Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/PqVxbHemoXSECVDz12PHTcFd-tg.roa
File:                     PqVxbHemoXSECVDz12PHTcFd-tg.roa (raw, json)
Hash identifier:          CcVXeU+tvn8exwaffLlli0SJcBM2hONSIoDXLHsZs8g=
Subject key identifier:   3E:A5:71:6C:77:A6:A1:74:84:09:50:F3:D7:63:C7:4D:C1:5D:FA:D8
Certificate issuer:       /CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
Certificate serial:       018F0CE150EA53415677C76A2D7040BF127F
Authority key identifier: 6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/PqVxbHemoXSECVDz12PHTcFd-tg.roa
Signing time:             Tue 23 Apr 2024 21:34:03 +0000
ROA not before:           Tue 23 Apr 2024 21:34:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5503
IP address blocks:        62.171.192.0/18 maxlen: 24
                          185.192.228.0/22 maxlen: 24
                          194.154.0.0/19 maxlen: 24
                          194.238.32.0/19 maxlen: 24
                          194.238.64.0/19 maxlen: 24
                          213.18.192.0/18 maxlen: 24
                          217.177.0.0/18 maxlen: 24
                          217.177.64.0/19 maxlen: 24
                          217.179.0.0/17 maxlen: 24
                          217.179.192.0/18 maxlen: 24
                          217.180.0.0/19 maxlen: 24
                          217.180.32.0/20 maxlen: 24
                          217.180.48.0/21 maxlen: 24
                          217.180.56.0/22 maxlen: 24
                          217.181.0.0/18 maxlen: 24
                          217.181.64.0/19 maxlen: 24
                          2a02:fb0::/32 maxlen: 48

Validation:               Failed, certificate revoked on Tue 21 May 2024 21:34:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:0c:e1:50:ea:53:41:56:77:c7:6a:2d:70:40:bf:12:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
        Validity
            Not Before: Apr 23 21:34:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3ea5716c77a6a174840950f3d763c74dc15dfad8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:9f:aa:81:bd:e1:1a:8a:ca:16:6d:8a:03:45:
                    69:ad:45:b3:4e:cb:79:48:e7:c2:68:91:3d:cf:0d:
                    ed:db:ee:73:3e:dd:c1:b5:db:0d:2c:93:b4:a4:2c:
                    fc:ef:11:42:12:2a:73:50:d7:b4:95:2e:1b:c0:36:
                    a6:2e:9e:5b:48:4c:09:e4:e0:af:b9:2f:eb:29:8d:
                    90:13:19:99:1a:43:58:45:9b:93:63:f1:49:96:46:
                    80:28:5c:7b:51:31:10:34:0c:a4:5b:84:4a:96:f4:
                    78:36:96:27:00:66:41:d1:17:76:f4:26:10:b8:f0:
                    e0:34:0f:4d:e6:af:b6:ac:a8:90:46:a4:c8:6e:49:
                    0c:45:3d:55:99:3f:c7:0e:90:1c:2e:f7:83:75:1c:
                    9a:ba:31:5d:04:ba:d2:4c:f9:df:df:6a:0d:7c:bb:
                    e9:63:f2:f7:eb:30:1a:8b:16:93:e5:2d:f7:85:d5:
                    3d:b5:18:5d:00:15:f1:00:98:76:0b:2a:82:04:6b:
                    9c:c1:81:c3:d5:31:a4:87:13:1c:8c:48:39:30:f1:
                    fe:29:6a:78:98:45:d7:d2:14:37:03:3f:e7:1b:7a:
                    23:b6:3c:f6:29:67:13:a2:bf:5c:e5:98:5c:d1:ef:
                    9f:e7:87:74:e1:e4:5b:f0:3e:b7:7f:80:30:2b:5c:
                    b4:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:A5:71:6C:77:A6:A1:74:84:09:50:F3:D7:63:C7:4D:C1:5D:FA:D8
