Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/cc558c-35e5-4dd6-867b-8b05b778e0d5/1/gR3ZJ2F4lOdD1JLomll4wFtYNyU.roa
File:                     gR3ZJ2F4lOdD1JLomll4wFtYNyU.roa (raw, json)
Hash identifier:          sp+xQFgGkcMVWfWtCGv++M4hlOJbMsdA/kz1Xx1g/rc=
Subject key identifier:   81:1D:D9:27:61:78:94:E7:43:D4:92:E8:9A:59:78:C0:5B:58:37:25
Certificate issuer:       /CN=dc377b5d022bf0be4a6224b47eea6ca0b81bf037
Certificate serial:       018E37649FBDB83A5CF699A0E5E503174582
Authority key identifier: DC:37:7B:5D:02:2B:F0:BE:4A:62:24:B4:7E:EA:6C:A0:B8:1B:F0:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3Dd7XQIr8L5KYiS0fupsoLgb8Dc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/cc558c-35e5-4dd6-867b-8b05b778e0d5/1/gR3ZJ2F4lOdD1JLomll4wFtYNyU.roa
Signing time:             Wed 13 Mar 2024 10:38:45 +0000
ROA not before:           Wed 13 Mar 2024 10:38:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28756
IP address blocks:        145.64.128.0/21 maxlen: 21
                          145.64.128.0/22 maxlen: 22
                          145.64.130.0/24 maxlen: 24
                          145.64.132.0/22 maxlen: 22
                          145.64.134.0/24 maxlen: 24
                          145.64.144.0/20 maxlen: 20
                          145.64.144.0/23 maxlen: 23
                          145.64.146.0/24 maxlen: 24
                          145.64.148.0/24 maxlen: 24
                          145.64.149.0/24 maxlen: 24
                          145.64.157.0/24 maxlen: 24
                          145.64.158.0/24 maxlen: 24
                          145.64.159.0/24 maxlen: 24
                          145.64.160.0/20 maxlen: 20
                          145.64.160.0/24 maxlen: 24
                          145.64.161.0/24 maxlen: 24
                          145.64.162.0/24 maxlen: 24
                          145.64.170.0/24 maxlen: 24
                          145.64.240.0/21 maxlen: 21
                          145.64.242.0/24 maxlen: 24
                          145.64.245.0/24 maxlen: 24
                          145.64.248.0/21 maxlen: 21
                          145.64.248.0/22 maxlen: 22
                          145.64.250.0/24 maxlen: 24
                          145.64.252.0/22 maxlen: 22

Validation:               Failed, certificate revoked on Thu 02 May 2024 15:25:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:37:64:9f:bd:b8:3a:5c:f6:99:a0:e5:e5:03:17:45:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc377b5d022bf0be4a6224b47eea6ca0b81bf037
        Validity
            Not Before: Mar 13 10:38:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=811dd927617894e743d492e89a5978c05b583725
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:9a:45:82:af:84:2a:ac:00:38:54:1a:15:cd:
                    be:29:cf:5b:04:b7:72:8d:e3:15:98:43:d2:86:8f:
                    92:f6:5b:11:51:53:d7:be:c5:e8:87:b5:fc:53:21:
                    47:26:66:95:36:df:ed:75:7e:68:ac:ed:bb:4c:c0:
                    54:3e:21:4c:f4:9c:6d:a6:13:68:97:ef:a0:94:30:
                    ee:3d:ac:a4:68:10:e3:bc:89:a4:ef:08:db:e2:d1:
                    99:3d:16:9a:56:ed:ad:f3:f9:71:e5:50:52:fc:3b:
                    e8:b8:3c:40:3b:c1:f8:2f:46:bb:43:6c:48:c9:c2:
                    20:2c:6e:ae:30:e1:53:d4:4f:43:21:43:aa:08:eb:
                    6e:34:bc:ed:69:de:dc:4d:f9:77:49:9c:9a:2e:e3:
                    d5:43:05:e5:62:8c:12:1b:2a:eb:77:c7:4e:ff:8a:
                    94:1d:57:ab:e5:88:e7:21:cc:95:bc:c6:da:fc:e1:
                    ae:78:8f:aa:67:97:fa:70:f2:d9:55:f2:9c:fa:46:
                    61:2f:fa:0d:8f:1b:84:0a:24:2e:dc:40:b0:7c:c0:
                    bb:c1:9f:29:48:e9:d8:a8:51:34:6b:8a:18:c8:30:
                    6d:22:06:49:3f:cb:d0:21:e0:5f:12:98:65:a1:df:
                    9e:2e:5f:a5:c4:a6:61:ed:01:e6:e9:7c:87:8c:d0:
                    c9:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:1D:D9:27:61:78:94:E7:43:D4:92:E8:9A:59:78:C0:5B:58:37:25
            X509v3 Authority Key Identifier:
                keyid:DC:37:7B:5D:02:2B:F0:BE:4A:62:24:B4:7E:EA:6C:A0:B8:1B:F0:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3Dd7XQIr8L5KYiS0fupsoLgb8Dc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/cc558c-35e5-4dd6-867b-8b05b778e0d5/1/gR3ZJ2F4lOdD1JLomll4wFtYNyU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/cc558c-35e5-4dd6-867b-8b05b778e0d5/1/3Dd7XQIr8L5KYiS0fupsoLgb8Dc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.64.128.0/21
                  145.64.144.0-145.64.175.255
                  145.64.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         a3:ac:17:10:04:1c:32:d0:30:4a:66:7d:19:65:4f:43:83:4e:
         4b:cb:00:d9:2a:f9:44:8c:a7:f8:2e:d6:de:e2:b3:9a:2b:af:
         d4:3c:a4:29:e9:c3:8d:ff:4c:94:5d:77:15:5f:ea:00:ff:ad:
         db:33:ac:fc:dc:02:70:ae:f0:68:3d:6d:00:c3:8d:c8:ec:34:
         99:99:5e:fc:92:56:63:01:49:58:28:be:09:7d:42:c6:01:bf:
         c3:0f:ce:6b:8d:ce:08:54:5f:60:c7:84:d6:77:ee:54:af:2d:
         05:85:4d:3d:6a:03:1a:46:97:97:f5:15:c6:88:f8:58:a0:ca:
         e2:0e:68:ed:6e:1b:2d:07:2c:9e:6d:e2:75:9d:65:c4:02:6c:
         51:a0:75:13:5a:b4:91:1d:99:ce:73:3f:01:14:ef:6c:2f:7d:
         84:e8:87:e5:bf:7e:55:1c:0c:58:ee:f6:95:c9:c5:bb:8e:79:
         2c:6a:2e:a3:7d:43:9b:9a:5b:ed:90:31:e6:f8:f2:c6:57:40:
         95:f4:73:97:b2:e0:14:24:5f:20:47:bc:da:3f:5e:59:08:2a:
         04:b4:3f:29:a4:6d:13:a2:d1:bd:38:01:c4:85:a7:cf:fc:8f:
         7c:2e:c8:8b:5e:7d:f0:11:e0:6c:99:0f:c0:f8:82:9d:81:06:
         2a:99:75:76
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAY43ZJ+9uDpc9pmg5eUDF0WCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjMzc3YjVkMDIyYmYwYmU0YTYyMjRiNDdlZWE2Y2EwYjgx
YmYwMzcwHhcNMjQwMzEzMTAzODQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTFkZDkyNzYxNzg5NGU3NDNkNDkyZTg5YTU5NzhjMDViNTgzNzI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgZpFgq+EKqwAOFQaFc2+Kc9bBLdy
jeMVmEPSho+S9lsRUVPXvsXoh7X8UyFHJmaVNt/tdX5orO27TMBUPiFM9JxtphNo
l++glDDuPaykaBDjvImk7wjb4tGZPRaaVu2t8/lx5VBS/DvouDxAO8H4L0a7Q2xI
ycIgLG6uMOFT1E9DIUOqCOtuNLztad7cTfl3SZyaLuPVQwXlYowSGyrrd8dO/4qU
HVer5YjnIcyVvMba/OGueI+qZ5f6cPLZVfKc+kZhL/oNjxuECiQu3ECwfMC7wZ8p
SOnYqFE0a4oYyDBtIgZJP8vQIeBfEphlod+eLl+lxKZh7QHm6XyHjNDJjwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFIEd2SdheJTnQ9SS6JpZeMBbWDclMB8GA1UdIwQY
MBaAFNw3e10CK/C+SmIktH7qbKC4G/A3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0RkN1hRSXI4TDVLWWlTMGZ1cHNvTGdiOERjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC9jYzU1OGMtMzVlNS00ZGQ2LTg2N2It
OGIwNWI3NzhlMGQ1LzEvZ1IzWkoyRjRsT2REMUpMb21sbDR3RnRZTnlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC9jYzU1OGMtMzVlNS00ZGQ2LTg2N2ItOGIwNWI3NzhlMGQ1
LzEvM0RkN1hRSXI4TDVLWWlTMGZ1cHNvTGdiOERjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQDkUCAMAwD
BASRQJADBASRQKADBASRQPAwDQYJKoZIhvcNAQELBQADggEBAKOsFxAEHDLQMEpm
fRllT0ODTkvLANkq+USMp/gu1t7is5orr9Q8pCnpw43/TJRddxVf6gD/rdszrPzc
AnCu8Gg9bQDDjcjsNJmZXvySVmMBSVgovgl9QsYBv8MPzmuNzghUX2DHhNZ37lSv
LQWFTT1qAxpGl5f1FcaI+FigyuIOaO1uGy0HLJ5t4nWdZcQCbFGgdRNatJEdmc5z
PwEU72wvfYToh+W/flUcDFju9pXJxbuOeSxqLqN9Q5uaW+2QMeb48sZXQJX0c5ey
4BQkXyBHvNo/XlkIKgS0PymkbROi0b04AcSFp8/8j3wuyIteffAR4GyZD8D4gp2B
BiqZdXY=
-----END CERTIFICATE-----