Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/x3ovNTsuyB-tCU1O1MnFKM62wFI.roa
File:                     x3ovNTsuyB-tCU1O1MnFKM62wFI.roa (raw, json)
Hash identifier:          7T5K7oqIMsQdRNWI9LgLou5E6TzmwzvVVU6t4XZjnHw=
Subject key identifier:   C7:7A:2F:35:3B:2E:C8:1F:AD:09:4D:4E:D4:C9:C5:28:CE:B6:C0:52
Certificate issuer:       /CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
Certificate serial:       018A05597ADA37C6037E6FA98EC5C3C7B845
Authority key identifier: 6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/x3ovNTsuyB-tCU1O1MnFKM62wFI.roa
Signing time:             Thu 17 Aug 2023 21:14:24 +0000
ROA not before:           Thu 17 Aug 2023 21:14:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     5503
IP address blocks:        217.180.0.0/17 maxlen: 24
                          194.238.32.0/19 maxlen: 24
                          213.18.192.0/18 maxlen: 24
                          194.154.0.0/19 maxlen: 24
                          194.238.64.0/19 maxlen: 24
                          217.181.0.0/17 maxlen: 24
                          62.171.192.0/18 maxlen: 24
                          217.177.64.0/19 maxlen: 24
                          185.192.228.0/22 maxlen: 24
                          217.179.0.0/16 maxlen: 24
                          217.177.0.0/18 maxlen: 24
                          2a02:fb0::/32 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 12:30:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:05:59:7a:da:37:c6:03:7e:6f:a9:8e:c5:c3:c7:b8:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
        Validity
            Not Before: Aug 17 21:14:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c77a2f353b2ec81fad094d4ed4c9c528ceb6c052
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:1a:5e:02:2c:42:a5:1a:a0:bb:d0:f3:7f:49:
                    4a:14:fb:d2:d5:10:a7:00:15:3f:fe:ad:d3:9f:0c:
                    16:04:d3:fe:3c:bd:3a:9d:7e:18:73:ed:c6:fe:27:
                    77:92:83:ba:20:27:6a:56:cb:cb:82:ab:3a:17:14:
                    95:5e:3f:99:e5:51:cb:e1:59:af:d5:6b:e9:a4:c8:
                    58:55:39:52:eb:bd:d0:35:01:25:c8:e5:a7:dc:9b:
                    b9:db:dc:17:f6:eb:1b:1c:cc:d1:16:ad:d3:fd:a5:
                    96:44:a1:aa:49:ef:46:9f:c8:da:ac:c7:4d:47:34:
                    90:3c:a6:70:60:30:c9:6d:69:db:4d:04:cf:07:2c:
                    60:c0:e6:dd:9a:0c:1f:8a:6a:d4:de:c5:03:9a:ad:
                    75:28:0c:af:d9:75:da:c7:e8:07:bf:e4:12:01:b8:
                    7d:f7:82:64:52:09:ed:e6:0a:bd:57:0a:7b:8d:66:
                    c8:34:a7:b9:3b:42:06:a2:a3:10:24:e5:49:4b:e3:
                    6a:1f:ef:bf:3d:7f:bd:fb:88:fd:3f:7e:e4:36:be:
                    2c:4b:62:0c:64:ff:38:38:c8:56:b6:d7:c3:27:c2:
                    66:eb:5d:6f:b2:98:63:e2:ec:1b:98:2a:a6:6d:e2:
                    e3:f8:ba:db:ee:55:cf:59:e8:1f:7e:83:91:d1:40:
                    7b:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:7A:2F:35:3B:2E:C8:1F:AD:09:4D:4E:D4:C9:C5:28:CE:B6:C0:52
            X509v3 Authority Key Identifier:
