Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/vDeUnJHVlej9WdMhNymWTH36Wxw.roa
File:                     vDeUnJHVlej9WdMhNymWTH36Wxw.roa (raw, json)
Hash identifier:          xLMdFMkxhpCOP98sCHJgXzaNJ0Gmp+JAYLxfkXcZAjU=
Subject key identifier:   BC:37:94:9C:91:D5:95:E8:FD:59:D3:21:37:29:96:4C:7D:FA:5B:1C
Certificate issuer:       /CN=9aee15c33de358938d6900a1b3c14480a389e85b
Certificate serial:       018572D5CD32C991306306C01EF157861FE3
Authority key identifier: 9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/vDeUnJHVlej9WdMhNymWTH36Wxw.roa
Signing time:             Mon 02 Jan 2023 14:14:52 +0000
ROA not before:           Mon 02 Jan 2023 14:14:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     52000
IP address blocks:        213.232.120.0/24 maxlen: 24
                          213.232.122.0/24 maxlen: 24
                          83.171.224.0/24 maxlen: 24
                          83.171.226.0/24 maxlen: 24
                          83.171.227.0/24 maxlen: 24
                          141.98.87.0/24 maxlen: 24
                          185.68.246.0/24 maxlen: 24
                          185.89.43.0/24 maxlen: 24
                          185.89.42.0/24 maxlen: 24
                          185.68.247.0/24 maxlen: 24
                          5.183.255.0/24 maxlen: 24
                          194.104.10.0/24 maxlen: 24
                          185.68.184.0/24 maxlen: 24
                          185.88.36.0/24 maxlen: 24
                          5.181.168.0/24 maxlen: 24
                          5.181.169.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 12:33:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:d5:cd:32:c9:91:30:63:06:c0:1e:f1:57:86:1f:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9aee15c33de358938d6900a1b3c14480a389e85b
        Validity
            Not Before: Jan  2 14:14:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=bc37949c91d595e8fd59d3213729964c7dfa5b1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:fe:61:5f:2e:15:ed:e9:35:4b:ab:38:f1:77:
                    1a:72:90:ef:57:42:93:8e:d0:a7:9a:26:d7:fa:35:
                    c8:32:2c:e8:db:bc:3b:65:77:cd:84:04:b7:d6:6c:
                    38:ce:09:63:1a:b8:be:b3:19:74:4b:5a:69:8e:e1:
                    48:1b:00:2f:cf:18:8b:2e:d9:9a:9b:81:f5:06:25:
                    be:5c:1e:67:35:41:fa:d6:8d:fe:ac:98:0a:63:79:
                    5e:3a:8c:45:ab:bd:09:49:97:c1:cf:a6:86:e3:e6:
                    3a:c7:fb:2d:98:58:8b:05:a6:71:de:3e:86:55:34:
                    89:59:7f:50:70:6c:eb:58:a9:10:12:25:7b:35:90:
                    82:65:80:e5:ce:73:72:22:ad:34:41:28:3f:5d:14:
                    20:8f:75:82:cd:78:c6:f4:35:b7:df:ac:d4:7f:a7:
                    a7:2c:31:95:ca:44:8d:e7:d8:a4:80:b5:77:de:85:
                    e4:ce:bc:97:3b:b3:68:62:09:e7:41:a1:4a:8d:82:
                    39:b8:f8:90:5c:77:eb:8d:71:1e:89:2f:74:4b:b2:
                    6a:8f:58:49:83:e3:af:09:30:eb:e0:8f:b7:c6:4c:
                    80:0f:e0:e2:4a:70:ae:21:b5:e6:68:92:b7:59:9b:
                    ba:5b:b1:4b:16:d6:d5:d3:52:f6:72:7d:ec:f0:88:
                    73:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:37:94:9C:91:D5:95:E8:FD:59:D3:21:37:29:96:4C:7D:FA:5B:1C
            X509v3 Authority Key Identifier:
                keyid:9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/vDeUnJHVlej9WdMhNymWTH36Wxw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.168.0/23
                  5.183.255.0/24
                  83.171.224.0/24
                  83.171.226.0/23
                  141.98.87.0/24
                  185.68.184.0/24
                  185.68.246.0/23
                  185.88.36.0/24
                  185.89.42.0/23
                  194.104.10.0/24
                  213.232.120.0/24
                  213.232.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:d4:ad:9a:be:83:48:e1:8c:3b:4a:f6:12:1b:69:e6:37:dc:
         83:e5:fd:ca:ae:a3:dd:02:1a:f2:8a:2e:e4:1d:bf:00:6b:72:
         4f:b4:02:4e:db:e9:10:c3:dc:da:0e:43:94:2a:de:95:df:77:
         41:91:cc:32:91:b1:e7:79:5a:7c:88:9e:1f:2d:ec:2a:34:e0:
         86:cd:6a:87:7d:ee:79:b7:5d:a7:f3:1a:86:f5:86:eb:b5:ea:
         6b:6f:ec:6e:cc:17:62:68:27:99:2e:1b:93:5f:d9:59:4a:57:
         d5:91:66:b0:66:d6:0a:2d:c1:ff:16:08:8b:6e:c9:ec:7a:ed:
         b6:5c:fa:0c:7a:87:cb:15:fe:9c:ad:62:18:0f:de:6e:6a:3c:
         98:a3:85:dc:10:21:fa:3d:df:f4:b9:02:98:59:7a:ed:c6:29:
         68:67:09:da:6d:26:39:af:35:09:23:eb:23:c9:b2:d4:f5:8f:
         02:81:d6:c7:8a:08:c4:67:9f:ae:df:1e:a3:d8:86:1d:6e:76:
         87:60:55:0e:aa:ef:56:7e:8c:3f:89:0d:46:3b:06:88:dd:c1:
         85:dc:09:c3:3f:2d:ad:55:8b:89:9b:d0:f9:35:59:df:d6:5a:
         8e:ce:0c:2c:79:a8:d9:7d:c9:5d:62:ca:6b:97:75:db:05:5a:
         be:f7:b7:94
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYVy1c0yyZEwYwbAHvFXhh/jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhZWUxNWMzM2RlMzU4OTM4ZDY5MDBhMWIzYzE0NDgwYTM4
OWU4NWIwHhcNMjMwMTAyMTQxNDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzM3OTQ5YzkxZDU5NWU4ZmQ1OWQzMjEzNzI5OTY0YzdkZmE1YjFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgf5hXy4V7ek1S6s48XcacpDvV0KT
jtCnmibX+jXIMizo27w7ZXfNhAS31mw4zgljGri+sxl0S1ppjuFIGwAvzxiLLtma
m4H1BiW+XB5nNUH61o3+rJgKY3leOoxFq70JSZfBz6aG4+Y6x/stmFiLBaZx3j6G
VTSJWX9QcGzrWKkQEiV7NZCCZYDlznNyIq00QSg/XRQgj3WCzXjG9DW336zUf6en
LDGVykSN59ikgLV33oXkzryXO7NoYgnnQaFKjYI5uPiQXHfrjXEeiS90S7Jqj1hJ
g+OvCTDr4I+3xkyAD+DiSnCuIbXmaJK3WZu6W7FLFtbV01L2cn3s8IhzAQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFLw3lJyR1ZXo/VnTITcplkx9+lscMB8GA1UdIwQY
MBaAFJruFcM941iTjWkAobPBRICjiehbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjIt
NmVlNTM0ZDkyZTUyLzEvdkRlVW5KSFZsZWo5V2RNaE55bVdUSDM2V3h3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjItNmVlNTM0ZDkyZTUy
LzEvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQBBbWoAwQA
Bbf/AwQAU6vgAwQBU6viAwQAjWJXAwQAuUS4AwQBuUT2AwQAuVgkAwQBuVkqAwQA
wmgKAwQA1eh4AwQA1eh6MA0GCSqGSIb3DQEBCwUAA4IBAQAV1K2avoNI4Yw7SvYS
G2nmN9yD5f3KrqPdAhryii7kHb8Aa3JPtAJO2+kQw9zaDkOUKt6V33dBkcwykbHn
eVp8iJ4fLewqNOCGzWqHfe55t12n8xqG9Ybrteprb+xuzBdiaCeZLhuTX9lZSlfV
kWawZtYKLcH/FgiLbsnseu22XPoMeofLFf6crWIYD95uajyYo4XcECH6Pd/0uQKY
WXrtxiloZwnabSY5rzUJI+sjybLU9Y8CgdbHigjEZ5+u3x6j2IYdbnaHYFUOqu9W
fow/iQ1GOwaI3cGF3AnDPy2tVYuJm9D5NVnf1lqOzgwseajZfcldYsprl3XbBVq+
97eU
-----END CERTIFICATE-----