            X509v3 Authority Key Identifier:
                keyid:6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/PqVxbHemoXSECVDz12PHTcFd-tg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.171.192.0/18
                  185.192.228.0/22
                  194.154.0.0/19
                  194.238.32.0-194.238.95.255
                  213.18.192.0/18
                  217.177.0.0-217.177.95.255
                  217.179.0.0/17
                  217.179.192.0-217.180.59.255
                  217.181.0.0-217.181.95.255
                IPv6:
                  2a02:fb0::/32

    Signature Algorithm: sha256WithRSAEncryption
         36:87:05:ff:0d:63:09:22:45:1b:cb:e8:07:cb:5d:94:ba:96:
         24:66:5d:97:be:bc:5b:57:ad:45:c3:8c:19:e9:62:f2:fa:0b:
         86:d8:d1:a2:b0:38:22:58:92:1e:23:0a:81:3c:73:ec:ee:9c:
         c8:85:89:77:af:d9:47:38:40:6e:08:3f:48:db:52:bb:e4:5a:
         5c:9f:7d:da:88:fc:46:cf:b0:64:70:f1:0a:6a:81:21:df:a3:
         01:ef:bb:c6:cd:9a:c3:66:db:c8:ee:33:a3:f8:c3:91:0d:11:
         46:08:4f:92:e4:24:ab:27:30:89:c3:2b:b0:20:a1:55:a8:9a:
         25:82:18:f1:bb:63:86:42:1d:96:ff:7b:2e:2e:ae:0a:df:4c:
         fa:70:7f:28:ad:7a:e2:9a:94:30:a8:45:69:a1:46:51:6e:e0:
         01:3f:05:ed:fc:b0:a0:a7:6d:52:46:7c:0a:2d:81:95:c9:87:
         3f:a2:33:9a:ed:ea:6d:72:3e:98:a9:7e:cb:e8:73:46:d9:d2:
         ef:4b:8e:20:28:5e:b7:34:c0:41:90:11:65:2d:7f:7d:6d:19:
         1b:51:28:53:6d:26:0b:e1:e7:9b:c7:ff:e2:aa:f2:a5:d1:d4:
         6a:06:9b:e6:cb:26:5f:66:d0:46:e9:56:cb:b1:28:b4:bd:04:
         cc:38:c5:5b
-----BEGIN CERTIFICATE-----
MIIFWjCCBEKgAwIBAgISAY8M4VDqU0FWd8dqLXBAvxJ/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhNTgzNmRkZTliOWRhZWYzNWE4YTdmNzRkNjMyNmY2YjQy
ZGE3NGQwHhcNMjQwNDIzMjEzNDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWE1NzE2Yzc3YTZhMTc0ODQwOTUwZjNkNzYzYzc0ZGMxNWRmYWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo5+qgb3hGorKFm2KA0VprUWzTst5
SOfCaJE9zw3t2+5zPt3BtdsNLJO0pCz87xFCEipzUNe0lS4bwDamLp5bSEwJ5OCv
uS/rKY2QExmZGkNYRZuTY/FJlkaAKFx7UTEQNAykW4RKlvR4NpYnAGZB0Rd29CYQ
uPDgNA9N5q+2rKiQRqTIbkkMRT1VmT/HDpAcLveDdRyaujFdBLrSTPnf32oNfLvp
Y/L36zAaixaT5S33hdU9tRhdABXxAJh2CyqCBGucwYHD1TGkhxMcjEg5MPH+KWp4
mEXX0hQ3Az/nG3ojtjz2KWcTor9c5Zhc0e+f54d04eRb8D63f4AwK1y0YQIDAQAB
o4ICZjCCAmIwHQYDVR0OBBYEFD6lcWx3pqF0hAlQ89djx03BXfrYMB8GA1UdIwQY
MBaAFGpYNt3pudrvNain901jJva0LadNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUt
YzE5OTQyNzM3ZTZkLzEvUHFWeGJIZW1vWFNFQ1ZEejEyUEhUY0ZkLXRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUtYzE5OTQyNzM3ZTZk
LzEvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHwGCCsGAQUFBwEHAQH/BG0wazBaBAIAATBUAwQGPqvAAwQC
ucDkAwQFwpoAMAwDBAXC7iADBAXC7kADBAbVEsAwCwMDANmxAwQF2bFAAwQH2bMA
MAwDBAbZs8ADBALZtDgwCwMDANm1AwQF2bVAMA0EAgACMAcDBQAqAg+wMA0GCSqG
SIb3DQEBCwUAA4IBAQA2hwX/DWMJIkUby+gHy12UupYkZl2XvrxbV61Fw4wZ6WLy
+guG2NGisDgiWJIeIwqBPHPs7pzIhYl3r9lHOEBuCD9I21K75Fpcn33aiPxGz7Bk
cPEKaoEh36MB77vGzZrDZtvI7jOj+MORDRFGCE+S5CSrJzCJwyuwIKFVqJolghjx
u2OGQh2W/3suLq4K30z6cH8orXrimpQwqEVpoUZRbuABPwXt/LCgp21SRnwKLYGV
yYc/ojOa7eptcj6YqX7L6HNG2dLvS44gKF63NMBBkBFlLX99bRkbUShTbSYL4eeb
x//iqvKl0dRqBpvmyyZfZtBG6VbLsSi0vQTMOMVb
-----END CERTIFICATE-----