/24
                  92.123.208.0/22
                  95.100.128.0/22
                  95.101.68.0/22
                  95.101.114.0/24
                  95.101.156.0/22
                IPv6:
                  2a02:26f0:9700::/48

    Signature Algorithm: sha256WithRSAEncryption
         26:3c:12:14:bd:d3:31:47:aa:9e:41:3a:db:89:7d:2a:92:9f:
         6d:2a:39:81:44:1c:62:2b:23:71:e4:69:b0:01:fa:d0:86:cb:
         af:67:5c:ec:b1:b8:79:17:88:9d:26:43:9c:60:60:e2:d0:b6:
         da:09:a3:ff:1f:8d:ea:6a:7b:0d:c5:40:ce:ae:53:4f:7f:85:
         c0:cc:25:7e:5f:72:ad:da:76:17:ec:eb:76:ba:cf:a5:b0:b9:
         f4:20:d3:f1:9b:36:21:f3:4d:78:86:51:b2:49:0b:57:73:eb:
         88:89:28:6f:30:a8:d4:cd:cf:10:5a:8d:d7:55:9d:b4:82:2c:
         b4:4a:f2:61:b1:95:7a:b7:5f:e4:90:dd:b3:7d:18:e8:ab:ca:
         02:47:7b:4a:e8:2d:3f:69:98:cc:da:13:f0:f2:e5:fc:1f:17:
         4b:29:21:df:ca:b2:0f:9e:49:d7:b6:ba:15:ef:d4:74:36:8d:
         e7:2a:d1:b3:b6:9d:db:48:9f:61:ef:66:45:5e:89:55:95:f3:
         06:29:3e:65:81:9b:41:ea:ab:b8:01:de:05:dc:8b:c8:1b:01:
         a0:26:e3:ce:d1:88:c1:b6:78:7c:fe:40:c4:38:29:3c:f8:c2:
         dc:98:c0:a1:b1:8a:9e:9a:55:8c:cb:d2:ad:ab:45:36:bd:57:
         8f:42:75:a0
-----BEGIN CERTIFICATE-----
MIIFUDCCBDigAwIBAgISAY57HQ0Zzco0DYpCShNsKmxaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNWZjYmJlYTQ4OTM3YTQ0MmJhYmRiMzMwMjEzMmM0YmM5
YmQ2YWEwHhcNMjQwMzI2MTQxNDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWY4MWRjZWY3Y2MxZGI5M2UwNzVjNzA1YWMzZGNiM2E2YzA3ODliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnfuJsa3czsXQXWqA6Pgsm5h0SX6K
/lpzAHO/eTu095Qj5CL8hIfHMCkC2s2gtoX90BUr4v/JmMq4VVvJ8VPgdg0wd2Al
7V59OU2/T/YkpLGdbHYFde8UXHpeEWrWxk6JDmryS7gwj6AB5PNHarjsY6/EATu2
wZi1vas3xkwS3QMfHotpYyqNToFBMu7gluG5wMTIIN17JWyBtsTsllCCIuHoGoOZ
jBfDLXvZMZc25+QKo6+F8a1bV9zp9odjwpCzuXsqjPPwp87gJTSSxxG8lJi3/+Mt
/cd6X7BN+ztJyb4aUHZc/goFEXSL8POG7vNGmWtZVkS/PKlbgGJrgndFSQIDAQAB
o4ICXDCCAlgwHQYDVR0OBBYEFCX4Hc73zB25PgdccFrD3LOmwHibMB8GA1UdIwQY
MBaAFGtfy76kiTekQrq9szAhMsS8m9aqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQt
ODhkMWNhYzllNGYxLzEvSmZnZHp2Zk1IYmstQjF4d1dzUGNzNmJBZUpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQtODhkMWNhYzllNGYx
LzEvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHIGCCsGAQUFBwEHAQH/BGMwYTBOBAIAATBIAwQCWN0cAwQC
WN1kAwQCXHpEAwQAXHrhAwQCXHr4AwQAXHswAwQAXHtqAwQCXHvQAwQCX2SAAwQC
X2VEAwQAX2VyAwQCX2WcMA8EAgACMAkDBwAqAibwlwAwDQYJKoZIhvcNAQELBQAD
ggEBACY8EhS90zFHqp5BOtuJfSqSn20qOYFEHGIrI3HkabAB+tCGy69nXOyxuHkX
iJ0mQ5xgYOLQttoJo/8fjepqew3FQM6uU09/hcDMJX5fcq3adhfs63a6z6WwufQg
0/GbNiHzTXiGUbJJC1dz64iJKG8wqNTNzxBajddVnbSCLLRK8mGxlXq3X+SQ3bN9
GOirygJHe0roLT9pmMzaE/Dy5fwfF0spId/Ksg+eSde2uhXv1HQ2jecq0bO2ndtI
n2HvZkVeiVWV8wYpPmWBm0Hqq7gB3gXci8gbAaAm487RiMG2eHz+QMQ4KTz4wtyY
wKGxip6aVYzL0q2rRTa9V49CdaA=
-----END CERTIFICATE-----