Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/HCFWYQdd1xWGRXx0OBVU0LO7eME.roa
File:                     HCFWYQdd1xWGRXx0OBVU0LO7eME.roa (raw, json)
Hash identifier:          u9PO59qWGfmu9rOxyDpzXkbLsqkZVWFfpSZYjgaOl+Q=
Subject key identifier:   1C:21:56:61:07:5D:D7:15:86:45:7C:74:38:15:54:D0:B3:BB:78:C1
Certificate issuer:       /CN=46ba3f80039b9e784cfb24bf2c7ddb24e1900a76
Certificate serial:       018A17A295B55085BC2536787257A9F4FF29
Authority key identifier: 46:BA:3F:80:03:9B:9E:78:4C:FB:24:BF:2C:7D:DB:24:E1:90:0A:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Rro_gAObnnhM-yS_LH3bJOGQCnY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/HCFWYQdd1xWGRXx0OBVU0LO7eME.roa
Signing time:             Mon 21 Aug 2023 10:27:25 +0000
ROA not before:           Mon 21 Aug 2023 10:27:25 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     57073
IP address blocks:        176.101.88.0/21 maxlen: 24
                          85.198.76.0/22 maxlen: 24
                          185.138.253.0/24 maxlen: 24
                          185.138.252.0/24 maxlen: 24
                          185.138.252.0/22 maxlen: 24
                          185.138.254.0/24 maxlen: 24
                          185.138.255.0/24 maxlen: 24
                          194.1.214.0/24 maxlen: 24
                          213.184.154.0/23 maxlen: 24
                          213.184.154.0/24 maxlen: 24
                          213.184.156.0/22 maxlen: 24
                          94.141.112.0/22 maxlen: 24
                          185.62.200.0/23 maxlen: 24
                          185.62.202.0/24 maxlen: 24
                          91.230.107.0/24 maxlen: 24
                          2a03:720::/32 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 04:29:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:17:a2:95:b5:50:85:bc:25:36:78:72:57:a9:f4:ff:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=46ba3f80039b9e784cfb24bf2c7ddb24e1900a76
        Validity
            Not Before: Aug 21 10:27:25 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1c215661075dd71586457c74381554d0b3bb78c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:52:c1:c1:67:df:9a:c7:f5:06:c0:ba:9f:9e:
                    73:79:6a:fc:c7:52:7a:7c:7b:4a:cf:6a:5c:20:ac:
                    66:c8:4f:0c:00:fe:50:2f:33:a5:70:19:4f:e9:cb:
                    d7:5e:01:30:68:2a:38:7a:85:c3:bd:63:df:1d:23:
                    f0:3d:25:42:aa:a0:20:14:f8:97:1a:3f:eb:a8:62:
                    ff:ba:97:73:dc:de:a4:ef:fd:c0:f9:16:96:53:b1:
                    d0:f2:4b:ec:84:43:7f:82:62:70:fe:a5:73:d3:1b:
                    30:43:d2:65:59:87:28:60:4f:b8:47:e9:05:ee:44:
                    d9:70:10:ce:8b:f9:82:42:4d:91:82:fb:d8:a6:0e:
                    77:a3:b9:b1:96:e6:86:4d:bb:ab:cc:0c:a9:7b:c0:
                    ec:9a:35:4d:97:01:26:55:14:41:a5:2b:63:49:8c:
                    2b:d5:5c:4a:d5:11:27:fa:50:1f:d5:ce:8a:63:01:
                    bd:bc:6e:9d:92:7f:8f:df:9c:25:aa:32:2e:84:48:
                    6d:1b:10:ba:44:ab:e9:ae:17:92:e0:0a:1b:f9:9c:
                    5e:a6:e3:b9:84:47:27:70:25:c1:53:02:5c:84:52:
                    53:3e:da:ac:da:ee:ed:78:c8:6f:be:93:86:53:79:
                    99:cb:ef:7c:50:b9:90:f4:a1:d8:59:51:9a:14:36:
                    e3:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:21:56:61:07:5D:D7:15:86:45:7C:74:38:15:54:D0:B3:BB:78:C1
            X509v3 Authority Key Identifier:
                keyid:46:BA:3F:80:03:9B:9E:78:4C:FB:24:BF:2C:7D:DB:24:E1:90:0A:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rro_gAObnnhM-yS_LH3bJOGQCnY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/HCFWYQdd1xWGRXx0OBVU0LO7eME.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/Rro_gAObnnhM-yS_LH3bJOGQCnY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.198.76.0/22
                  91.230.107.0/24
                  94.141.112.0/22
                  176.101.88.0/21
                  185.62.200.0-185.62.202.255
                  185.138.252.0/22
                  194.1.214.0/24
                  213.184.154.0-213.184.159.255
                IPv6:
                  2a03:720::/32

    Signature Algorithm: sha256WithRSAEncryption
         1c:9d:d3:9e:09:43:55:9a:38:f0:54:9e:75:8f:8c:0e:79:2a:
         a5:cb:42:d1:d0:6a:02:f7:26:86:54:3a:46:f4:f3:0e:e7:84:
         2c:cc:80:03:90:76:14:e6:1a:bb:1a:4b:4a:1e:d9:80:57:5a:
         46:b7:74:70:ab:d1:f4:d4:2d:45:9c:7a:c1:98:43:e3:6a:47:
         05:99:d0:64:07:82:7f:b6:f0:99:25:f8:6d:b8:74:28:18:9c:
         49:03:ee:5a:60:ea:6d:d6:9d:3c:76:d8:8a:5c:8c:42:1d:f2:
         b0:03:53:49:d9:ae:a4:e4:55:30:c9:7c:35:b0:76:4e:0d:4a:
         61:bb:6c:92:16:ec:09:8b:84:68:99:d4:bf:cf:73:82:63:a0:
         1f:c3:57:2a:54:2e:fc:fc:96:74:9c:6e:0c:9a:33:79:6c:55:
         47:7d:3c:32:59:3f:54:4e:70:50:6b:62:08:3a:05:43:6e:08:
         90:c4:23:4b:fd:7c:4d:39:c0:17:12:90:52:6e:4e:eb:b2:d0:
         38:0f:dc:d1:41:34:18:34:5d:ff:ee:4a:53:10:ca:83:00:ba:
         64:c4:a8:8f:9a:f5:e5:c6:4e:2f:19:10:31:76:62:9d:24:b6:
         5d:b7:ca:6c:86:e0:c9:db:5d:6d:90:88:fe:f5:db:79:d5:86:
         f6:86:d3:0b
-----BEGIN CERTIFICATE-----
MIIFRjCCBC6gAwIBAgISAYoXopW1UIW8JTZ4clep9P8pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2YmEzZjgwMDM5YjllNzg0Y2ZiMjRiZjJjN2RkYjI0ZTE5
MDBhNzYwHhcNMjMwODIxMTAyNzI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzIxNTY2MTA3NWRkNzE1ODY0NTdjNzQzODE1NTRkMGIzYmI3OGMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApFLBwWffmsf1BsC6n55zeWr8x1J6
fHtKz2pcIKxmyE8MAP5QLzOlcBlP6cvXXgEwaCo4eoXDvWPfHSPwPSVCqqAgFPiX
Gj/rqGL/updz3N6k7/3A+RaWU7HQ8kvshEN/gmJw/qVz0xswQ9JlWYcoYE+4R+kF
7kTZcBDOi/mCQk2RgvvYpg53o7mxluaGTburzAype8DsmjVNlwEmVRRBpStjSYwr
1VxK1REn+lAf1c6KYwG9vG6dkn+P35wlqjIuhEhtGxC6RKvprheS4Aob+ZxepuO5
hEcncCXBUwJchFJTPtqs2u7teMhvvpOGU3mZy+98ULmQ9KHYWVGaFDbjvQIDAQAB
o4ICUjCCAk4wHQYDVR0OBBYEFBwhVmEHXdcVhkV8dDgVVNCzu3jBMB8GA1UdIwQY
MBaAFEa6P4ADm554TPskvyx92yThkAp2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnJvX2dBT2JubmhNLXlTX0xIM2JKT0dRQ25ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9jZmEyYWUtZTUyNC00YmQwLTg3NWIt
ODlhY2UzODIyMGZiLzEvSENGV1lRZGQxeFdHUlh4ME9CVlUwTE83ZU1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9jZmEyYWUtZTUyNC00YmQwLTg3NWItODlhY2UzODIyMGZi
LzEvUnJvX2dBT2JubmhNLXlTX0xIM2JKT0dRQ25ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGgGCCsGAQUFBwEHAQH/BFkwVzBGBAIAATBAAwQCVcZMAwQA
W+ZrAwQCXo1wAwQDsGVYMAwDBAO5PsgDBAC5PsoDBAK5ivwDBADCAdYwDAMEAdW4
mgMEBdW4gDANBAIAAjAHAwUAKgMHIDANBgkqhkiG9w0BAQsFAAOCAQEAHJ3TnglD
VZo48FSedY+MDnkqpctC0dBqAvcmhlQ6RvTzDueELMyAA5B2FOYauxpLSh7ZgFda
Rrd0cKvR9NQtRZx6wZhD42pHBZnQZAeCf7bwmSX4bbh0KBicSQPuWmDqbdadPHbY
ilyMQh3ysANTSdmupORVMMl8NbB2Tg1KYbtskhbsCYuEaJnUv89zgmOgH8NXKlQu
/PyWdJxuDJozeWxVR308Mlk/VE5wUGtiCDoFQ24IkMQjS/18TTnAFxKQUm5O67LQ
OA/c0UE0GDRd/+5KUxDKgwC6ZMSoj5r15cZOLxkQMXZinSS2XbfKbIbgydtdbZCI
/vXbedWG9obTCw==
-----END CERTIFICATE-----