Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/9decaf-47eb-4349-9e86-01b8bb6ad90a/1/3Mbemc_Zwxd82uIu9QszG02ybzw.roa
File:                     3Mbemc_Zwxd82uIu9QszG02ybzw.roa (raw, json)
Hash identifier:          RHWX4LSqmiv3ggaKDHHwzuuLuCfHxE52iNk6TYWJ/JA=
Subject key identifier:   DC:C6:DE:99:CF:D9:C3:17:7C:DA:E2:2E:F5:0B:33:1B:4D:B2:6F:3C
Certificate issuer:       /CN=9502d8b8269c6b07f814acf0c7ed729b3f4b5984
Certificate serial:       018CC7942B6B707ECC60AE6B83AB3069E0A5
Authority key identifier: 95:02:D8:B8:26:9C:6B:07:F8:14:AC:F0:C7:ED:72:9B:3F:4B:59:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lQLYuCacawf4FKzwx-1ymz9LWYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/9decaf-47eb-4349-9e86-01b8bb6ad90a/1/3Mbemc_Zwxd82uIu9QszG02ybzw.roa
Signing time:             Tue 02 Jan 2024 00:30:25 +0000
ROA not before:           Tue 02 Jan 2024 00:30:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     54203
IP address blocks:        185.147.213.0/24 maxlen: 24
                          185.147.212.0/24 maxlen: 24
                          185.147.214.0/24 maxlen: 24
                          185.147.215.0/24 maxlen: 24
                          2a03:efc0:1100::/40 maxlen: 40
                          2a03:efc0:500::/40 maxlen: 40
                          2a03:efc0:700::/40 maxlen: 40
                          2a03:efc0:1500::/40 maxlen: 40
                          2a03:efc0:1700::/40 maxlen: 40
                          2a03:efc0:1900::/40 maxlen: 40
                          2a03:efc0:900::/40 maxlen: 40
                          2a03:efc0:1300::/40 maxlen: 40
                          2a03:efc0:200::/40 maxlen: 40

Validation:               Failed, certificate revoked on Wed 01 May 2024 16:20:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:2b:6b:70:7e:cc:60:ae:6b:83:ab:30:69:e0:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9502d8b8269c6b07f814acf0c7ed729b3f4b5984
        Validity
            Not Before: Jan  2 00:30:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dcc6de99cfd9c3177cdae22ef50b331b4db26f3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:f7:ac:a2:f6:ac:6f:8f:60:e6:d2:cd:a8:86:
                    78:21:73:f7:64:d8:22:0f:55:38:41:50:aa:06:b8:
                    a1:df:e2:30:31:a6:44:03:33:37:cf:55:f2:64:d1:
                    60:30:8c:93:96:73:17:a2:f2:c9:26:41:dd:84:1a:
                    9c:6e:4a:44:fd:ac:a4:9f:df:7a:c0:18:d8:75:1c:
                    8a:f5:0a:12:67:5c:2d:75:6a:32:22:7e:10:e2:53:
                    32:2e:5e:99:96:9d:05:a6:e4:cf:41:68:eb:07:e4:
                    41:ce:a5:de:9a:35:11:34:26:2a:e6:4a:b8:cb:23:
                    30:46:09:0c:07:f1:fc:9a:6d:99:d1:45:5a:d9:76:
                    8d:79:0e:cd:b7:e8:92:10:15:59:89:1e:63:1a:bf:
                    1b:1f:f0:d8:cd:04:47:82:6a:12:3e:10:81:32:de:
                    df:c5:0b:71:77:5c:1d:a9:14:f4:c9:db:4c:8c:0e:
                    16:df:44:b7:f8:17:1e:fa:1b:0f:fc:5d:c9:67:70:
                    3b:e2:02:73:b2:8d:05:d6:ad:fd:4a:00:37:3b:5c:
                    e7:b2:4b:d0:d1:13:63:8a:63:cd:6a:ae:70:ef:6c:
                    37:0c:15:eb:70:f4:d7:7b:9f:81:77:ca:6a:24:73:
                    a8:bc:2e:6e:f7:66:65:57:0c:20:35:53:d8:eb:3b:
                    d0:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:C6:DE:99:CF:D9:C3:17:7C:DA:E2:2E:F5:0B:33:1B:4D:B2:6F:3C
            X509v3 Authority Key Identifier:
                keyid:95:02:D8:B8:26:9C:6B:07:F8:14:AC:F0:C7:ED:72:9B:3F:4B:59:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lQLYuCacawf4FKzwx-1ymz9LWYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/9decaf-47eb-4349-9e86-01b8bb6ad90a/1/3Mbemc_Zwxd82uIu9QszG02ybzw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/9decaf-47eb-4349-9e86-01b8bb6ad90a/1/lQLYuCacawf4FKzwx-1ymz9LWYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.147.212.0/22
                IPv6:
                  2a03:efc0:200::/40
                  2a03:efc0:500::/40
                  2a03:efc0:700::/40
                  2a03:efc0:900::/40
                  2a03:efc0:1100::/40
                  2a03:efc0:1300::/40
                  2a03:efc0:1500::/40
                  2a03:efc0:1700::/40
                  2a03:efc0:1900::/40

    Signature Algorithm: sha256WithRSAEncryption
         52:b2:b3:51:bd:0c:c1:cb:38:4b:5d:a7:9f:9b:6e:c9:ab:aa:
         db:bd:f8:e8:0c:c1:ea:73:3c:d2:44:2f:26:84:87:61:dd:1f:
         67:fd:53:fa:96:15:c7:4c:06:9f:aa:ad:5f:4e:a0:52:ed:a7:
         44:b4:ee:44:73:ae:e2:bc:7d:e1:66:bb:1d:96:57:28:2c:57:
         de:c8:eb:8b:a2:42:c6:45:95:8c:5d:69:8f:37:d3:dc:b0:69:
         47:de:26:79:bd:3a:82:b1:26:99:71:e3:6b:a5:d9:4f:16:1b:
         16:df:d7:dd:10:a6:c7:0c:e2:11:c2:2e:a0:4c:0a:09:a8:9f:
         4b:88:4c:fa:1a:e8:9d:5d:90:93:3d:ef:a0:cc:de:f8:bc:94:
         fe:97:7e:d6:96:0c:30:71:7d:22:98:d0:50:c3:69:24:99:66:
         7f:ba:bb:cf:0b:b6:57:b6:8f:4a:f8:39:5f:bf:71:39:32:b0:
         58:15:79:33:29:c1:0c:44:fe:ef:18:94:19:c2:a5:09:40:8e:
         79:32:bc:11:53:10:8a:f2:90:76:e1:3c:79:16:f6:17:c6:ab:
         89:dd:c7:87:90:81:01:63:d9:7c:f9:f0:36:ab:3d:c7:c1:43:
         01:9e:80:74:3a:6a:3d:ab:50:b9:60:28:cc:04:93:45:a5:60:
         5f:d4:8d:df
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAYzHlCtrcH7MYK5rg6swaeClMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1MDJkOGI4MjY5YzZiMDdmODE0YWNmMGM3ZWQ3MjliM2Y0
YjU5ODQwHhcNMjQwMTAyMDAzMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2M2ZGU5OWNmZDljMzE3N2NkYWUyMmVmNTBiMzMxYjRkYjI2ZjNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkvesovasb49g5tLNqIZ4IXP3ZNgi
D1U4QVCqBrih3+IwMaZEAzM3z1XyZNFgMIyTlnMXovLJJkHdhBqcbkpE/aykn996
wBjYdRyK9QoSZ1wtdWoyIn4Q4lMyLl6Zlp0FpuTPQWjrB+RBzqXemjURNCYq5kq4
yyMwRgkMB/H8mm2Z0UVa2XaNeQ7Nt+iSEBVZiR5jGr8bH/DYzQRHgmoSPhCBMt7f
xQtxd1wdqRT0ydtMjA4W30S3+Bce+hsP/F3JZ3A74gJzso0F1q39SgA3O1znskvQ
0RNjimPNaq5w72w3DBXrcPTXe5+Bd8pqJHOovC5u92ZlVwwgNVPY6zvQrQIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFNzG3pnP2cMXfNriLvULMxtNsm88MB8GA1UdIwQY
MBaAFJUC2LgmnGsH+BSs8Mftcps/S1mEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFFMWXVDYWNhd2Y0Rkt6d3gtMXltejlMV1lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS85ZGVjYWYtNDdlYi00MzQ5LTllODYt
MDFiOGJiNmFkOTBhLzEvM01iZW1jX1p3eGQ4MnVJdTlRc3pHMDJ5Ynp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS85ZGVjYWYtNDdlYi00MzQ5LTllODYtMDFiOGJiNmFkOTBh
LzEvbFFMWXVDYWNhd2Y0Rkt6d3gtMXltejlMV1lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjAMBAIAATAGAwQCuZPUME4E
AgACMEgDBgAqA+/AAgMGACoD78AFAwYAKgPvwAcDBgAqA+/ACQMGACoD78ARAwYA
KgPvwBMDBgAqA+/AFQMGACoD78AXAwYAKgPvwBkwDQYJKoZIhvcNAQELBQADggEB
AFKys1G9DMHLOEtdp5+bbsmrqtu9+OgMwepzPNJELyaEh2HdH2f9U/qWFcdMBp+q
rV9OoFLtp0S07kRzruK8feFmux2WVygsV97I64uiQsZFlYxdaY8309ywaUfeJnm9
OoKxJplx42ul2U8WGxbf190QpscM4hHCLqBMCgmon0uITPoa6J1dkJM976DM3vi8
lP6XftaWDDBxfSKY0FDDaSSZZn+6u88Ltle2j0r4OV+/cTkysFgVeTMpwQxE/u8Y
lBnCpQlAjnkyvBFTEIrykHbhPHkW9hfGq4ndx4eQgQFj2Xz58DarPcfBQwGegHQ6
aj2rULlgKMwEk0WlYF/Ujd8=
-----END CERTIFICATE-----