Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/2d5bdf-5265-49b8-8afe-2b920bde3990/1/U7z1_GtJbquDgVizSXEqdvKYewY.roa
File:                     U7z1_GtJbquDgVizSXEqdvKYewY.roa (raw, json)
Hash identifier:          pNgDmwJHNLNo6ovXga1j+tnvibVBdYbqWk7Xyb8cs+w=
Subject key identifier:   53:BC:F5:FC:6B:49:6E:AB:83:81:58:B3:49:71:2A:76:F2:98:7B:06
Certificate issuer:       /CN=f51369ccbf86b1e84e1aeb46e6d336d39f752ae7
Certificate serial:       018C1B593A3152E538F04E9E18CCE3DF54BF
Authority key identifier: F5:13:69:CC:BF:86:B1:E8:4E:1A:EB:46:E6:D3:36:D3:9F:75:2A:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9RNpzL-GsehOGutG5tM20591Kuc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/2d5bdf-5265-49b8-8afe-2b920bde3990/1/U7z1_GtJbquDgVizSXEqdvKYewY.roa
Signing time:             Wed 29 Nov 2023 13:51:21 +0000
ROA not before:           Wed 29 Nov 2023 13:51:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     28878
IP address blocks:        80.246.192.0/20 maxlen: 20
                          80.246.194.0/24 maxlen: 24
                          217.21.240.0/20 maxlen: 20
                          37.17.208.0/20 maxlen: 20
                          171.33.128.0/21 maxlen: 21
                          81.30.32.0/20 maxlen: 20
                          78.108.128.0/20 maxlen: 20
                          176.74.224.0/19 maxlen: 19
                          80.255.240.0/20 maxlen: 20
                          185.15.248.0/22 maxlen: 22
                          217.149.128.0/20 maxlen: 20
                          81.21.136.0/21 maxlen: 21
                          31.223.160.0/20 maxlen: 20
                          85.10.160.0/19 maxlen: 24
                          141.255.176.0/22 maxlen: 24
                          2001:4cb8::/29 maxlen: 48

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 10:32:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:1b:59:3a:31:52:e5:38:f0:4e:9e:18:cc:e3:df:54:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f51369ccbf86b1e84e1aeb46e6d336d39f752ae7
        Validity
            Not Before: Nov 29 13:51:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=53bcf5fc6b496eab838158b349712a76f2987b06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:ad:27:77:db:0b:d7:ca:c1:96:1e:17:09:f2:
                    f1:fd:f3:db:79:b2:12:e5:26:2c:eb:e0:47:eb:28:
                    bb:0c:5a:49:f5:42:c1:d1:7a:61:d8:61:e2:fb:5b:
                    ef:6c:f8:87:c7:8e:7f:d7:4b:e7:52:f6:d4:88:87:
                    ce:a6:c5:f7:4e:8d:09:42:3d:24:f8:a3:e7:43:9c:
                    9c:ee:87:8f:49:0c:69:f7:dc:b8:fb:0d:bc:f9:bd:
                    a0:4f:81:7f:03:f8:ff:9d:d0:a4:b7:1f:c6:0d:e0:
                    52:8e:04:83:06:69:f4:35:34:60:b8:5b:8b:1d:83:
                    a8:2b:05:b4:1b:03:bf:8e:bf:ae:68:5b:da:62:c9:
                    2c:c7:24:6f:68:80:28:ce:2a:94:9f:a8:c3:c6:90:
                    0a:df:f8:9b:ca:b6:a1:b3:1e:4e:14:e8:ac:4d:0d:
                    5c:97:42:5c:a5:e6:a2:e0:fc:29:f1:d7:18:5a:97:
                    55:50:ad:f6:9e:56:52:b6:bf:97:d7:7c:24:f3:22:
                    dc:02:06:4b:80:6b:54:e8:e6:8c:ea:4f:70:34:8d:
                    2b:79:31:60:bf:b5:50:f4:23:a5:97:43:ae:6c:b8:
                    33:b9:59:74:32:b6:fd:ae:31:7f:90:81:b0:54:7d:
                    66:65:d9:a7:b0:b4:4d:ae:23:c4:f8:6b:56:09:19:
                    1d:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:BC:F5:FC:6B:49:6E:AB:83:81:58:B3:49:71:2A:76:F2:98:7B:06
            X509v3 Authority Key Identifier:
