Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/a04da6-9887-42a5-8ed7-94e5d49cc628/1/0rZLMfzGL3O7zH2oltb_Bs3l2eU.roa
File:                     0rZLMfzGL3O7zH2oltb_Bs3l2eU.roa (raw, json)
Hash identifier:          oltl0m6mVPY0EYVbqeI5U8pTNzuucL28reU/eA1RBYE=
Subject key identifier:   D2:B6:4B:31:FC:C6:2F:73:BB:CC:7D:A8:96:D6:FF:06:CD:E5:D9:E5
Certificate issuer:       /CN=2875f185823dbc6a82d105b3ca16077db5729377
Certificate serial:       018CC4254BAF3B53D78FB34FEDED424051D0
Authority key identifier: 28:75:F1:85:82:3D:BC:6A:82:D1:05:B3:CA:16:07:7D:B5:72:93:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KHXxhYI9vGqC0QWzyhYHfbVyk3c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/a04da6-9887-42a5-8ed7-94e5d49cc628/1/0rZLMfzGL3O7zH2oltb_Bs3l2eU.roa
Signing time:             Mon 01 Jan 2024 08:30:27 +0000
ROA not before:           Mon 01 Jan 2024 08:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31472
IP address blocks:        185.91.41.0/24 maxlen: 24
                          185.91.40.0/22 maxlen: 22
                          185.60.4.0/22 maxlen: 22
                          149.19.176.0/22 maxlen: 22
                          195.206.184.0/21 maxlen: 21
                          185.86.20.0/22 maxlen: 22
                          185.34.80.0/22 maxlen: 22
                          185.61.88.0/22 maxlen: 22
                          37.157.48.0/21 maxlen: 21
                          185.2.76.0/23 maxlen: 23
                          185.2.76.0/22 maxlen: 22
                          2a00:b840:1::/48 maxlen: 48
                          2a00:b840::/29 maxlen: 29
Validation:               Failed, certificate revoked on Mon 25 Mar 2024 09:41:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:4b:af:3b:53:d7:8f:b3:4f:ed:ed:42:40:51:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2875f185823dbc6a82d105b3ca16077db5729377
        Validity
            Not Before: Jan  1 08:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d2b64b31fcc62f73bbcc7da896d6ff06cde5d9e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:46:2c:7f:48:cf:ad:cc:63:97:84:c3:d3:b1:
                    6e:78:37:97:06:a3:e1:20:23:f2:6a:b0:c9:95:38:
                    c7:41:03:46:f0:19:ac:aa:76:aa:42:49:4b:f5:15:
                    a9:49:3b:8c:c1:c4:67:dc:17:21:79:2e:bb:ac:df:
                    0d:9a:e5:13:db:45:e0:9e:a8:52:d9:a9:b1:f6:42:
                    54:3c:76:15:fd:c2:29:5a:06:3f:6e:86:9d:7f:08:
                    7f:59:3e:04:81:21:0d:42:a2:2b:f7:24:7f:e4:33:
                    b2:16:78:ce:33:3d:9b:e6:15:8b:e5:7a:c1:be:22:
                    c6:09:a2:79:1a:e8:f5:b4:1f:2c:e0:10:d5:f8:97:
                    5a:42:d7:54:36:fe:1e:02:75:ca:0e:68:d9:d8:27:
                    05:2a:72:94:28:97:b5:a9:1a:99:e3:c8:ff:49:77:
                    28:4c:cf:9a:aa:25:9d:e0:4c:61:57:dc:40:3f:6d:
                    1b:7f:04:bf:a5:b7:fd:97:71:5d:7d:6c:be:f0:32:
                    1c:57:5c:2c:87:65:3d:cd:75:49:e9:7a:56:6a:fa:
                    a0:26:9c:65:12:95:f7:da:4d:f1:97:7f:86:9e:11:
                    d7:5c:16:fd:94:08:d9:5a:1c:bb:9e:80:07:09:d0:
                    96:a2:e3:81:42:3e:c9:89:da:4a:3a:c5:e5:11:d2:
                    37:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:B6:4B:31:FC:C6:2F:73:BB:CC:7D:A8:96:D6:FF:06:CD:E5:D9:E5
            X509v3 Authority Key Identifier:
                keyid:28:75:F1:85:82:3D:BC:6A:82:D1:05:B3:CA:16:07:7D:B5:72:93:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KHXxhYI9vGqC0QWzyhYHfbVyk3c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/a04da6-9887-42a5-8ed7-94e5d49cc628/1/0rZLMfzGL3O7zH2oltb_Bs3l2eU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/a04da6-9887-42a5-8ed7-94e5d49cc628/1/KHXxhYI9vGqC0QWzyhYHfbVyk3c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.157.48.0/21
                  149.19.176.0/22
                  185.2.76.0/22
                  185.34.80.0/22
                  185.60.4.0/22
                  185.61.88.0/22
                  185.86.20.0/22
                  185.91.40.0/22
                  195.206.184.0/21
                IPv6:
                  2a00:b840::/29

    Signature Algorithm: sha256WithRSAEncryption
         80:1c:d2:15:10:5e:7c:a9:36:b5:af:3d:57:3b:20:c5:18:90:
         54:ff:9a:ee:5b:8f:e6:ac:3e:45:60:fe:6c:13:99:bf:86:b6:
         0f:16:36:bd:fa:9a:b6:eb:2d:c2:41:9e:f4:c6:08:51:43:ff:
         f8:f4:8d:f8:b1:df:19:d7:87:f2:1e:94:aa:a1:78:a7:e2:24:
         a1:06:fd:a2:8d:b0:42:8a:47:30:c6:bd:ab:a4:f7:19:39:db:
         aa:87:21:01:bc:a1:02:8d:20:6b:c1:d0:dc:f9:3d:b3:4e:7d:
         9f:26:ec:65:3b:36:0f:cd:ee:f8:02:7f:77:16:34:f1:31:27:
         de:ed:f2:06:4f:71:53:f1:e6:e9:35:8c:d8:1f:38:f5:b9:74:
         cd:0e:8a:2a:72:95:44:d6:70:f0:63:84:ab:b0:4c:c4:24:7a:
         34:1e:6c:95:93:3d:f0:24:c6:3c:c5:c5:c8:a1:22:0c:fc:13:
         2a:86:ed:f2:f3:ba:2a:5c:93:0f:22:4c:d2:cb:da:c8:3e:f5:
         a8:31:a9:84:56:ed:9a:f7:99:da:17:b5:2e:8f:2a:92:b6:e3:
         31:43:16:24:91:d7:81:9e:57:f8:2a:77:0a:2b:db:8c:99:0a:
         72:50:de:7a:48:eb:b2:e0:5b:08:55:9e:7d:23:d5:23:13:91:
         62:d2:65:6a
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAYzEJUuvO1PXj7NP7e1CQFHQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4NzVmMTg1ODIzZGJjNmE4MmQxMDViM2NhMTYwNzdkYjU3
MjkzNzcwHhcNMjQwMTAxMDgzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmI2NGIzMWZjYzYyZjczYmJjYzdkYTg5NmQ2ZmYwNmNkZTVkOWU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhUYsf0jPrcxjl4TD07FueDeXBqPh
ICPyarDJlTjHQQNG8BmsqnaqQklL9RWpSTuMwcRn3BcheS67rN8NmuUT20XgnqhS
2amx9kJUPHYV/cIpWgY/boadfwh/WT4EgSENQqIr9yR/5DOyFnjOMz2b5hWL5XrB
viLGCaJ5Guj1tB8s4BDV+JdaQtdUNv4eAnXKDmjZ2CcFKnKUKJe1qRqZ48j/SXco
TM+aqiWd4ExhV9xAP20bfwS/pbf9l3FdfWy+8DIcV1wsh2U9zXVJ6XpWavqgJpxl
EpX32k3xl3+GnhHXXBb9lAjZWhy7noAHCdCWouOBQj7JidpKOsXlEdI3YwIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFNK2SzH8xi9zu8x9qJbW/wbN5dnlMB8GA1UdIwQY
MBaAFCh18YWCPbxqgtEFs8oWB321cpN3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0hYeGhZSTl2R3FDMFFXenloWUhmYlZ5azNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9hMDRkYTYtOTg4Ny00MmE1LThlZDct
OTRlNWQ0OWNjNjI4LzEvMHJaTE1mekdMM083ekgyb2x0Yl9CczNsMmVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9hMDRkYTYtOTg4Ny00MmE1LThlZDctOTRlNWQ0OWNjNjI4
LzEvS0hYeGhZSTl2R3FDMFFXenloWUhmYlZ5azNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQDJZ0wAwQC
lROwAwQCuQJMAwQCuSJQAwQCuTwEAwQCuT1YAwQCuVYUAwQCuVsoAwQDw864MA0E
AgACMAcDBQMqALhAMA0GCSqGSIb3DQEBCwUAA4IBAQCAHNIVEF58qTa1rz1XOyDF
GJBU/5ruW4/mrD5FYP5sE5m/hrYPFja9+pq26y3CQZ70xghRQ//49I34sd8Z14fy
HpSqoXin4iShBv2ijbBCikcwxr2rpPcZOduqhyEBvKECjSBrwdDc+T2zTn2fJuxl
OzYPze74An93FjTxMSfe7fIGT3FT8ebpNYzYHzj1uXTNDooqcpVE1nDwY4SrsEzE
JHo0HmyVkz3wJMY8xcXIoSIM/BMqhu3y87oqXJMPIkzSy9rIPvWoMamEVu2a95na
F7UujyqStuMxQxYkkdeBnlf4KncKK9uMmQpyUN56SOuy4FsIVZ59I9UjE5Fi0mVq
-----END CERTIFICATE-----