Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/e9c8e9-b954-4d20-a426-8e0c31223db8/1/LDkQRKWeNvZulRPmH-CNwoRSdEU.roa
File:                     LDkQRKWeNvZulRPmH-CNwoRSdEU.roa (raw, json)
Hash identifier:          VWR8LMZ6kl+C2/kSl8qP/BXjcpb6nLaEM/PIPbIollA=
Subject key identifier:   2C:39:10:44:A5:9E:36:F6:6E:95:13:E6:1F:E0:8D:C2:84:52:74:45
Certificate issuer:       /CN=efa842e67147252505f41551f0f735b7f72e3e97
Certificate serial:       0192455C96E9FB572F9896B2A0702D5FC177
Authority key identifier: EF:A8:42:E6:71:47:25:25:05:F4:15:51:F0:F7:35:B7:F7:2E:3E:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/76hC5nFHJSUF9BVR8Pc1t_cuPpc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/e9c8e9-b954-4d20-a426-8e0c31223db8/1/LDkQRKWeNvZulRPmH-CNwoRSdEU.roa
Signing time:             Mon 30 Sep 2024 23:55:48 +0000
ROA not before:           Mon 30 Sep 2024 23:55:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        185.30.233.0/24 maxlen: 24
                          185.142.236.0/24 maxlen: 24
                          185.142.238.0/23 maxlen: 23
                          185.142.238.0/24 maxlen: 24
                          185.142.239.0/24 maxlen: 24
                          185.165.188.0/24 maxlen: 24
                          185.165.190.0/24 maxlen: 24
                          185.165.191.0/24 maxlen: 24
                          195.144.21.0/24 maxlen: 24
                          2a07:85c0::/48 maxlen: 48
                          2a07:85c1::/48 maxlen: 48
                          2a07:85c3::/48 maxlen: 48
                          2a07:85c5::/48 maxlen: 48
                          2a07:85c6::/48 maxlen: 48
Validation:               Failed, certificate revoked on Wed 02 Oct 2024 00:17:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:45:5c:96:e9:fb:57:2f:98:96:b2:a0:70:2d:5f:c1:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=efa842e67147252505f41551f0f735b7f72e3e97
        Validity
            Not Before: Sep 30 23:55:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2c391044a59e36f66e9513e61fe08dc284527445
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:29:4f:45:37:a3:17:a3:f9:b1:d4:06:f5:44:
                    51:65:b4:7d:ac:45:55:f1:08:c3:37:0f:5d:ef:c0:
                    f9:dc:ae:da:77:c9:dd:50:5a:e4:b8:e3:fe:79:28:
                    52:58:05:5d:c0:f9:d6:da:58:a5:9f:2a:53:33:99:
                    2e:fe:5a:79:8b:a8:20:77:ed:43:72:54:95:b6:fa:
                    04:ed:0c:81:8e:de:a5:70:eb:37:34:23:51:6a:0e:
                    e4:ae:e9:d9:c3:2d:9b:6c:05:a4:bb:64:8b:b3:1e:
                    45:99:de:d0:a8:f6:57:f2:92:b6:59:87:b6:98:b9:
                    3f:62:83:f9:54:e2:44:9d:a8:f0:44:e3:ad:1a:a4:
                    85:54:0b:92:b4:7d:4e:0a:1f:e5:c9:a0:2b:86:d7:
                    40:67:9a:45:6e:88:15:1c:08:37:74:3d:73:58:1a:
                    6d:96:94:3b:6c:52:f8:3b:9a:b7:fb:28:fc:99:ac:
                    19:7d:cf:22:26:48:f4:a4:62:7b:6e:7f:74:e2:b1:
                    92:d7:f5:99:d9:b1:d0:84:1b:cd:71:14:52:a3:ef:
                    e7:9e:2b:81:8f:c6:9a:6a:9c:1e:a2:46:03:9f:d1:
                    0d:cc:57:be:bd:bf:5d:12:bf:b0:5e:55:3d:60:e0:
                    f0:67:b4:16:11:5a:a2:31:7d:7a:5d:15:43:d4:be:
                    b6:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:39:10:44:A5:9E:36:F6:6E:95:13:E6:1F:E0:8D:C2:84:52:74:45
            X509v3 Authority Key Identifier:
                keyid:EF:A8:42:E6:71:47:25:25:05:F4:15:51:F0:F7:35:B7:F7:2E:3E:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/76hC5nFHJSUF9BVR8Pc1t_cuPpc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/e9c8e9-b954-4d20-a426-8e0c31223db8/1/LDkQRKWeNvZulRPmH-CNwoRSdEU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/e9c8e9-b954-4d20-a426-8e0c31223db8/1/76hC5nFHJSUF9BVR8Pc1t_cuPpc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.30.233.0/24
                  185.142.236.0/24
                  185.142.238.0/23
                  185.165.188.0/24
                  185.165.190.0/23
                  195.144.21.0/24
                IPv6:
                  2a07:85c0::/48
                  2a07:85c1::/48
                  2a07:85c3::/48
                  2a07:85c5::/48
                  2a07:85c6::/48

    Signature Algorithm: sha256WithRSAEncryption
         7b:12:16:d7:13:6b:95:7d:38:2b:69:b0:c6:cd:d3:6f:43:4e:
         4f:75:e3:8b:ee:ee:95:c9:f1:cb:2d:34:9e:e6:b1:3f:70:27:
         21:c9:f0:78:80:f4:9c:40:c0:98:2c:1c:34:ca:41:51:20:e4:
         1b:f1:04:92:7b:ef:7a:94:da:1b:c1:b1:fd:74:dd:23:5a:3e:
         4c:f3:4e:f7:f7:89:bd:2f:c0:10:18:29:65:e9:58:ef:cc:7e:
         fa:73:4c:5c:c0:d9:65:ad:e7:39:57:7c:9d:6e:17:0e:c6:d3:
         b8:e6:8a:9d:d9:db:44:98:3b:36:34:8b:7a:02:2d:3e:3d:07:
         06:af:b0:63:08:83:1d:d8:bd:7c:7a:3b:d8:b6:07:a9:e7:f7:
         3e:85:a8:70:d0:3a:c2:98:59:8e:87:5f:3f:eb:be:01:40:87:
         e1:8c:25:a2:8e:23:5b:bc:3c:43:a0:2c:35:33:19:8a:61:9c:
         b3:4a:dd:03:1e:d9:b6:4f:b6:89:5a:48:a5:27:a4:30:e5:c4:
         10:bd:2d:d1:df:9e:ed:35:63:2a:6d:43:fd:96:46:af:29:30:
         b2:c4:f3:72:42:0f:13:5c:9e:98:39:73:0c:95:aa:92:f8:e0:
         ab:b7:14:f6:2e:98:5c:da:1b:40:25:da:3d:c4:46:42:fb:ba:
         b4:e9:3f:e6
-----BEGIN CERTIFICATE-----
MIIFUDCCBDigAwIBAgISAZJFXJbp+1cvmJayoHAtX8F3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmYTg0MmU2NzE0NzI1MjUwNWY0MTU1MWYwZjczNWI3Zjcy
ZTNlOTcwHhcNMjQwOTMwMjM1NTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzM5MTA0NGE1OWUzNmY2NmU5NTEzZTYxZmUwOGRjMjg0NTI3NDQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3ClPRTejF6P5sdQG9URRZbR9rEVV
8QjDNw9d78D53K7ad8ndUFrkuOP+eShSWAVdwPnW2lilnypTM5ku/lp5i6ggd+1D
clSVtvoE7QyBjt6lcOs3NCNRag7krunZwy2bbAWku2SLsx5Fmd7QqPZX8pK2WYe2
mLk/YoP5VOJEnajwROOtGqSFVAuStH1OCh/lyaArhtdAZ5pFbogVHAg3dD1zWBpt
lpQ7bFL4O5q3+yj8mawZfc8iJkj0pGJ7bn904rGS1/WZ2bHQhBvNcRRSo+/nniuB
j8aaapweokYDn9ENzFe+vb9dEr+wXlU9YODwZ7QWEVqiMX16XRVD1L62gwIDAQAB
o4ICXDCCAlgwHQYDVR0OBBYEFCw5EESlnjb2bpUT5h/gjcKEUnRFMB8GA1UdIwQY
MBaAFO+oQuZxRyUlBfQVUfD3Nbf3Lj6XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzZoQzVuRkhKU1VGOUJWUjhQYzF0X2N1UHBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi9lOWM4ZTktYjk1NC00ZDIwLWE0MjYt
OGUwYzMxMjIzZGI4LzEvTERrUVJLV2VOdlp1bFJQbUgtQ053b1JTZEVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi9lOWM4ZTktYjk1NC00ZDIwLWE0MjYtOGUwYzMxMjIzZGI4
LzEvNzZoQzVuRkhKU1VGOUJWUjhQYzF0X2N1UHBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHIGCCsGAQUFBwEHAQH/BGMwYTAqBAIAATAkAwQAuR7pAwQA
uY7sAwQBuY7uAwQAuaW8AwQBuaW+AwQAw5AVMDMEAgACMC0DBwAqB4XAAAADBwAq
B4XBAAADBwAqB4XDAAADBwAqB4XFAAADBwAqB4XGAAAwDQYJKoZIhvcNAQELBQAD
ggEBAHsSFtcTa5V9OCtpsMbN029DTk9144vu7pXJ8cstNJ7msT9wJyHJ8HiA9JxA
wJgsHDTKQVEg5BvxBJJ773qU2hvBsf103SNaPkzzTvf3ib0vwBAYKWXpWO/Mfvpz
TFzA2WWt5zlXfJ1uFw7G07jmip3Z20SYOzY0i3oCLT49BwavsGMIgx3YvXx6O9i2
B6nn9z6FqHDQOsKYWY6HXz/rvgFAh+GMJaKOI1u8PEOgLDUzGYphnLNK3QMe2bZP
tolaSKUnpDDlxBC9LdHfnu01YyptQ/2WRq8pMLLE83JCDxNcnpg5cwyVqpL44Ku3
FPYumFzaG0Al2j3ERkL7urTpP+Y=
-----END CERTIFICATE-----