                keyid:F5:13:69:CC:BF:86:B1:E8:4E:1A:EB:46:E6:D3:36:D3:9F:75:2A:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9RNpzL-GsehOGutG5tM20591Kuc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/2d5bdf-5265-49b8-8afe-2b920bde3990/1/U7z1_GtJbquDgVizSXEqdvKYewY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/2d5bdf-5265-49b8-8afe-2b920bde3990/1/9RNpzL-GsehOGutG5tM20591Kuc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.223.160.0/20
                  37.17.208.0/20
                  78.108.128.0/20
                  80.246.192.0/20
                  80.255.240.0/20
                  81.21.136.0/21
                  81.30.32.0/20
                  85.10.160.0/19
                  141.255.176.0/22
                  171.33.128.0/21
                  176.74.224.0/19
                  185.15.248.0/22
                  217.21.240.0/20
                  217.149.128.0/20
                IPv6:
                  2001:4cb8::/29

    Signature Algorithm: sha256WithRSAEncryption
         b6:ea:a3:06:73:dd:ff:b8:cd:1f:30:96:9d:13:4e:da:08:30:
         5c:23:22:32:a1:0f:1c:16:1f:35:e9:30:cd:51:2a:0a:71:b5:
         b1:80:a6:f9:de:c4:70:86:08:b0:d8:e9:5e:d2:2e:4d:4b:5d:
         5d:62:b2:0c:22:53:1f:ca:b3:f7:45:99:10:24:42:0c:ad:75:
         f3:b7:7e:88:39:41:f0:00:7a:19:31:c8:31:09:f0:25:23:8f:
         c0:e0:76:7e:59:6a:1c:f7:f0:eb:ae:c0:4f:4e:3c:ee:77:77:
         3d:3f:7a:08:ac:b1:fc:c5:e0:88:93:16:03:31:3a:50:d9:b2:
         44:17:d3:49:88:69:e3:4e:af:9a:66:4e:59:2f:50:e5:37:5b:
         3e:fc:7f:9f:43:53:c8:8c:d1:0f:28:36:bc:9b:9f:51:e7:6f:
         4a:f9:5b:23:bc:a2:d8:eb:09:5e:f9:29:1b:29:d5:3a:c6:a1:
         e8:b5:f4:4b:74:83:12:16:98:a8:36:83:72:ae:a1:27:b0:53:
         1c:be:53:1d:6f:b8:cd:d3:7b:3c:b3:fd:e7:b6:21:40:15:04:
         66:6f:19:9f:f5:10:7e:5e:a5:f5:80:19:79:1e:67:c5:f8:cf:
         c1:ac:94:78:13:7b:b4:3c:62:55:83:f9:a3:9b:33:2c:0f:d6:
         30:e9:1a:60
-----BEGIN CERTIFICATE-----
MIIFWjCCBEKgAwIBAgISAYwbWToxUuU48E6eGMzj31S/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1MTM2OWNjYmY4NmIxZTg0ZTFhZWI0NmU2ZDMzNmQzOWY3
NTJhZTcwHhcNMjMxMTI5MTM1MTIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2JjZjVmYzZiNDk2ZWFiODM4MTU4YjM0OTcxMmE3NmYyOTg3YjA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1q0nd9sL18rBlh4XCfLx/fPbebIS
5SYs6+BH6yi7DFpJ9ULB0Xph2GHi+1vvbPiHx45/10vnUvbUiIfOpsX3To0JQj0k
+KPnQ5yc7oePSQxp99y4+w28+b2gT4F/A/j/ndCktx/GDeBSjgSDBmn0NTRguFuL
HYOoKwW0GwO/jr+uaFvaYsksxyRvaIAoziqUn6jDxpAK3/ibyrahsx5OFOisTQ1c
l0Jcpeai4Pwp8dcYWpdVUK32nlZStr+X13wk8yLcAgZLgGtU6OaM6k9wNI0reTFg
v7VQ9COll0OubLgzuVl0Mrb9rjF/kIGwVH1mZdmnsLRNriPE+GtWCRkdZQIDAQAB
o4ICZjCCAmIwHQYDVR0OBBYEFFO89fxrSW6rg4FYs0lxKnbymHsGMB8GA1UdIwQY
MBaAFPUTacy/hrHoThrrRubTNtOfdSrnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVJOcHpMLUdzZWhPR3V0RzV0TTIwNTkxS3VjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi8yZDViZGYtNTI2NS00OWI4LThhZmUt
MmI5MjBiZGUzOTkwLzEvVTd6MV9HdEpicXVEZ1ZpelNYRXFkdktZZXdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi8yZDViZGYtNTI2NS00OWI4LThhZmUtMmI5MjBiZGUzOTkw
LzEvOVJOcHpMLUdzZWhPR3V0RzV0TTIwNTkxS3VjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHwGCCsGAQUFBwEHAQH/BG0wazBaBAIAATBUAwQEH9+gAwQE
JRHQAwQETmyAAwQEUPbAAwQEUP/wAwQDURWIAwQEUR4gAwQFVQqgAwQCjf+wAwQD
qyGAAwQFsErgAwQCuQ/4AwQE2RXwAwQE2ZWAMA0EAgACMAcDBQMgAUy4MA0GCSqG
SIb3DQEBCwUAA4IBAQC26qMGc93/uM0fMJadE07aCDBcIyIyoQ8cFh816TDNUSoK
cbWxgKb53sRwhgiw2Ole0i5NS11dYrIMIlMfyrP3RZkQJEIMrXXzt36IOUHwAHoZ
McgxCfAlI4/A4HZ+WWoc9/DrrsBPTjzud3c9P3oIrLH8xeCIkxYDMTpQ2bJEF9NJ
iGnjTq+aZk5ZL1DlN1s+/H+fQ1PIjNEPKDa8m59R529K+VsjvKLY6wle+SkbKdU6
xqHotfRLdIMSFpioNoNyrqEnsFMcvlMdb7jN03s8s/3ntiFAFQRmbxmf9RB+XqX1
gBl5HmfF+M/BrJR4E3u0PGJVg/mjmzMsD9Yw6Rpg
-----END CERTIFICATE-----