Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/7bd729-98e5-43ff-afe6-187b1f77c1a5/1/NEdBTcQiFGzOs0wH3djUVay9Gmc.roa
File:                     NEdBTcQiFGzOs0wH3djUVay9Gmc.roa (raw, json)
Hash identifier:          cPSaiYxId8iuHjXQhKUtL+p6MJ6Iy1jo5EM4UYJTMcg=
Subject key identifier:   34:47:41:4D:C4:22:14:6C:CE:B3:4C:07:DD:D8:D4:55:AC:BD:1A:67
Certificate issuer:       /CN=4c93029c5b2639cd29b9f9dd5294cc94ef52d6af
Certificate serial:       018A454D9FA2F37FFAE3E2FB74BE2E4D5D87
Authority key identifier: 4C:93:02:9C:5B:26:39:CD:29:B9:F9:DD:52:94:CC:94:EF:52:D6:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TJMCnFsmOc0pufndUpTMlO9S1q8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/7bd729-98e5-43ff-afe6-187b1f77c1a5/1/NEdBTcQiFGzOs0wH3djUVay9Gmc.roa
Signing time:             Wed 30 Aug 2023 07:17:09 +0000
ROA not before:           Wed 30 Aug 2023 07:17:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     48707
IP address blocks:        185.238.137.0/24 maxlen: 24
                          195.2.208.0/24 maxlen: 24
                          195.2.209.0/24 maxlen: 24
                          185.253.212.0/24 maxlen: 24
                          185.253.213.0/24 maxlen: 24
                          185.253.214.0/24 maxlen: 24
                          185.253.215.0/24 maxlen: 24
                          91.230.202.0/24 maxlen: 24
                          91.230.203.0/24 maxlen: 24
                          91.230.204.0/24 maxlen: 24
                          91.230.205.0/24 maxlen: 24
                          91.230.200.0/24 maxlen: 24
                          91.230.201.0/24 maxlen: 24
                          185.237.30.0/24 maxlen: 24
                          185.237.31.0/24 maxlen: 24
                          185.237.28.0/24 maxlen: 24
                          185.237.29.0/24 maxlen: 24
                          2a0c:b40::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 04 Dec 2023 17:40:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:45:4d:9f:a2:f3:7f:fa:e3:e2:fb:74:be:2e:4d:5d:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c93029c5b2639cd29b9f9dd5294cc94ef52d6af
        Validity
            Not Before: Aug 30 07:17:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3447414dc422146cceb34c07ddd8d455acbd1a67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:d7:43:0f:71:cc:e8:0e:72:fb:00:fa:44:6e:
                    7c:c4:61:dd:ba:46:4b:ca:a1:dd:17:31:75:6d:cf:
                    fb:eb:74:7f:bd:7a:c8:3d:ce:2d:b7:5c:06:4a:7b:
                    de:5b:2a:02:25:11:9d:f4:0a:c0:83:2f:f7:f7:97:
                    47:f8:19:49:e0:1c:cc:98:be:b4:65:09:4f:11:e5:
                    98:a6:45:f3:ba:1c:18:4d:f8:13:55:e2:32:35:98:
                    b9:f2:11:24:b8:88:87:70:04:f2:74:f3:28:9d:1d:
                    b7:46:bc:c0:1b:7b:90:c6:6c:1a:80:2e:55:16:b3:
                    c1:f9:52:98:d5:f8:88:f2:e9:9f:e6:24:c7:99:7b:
                    45:c6:d6:d7:c8:61:54:45:82:b0:b9:a9:a1:bd:22:
                    43:ed:32:23:a2:81:ff:1f:65:d1:74:a5:5d:e8:4e:
                    84:50:5c:ba:9e:81:e2:35:ff:2d:d7:0d:f9:18:50:
                    d7:ec:bf:1c:83:f8:7d:2c:c4:79:74:3d:0c:cb:00:
                    0e:8a:b1:a5:7e:f8:01:bc:75:7d:76:c1:bb:7e:93:
                    73:02:7a:e9:67:9d:b4:18:d2:78:81:f3:ec:01:e2:
                    44:d0:b6:41:25:d9:c8:0f:66:db:4f:d7:a1:18:3b:
                    eb:ec:46:2c:e0:73:6e:34:63:b8:73:d2:66:18:c7:
                    0e:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:47:41:4D:C4:22:14:6C:CE:B3:4C:07:DD:D8:D4:55:AC:BD:1A:67
            X509v3 Authority Key Identifier:
                keyid:4C:93:02:9C:5B:26:39:CD:29:B9:F9:DD:52:94:CC:94:EF:52:D6:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TJMCnFsmOc0pufndUpTMlO9S1q8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/7bd729-98e5-43ff-afe6-187b1f77c1a5/1/NEdBTcQiFGzOs0wH3djUVay9Gmc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/7bd729-98e5-43ff-afe6-187b1f77c1a5/1/TJMCnFsmOc0pufndUpTMlO9S1q8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.230.200.0-91.230.205.255
                  185.237.28.0/22
                  185.238.137.0/24
                  185.253.212.0/22
                  195.2.208.0/23
                IPv6:
                  2a0c:b40::/48

    Signature Algorithm: sha256WithRSAEncryption
         7d:6d:cd:72:0a:7f:d4:81:e2:2f:4b:4a:56:86:3d:33:a3:a1:
         f8:05:43:0f:22:d2:f2:98:80:3d:ff:fa:4e:ff:93:f7:71:89:
         6e:9a:0d:36:75:0d:c7:78:d2:dd:17:85:d8:53:48:7c:3b:ec:
         d2:0d:e9:cc:ac:0f:8b:6c:92:17:b4:a2:d9:6f:76:0c:59:93:
         c2:0c:cc:eb:ab:3d:f3:16:d0:8e:cb:33:3a:23:c4:dc:ec:ee:
         b0:70:0e:b6:49:1f:47:a1:f1:9b:74:64:82:4f:aa:8f:af:1f:
         e9:c2:f6:6d:45:47:d7:b6:a5:8f:c6:61:00:aa:76:29:3f:fb:
         6a:85:99:96:61:01:ec:97:c4:af:b3:e0:fa:18:7c:ec:c4:18:
         30:f5:6c:9b:53:39:a6:83:6a:72:e7:51:9f:a2:5b:57:46:9c:
         77:31:34:78:53:11:e6:dc:f0:79:d1:ac:0b:56:40:77:7c:95:
         79:0d:02:f4:70:ca:35:10:51:e4:70:42:76:f9:f7:bb:48:97:
         58:e0:b3:88:5a:6f:7f:d7:6f:34:31:b9:a4:b6:80:6f:b4:14:
         4f:da:47:ed:45:5f:ee:44:53:4a:d1:13:e0:21:1c:67:64:cd:
         ee:cd:e8:4f:62:c1:82:10:8f:78:d2:74:3e:00:e6:fc:04:87:
         00:1c:b5:5b
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgISAYpFTZ+i83/64+L7dL4uTV2HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjOTMwMjljNWIyNjM5Y2QyOWI5ZjlkZDUyOTRjYzk0ZWY1
MmQ2YWYwHhcNMjMwODMwMDcxNzA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDQ3NDE0ZGM0MjIxNDZjY2ViMzRjMDdkZGQ4ZDQ1NWFjYmQxYTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm9dDD3HM6A5y+wD6RG58xGHdukZL
yqHdFzF1bc/763R/vXrIPc4tt1wGSnveWyoCJRGd9ArAgy/395dH+BlJ4BzMmL60
ZQlPEeWYpkXzuhwYTfgTVeIyNZi58hEkuIiHcATydPMonR23RrzAG3uQxmwagC5V
FrPB+VKY1fiI8umf5iTHmXtFxtbXyGFURYKwuamhvSJD7TIjooH/H2XRdKVd6E6E
UFy6noHiNf8t1w35GFDX7L8cg/h9LMR5dD0MywAOirGlfvgBvHV9dsG7fpNzAnrp
Z520GNJ4gfPsAeJE0LZBJdnID2bbT9ehGDvr7EYs4HNuNGO4c9JmGMcO2wIDAQAB
o4ICOjCCAjYwHQYDVR0OBBYEFDRHQU3EIhRszrNMB93Y1FWsvRpnMB8GA1UdIwQY
MBaAFEyTApxbJjnNKbn53VKUzJTvUtavMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEpNQ25Gc21PYzBwdWZuZFVwVE1sTzlTMXE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC83YmQ3MjktOThlNS00M2ZmLWFmZTYt
MTg3YjFmNzdjMWE1LzEvTkVkQlRjUWlGR3pPczB3SDNkalVWYXk5R21jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC83YmQ3MjktOThlNS00M2ZmLWFmZTYtMTg3YjFmNzdjMWE1
LzEvVEpNQ25Gc21PYzBwdWZuZFVwVE1sTzlTMXE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFAGCCsGAQUFBwEHAQH/BEEwPzAsBAIAATAmMAwDBANb5sgD
BAFb5swDBAK57RwDBAC57okDBAK5/dQDBAHDAtAwDwQCAAIwCQMHACoMC0AAADAN
BgkqhkiG9w0BAQsFAAOCAQEAfW3Ncgp/1IHiL0tKVoY9M6Oh+AVDDyLS8piAPf/6
Tv+T93GJbpoNNnUNx3jS3ReF2FNIfDvs0g3pzKwPi2ySF7Si2W92DFmTwgzM66s9
8xbQjsszOiPE3OzusHAOtkkfR6Hxm3Rkgk+qj68f6cL2bUVH17alj8ZhAKp2KT/7
aoWZlmEB7JfEr7Pg+hh87MQYMPVsm1M5poNqcudRn6JbV0acdzE0eFMR5tzwedGs
C1ZAd3yVeQ0C9HDKNRBR5HBCdvn3u0iXWOCziFpvf9dvNDG5pLaAb7QUT9pH7UVf
7kRTStET4CEcZ2TN7s3oT2LBghCPeNJ0PgDm/ASHABy1Ww==
-----END CERTIFICATE-----