Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/d67b7b-c798-4901-80f9-e3834516fc08/1/HijqzSCTg8WBFR2x3IVg0VZYaeM.roa
File:                     HijqzSCTg8WBFR2x3IVg0VZYaeM.roa (raw, json)
Hash identifier:          cGCTkDQuQCbxBJHVoNwue1KKwTliHtTpvcbV+8bF3Nc=
Subject key identifier:   1E:28:EA:CD:20:93:83:C5:81:15:1D:B1:DC:85:60:D1:56:58:69:E3
Certificate issuer:       /CN=58d2d2715f43f747bea762dce166bca4b8e965eb
Certificate serial:       018D1BA36D07A5D249E542D08123FF3CC294
Authority key identifier: 58:D2:D2:71:5F:43:F7:47:BE:A7:62:DC:E1:66:BC:A4:B8:E9:65:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WNLScV9D90e-p2Lc4Wa8pLjpZes.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/d67b7b-c798-4901-80f9-e3834516fc08/1/HijqzSCTg8WBFR2x3IVg0VZYaeM.roa
Signing time:             Thu 18 Jan 2024 08:15:11 +0000
ROA not before:           Thu 18 Jan 2024 08:15:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8560
IP address blocks:        85.215.32.0/19 maxlen: 24
                          85.215.64.0/20 maxlen: 24
                          85.215.128.0/21 maxlen: 24
                          85.215.160.0/19 maxlen: 24
                          85.215.192.0/21 maxlen: 24
                          85.215.200.0/22 maxlen: 24
                          85.215.204.0/22 maxlen: 24
                          85.215.208.0/21 maxlen: 24
                          85.215.216.0/22 maxlen: 24
                          85.215.220.0/22 maxlen: 24
                          85.215.224.0/20 maxlen: 24
                          85.215.240.0/22 maxlen: 24
                          85.215.248.0/22 maxlen: 24
                          185.56.148.0/22 maxlen: 24
                          2a01:239:100::/40 maxlen: 48
                          2a01:239:200::/39 maxlen: 48

Validation:               Failed, certificate revoked on Thu 01 Feb 2024 11:18:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:1b:a3:6d:07:a5:d2:49:e5:42:d0:81:23:ff:3c:c2:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58d2d2715f43f747bea762dce166bca4b8e965eb
        Validity
            Not Before: Jan 18 08:15:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1e28eacd209383c581151db1dc8560d1565869e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:70:b9:84:71:73:6b:10:d8:42:e8:2c:e2:92:
                    3f:59:f8:d2:15:4d:d7:96:87:02:56:61:02:e6:d8:
                    29:de:7d:54:ea:ff:46:4a:b2:be:5d:8c:27:ab:c9:
                    8d:bf:4b:83:b1:a1:d7:90:fd:30:39:e6:47:f4:c7:
                    bb:ab:3f:0e:ba:7b:d3:8c:a7:b5:31:06:a7:15:8a:
                    b8:8c:42:1a:b6:96:22:81:9f:c1:82:bb:80:0c:71:
                    5e:31:c3:a0:cb:b2:e5:46:94:57:a3:2a:de:da:22:
                    b4:50:4a:8b:5c:3a:c3:a4:6a:5b:85:ab:90:08:b5:
                    a6:cd:f0:1d:1e:96:9b:46:51:0b:39:5b:4f:dd:24:
                    fc:5f:48:35:b8:e3:96:5b:d2:20:14:fe:fa:cb:4d:
                    0e:63:f0:f5:9c:2c:06:cb:54:cc:ec:9e:c8:70:ea:
                    c0:de:16:47:e5:ed:b0:1a:d2:ee:56:03:00:d1:5e:
                    29:e4:39:60:4e:1e:9f:11:ea:49:23:42:3f:a1:23:
                    31:b4:13:64:bf:82:aa:e7:9c:48:4a:18:70:78:6f:
                    08:1e:8c:f9:72:53:c8:be:54:b9:69:49:ff:e2:36:
                    7e:74:32:3c:3e:b9:d8:d6:ae:1c:41:65:b1:37:cc:
                    7e:76:b9:86:82:f5:cc:ba:74:6e:4e:7a:42:c9:0e:
                    90:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:28:EA:CD:20:93:83:C5:81:15:1D:B1:DC:85:60:D1:56:58:69:E3
