Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/2925a3-871b-4676-ae10-688d333ed9d5/1/CpGENwVMvJv6I82CXKNJSoEtEg4.roa
File:                     CpGENwVMvJv6I82CXKNJSoEtEg4.roa (raw, json)
Hash identifier:          ULgFqb+ZgGX597oA+SjFjFeIhbwBiOtz5bGrYxQtEQw=
Subject key identifier:   0A:91:84:37:05:4C:BC:9B:FA:23:CD:82:5C:A3:49:4A:81:2D:12:0E
Certificate issuer:       /CN=ef1c665b038692b93bdf5d1d8f3cea3e98697a03
Certificate serial:       0189F9974892BAD76CAB805527F32468E850
Authority key identifier: EF:1C:66:5B:03:86:92:B9:3B:DF:5D:1D:8F:3C:EA:3E:98:69:7A:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7xxmWwOGkrk7310djzzqPphpegM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/2925a3-871b-4676-ae10-688d333ed9d5/1/CpGENwVMvJv6I82CXKNJSoEtEg4.roa
Signing time:             Tue 15 Aug 2023 14:26:28 +0000
ROA not before:           Tue 15 Aug 2023 14:26:28 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     8985
IP address blocks:        194.190.146.0/24 maxlen: 24
                          194.226.16.0/24 maxlen: 24
                          194.85.16.0/24 maxlen: 24
                          195.208.222.0/24 maxlen: 24
                          195.208.24.0/21 maxlen: 21
                          195.208.29.0/24 maxlen: 24
                          193.232.64.0/24 maxlen: 24
                          193.232.76.0/24 maxlen: 24
                          195.209.147.0/24 maxlen: 24
                          195.209.148.0/24 maxlen: 24
                          193.232.226.0/23 maxlen: 23
                          194.226.41.0/24 maxlen: 24
                          194.226.38.0/23 maxlen: 23
                          195.19.8.0/24 maxlen: 24
                          194.226.56.0/23 maxlen: 23
                          194.226.58.0/23 maxlen: 23

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 00:29:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:f9:97:48:92:ba:d7:6c:ab:80:55:27:f3:24:68:e8:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef1c665b038692b93bdf5d1d8f3cea3e98697a03
        Validity
            Not Before: Aug 15 14:26:28 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0a918437054cbc9bfa23cd825ca3494a812d120e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:73:12:bc:83:b9:d0:76:24:b1:66:59:82:c2:
                    03:58:fa:29:ae:eb:d1:bf:45:b4:95:48:99:08:cc:
                    7e:b2:53:1a:97:51:ae:5a:0f:47:ce:00:77:47:42:
                    32:0d:d3:43:42:ef:e7:29:0b:e9:57:98:59:ee:3c:
                    74:b5:b0:31:d2:a8:16:17:b3:5d:44:c7:d3:86:d0:
                    b8:ba:92:05:74:f4:f6:0e:26:2c:92:30:7a:cd:20:
                    77:2b:aa:d7:4e:6a:2f:6d:13:43:4e:40:9c:5f:a6:
                    65:3d:bb:cc:e3:d0:cd:af:a4:dd:96:20:91:89:c9:
                    f6:04:f3:b3:dd:2f:26:5f:39:ee:b8:22:55:f2:e0:
                    2a:84:79:ab:b5:c5:41:82:00:77:80:80:08:7a:d0:
                    77:0a:46:7c:bd:e7:55:8f:ce:52:5a:db:fe:1f:01:
                    01:9d:59:5e:29:cd:06:eb:62:d5:48:97:92:79:18:
                    a1:20:e4:65:80:e0:39:e8:bb:71:bd:df:80:58:50:
                    e8:f2:96:f1:e8:48:6e:96:f0:d0:27:d6:3d:25:26:
                    6d:8d:83:3e:54:0d:af:c4:67:a4:3b:2b:cc:e7:98:
                    77:0f:cc:0b:f3:ec:29:6e:ff:c3:07:30:33:a6:81:
                    e5:cb:46:27:77:9b:8d:4f:18:9e:7e:d6:4e:42:3c:
                    8d:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:91:84:37:05:4C:BC:9B:FA:23:CD:82:5C:A3:49:4A:81:2D:12:0E
            X509v3 Authority Key Identifier:
                keyid:EF:1C:66:5B:03:86:92:B9:3B:DF:5D:1D:8F:3C:EA:3E:98:69:7A:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7xxmWwOGkrk7310djzzqPphpegM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/2925a3-871b-4676-ae10-688d333ed9d5/1/CpGENwVMvJv6I82CXKNJSoEtEg4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/2925a3-871b-4676-ae10-688d333ed9d5/1/7xxmWwOGkrk7310djzzqPphpegM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.232.64.0/24
                  193.232.76.0/24
                  193.232.226.0/23
                  194.85.16.0/24
                  194.190.146.0/24
                  194.226.16.0/24
                  194.226.38.0/23
                  194.226.41.0/24
                  194.226.56.0/22
                  195.19.8.0/24
                  195.208.24.0/21
                  195.208.222.0/24
                  195.209.147.0-195.209.148.255

    Signature Algorithm: sha256WithRSAEncryption
         71:07:7f:e2:67:42:15:94:8d:3f:f3:bc:b8:ec:9a:8d:98:e5:
         91:04:84:d5:a3:78:ad:3d:e6:0b:8b:87:50:07:c8:0e:a5:a5:
         39:59:13:03:10:dc:d9:fb:8c:6b:b2:50:9c:c0:b7:37:ef:0f:
         f3:95:06:26:cc:3c:95:b0:af:60:98:e7:92:a3:14:2f:ab:54:
         7a:58:0c:d5:01:9d:86:f4:2f:e2:e4:aa:18:8c:93:c6:54:4d:
         65:81:89:22:c4:08:8b:4f:b1:80:71:86:e6:7e:33:a9:ab:0f:
         03:7a:63:31:2e:d1:74:ce:96:11:1c:f1:37:0f:88:84:fb:9c:
         96:51:4f:79:53:78:82:6e:af:14:c2:69:6b:df:16:21:d2:09:
         bc:e3:f2:b1:f9:c8:f1:5a:cc:1d:b5:20:57:cc:25:f7:a0:cd:
         7b:f3:ec:e9:24:50:e5:be:77:da:a0:b0:38:dc:06:55:08:e9:
         4f:0a:fd:68:29:12:af:26:d7:0f:01:ef:e3:eb:2d:fc:34:fe:
         7e:ed:83:6e:8f:25:0e:2d:6e:82:81:4c:83:28:4b:cc:5f:52:
         7d:90:f8:04:cf:71:8e:51:88:ce:0a:21:80:df:2a:8a:7e:54:
         38:38:a3:c8:3f:e5:b3:88:af:25:a7:c9:03:7e:bb:ba:9e:62:
         24:2c:c4:71
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAYn5l0iSutdsq4BVJ/MkaOhQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmMWM2NjViMDM4NjkyYjkzYmRmNWQxZDhmM2NlYTNlOTg2
OTdhMDMwHhcNMjMwODE1MTQyNjI4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTkxODQzNzA1NGNiYzliZmEyM2NkODI1Y2EzNDk0YTgxMmQxMjBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn3MSvIO50HYksWZZgsIDWPopruvR
v0W0lUiZCMx+slMal1GuWg9HzgB3R0IyDdNDQu/nKQvpV5hZ7jx0tbAx0qgWF7Nd
RMfThtC4upIFdPT2DiYskjB6zSB3K6rXTmovbRNDTkCcX6ZlPbvM49DNr6TdliCR
icn2BPOz3S8mXznuuCJV8uAqhHmrtcVBggB3gIAIetB3CkZ8vedVj85SWtv+HwEB
nVleKc0G62LVSJeSeRihIORlgOA56Ltxvd+AWFDo8pbx6EhulvDQJ9Y9JSZtjYM+
VA2vxGekOyvM55h3D8wL8+wpbv/DBzAzpoHly0Ynd5uNTxieftZOQjyNXwIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFAqRhDcFTLyb+iPNglyjSUqBLRIOMB8GA1UdIwQY
MBaAFO8cZlsDhpK5O99dHY886j6YaXoDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3h4bVd3T0drcms3MzEwZGp6enFQcGhwZWdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC8yOTI1YTMtODcxYi00Njc2LWFlMTAt
Njg4ZDMzM2VkOWQ1LzEvQ3BHRU53Vk12SnY2STgyQ1hLTkpTb0V0RWc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC8yOTI1YTMtODcxYi00Njc2LWFlMTAtNjg4ZDMzM2VkOWQ1
LzEvN3h4bVd3T0drcms3MzEwZGp6enFQcGhwZWdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBcBAIAATBWAwQAwehAAwQA
wehMAwQBwejiAwQAwlUQAwQAwr6SAwQAwuIQAwQBwuImAwQAwuIpAwQCwuI4AwQA
wxMIAwQDw9AYAwQAw9DeMAwDBADD0ZMDBADD0ZQwDQYJKoZIhvcNAQELBQADggEB
AHEHf+JnQhWUjT/zvLjsmo2Y5ZEEhNWjeK095guLh1AHyA6lpTlZEwMQ3Nn7jGuy
UJzAtzfvD/OVBibMPJWwr2CY55KjFC+rVHpYDNUBnYb0L+LkqhiMk8ZUTWWBiSLE
CItPsYBxhuZ+M6mrDwN6YzEu0XTOlhEc8TcPiIT7nJZRT3lTeIJurxTCaWvfFiHS
Cbzj8rH5yPFazB21IFfMJfegzXvz7OkkUOW+d9qgsDjcBlUI6U8K/WgpEq8m1w8B
7+PrLfw0/n7tg26PJQ4tboKBTIMoS8xfUn2Q+ATPcY5RiM4KIYDfKop+VDg4o8g/
5bOIryWnyQN+u7qeYiQsxHE=
-----END CERTIFICATE-----