Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/2d5bdf-5265-49b8-8afe-2b920bde3990/1/wqk8SUG7ZF_-oneY2qlnZLgeFfc.roa
File:                     wqk8SUG7ZF_-oneY2qlnZLgeFfc.roa (raw, json)
Hash identifier:          X6E0MWyPwATOF8VrCveIRrN6C+PVuQ2Z0gu0ebFgx1c=
Subject key identifier:   C2:A9:3C:49:41:BB:64:5F:FE:A2:77:98:DA:A9:67:64:B8:1E:15:F7
Certificate issuer:       /CN=f51369ccbf86b1e84e1aeb46e6d336d39f752ae7
Certificate serial:       018D45C4C435B1C5FA5F27ED6F92572C8AB0
Authority key identifier: F5:13:69:CC:BF:86:B1:E8:4E:1A:EB:46:E6:D3:36:D3:9F:75:2A:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9RNpzL-GsehOGutG5tM20591Kuc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/2d5bdf-5265-49b8-8afe-2b920bde3990/1/wqk8SUG7ZF_-oneY2qlnZLgeFfc.roa
Signing time:             Fri 26 Jan 2024 12:35:39 +0000
ROA not before:           Fri 26 Jan 2024 12:35:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21155
IP address blocks:        80.84.224.0/19 maxlen: 19
                          81.4.64.0/19 maxlen: 19
                          81.4.96.0/22 maxlen: 22
                          81.4.112.0/22 maxlen: 22
                          81.4.116.0/22 maxlen: 22
                          83.96.128.0/17 maxlen: 17
                          85.158.248.0/22 maxlen: 22
                          85.158.252.0/23 maxlen: 23
                          91.142.240.0/20 maxlen: 20
                          91.205.32.0/22 maxlen: 22
                          91.216.162.0/24 maxlen: 24
                          185.95.68.0/22 maxlen: 22
                          193.93.172.0/22 maxlen: 22
                          193.242.119.0/24 maxlen: 24
                          2001:828::/32 maxlen: 32

Validation:               Failed, certificate revoked on Wed 17 Apr 2024 07:36:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:45:c4:c4:35:b1:c5:fa:5f:27:ed:6f:92:57:2c:8a:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f51369ccbf86b1e84e1aeb46e6d336d39f752ae7
        Validity
            Not Before: Jan 26 12:35:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c2a93c4941bb645ffea27798daa96764b81e15f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:24:14:39:f5:4c:60:65:be:38:84:df:de:c4:
                    36:dd:2b:9b:10:d2:e0:a3:64:34:c2:7a:52:99:8a:
                    19:42:7f:b7:af:06:f5:78:8e:c4:a4:9f:77:10:80:
                    7f:c5:cd:e6:29:07:cc:4a:b5:d2:3b:f6:d6:ef:4c:
                    20:c0:82:f4:c1:9a:35:1c:67:27:82:af:28:0c:24:
                    e5:1d:4c:76:fb:b3:b3:ac:47:db:2b:98:db:95:d8:
                    1d:a1:d5:79:15:92:b5:cd:b4:62:49:ff:d2:b1:77:
                    c3:05:b3:9d:0d:9c:68:e7:f4:50:0e:82:f8:43:16:
                    b1:74:1d:67:94:9d:60:c4:80:31:6e:e8:eb:c3:d4:
                    bb:52:df:9e:e6:74:09:79:91:da:73:32:f2:e7:cc:
                    08:60:e5:ec:17:23:0b:ef:ba:ce:4e:0a:55:b7:c6:
                    53:7d:34:8e:f0:c0:f5:dc:79:2e:b1:d3:67:02:97:
                    f7:b0:61:b8:e4:08:83:32:83:f7:fa:0c:51:be:e8:
                    84:66:19:94:29:40:47:ea:ba:c0:f0:cf:10:d5:0b:
                    0f:6a:bc:97:08:26:34:ee:01:b8:75:90:6f:b6:b8:
                    6b:2a:ec:ea:f4:67:98:f3:89:dc:ba:b1:84:11:de:
                    3d:fe:8d:dc:19:bf:bc:e6:d8:5b:fc:63:e6:af:47:
                    93:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:A9:3C:49:41:BB:64:5F:FE:A2:77:98:DA:A9:67:64:B8:1E:15:F7
            X509v3 Authority Key Identifier:
