Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/9decaf-47eb-4349-9e86-01b8bb6ad90a/1/ZxyAnr3lyccvFTEtCfs9P7DYiWs.roa
File:                     ZxyAnr3lyccvFTEtCfs9P7DYiWs.roa (raw, json)
Hash identifier:          osj+DUX68vkW8M3BnrY2/VC35hpQe12FKjFCmevmwnA=
Subject key identifier:   67:1C:80:9E:BD:E5:C9:C7:2F:15:31:2D:09:FB:3D:3F:B0:D8:89:6B
Certificate issuer:       /CN=9502d8b8269c6b07f814acf0c7ed729b3f4b5984
Certificate serial:       0190765E21413F6AF3AD6CB100B2E2B98665
Authority key identifier: 95:02:D8:B8:26:9C:6B:07:F8:14:AC:F0:C7:ED:72:9B:3F:4B:59:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lQLYuCacawf4FKzwx-1ymz9LWYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/9decaf-47eb-4349-9e86-01b8bb6ad90a/1/ZxyAnr3lyccvFTEtCfs9P7DYiWs.roa
Signing time:             Wed 03 Jul 2024 02:13:18 +0000
ROA not before:           Wed 03 Jul 2024 02:13:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62651
IP address blocks:        185.147.214.0/24 maxlen: 24
                          2a03:efc0:900::/40 maxlen: 40
                          2a03:efc0:1500::/40 maxlen: 40
                          2a03:efc0:1700::/40 maxlen: 40
                          2a03:efc0:2300::/40 maxlen: 40
                          2a03:efc0:2500::/40 maxlen: 40
                          2a03:efc0:2700::/40 maxlen: 40
                          2a03:efc0:2900::/40 maxlen: 40
                          2a03:efc0:3100::/40 maxlen: 40
                          2a03:efc0:3300::/40 maxlen: 40
                          2a03:efc0:3500::/40 maxlen: 40
                          2a03:efc0:3700::/40 maxlen: 40
                          2a03:efc0:4100::/40 maxlen: 40

Validation:               Failed, certificate revoked on Fri 19 Jul 2024 15:58:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:76:5e:21:41:3f:6a:f3:ad:6c:b1:00:b2:e2:b9:86:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9502d8b8269c6b07f814acf0c7ed729b3f4b5984
        Validity
            Not Before: Jul  3 02:13:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=671c809ebde5c9c72f15312d09fb3d3fb0d8896b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:7c:7a:6a:25:b9:16:97:01:78:e1:66:e6:3e:
                    af:7e:2d:2d:f0:e1:9a:83:e8:3c:90:1d:66:2e:50:
                    a8:2b:0e:bc:86:6f:1d:9d:e2:50:9b:4f:1a:b1:28:
                    51:10:c6:a8:5b:4f:0a:19:f7:24:cb:58:7c:bb:48:
                    f0:41:46:fd:02:81:50:00:cd:cd:77:a3:12:9a:af:
                    92:49:13:c5:61:fb:ba:5a:55:21:51:08:d2:76:05:
                    e1:df:35:f8:d8:ca:5d:98:74:54:c3:23:6f:b4:69:
                    97:b6:a8:92:93:f7:e6:f8:c2:eb:67:80:9d:ed:a9:
                    a9:5d:dc:b1:29:df:4a:44:3c:85:4e:55:a8:70:3b:
                    f3:dc:ff:e2:7f:1c:d1:a9:c8:75:d2:b8:74:5f:cd:
                    87:6a:ad:da:89:9c:2d:f1:39:7b:86:5f:f7:24:66:
                    7c:1f:1f:80:31:7d:0b:07:a1:4a:f1:74:a9:7a:23:
                    83:6e:7e:71:c2:58:ea:23:cc:03:5d:e7:cc:86:39:
                    14:af:1b:57:53:3b:f8:15:8d:75:a0:38:0c:25:f0:
                    f0:b1:e1:bf:c7:c6:b5:4f:a0:45:2c:96:11:15:5d:
                    b4:24:fc:a9:ed:03:c5:d0:88:1c:ea:e7:db:07:2e:
                    8e:a3:2d:2d:a7:78:2f:6c:01:f6:23:ad:95:f9:fb:
                    ba:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:1C:80:9E:BD:E5:C9:C7:2F:15:31:2D:09:FB:3D:3F:B0:D8:89:6B
            X509v3 Authority Key Identifier:
                keyid:95:02:D8:B8:26:9C:6B:07:F8:14:AC:F0:C7:ED:72:9B:3F:4B:59:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lQLYuCacawf4FKzwx-1ymz9LWYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/9decaf-47eb-4349-9e86-01b8bb6ad90a/1/ZxyAnr3lyccvFTEtCfs9P7DYiWs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/9decaf-47eb-4349-9e86-01b8bb6ad90a/1/lQLYuCacawf4FKzwx-1ymz9LWYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.147.214.0/24
                IPv6:
                  2a03:efc0:900::/40
                  2a03:efc0:1500::/40
                  2a03:efc0:1700::/40
                  2a03:efc0:2300::/40
                  2a03:efc0:2500::/40
                  2a03:efc0:2700::/40
                  2a03:efc0:2900::/40
                  2a03:efc0:3100::/40
                  2a03:efc0:3300::/40
                  2a03:efc0:3500::/40
                  2a03:efc0:3700::/40
                  2a03:efc0:4100::/40

    Signature Algorithm: sha256WithRSAEncryption
         08:2c:81:9d:dc:b2:e6:fb:80:11:29:9e:e8:0b:b9:30:45:d7:
         2c:d1:4c:bd:db:d0:56:55:6a:0c:1f:e6:41:ad:81:43:1e:36:
         17:89:45:b7:c9:54:7d:17:ea:f3:b6:46:bc:43:8b:64:da:b5:
         72:1d:2a:51:f2:4c:9c:58:e4:e7:05:7d:87:a3:57:8b:85:1b:
         1b:77:0c:b9:2b:1b:7d:93:48:95:ad:a6:eb:31:44:af:76:2d:
         a9:19:cb:03:4b:96:54:f4:c2:29:2b:05:a4:11:b3:a7:e8:db:
         7b:d7:c5:28:ee:3f:59:39:6b:e4:a3:0c:27:2f:ed:84:8c:67:
         7d:e6:94:ec:e5:2b:c9:97:b4:8b:f7:93:35:58:7e:cf:ce:b0:
         e4:74:22:86:18:2e:54:f4:00:79:5a:31:de:90:c2:7e:72:e6:
         12:a0:d6:6e:af:36:ab:4f:c5:e6:4d:4f:a1:78:4c:ca:11:12:
         b4:c5:1c:14:16:e8:be:cb:5a:f4:35:51:a8:82:3f:56:be:9f:
         d3:92:e3:e1:f0:73:c5:6d:09:1c:98:ad:23:d0:4b:7e:b7:a0:
         19:b8:ba:c4:f0:e6:ed:2f:ed:de:b1:bb:08:d0:68:7e:dc:7a:
         53:0c:8d:7b:b4:8c:7f:bc:a9:43:ad:b6:7a:57:e6:59:99:e3:
         c4:f5:29:bc
-----BEGIN CERTIFICATE-----
MIIFZjCCBE6gAwIBAgISAZB2XiFBP2rzrWyxALLiuYZlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1MDJkOGI4MjY5YzZiMDdmODE0YWNmMGM3ZWQ3MjliM2Y0
YjU5ODQwHhcNMjQwNzAzMDIxMzE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzFjODA5ZWJkZTVjOWM3MmYxNTMxMmQwOWZiM2QzZmIwZDg4OTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxXx6aiW5FpcBeOFm5j6vfi0t8OGa
g+g8kB1mLlCoKw68hm8dneJQm08asShREMaoW08KGfcky1h8u0jwQUb9AoFQAM3N
d6MSmq+SSRPFYfu6WlUhUQjSdgXh3zX42MpdmHRUwyNvtGmXtqiSk/fm+MLrZ4Cd
7ampXdyxKd9KRDyFTlWocDvz3P/ifxzRqch10rh0X82Haq3aiZwt8Tl7hl/3JGZ8
Hx+AMX0LB6FK8XSpeiODbn5xwljqI8wDXefMhjkUrxtXUzv4FY11oDgMJfDwseG/
x8a1T6BFLJYRFV20JPyp7QPF0Igc6ufbBy6Ooy0tp3gvbAH2I62V+fu6OwIDAQAB
o4ICcjCCAm4wHQYDVR0OBBYEFGccgJ695cnHLxUxLQn7PT+w2IlrMB8GA1UdIwQY
MBaAFJUC2LgmnGsH+BSs8Mftcps/S1mEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFFMWXVDYWNhd2Y0Rkt6d3gtMXltejlMV1lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS85ZGVjYWYtNDdlYi00MzQ5LTllODYt
MDFiOGJiNmFkOTBhLzEvWnh5QW5yM2x5Y2N2RlRFdENmczlQN0RZaVdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS85ZGVjYWYtNDdlYi00MzQ5LTllODYtMDFiOGJiNmFkOTBh
LzEvbFFMWXVDYWNhd2Y0Rkt6d3gtMXltejlMV1lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGHBggrBgEFBQcBBwEB/wR4MHYwDAQCAAEwBgMEALmT1jBm
BAIAAjBgAwYAKgPvwAkDBgAqA+/AFQMGACoD78AXAwYAKgPvwCMDBgAqA+/AJQMG
ACoD78AnAwYAKgPvwCkDBgAqA+/AMQMGACoD78AzAwYAKgPvwDUDBgAqA+/ANwMG
ACoD78BBMA0GCSqGSIb3DQEBCwUAA4IBAQAILIGd3LLm+4ARKZ7oC7kwRdcs0Uy9
29BWVWoMH+ZBrYFDHjYXiUW3yVR9F+rztka8Q4tk2rVyHSpR8kycWOTnBX2Ho1eL
hRsbdwy5Kxt9k0iVrabrMUSvdi2pGcsDS5ZU9MIpKwWkEbOn6Nt718Uo7j9ZOWvk
owwnL+2EjGd95pTs5SvJl7SL95M1WH7PzrDkdCKGGC5U9AB5WjHekMJ+cuYSoNZu
rzarT8XmTU+heEzKERK0xRwUFui+y1r0NVGogj9Wvp/TkuPh8HPFbQkcmK0j0Et+
t6AZuLrE8ObtL+3esbsI0Gh+3HpTDI17tIx/vKlDrbZ6V+ZZmePE9Sm8
-----END CERTIFICATE-----