            X509v3 Authority Key Identifier:
                keyid:58:D2:D2:71:5F:43:F7:47:BE:A7:62:DC:E1:66:BC:A4:B8:E9:65:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WNLScV9D90e-p2Lc4Wa8pLjpZes.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/d67b7b-c798-4901-80f9-e3834516fc08/1/HijqzSCTg8WBFR2x3IVg0VZYaeM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/d67b7b-c798-4901-80f9-e3834516fc08/1/WNLScV9D90e-p2Lc4Wa8pLjpZes.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.215.32.0-85.215.79.255
                  85.215.128.0/21
                  85.215.160.0-85.215.243.255
                  85.215.248.0/22
                  185.56.148.0/22
                IPv6:
                  2a01:239:100::-2a01:239:3ff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         5c:85:60:3b:37:77:c3:ab:c7:0a:51:d5:cd:a6:91:62:f8:cd:
         72:f1:c3:f5:df:15:c5:d5:50:6a:29:bc:a4:79:90:21:04:c3:
         40:e8:57:9c:29:bb:38:16:f1:ad:63:73:58:6b:4f:a3:a3:d4:
         cb:b0:a0:62:05:2b:5a:cd:af:c4:cc:63:9c:3e:08:6c:89:9a:
         4d:c3:4a:74:bd:78:a4:a0:83:ff:3b:48:b6:a1:6c:d3:16:81:
         b3:fd:c3:ed:a2:c5:e0:fe:f6:bc:bb:24:4a:92:1c:78:50:27:
         fa:d1:3f:90:f7:95:ff:d7:f1:06:96:fd:4a:99:d5:2c:32:6c:
         e1:c1:30:85:e3:48:91:e2:25:3d:f7:7e:4b:d5:58:7f:5a:0b:
         5e:bd:45:80:6e:6e:f4:54:2f:de:5d:fd:24:51:00:6f:34:c8:
         e2:13:87:d5:f4:0c:28:78:49:8a:5d:c4:f8:e8:07:77:5d:53:
         ff:9f:b7:27:a8:1d:a5:80:2b:76:e1:93:97:28:f8:41:14:ed:
         80:04:c3:d4:d0:aa:d5:69:8c:99:dc:82:9c:66:27:ec:74:39:
         1b:aa:bb:9e:9b:d3:60:97:87:ce:6b:a7:4d:8d:1c:cf:f2:d1:
         e6:40:7c:fc:35:dd:07:1a:b5:06:70:0a:97:5b:f3:10:b4:11:
         aa:54:73:9e
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAY0bo20HpdJJ5ULQgSP/PMKUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ZDJkMjcxNWY0M2Y3NDdiZWE3NjJkY2UxNjZiY2E0Yjhl
OTY1ZWIwHhcNMjQwMTE4MDgxNTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTI4ZWFjZDIwOTM4M2M1ODExNTFkYjFkYzg1NjBkMTU2NTg2OWUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjHC5hHFzaxDYQugs4pI/WfjSFU3X
locCVmEC5tgp3n1U6v9GSrK+XYwnq8mNv0uDsaHXkP0wOeZH9Me7qz8OunvTjKe1
MQanFYq4jEIatpYigZ/BgruADHFeMcOgy7LlRpRXoyre2iK0UEqLXDrDpGpbhauQ
CLWmzfAdHpabRlELOVtP3ST8X0g1uOOWW9IgFP76y00OY/D1nCwGy1TM7J7IcOrA
3hZH5e2wGtLuVgMA0V4p5DlgTh6fEepJI0I/oSMxtBNkv4Kq55xIShhweG8IHoz5
clPIvlS5aUn/4jZ+dDI8PrnY1q4cQWWxN8x+drmGgvXMunRuTnpCyQ6QCwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFB4o6s0gk4PFgRUdsdyFYNFWWGnjMB8GA1UdIwQY
MBaAFFjS0nFfQ/dHvqdi3OFmvKS46WXrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV05MU2NWOUQ5MGUtcDJMYzRXYThwTGpwWmVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9kNjdiN2ItYzc5OC00OTAxLTgwZjkt
ZTM4MzQ1MTZmYzA4LzEvSGlqcXpTQ1RnOFdCRlIyeDNJVmcwVlpZYWVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9kNjdiN2ItYzc5OC00OTAxLTgwZjktZTM4MzQ1MTZmYzA4
LzEvV05MU2NWOUQ5MGUtcDJMYzRXYThwTGpwWmVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDA0BAIAATAuMAwDBAVV1yAD
BARV10ADBANV14AwDAMEBVXXoAMEAlXX8AMEAlXX+AMEArk4lDAYBAIAAjASMBAD
BgAqAQI5AQMGAioBAjkAMA0GCSqGSIb3DQEBCwUAA4IBAQBchWA7N3fDq8cKUdXN
ppFi+M1y8cP13xXF1VBqKbykeZAhBMNA6FecKbs4FvGtY3NYa0+jo9TLsKBiBSta
za/EzGOcPghsiZpNw0p0vXikoIP/O0i2oWzTFoGz/cPtosXg/va8uyRKkhx4UCf6
0T+Q95X/1/EGlv1KmdUsMmzhwTCF40iR4iU9935L1Vh/WgtevUWAbm70VC/eXf0k
UQBvNMjiE4fV9AwoeEmKXcT46Ad3XVP/n7cnqB2lgCt24ZOXKPhBFO2ABMPU0KrV
aYyZ3IKcZifsdDkbqruem9Ngl4fOa6dNjRzP8tHmQHz8Nd0HGrUGcAqXW/MQtBGq
VHOe
-----END CERTIFICATE-----