                keyid:F5:13:69:CC:BF:86:B1:E8:4E:1A:EB:46:E6:D3:36:D3:9F:75:2A:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9RNpzL-GsehOGutG5tM20591Kuc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/2d5bdf-5265-49b8-8afe-2b920bde3990/1/wqk8SUG7ZF_-oneY2qlnZLgeFfc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/2d5bdf-5265-49b8-8afe-2b920bde3990/1/9RNpzL-GsehOGutG5tM20591Kuc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.84.224.0/19
                  81.4.64.0-81.4.99.255
                  81.4.112.0/21
                  83.96.128.0/17
                  85.158.248.0-85.158.253.255
                  91.142.240.0/20
                  91.205.32.0/22
                  91.216.162.0/24
                  185.95.68.0/22
                  193.93.172.0/22
                  193.242.119.0/24
                IPv6:
                  2001:828::/32

    Signature Algorithm: sha256WithRSAEncryption
         84:8f:61:41:3e:8b:ab:c0:80:c1:85:50:86:ac:e1:8f:61:b1:
         82:4b:6d:0a:f6:e7:f5:40:ff:15:d7:0a:77:37:35:12:a1:8f:
         56:16:ba:11:0a:7a:eb:f5:d2:17:31:04:f2:f5:d9:42:f7:9b:
         19:34:87:93:0e:b9:0e:79:dc:ca:21:29:f8:ab:a0:d8:f4:cc:
         6f:ed:50:d0:b4:1f:b1:20:94:65:09:c8:16:6c:b3:0e:b5:c9:
         74:fb:12:a1:d9:0b:41:31:44:5a:42:81:25:04:b9:cc:97:e4:
         1c:0c:b2:63:97:97:4a:48:07:a3:c2:de:e9:67:18:07:22:5c:
         0f:92:4b:bd:ce:19:9c:bf:6d:68:58:6f:fe:b0:26:64:0e:ae:
         f6:2d:94:3b:5c:d4:5c:97:fc:04:eb:c6:08:96:9e:0b:97:f4:
         4d:44:8b:7b:95:b9:eb:17:c9:b2:fa:0d:3b:01:b4:ac:9c:05:
         53:9f:06:14:d0:5a:e8:ab:37:bf:3f:06:45:19:f2:48:a5:7b:
         93:97:9c:39:ec:57:6e:cb:80:7a:15:64:73:d4:ac:87:60:96:
         fc:27:d0:35:c8:7c:3a:c0:15:a2:c2:c5:d7:92:5e:61:e6:34:
         40:08:1c:6f:60:9f:14:3f:ea:5f:47:4f:96:4b:81:b8:36:9b:
         70:58:7e:1b
-----BEGIN CERTIFICATE-----
MIIFWDCCBECgAwIBAgISAY1FxMQ1scX6Xyftb5JXLIqwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1MTM2OWNjYmY4NmIxZTg0ZTFhZWI0NmU2ZDMzNmQzOWY3
NTJhZTcwHhcNMjQwMTI2MTIzNTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmE5M2M0OTQxYmI2NDVmZmVhMjc3OThkYWE5Njc2NGI4MWUxNWY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiSQUOfVMYGW+OITf3sQ23SubENLg
o2Q0wnpSmYoZQn+3rwb1eI7EpJ93EIB/xc3mKQfMSrXSO/bW70wgwIL0wZo1HGcn
gq8oDCTlHUx2+7OzrEfbK5jbldgdodV5FZK1zbRiSf/SsXfDBbOdDZxo5/RQDoL4
QxaxdB1nlJ1gxIAxbujrw9S7Ut+e5nQJeZHaczLy58wIYOXsFyML77rOTgpVt8ZT
fTSO8MD13HkusdNnApf3sGG45AiDMoP3+gxRvuiEZhmUKUBH6rrA8M8Q1QsParyX
CCY07gG4dZBvtrhrKuzq9GeY84ncurGEEd49/o3cGb+85thb/GPmr0eTXwIDAQAB
o4ICZDCCAmAwHQYDVR0OBBYEFMKpPElBu2Rf/qJ3mNqpZ2S4HhX3MB8GA1UdIwQY
MBaAFPUTacy/hrHoThrrRubTNtOfdSrnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVJOcHpMLUdzZWhPR3V0RzV0TTIwNTkxS3VjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi8yZDViZGYtNTI2NS00OWI4LThhZmUt
MmI5MjBiZGUzOTkwLzEvd3FrOFNVRzdaRl8tb25lWTJxbG5aTGdlRmZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi8yZDViZGYtNTI2NS00OWI4LThhZmUtMmI5MjBiZGUzOTkw
LzEvOVJOcHpMLUdzZWhPR3V0RzV0TTIwNTkxS3VjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHoGCCsGAQUFBwEHAQH/BGswaTBYBAIAATBSAwQFUFTgMAwD
BAZRBEADBAJRBGADBANRBHADBAdTYIAwDAMEA1We+AMEAVWe/AMEBFuO8AMEAlvN
IAMEAFvYogMEArlfRAMEAsFdrAMEAMHydzANBAIAAjAHAwUAIAEIKDANBgkqhkiG
9w0BAQsFAAOCAQEAhI9hQT6Lq8CAwYVQhqzhj2GxgkttCvbn9UD/FdcKdzc1EqGP
Vha6EQp66/XSFzEE8vXZQvebGTSHkw65DnncyiEp+Kug2PTMb+1Q0LQfsSCUZQnI
FmyzDrXJdPsSodkLQTFEWkKBJQS5zJfkHAyyY5eXSkgHo8Le6WcYByJcD5JLvc4Z
nL9taFhv/rAmZA6u9i2UO1zUXJf8BOvGCJaeC5f0TUSLe5W56xfJsvoNOwG0rJwF
U58GFNBa6Ks3vz8GRRnySKV7k5ecOexXbsuAehVkc9Ssh2CW/CfQNch8OsAVosLF
15JeYeY0QAgcb2CfFD/qX0dPlkuBuDabcFh+Gw==
-----END CERTIFICATE-----