                keyid:6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/x3ovNTsuyB-tCU1O1MnFKM62wFI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.171.192.0/18
                  185.192.228.0/22
                  194.154.0.0/19
                  194.238.32.0-194.238.95.255
                  213.18.192.0/18
                  217.177.0.0-217.177.95.255
                  217.179.0.0-217.180.127.255
                  217.181.0.0/17
                IPv6:
                  2a02:fb0::/32

    Signature Algorithm: sha256WithRSAEncryption
         19:c0:fb:b8:31:ba:8d:2f:b4:3c:84:3f:7d:de:41:8e:18:90:
         2e:ac:79:9b:f3:32:74:d2:12:b6:1f:38:a4:3c:5b:98:c9:fc:
         43:f9:ed:fd:86:df:c3:cc:0e:ff:4e:ac:19:4c:e7:ea:10:4f:
         a9:e4:d3:08:18:a7:6c:94:dd:78:4b:6c:f9:36:45:17:c2:71:
         69:a9:eb:7c:d6:13:10:9a:71:58:11:df:9e:dd:91:0d:3c:87:
         34:90:91:ca:0c:88:c2:a2:d1:d3:64:2f:45:94:96:41:08:a9:
         97:3e:7e:8f:f2:69:2b:c1:b2:8b:b7:64:fe:b3:a0:67:25:db:
         51:75:5a:0b:e6:ed:b6:44:c5:b1:ec:bb:d1:05:60:05:db:90:
         5d:20:82:6c:72:f1:55:c0:b8:b5:f8:3b:1c:ff:2d:a2:24:4b:
         d7:03:37:87:05:42:b0:14:78:93:0e:41:2e:14:61:3a:04:92:
         b4:53:f9:19:8f:27:f1:cf:21:e0:49:5c:68:ce:b4:78:8b:bf:
         dd:b2:b1:3b:5d:b7:35:b7:3e:f6:a0:9f:0f:90:69:8c:81:90:
         40:af:6e:1a:9c:59:c0:2c:2e:95:a3:4e:26:bf:e5:53:0d:ca:
         2c:0b:87:3d:84:6f:f9:78:6d:4b:c0:d2:d2:2f:21:5f:1f:59:
         93:b6:c0:f3
-----BEGIN CERTIFICATE-----
MIIFTDCCBDSgAwIBAgISAYoFWXraN8YDfm+pjsXDx7hFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhNTgzNmRkZTliOWRhZWYzNWE4YTdmNzRkNjMyNmY2YjQy
ZGE3NGQwHhcNMjMwODE3MjExNDI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzdhMmYzNTNiMmVjODFmYWQwOTRkNGVkNGM5YzUyOGNlYjZjMDUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqhpeAixCpRqgu9Dzf0lKFPvS1RCn
ABU//q3TnwwWBNP+PL06nX4Yc+3G/id3koO6ICdqVsvLgqs6FxSVXj+Z5VHL4Vmv
1WvppMhYVTlS673QNQElyOWn3Ju529wX9usbHMzRFq3T/aWWRKGqSe9Gn8jarMdN
RzSQPKZwYDDJbWnbTQTPByxgwObdmgwfimrU3sUDmq11KAyv2XXax+gHv+QSAbh9
94JkUgnt5gq9Vwp7jWbINKe5O0IGoqMQJOVJS+NqH++/PX+9+4j9P37kNr4sS2IM
ZP84OMhWttfDJ8Jm611vsphj4uwbmCqmbeLj+Lrb7lXPWegffoOR0UB76wIDAQAB
o4ICWDCCAlQwHQYDVR0OBBYEFMd6LzU7LsgfrQlNTtTJxSjOtsBSMB8GA1UdIwQY
MBaAFGpYNt3pudrvNain901jJva0LadNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUt
YzE5OTQyNzM3ZTZkLzEveDNvdk5Uc3V5Qi10Q1UxTzFNbkZLTTYyd0ZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUtYzE5OTQyNzM3ZTZk
LzEvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG4GCCsGAQUFBwEHAQH/BF8wXTBMBAIAATBGAwQGPqvAAwQC
ucDkAwQFwpoAMAwDBAXC7iADBAXC7kADBAbVEsAwCwMDANmxAwQF2bFAMAsDAwDZ
swMEB9m0AAMEB9m1ADANBAIAAjAHAwUAKgIPsDANBgkqhkiG9w0BAQsFAAOCAQEA
GcD7uDG6jS+0PIQ/fd5BjhiQLqx5m/MydNISth84pDxbmMn8Q/nt/Ybfw8wO/06s
GUzn6hBPqeTTCBinbJTdeEts+TZFF8JxaanrfNYTEJpxWBHfnt2RDTyHNJCRygyI
wqLR02QvRZSWQQiplz5+j/JpK8Gyi7dk/rOgZyXbUXVaC+bttkTFsey70QVgBduQ
XSCCbHLxVcC4tfg7HP8toiRL1wM3hwVCsBR4kw5BLhRhOgSStFP5GY8n8c8h4Elc
aM60eIu/3bKxO123Nbc+9qCfD5BpjIGQQK9uGpxZwCwulaNOJr/lUw3KLAuHPYRv
+XhtS8DS0i8hXx9Zk7bA8w==
-----END CERTIFICATE-----