Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/3a382a-3dda-4796-b320-3fdfb4140f24/1/2lPCys7-z1VNUB6sPnxv3DExlrc.roa
File:                     2lPCys7-z1VNUB6sPnxv3DExlrc.roa (raw, json)
Hash identifier:          DMC/KbjQQVEW9wFX0cqtqWV7mdXf/6rnZskSXSCyO6M=
Subject key identifier:   DA:53:C2:CA:CE:FE:CF:55:4D:50:1E:AC:3E:7C:6F:DC:31:31:96:B7
Certificate issuer:       /CN=bf809a7e6ca14d0a1a976673e0319e34e956ed3d
Certificate serial:       018CC726C753A6E22F220E3F2A5C6B6C9452
Authority key identifier: BF:80:9A:7E:6C:A1:4D:0A:1A:97:66:73:E0:31:9E:34:E9:56:ED:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v4CafmyhTQoal2Zz4DGeNOlW7T0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/3a382a-3dda-4796-b320-3fdfb4140f24/1/2lPCys7-z1VNUB6sPnxv3DExlrc.roa
Signing time:             Mon 01 Jan 2024 22:30:56 +0000
ROA not before:           Mon 01 Jan 2024 22:30:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35332
IP address blocks:        185.151.96.0/22 maxlen: 24
                          87.236.0.0/21 maxlen: 24
                          194.5.181.0/24 maxlen: 24
                          77.242.112.0/20 maxlen: 24
                          188.92.56.0/21 maxlen: 24
                          37.235.112.0/21 maxlen: 24
                          45.116.184.0/22 maxlen: 24
                          208.88.128.0/22 maxlen: 24
                          185.113.212.0/22 maxlen: 24
                          139.28.200.0/22 maxlen: 24
                          2a00:a000::/32 maxlen: 48
Validation:               Failed, certificate revoked on Tue 27 Feb 2024 09:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:c7:53:a6:e2:2f:22:0e:3f:2a:5c:6b:6c:94:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf809a7e6ca14d0a1a976673e0319e34e956ed3d
        Validity
            Not Before: Jan  1 22:30:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=da53c2cacefecf554d501eac3e7c6fdc313196b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:17:2e:7e:45:f2:4b:7a:8b:4c:ed:ae:a8:4f:
                    ef:05:b2:07:64:40:c1:27:1c:06:e2:c2:c1:d3:29:
                    0c:72:ed:f7:f6:4a:62:3c:8c:28:c3:ae:60:d8:15:
                    c2:ad:6a:44:72:1c:00:c6:28:5c:3c:b4:2c:4c:48:
                    dc:78:85:2b:87:8e:dc:5e:9b:a9:e0:84:7f:9d:22:
                    52:19:3a:c5:3b:98:8d:34:d5:9f:2f:a5:de:e2:fc:
                    bc:58:ec:f9:7a:b4:65:85:1a:ab:7c:e1:62:91:63:
                    a6:7e:49:24:3b:92:30:b1:3c:f8:ac:ea:56:ee:ac:
                    73:a0:73:fb:df:19:35:54:11:57:c1:7d:1a:2f:0f:
                    ed:e7:f4:1c:9a:db:80:89:72:bf:68:a7:35:99:aa:
                    bf:a8:b7:c5:55:41:85:ff:1d:19:a9:a1:77:4a:1c:
                    90:9f:07:a8:af:34:06:d1:aa:14:84:b7:a1:40:93:
                    4e:70:f5:95:d5:ef:49:53:03:bf:01:d5:bb:7c:e9:
                    2f:52:2c:de:d9:5d:3c:93:e4:f6:8d:43:b8:fd:5a:
                    32:d3:37:43:fe:67:9b:05:7a:ee:6d:47:c4:d4:c3:
                    45:cc:fa:38:dc:75:ac:27:d5:ca:16:08:01:f4:0a:
                    a2:63:bb:9a:8a:6d:64:f4:c7:e8:d8:9c:d3:a2:c0:
                    74:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:53:C2:CA:CE:FE:CF:55:4D:50:1E:AC:3E:7C:6F:DC:31:31:96:B7
            X509v3 Authority Key Identifier:
