Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/NtAZLZOUDrniKxp_6fQu83vUSdU.roa
File:                     NtAZLZOUDrniKxp_6fQu83vUSdU.roa (raw, json)
Hash identifier:          vYgxyYDEbxxGP/46Ne7TyAsMSKcw9Nkieu4la2GtboA=
Subject key identifier:   36:D0:19:2D:93:94:0E:B9:E2:2B:1A:7F:E9:F4:2E:F3:7B:D4:49:D5
Certificate issuer:       /CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
Certificate serial:       0191A90FFC4C4FB1F081B2B2A5949C8B4411
Authority key identifier: 65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/NtAZLZOUDrniKxp_6fQu83vUSdU.roa
Signing time:             Sat 31 Aug 2024 15:31:22 +0000
ROA not before:           Sat 31 Aug 2024 15:31:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44620
IP address blocks:        195.216.160.0/24 maxlen: 24
                          195.216.161.0/24 maxlen: 24
                          213.182.197.0/24 maxlen: 24
                          213.182.198.0/24 maxlen: 24
                          213.182.201.0/24 maxlen: 24
                          213.182.205.0/24 maxlen: 24
                          213.182.212.0/24 maxlen: 24
                          213.182.213.0/24 maxlen: 24
                          213.182.214.0/24 maxlen: 24
                          213.182.215.0/24 maxlen: 24
                          213.182.217.0/24 maxlen: 24
                          213.182.219.0/24 maxlen: 24
                          213.182.220.0/24 maxlen: 24
                          213.182.221.0/24 maxlen: 24
                          213.182.222.0/24 maxlen: 24
                          213.182.223.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 04 Sep 2024 07:23:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:a9:0f:fc:4c:4f:b1:f0:81:b2:b2:a5:94:9c:8b:44:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
        Validity
            Not Before: Aug 31 15:31:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=36d0192d93940eb9e22b1a7fe9f42ef37bd449d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:df:04:ef:17:50:71:7d:ae:ea:8d:5c:51:1b:
                    03:cc:8d:96:ad:08:f2:1e:06:9c:a7:41:35:77:f7:
                    a4:8a:f6:b8:59:e3:58:12:94:c9:c6:92:c2:2c:6e:
                    e1:c6:30:d2:cf:26:25:3d:3f:d7:84:0a:c4:29:cf:
                    fa:9e:43:6f:9c:90:a0:ca:95:cb:ab:0e:7b:82:d0:
                    af:f8:37:a5:35:0a:b6:23:85:59:ca:cd:f2:2c:c3:
                    1a:5d:f8:68:26:06:c9:5a:fe:7e:66:fb:f2:2e:e2:
                    aa:9e:8d:0d:c0:3e:0b:08:80:b1:84:5c:9a:64:bb:
                    71:a8:77:7d:1d:1e:36:92:92:db:c4:6c:cd:30:a0:
                    cd:70:54:cf:0d:a4:ea:1b:10:96:30:ae:5d:86:03:
                    e2:80:b7:dc:20:e0:93:eb:6d:16:96:53:26:a5:31:
                    46:07:1e:60:86:2c:e6:79:67:c8:3b:72:ee:11:e6:
                    e1:08:9e:6e:0c:8e:93:7f:62:c5:71:15:c0:d8:1c:
                    5c:02:44:84:59:64:b6:78:07:22:ba:7d:65:34:8b:
                    59:68:dd:a9:8f:3c:e2:24:f3:8e:e1:d5:4f:5f:2e:
                    6b:87:7b:39:be:c7:b9:c6:45:02:60:55:fd:a9:35:
                    c1:29:ec:26:35:00:d4:f2:7d:7b:52:1c:cf:03:1a:
                    bd:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:D0:19:2D:93:94:0E:B9:E2:2B:1A:7F:E9:F4:2E:F3:7B:D4:49:D5
            X509v3 Authority Key Identifier:
                keyid:65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/NtAZLZOUDrniKxp_6fQu83vUSdU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.216.160.0/23
                  213.182.197.0-213.182.198.255
                  213.182.201.0/24
                  213.182.205.0/24
                  213.182.212.0/22
                  213.182.217.0/24
                  213.182.219.0-213.182.223.255

    Signature Algorithm: sha256WithRSAEncryption
         8c:d9:a9:21:f6:18:d9:16:16:fc:cb:30:2c:df:b5:4f:c4:b1:
         e8:cc:42:5b:9f:04:e3:6d:aa:bd:ec:3d:79:e2:3b:33:7c:b5:
         6c:8e:ee:66:a5:fd:da:5f:f2:c6:ea:e6:3f:8e:8f:c3:c1:68:
         97:47:33:ab:12:34:ab:27:da:a7:09:b6:d5:fb:5a:76:3a:75:
         06:c2:79:8a:85:46:1a:d3:65:91:00:51:93:20:56:93:96:ea:
         f9:ab:b9:77:7e:15:1a:1e:6f:79:c8:3f:d1:97:dd:15:06:dc:
         1e:3c:62:ab:46:b4:33:de:92:64:dc:2f:cf:14:ef:a5:59:f7:
         a1:e2:31:8e:44:e6:8d:e8:12:ac:cd:de:23:18:91:bd:12:63:
         a8:9c:81:e1:f7:86:06:61:e6:e8:34:7e:df:77:4e:3c:11:f3:
         36:c0:16:22:b6:10:10:d7:6c:5a:40:b1:3e:45:95:82:21:25:
         d4:8a:ea:3d:df:9e:ee:7b:8f:2f:99:df:a6:df:5f:5b:79:d8:
         bd:81:e3:17:ef:1b:40:6b:92:8a:8d:31:50:0c:24:b5:94:bb:
         bb:c2:53:b4:e7:12:f7:f2:17:a0:c2:0e:33:fe:e7:a3:f1:3c:
         8f:22:ae:e0:cb:2c:49:bc:61:5b:60:47:51:a9:c3:d0:0b:85:
         2d:2e:85:44
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAZGpD/xMT7HwgbKypZSci0QRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YjdkNjY5OTgzNWJmZTlhODA4MWRmYzExNGRmMWJmNmQy
MTVkYTcwHhcNMjQwODMxMTUzMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmQwMTkyZDkzOTQwZWI5ZTIyYjFhN2ZlOWY0MmVmMzdiZDQ0OWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArN8E7xdQcX2u6o1cURsDzI2WrQjy
Hgacp0E1d/ekiva4WeNYEpTJxpLCLG7hxjDSzyYlPT/XhArEKc/6nkNvnJCgypXL
qw57gtCv+DelNQq2I4VZys3yLMMaXfhoJgbJWv5+ZvvyLuKqno0NwD4LCICxhFya
ZLtxqHd9HR42kpLbxGzNMKDNcFTPDaTqGxCWMK5dhgPigLfcIOCT620WllMmpTFG
Bx5ghizmeWfIO3LuEebhCJ5uDI6Tf2LFcRXA2BxcAkSEWWS2eAciun1lNItZaN2p
jzziJPOO4dVPXy5rh3s5vse5xkUCYFX9qTXBKewmNQDU8n17UhzPAxq9KwIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFDbQGS2TlA654isaf+n0LvN71EnVMB8GA1UdIwQY
MBaAFGW31mmYNb/pqAgd/BFN8b9tIV2nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDct
OWU0MTNlYmY0MmYzLzEvTnRBWkxaT1VEcm5pS3hwXzZmUXU4M3ZVU2RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDctOWU0MTNlYmY0MmYz
LzEvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjBABAIAATA6AwQBw9igMAwD
BADVtsUDBADVtsYDBADVtskDBADVts0DBALVttQDBADVttkwDAMEANW22wMEBdW2
wDANBgkqhkiG9w0BAQsFAAOCAQEAjNmpIfYY2RYW/MswLN+1T8Sx6MxCW58E422q
vew9eeI7M3y1bI7uZqX92l/yxurmP46Pw8Fol0czqxI0qyfapwm21ftadjp1BsJ5
ioVGGtNlkQBRkyBWk5bq+au5d34VGh5vecg/0ZfdFQbcHjxiq0a0M96SZNwvzxTv
pVn3oeIxjkTmjegSrM3eIxiRvRJjqJyB4feGBmHm6DR+33dOPBHzNsAWIrYQENds
WkCxPkWVgiEl1IrqPd+e7nuPL5nfpt9fW3nYvYHjF+8bQGuSio0xUAwktZS7u8JT
tOcS9/IXoMIOM/7no/E8jyKu4MssSbxhW2BHUanD0AuFLS6FRA==
-----END CERTIFICATE-----