Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/9decaf-47eb-4349-9e86-01b8bb6ad90a/1/O-j_WULPQ0YdtD1cGc6kgrYddSw.roa
File:                     O-j_WULPQ0YdtD1cGc6kgrYddSw.roa (raw, json)
Hash identifier:          sBCSLL9e2UNaWz8NZTNqncvR6UopSCwIStIDVC/J4dw=
Subject key identifier:   3B:E8:FF:59:42:CF:43:46:1D:B4:3D:5C:19:CE:A4:82:B6:1D:75:2C
Certificate issuer:       /CN=9502d8b8269c6b07f814acf0c7ed729b3f4b5984
Certificate serial:       018D7AF249D22C9A21EB3623B295F5CC9950
Authority key identifier: 95:02:D8:B8:26:9C:6B:07:F8:14:AC:F0:C7:ED:72:9B:3F:4B:59:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lQLYuCacawf4FKzwx-1ymz9LWYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/9decaf-47eb-4349-9e86-01b8bb6ad90a/1/O-j_WULPQ0YdtD1cGc6kgrYddSw.roa
Signing time:             Mon 05 Feb 2024 20:25:15 +0000
ROA not before:           Mon 05 Feb 2024 20:25:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62651
IP address blocks:        185.147.214.0/24 maxlen: 24
                          2a03:efc0:900::/40 maxlen: 40
                          2a03:efc0:1700::/40 maxlen: 40
                          2a03:efc0:2300::/40 maxlen: 40
                          2a03:efc0:2500::/40 maxlen: 40
                          2a03:efc0:2700::/40 maxlen: 40
                          2a03:efc0:2900::/40 maxlen: 40
                          2a03:efc0:3100::/40 maxlen: 40
                          2a03:efc0:3300::/40 maxlen: 40
                          2a03:efc0:3500::/40 maxlen: 40
                          2a03:efc0:3700::/40 maxlen: 40
                          2a03:efc0:4100::/40 maxlen: 40

Validation:               Failed, certificate revoked on Wed 03 Jul 2024 02:13:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:7a:f2:49:d2:2c:9a:21:eb:36:23:b2:95:f5:cc:99:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9502d8b8269c6b07f814acf0c7ed729b3f4b5984
        Validity
            Not Before: Feb  5 20:25:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3be8ff5942cf43461db43d5c19cea482b61d752c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:e6:09:37:30:71:10:4c:59:32:3d:26:1b:1d:
                    f7:ab:d0:49:f6:56:3f:57:00:42:4a:30:78:a7:be:
                    bd:48:ff:c2:dd:5e:2e:07:4e:ca:4f:ec:f7:8a:87:
                    b8:e4:e0:20:0b:f8:64:fd:6f:54:ea:90:39:30:cd:
                    fb:9c:28:1b:d1:55:5f:83:3b:69:7e:3f:ac:2d:b4:
                    bd:73:3c:81:e3:d1:10:1a:40:ae:6e:7e:0d:b8:48:
                    6d:95:6f:8a:22:ab:f4:25:91:cf:5d:81:82:ec:0f:
                    06:31:c2:3f:ff:9b:3f:84:a5:37:c4:a4:cd:37:04:
                    81:5b:60:b6:8e:c8:1f:07:00:f9:09:02:be:d5:1c:
                    d1:ff:c1:4b:43:4d:21:02:0f:17:44:3c:45:00:81:
                    d1:1d:24:af:cf:3d:89:6e:d4:1b:9c:bf:e0:8b:15:
                    73:fc:33:78:25:af:38:db:4f:16:10:86:0e:ee:ca:
                    80:f1:8d:3b:17:43:c4:e7:ed:a8:dc:73:34:e4:3e:
                    4f:15:bb:d1:f8:94:e3:96:5f:6b:21:a4:81:e9:ce:
                    51:8c:9d:cb:96:6a:18:fa:4d:9a:c7:47:18:79:55:
                    27:28:39:df:94:ea:c1:fd:97:e3:aa:ea:e1:b3:79:
                    bc:de:cc:9d:45:a3:4b:a2:81:55:fa:9e:79:e5:50:
                    2c:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:E8:FF:59:42:CF:43:46:1D:B4:3D:5C:19:CE:A4:82:B6:1D:75:2C
            X509v3 Authority Key Identifier:
                keyid:95:02:D8:B8:26:9C:6B:07:F8:14:AC:F0:C7:ED:72:9B:3F:4B:59:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lQLYuCacawf4FKzwx-1ymz9LWYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/9decaf-47eb-4349-9e86-01b8bb6ad90a/1/O-j_WULPQ0YdtD1cGc6kgrYddSw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/9decaf-47eb-4349-9e86-01b8bb6ad90a/1/lQLYuCacawf4FKzwx-1ymz9LWYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.147.214.0/24
                IPv6:
                  2a03:efc0:900::/40
                  2a03:efc0:1700::/40
                  2a03:efc0:2300::/40
                  2a03:efc0:2500::/40
                  2a03:efc0:2700::/40
                  2a03:efc0:2900::/40
                  2a03:efc0:3100::/40
                  2a03:efc0:3300::/40
                  2a03:efc0:3500::/40
                  2a03:efc0:3700::/40
                  2a03:efc0:4100::/40

    Signature Algorithm: sha256WithRSAEncryption
         77:93:c9:4a:d8:cf:cc:0b:0d:f0:47:a6:7c:5c:6f:78:c5:06:
         bf:66:1c:53:7b:8e:0c:c7:6c:23:4c:bc:e8:6d:6e:33:b8:39:
         8d:75:db:4f:86:17:92:a6:2b:c1:24:06:9c:aa:d8:07:a0:7d:
         83:bf:2e:ec:ff:7b:6a:49:c1:13:7b:4b:5e:5d:04:2b:74:95:
         ce:75:ea:45:29:d8:97:53:70:0e:9e:d0:0d:a5:ef:ff:94:46:
         a0:96:15:6c:7d:8a:b9:7e:0e:ae:ec:11:be:61:5c:e3:22:f8:
         b8:74:86:fc:18:8e:2f:ea:43:1c:b5:9f:4d:f8:b5:4b:1c:f8:
         1a:9a:00:53:9a:b8:73:47:8b:56:51:9c:20:23:53:59:0e:10:
         a5:96:47:b1:a9:2f:a1:13:41:2e:0c:d3:61:22:2e:c9:e4:a6:
         77:a5:86:24:1d:35:c8:ce:87:ff:21:81:e1:cf:06:69:b3:a3:
         db:b0:f9:5a:e6:9f:76:b8:61:ec:87:5e:d7:79:67:44:dc:fb:
         b7:09:bd:51:2d:a3:bc:93:4e:37:c5:3c:c5:0f:a2:03:03:81:
         8d:d5:2a:d4:ae:7a:ee:08:39:a1:4b:a7:bd:b2:5e:0b:d7:c9:
         91:4a:ff:3c:3d:67:24:f9:ff:86:a9:03:57:6b:85:b6:65:34:
         53:05:b1:f9
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgISAY168knSLJoh6zYjspX1zJlQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1MDJkOGI4MjY5YzZiMDdmODE0YWNmMGM3ZWQ3MjliM2Y0
YjU5ODQwHhcNMjQwMjA1MjAyNTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmU4ZmY1OTQyY2Y0MzQ2MWRiNDNkNWMxOWNlYTQ4MmI2MWQ3NTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiOYJNzBxEExZMj0mGx33q9BJ9lY/
VwBCSjB4p769SP/C3V4uB07KT+z3ioe45OAgC/hk/W9U6pA5MM37nCgb0VVfgztp
fj+sLbS9czyB49EQGkCubn4NuEhtlW+KIqv0JZHPXYGC7A8GMcI//5s/hKU3xKTN
NwSBW2C2jsgfBwD5CQK+1RzR/8FLQ00hAg8XRDxFAIHRHSSvzz2JbtQbnL/gixVz
/DN4Ja84208WEIYO7sqA8Y07F0PE5+2o3HM05D5PFbvR+JTjll9rIaSB6c5RjJ3L
lmoY+k2ax0cYeVUnKDnflOrB/Zfjqurhs3m83sydRaNLooFV+p555VAsWwIDAQAB
o4ICaTCCAmUwHQYDVR0OBBYEFDvo/1lCz0NGHbQ9XBnOpIK2HXUsMB8GA1UdIwQY
MBaAFJUC2LgmnGsH+BSs8Mftcps/S1mEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFFMWXVDYWNhd2Y0Rkt6d3gtMXltejlMV1lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS85ZGVjYWYtNDdlYi00MzQ5LTllODYt
MDFiOGJiNmFkOTBhLzEvTy1qX1dVTFBRMFlkdEQxY0djNmtncllkZFN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS85ZGVjYWYtNDdlYi00MzQ5LTllODYtMDFiOGJiNmFkOTBh
LzEvbFFMWXVDYWNhd2Y0Rkt6d3gtMXltejlMV1lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH8GCCsGAQUFBwEHAQH/BHAwbjAMBAIAATAGAwQAuZPWMF4E
AgACMFgDBgAqA+/ACQMGACoD78AXAwYAKgPvwCMDBgAqA+/AJQMGACoD78AnAwYA
KgPvwCkDBgAqA+/AMQMGACoD78AzAwYAKgPvwDUDBgAqA+/ANwMGACoD78BBMA0G
CSqGSIb3DQEBCwUAA4IBAQB3k8lK2M/MCw3wR6Z8XG94xQa/ZhxTe44Mx2wjTLzo
bW4zuDmNddtPhheSpivBJAacqtgHoH2Dvy7s/3tqScETe0teXQQrdJXOdepFKdiX
U3AOntANpe//lEaglhVsfYq5fg6u7BG+YVzjIvi4dIb8GI4v6kMctZ9N+LVLHPga
mgBTmrhzR4tWUZwgI1NZDhCllkexqS+hE0EuDNNhIi7J5KZ3pYYkHTXIzof/IYHh
zwZps6PbsPla5p92uGHsh17XeWdE3Pu3Cb1RLaO8k043xTzFD6IDA4GN1SrUrnru
CDmhS6e9sl4L18mRSv88PWck+f+GqQNXa4W2ZTRTBbH5
-----END CERTIFICATE-----