                keyid:BF:80:9A:7E:6C:A1:4D:0A:1A:97:66:73:E0:31:9E:34:E9:56:ED:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v4CafmyhTQoal2Zz4DGeNOlW7T0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/3a382a-3dda-4796-b320-3fdfb4140f24/1/2lPCys7-z1VNUB6sPnxv3DExlrc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/3a382a-3dda-4796-b320-3fdfb4140f24/1/v4CafmyhTQoal2Zz4DGeNOlW7T0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.235.112.0/21
                  45.116.184.0/22
                  77.242.112.0/20
                  87.236.0.0/21
                  139.28.200.0/22
                  185.113.212.0/22
                  185.151.96.0/22
                  188.92.56.0/21
                  194.5.181.0/24
                  208.88.128.0/22
                IPv6:
                  2a00:a000::/32

    Signature Algorithm: sha256WithRSAEncryption
         78:1e:0f:84:d5:e1:6f:95:a5:81:03:ae:e2:67:47:91:96:8d:
         ed:92:60:47:66:a9:d2:8e:de:a1:95:d4:30:29:6b:a0:7d:6b:
         0e:7d:6c:07:e2:9c:84:ba:7b:2b:a7:a5:7b:01:1e:fe:17:f6:
         ac:eb:56:ec:17:1c:14:ec:77:77:8a:c8:8c:dd:c1:75:30:8e:
         de:ba:7d:2d:fd:10:79:b3:a5:b8:37:d3:65:bb:89:e7:14:40:
         c3:0e:03:c0:c7:08:02:81:3d:45:e2:45:8a:7e:a2:89:63:9b:
         63:28:e0:6e:6c:ef:cb:a3:81:09:b3:21:29:0e:5e:b2:14:b0:
         d9:8c:f5:06:5e:d0:66:60:f1:ed:ae:c1:1b:f2:b2:d9:00:f3:
         30:85:88:bb:20:e1:88:75:38:e2:2b:25:c2:be:c9:90:53:17:
         86:f8:4e:46:ab:78:3e:76:07:1b:de:89:03:21:e5:ef:cc:98:
         fc:3e:23:fe:89:0b:66:a0:f0:c2:49:79:20:06:28:57:2d:69:
         25:6f:b4:cc:86:2d:61:a5:4c:22:c3:96:b3:6b:84:73:95:72:
         7c:1f:b8:b7:c7:e1:7f:fc:a4:6f:39:ef:6c:26:fe:2e:64:55:
         bc:d5:db:60:30:ec:7e:7a:0f:cb:6f:7e:b9:97:01:ee:da:65:
         2f:1c:4f:a7
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgISAYzHJsdTpuIvIg4/KlxrbJRSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmODA5YTdlNmNhMTRkMGExYTk3NjY3M2UwMzE5ZTM0ZTk1
NmVkM2QwHhcNMjQwMTAxMjIzMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTUzYzJjYWNlZmVjZjU1NGQ1MDFlYWMzZTdjNmZkYzMxMzE5NmI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtxcufkXyS3qLTO2uqE/vBbIHZEDB
JxwG4sLB0ykMcu339kpiPIwow65g2BXCrWpEchwAxihcPLQsTEjceIUrh47cXpup
4IR/nSJSGTrFO5iNNNWfL6Xe4vy8WOz5erRlhRqrfOFikWOmfkkkO5IwsTz4rOpW
7qxzoHP73xk1VBFXwX0aLw/t5/QcmtuAiXK/aKc1maq/qLfFVUGF/x0ZqaF3ShyQ
nweorzQG0aoUhLehQJNOcPWV1e9JUwO/AdW7fOkvUize2V08k+T2jUO4/Voy0zdD
/mebBXrubUfE1MNFzPo43HWsJ9XKFggB9AqiY7uaim1k9Mfo2JzTosB03QIDAQAB
o4ICTjCCAkowHQYDVR0OBBYEFNpTwsrO/s9VTVAerD58b9wxMZa3MB8GA1UdIwQY
MBaAFL+Amn5soU0KGpdmc+AxnjTpVu09MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjRDYWZteWhUUW9hbDJaejRER2VOT2xXN1QwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS8zYTM4MmEtM2RkYS00Nzk2LWIzMjAt
M2ZkZmI0MTQwZjI0LzEvMmxQQ3lzNy16MVZOVUI2c1BueHYzREV4bHJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS8zYTM4MmEtM2RkYS00Nzk2LWIzMjAtM2ZkZmI0MTQwZjI0
LzEvdjRDYWZteWhUUW9hbDJaejRER2VOT2xXN1QwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGQGCCsGAQUFBwEHAQH/BFUwUzBCBAIAATA8AwQDJetwAwQC
LXS4AwQETfJwAwQDV+wAAwQCixzIAwQCuXHUAwQCuZdgAwQDvFw4AwQAwgW1AwQC
0FiAMA0EAgACMAcDBQAqAKAAMA0GCSqGSIb3DQEBCwUAA4IBAQB4Hg+E1eFvlaWB
A67iZ0eRlo3tkmBHZqnSjt6hldQwKWugfWsOfWwH4pyEunsrp6V7AR7+F/as61bs
FxwU7Hd3isiM3cF1MI7eun0t/RB5s6W4N9Nlu4nnFEDDDgPAxwgCgT1F4kWKfqKJ
Y5tjKOBubO/Lo4EJsyEpDl6yFLDZjPUGXtBmYPHtrsEb8rLZAPMwhYi7IOGIdTji
KyXCvsmQUxeG+E5Gq3g+dgcb3okDIeXvzJj8PiP+iQtmoPDCSXkgBihXLWklb7TM
hi1hpUwiw5aza4RzlXJ8H7i3x+F//KRvOe9sJv4uZFW81dtgMOx+eg/Lb365lwHu
2mUvHE+n
-----END CERTIFICATE-----