Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/cc558c-35e5-4dd6-867b-8b05b778e0d5/1/PH1Zljqz11kC0ge8AFrDg4rR1Bs.roa
File:                     PH1Zljqz11kC0ge8AFrDg4rR1Bs.roa (raw, json)
Hash identifier:          t6zmHOl6nBM4ba4arqMYTJQ0DIqY8l5MvauLphyiw2U=
Subject key identifier:   3C:7D:59:96:3A:B3:D7:59:02:D2:07:BC:00:5A:C3:83:8A:D1:D4:1B
Certificate issuer:       /CN=dc377b5d022bf0be4a6224b47eea6ca0b81bf037
Certificate serial:       018CC2DAE25EDA0C779395834525FD9396BE
Authority key identifier: DC:37:7B:5D:02:2B:F0:BE:4A:62:24:B4:7E:EA:6C:A0:B8:1B:F0:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3Dd7XQIr8L5KYiS0fupsoLgb8Dc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/cc558c-35e5-4dd6-867b-8b05b778e0d5/1/PH1Zljqz11kC0ge8AFrDg4rR1Bs.roa
Signing time:             Mon 01 Jan 2024 02:29:33 +0000
ROA not before:           Mon 01 Jan 2024 02:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28756
IP address blocks:        145.64.248.0/21 maxlen: 21
                          145.64.248.0/22 maxlen: 22
                          145.64.250.0/24 maxlen: 24
                          145.64.252.0/22 maxlen: 22
                          145.64.160.0/20 maxlen: 20
                          145.64.160.0/24 maxlen: 24
                          145.64.161.0/24 maxlen: 24
                          145.64.162.0/24 maxlen: 24
                          145.64.170.0/24 maxlen: 24
                          145.64.130.0/24 maxlen: 24
                          145.64.132.0/22 maxlen: 22
                          145.64.128.0/21 maxlen: 21
                          145.64.128.0/22 maxlen: 22
                          145.64.134.0/24 maxlen: 24
                          145.64.144.0/23 maxlen: 23
                          145.64.144.0/20 maxlen: 20
                          145.64.146.0/24 maxlen: 24
                          145.64.148.0/24 maxlen: 24
                          145.64.149.0/24 maxlen: 24
                          145.64.157.0/24 maxlen: 24
                          145.64.158.0/24 maxlen: 24
                          145.64.159.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 13 Mar 2024 10:38:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:e2:5e:da:0c:77:93:95:83:45:25:fd:93:96:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc377b5d022bf0be4a6224b47eea6ca0b81bf037
        Validity
            Not Before: Jan  1 02:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3c7d59963ab3d75902d207bc005ac3838ad1d41b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:59:57:a2:fd:8b:4d:d9:49:7e:c3:82:57:d8:
                    cf:35:c9:98:57:42:9f:c9:9f:4c:19:dc:2d:23:dd:
                    a4:94:1b:cf:4a:d6:2a:a4:d9:a9:60:64:63:57:ba:
                    76:95:41:ea:93:b8:81:24:20:e0:f3:74:62:b3:24:
                    bb:be:5b:0f:72:e3:4d:80:98:59:e2:0b:ab:4b:92:
                    b8:18:c7:5d:9e:1d:7b:33:22:b9:c1:cc:59:be:18:
                    1d:e3:6a:9d:f4:cf:1c:36:2d:e5:d7:25:5e:01:38:
                    14:84:1d:5d:bc:45:d1:d3:12:80:98:3f:c4:4b:4b:
                    fd:4a:8a:46:77:f5:69:e4:67:0f:73:bb:0c:70:db:
                    01:89:e3:54:a7:5e:f4:ac:09:a6:35:c9:b7:b5:ba:
                    29:8c:21:ef:10:3f:8d:a4:6b:85:9c:91:d3:7e:8b:
                    a3:d8:b4:a4:19:f3:c0:5b:72:a2:5f:9a:e7:e6:90:
                    96:66:ae:e8:01:11:f8:55:91:6d:df:70:63:41:8f:
                    16:b6:58:b0:de:18:5e:75:2f:e6:7a:d8:22:a7:00:
                    24:08:a7:fa:3a:4d:4c:ef:4c:4d:38:92:72:6d:b3:
                    58:61:bf:59:d3:c8:9e:7c:7b:d0:96:db:4b:aa:eb:
                    8e:18:81:88:56:ae:60:cf:7f:87:34:fa:bd:95:64:
                    c1:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:7D:59:96:3A:B3:D7:59:02:D2:07:BC:00:5A:C3:83:8A:D1:D4:1B
            X509v3 Authority Key Identifier:
                keyid:DC:37:7B:5D:02:2B:F0:BE:4A:62:24:B4:7E:EA:6C:A0:B8:1B:F0:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3Dd7XQIr8L5KYiS0fupsoLgb8Dc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/cc558c-35e5-4dd6-867b-8b05b778e0d5/1/PH1Zljqz11kC0ge8AFrDg4rR1Bs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/cc558c-35e5-4dd6-867b-8b05b778e0d5/1/3Dd7XQIr8L5KYiS0fupsoLgb8Dc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.64.128.0/21
                  145.64.144.0-145.64.175.255
                  145.64.248.0/21

    Signature Algorithm: sha256WithRSAEncryption
         74:33:90:e8:2f:fc:6a:a8:8d:87:1d:8b:53:10:66:74:66:35:
         d4:15:ca:46:2f:f0:d1:94:8c:d0:c7:c2:66:ab:a6:e5:be:c9:
         f2:32:56:1e:5e:02:7a:13:4a:f3:27:57:ac:18:94:9e:d6:47:
         59:93:ca:bf:f8:8c:b7:64:65:ab:40:1c:76:27:a1:9c:b8:0c:
         26:d0:3d:72:98:3b:89:f7:d9:e5:f0:58:b3:76:2c:bb:8a:df:
         c2:f1:98:13:a6:ad:2a:b1:3d:5d:58:e7:46:01:2c:71:cd:39:
         09:6f:cf:0d:70:1b:e9:da:aa:50:5f:ec:6c:27:69:19:05:6f:
         20:94:a3:8d:8d:2f:9c:02:31:a6:63:7c:b3:22:d4:96:d0:7b:
         26:7c:d5:fc:ec:b3:4d:a5:bf:ba:41:21:9c:0b:3f:b3:d7:1c:
         91:07:69:23:21:34:5b:f8:1b:dc:d9:2a:e6:59:e5:d4:54:eb:
         51:45:c0:8c:c3:20:5a:c0:60:09:3a:ef:49:1d:27:a6:96:f6:
         6e:38:27:05:64:19:17:c3:95:bb:69:13:04:07:e3:7d:46:4a:
         a8:09:30:13:71:25:bf:cd:2f:49:cb:80:b8:91:69:f4:fb:59:
         8a:06:24:e8:f4:2b:9d:ea:71:a9:43:5d:3e:e1:57:8a:39:f5:
         b7:b4:d2:eb
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYzC2uJe2gx3k5WDRSX9k5a+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjMzc3YjVkMDIyYmYwYmU0YTYyMjRiNDdlZWE2Y2EwYjgx
YmYwMzcwHhcNMjQwMTAxMDIyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzdkNTk5NjNhYjNkNzU5MDJkMjA3YmMwMDVhYzM4MzhhZDFkNDFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwFlXov2LTdlJfsOCV9jPNcmYV0Kf
yZ9MGdwtI92klBvPStYqpNmpYGRjV7p2lUHqk7iBJCDg83RisyS7vlsPcuNNgJhZ
4gurS5K4GMddnh17MyK5wcxZvhgd42qd9M8cNi3l1yVeATgUhB1dvEXR0xKAmD/E
S0v9SopGd/Vp5GcPc7sMcNsBieNUp170rAmmNcm3tbopjCHvED+NpGuFnJHTfouj
2LSkGfPAW3KiX5rn5pCWZq7oARH4VZFt33BjQY8Wtliw3hhedS/metgipwAkCKf6
Ok1M70xNOJJybbNYYb9Z08iefHvQlttLquuOGIGIVq5gz3+HNPq9lWTBowIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFDx9WZY6s9dZAtIHvABaw4OK0dQbMB8GA1UdIwQY
MBaAFNw3e10CK/C+SmIktH7qbKC4G/A3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0RkN1hRSXI4TDVLWWlTMGZ1cHNvTGdiOERjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC9jYzU1OGMtMzVlNS00ZGQ2LTg2N2It
OGIwNWI3NzhlMGQ1LzEvUEgxWmxqcXoxMWtDMGdlOEFGckRnNHJSMUJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC9jYzU1OGMtMzVlNS00ZGQ2LTg2N2ItOGIwNWI3NzhlMGQ1
LzEvM0RkN1hRSXI4TDVLWWlTMGZ1cHNvTGdiOERjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQDkUCAMAwD
BASRQJADBASRQKADBAORQPgwDQYJKoZIhvcNAQELBQADggEBAHQzkOgv/GqojYcd
i1MQZnRmNdQVykYv8NGUjNDHwmarpuW+yfIyVh5eAnoTSvMnV6wYlJ7WR1mTyr/4
jLdkZatAHHYnoZy4DCbQPXKYO4n32eXwWLN2LLuK38LxmBOmrSqxPV1Y50YBLHHN
OQlvzw1wG+naqlBf7GwnaRkFbyCUo42NL5wCMaZjfLMi1JbQeyZ81fzss02lv7pB
IZwLP7PXHJEHaSMhNFv4G9zZKuZZ5dRU61FFwIzDIFrAYAk670kdJ6aW9m44JwVk
GRfDlbtpEwQH431GSqgJMBNxJb/NL0nLgLiRafT7WYoGJOj0K53qcalDXT7hV4o5
9be00us=
-----END CERTIFICATE-----