Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/4VG7rplRO2cSdh97XauNf9Ny_sk.roa
File:                     4VG7rplRO2cSdh97XauNf9Ny_sk.roa (raw, json)
Hash identifier:          IWKNA6GdNnpEqOulIN1zm/9+MKgpP1MsPaHSwsQT6AU=
Subject key identifier:   E1:51:BB:AE:99:51:3B:67:12:76:1F:7B:5D:AB:8D:7F:D3:72:FE:C9
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       018BAA26E8863C0056BCBF41A773902E466C
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/4VG7rplRO2cSdh97XauNf9Ny_sk.roa
Signing time:             Tue 07 Nov 2023 14:19:18 +0000
ROA not before:           Tue 07 Nov 2023 14:19:18 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     52041
IP address blocks:        185.248.134.0/24 maxlen: 24
                          82.215.64.0/24 maxlen: 24
                          2a12:bec0:7004::/48 maxlen: 48
                          2a12:bec1:b00b::/48 maxlen: 48
                          2a12:bec0:d0::/44 maxlen: 48
                          2a12:bec2:b00b::/48 maxlen: 48
                          2a12:bec0:7003::/48 maxlen: 48
                          2a12:bec2::/32 maxlen: 32
                          2a12:bec0:7007::/48 maxlen: 48
                          2a12:bec0:7002::/48 maxlen: 48
                          2a12:bec0:7000::/48 maxlen: 48
                          2a12:bec0:b00b::/48 maxlen: 48
                          2a12:bec0:7006::/48 maxlen: 48
                          2a12:bec0:7001::/48 maxlen: 48

Validation:               Failed, certificate revoked on Sat 11 Nov 2023 20:11:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:aa:26:e8:86:3c:00:56:bc:bf:41:a7:73:90:2e:46:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Nov  7 14:19:18 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e151bbae99513b6712761f7b5dab8d7fd372fec9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:a1:13:af:a6:03:23:41:28:2d:0d:c7:63:13:
                    f7:e4:f9:ff:51:ba:23:70:27:af:ef:8c:92:d5:a1:
                    08:52:1a:84:e5:57:5c:f4:04:11:20:f7:75:93:e5:
                    57:03:a9:80:fb:8c:7c:77:c4:05:ed:7b:ad:52:39:
                    94:6e:09:78:54:88:4f:61:a0:0d:94:9f:8c:ff:35:
                    07:b8:61:ec:1b:5b:89:e6:4e:06:e6:bd:d0:00:b0:
                    4f:c8:bf:31:4c:f6:44:34:bb:85:b0:31:13:d5:23:
                    52:26:de:e8:49:e8:f1:72:0f:48:50:3d:d0:86:e8:
                    bc:4a:f2:b2:2a:76:0d:82:5d:00:28:76:0e:6a:94:
                    d4:46:4d:e1:e7:6e:42:84:f7:12:31:05:73:ee:e2:
                    12:11:ee:0c:5d:c5:46:b0:53:2f:55:53:3a:89:37:
                    98:9d:cb:24:7f:90:84:35:d6:d6:97:84:c2:70:5a:
                    90:68:26:97:bf:39:ce:e2:ec:16:f8:d8:89:be:32:
                    5d:48:b4:8f:f6:c1:b7:19:0b:ff:84:fa:4f:ba:79:
                    f4:23:f5:0a:73:0b:9e:af:0a:62:8e:02:74:59:b6:
                    da:63:ce:47:04:1d:44:9c:c6:e5:b3:cc:83:9c:15:
                    4c:ef:8d:d2:7f:72:83:3a:ea:12:03:09:13:98:9b:
                    26:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:51:BB:AE:99:51:3B:67:12:76:1F:7B:5D:AB:8D:7F:D3:72:FE:C9
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/4VG7rplRO2cSdh97XauNf9Ny_sk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.215.64.0/24
                  185.248.134.0/24
                IPv6:
                  2a12:bec0:d0::/44
                  2a12:bec0:7000::-2a12:bec0:7004:ffff:ffff:ffff:ffff:ffff
                  2a12:bec0:7006::/47
                  2a12:bec0:b00b::/48
                  2a12:bec1:b00b::/48
                  2a12:bec2::/32

    Signature Algorithm: sha256WithRSAEncryption
         c2:7b:40:82:97:3b:9f:64:5c:98:87:e5:1b:9e:3e:4e:d7:10:
         22:98:31:da:4a:6b:96:78:8f:11:35:31:c0:fa:ac:61:ca:56:
         45:bd:70:2d:9b:ea:2c:a7:40:6d:3d:2d:21:21:f3:2f:4d:95:
         5a:04:02:76:b8:6c:94:15:20:83:bb:82:e6:61:15:28:1f:ee:
         25:9c:16:36:45:86:ed:b0:99:4f:4c:8b:21:ce:58:ac:49:54:
         75:e4:c4:a4:b9:5f:87:b8:66:4f:79:12:67:8c:1a:4a:2b:b2:
         2e:d4:4f:68:59:c0:35:e0:da:ae:6f:9a:fa:15:91:72:14:25:
         5d:be:3c:37:26:9f:4a:e0:a5:3b:be:17:e6:e9:e6:83:cc:5b:
         f5:82:9c:66:fc:72:6d:cc:88:52:26:02:ac:78:99:0c:0d:a7:
         35:36:a3:ed:d7:77:a1:aa:78:9d:2b:6d:37:83:6b:39:e7:05:
         b9:40:a6:81:cd:4f:79:b8:60:67:37:27:6e:ec:e5:fc:87:b8:
         9f:62:7f:2d:0f:4d:29:aa:b3:91:f7:99:79:b3:57:a7:43:24:
         83:9c:f9:58:09:ca:4e:bc:b1:c5:38:64:fd:a1:b5:11:54:2b:
         29:1f:96:f9:55:e0:d6:32:99:bf:12:9e:14:5e:c6:0f:aa:81:
         6d:dc:4d:98
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAYuqJuiGPABWvL9Bp3OQLkZsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjMxMTA3MTQxOTE4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTUxYmJhZTk5NTEzYjY3MTI3NjFmN2I1ZGFiOGQ3ZmQzNzJmZWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtKETr6YDI0EoLQ3HYxP35Pn/Uboj
cCev74yS1aEIUhqE5Vdc9AQRIPd1k+VXA6mA+4x8d8QF7XutUjmUbgl4VIhPYaAN
lJ+M/zUHuGHsG1uJ5k4G5r3QALBPyL8xTPZENLuFsDET1SNSJt7oSejxcg9IUD3Q
hui8SvKyKnYNgl0AKHYOapTURk3h525ChPcSMQVz7uISEe4MXcVGsFMvVVM6iTeY
ncskf5CENdbWl4TCcFqQaCaXvznO4uwW+NiJvjJdSLSP9sG3GQv/hPpPunn0I/UK
cwuerwpijgJ0WbbaY85HBB1EnMbls8yDnBVM743Sf3KDOuoSAwkTmJsmPQIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFOFRu66ZUTtnEnYfe12rjX/Tcv7JMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvNFZHN3JwbFJPMmNTZGg5N1hhdU5mOU55X3NrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjASBAIAATAMAwQAUtdAAwQA
ufiGMEQEAgACMD4DBwQqEr7AANAwEQMGBCoSvsBwAwcAKhK+wHAEAwcBKhK+wHAG
AwcAKhK+wLALAwcAKhK+wbALAwUAKhK+wjANBgkqhkiG9w0BAQsFAAOCAQEAwntA
gpc7n2RcmIflG54+TtcQIpgx2kprlniPETUxwPqsYcpWRb1wLZvqLKdAbT0tISHz
L02VWgQCdrhslBUgg7uC5mEVKB/uJZwWNkWG7bCZT0yLIc5YrElUdeTEpLlfh7hm
T3kSZ4waSiuyLtRPaFnANeDarm+a+hWRchQlXb48NyafSuClO74X5unmg8xb9YKc
ZvxybcyIUiYCrHiZDA2nNTaj7dd3oap4nSttN4NrOecFuUCmgc1PebhgZzcnbuzl
/Ie4n2J/LQ9NKaqzkfeZebNXp0Mkg5z5WAnKTryxxThk/aG1EVQrKR+W+VXg1jKZ
vxKeFF7GD6qBbdxNmA==
-----END CERTIFICATE-----