Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/7f9728-9559-4263-bcfa-75855db7151f/1/u0d3OEn29xDvTqOy1rsGdK4oLbU.roa
File:                     u0d3OEn29xDvTqOy1rsGdK4oLbU.roa (raw, json)
Hash identifier:          ZbteyVYH0bHsOyFYlS+y2VajSQnYX+gRCtvLlQt9G+Y=
Subject key identifier:   BB:47:77:38:49:F6:F7:10:EF:4E:A3:B2:D6:BB:06:74:AE:28:2D:B5
Certificate issuer:       /CN=d79785de62dcf9e7930babd7b1d39c5853d1944f
Certificate serial:       01857169A86FDAB7949DC0A7495B84FA9969
Authority key identifier: D7:97:85:DE:62:DC:F9:E7:93:0B:AB:D7:B1:D3:9C:58:53:D1:94:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/15eF3mLc-eeTC6vXsdOcWFPRlE8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/7f9728-9559-4263-bcfa-75855db7151f/1/u0d3OEn29xDvTqOy1rsGdK4oLbU.roa
Signing time:             Mon 02 Jan 2023 07:37:07 +0000
ROA not before:           Mon 02 Jan 2023 07:37:07 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     19905
IP address blocks:        185.28.220.0/24 maxlen: 24
                          185.28.221.0/24 maxlen: 24
                          185.28.222.0/24 maxlen: 24
                          185.28.223.0/24 maxlen: 24
                          37.10.30.0/24 maxlen: 24
                          37.10.31.0/24 maxlen: 24
                          37.10.63.0/24 maxlen: 24
                          5.57.16.0/24 maxlen: 24
                          5.57.17.0/24 maxlen: 24
                          5.57.19.0/24 maxlen: 24
                          5.57.20.0/24 maxlen: 24
                          5.57.21.0/24 maxlen: 24
                          5.57.18.0/24 maxlen: 24
                          5.57.23.0/24 maxlen: 24
                          37.10.0.0/24 maxlen: 24
                          37.10.1.0/24 maxlen: 24
                          37.10.4.0/24 maxlen: 24
                          37.10.4.0/22 maxlen: 22
                          37.10.7.0/24 maxlen: 24
                          37.10.5.0/24 maxlen: 24
                          37.10.6.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 20:29:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:69:a8:6f:da:b7:94:9d:c0:a7:49:5b:84:fa:99:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d79785de62dcf9e7930babd7b1d39c5853d1944f
        Validity
            Not Before: Jan  2 07:37:07 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=bb47773849f6f710ef4ea3b2d6bb0674ae282db5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:1d:25:c5:bd:40:5d:00:92:c0:d3:ca:81:21:
                    cc:93:58:fe:89:23:3d:87:d2:c8:4e:fa:f5:ac:73:
                    47:5b:2c:35:fe:5e:e2:3d:a4:8e:71:56:df:76:9f:
                    19:28:f1:a0:5c:9d:64:20:7d:e1:a4:20:f0:17:66:
                    10:23:18:18:7a:4f:ca:39:86:1e:d0:e9:d4:05:87:
                    f6:86:b3:a3:4d:cb:6f:0b:0a:ed:47:f7:f7:97:66:
                    1a:88:b2:73:05:00:b6:3f:6e:7e:3f:ca:c3:0d:8e:
                    51:7f:71:b2:a1:27:62:7d:5d:70:84:76:f9:c7:1e:
                    22:c1:82:44:9e:b1:96:fd:bf:81:f8:d4:dd:3d:0b:
                    ad:fb:dd:56:af:0e:e2:20:8b:df:93:8a:f4:8d:30:
                    88:06:ef:7c:1d:17:65:93:d9:0e:5e:0f:f3:1c:91:
                    cd:b4:b2:9b:d0:9d:20:82:4f:c6:88:6c:26:72:2a:
                    e4:c3:87:67:de:c3:65:ce:11:8a:b3:63:d0:eb:50:
                    ef:03:41:39:08:41:70:04:2a:43:a5:7e:84:71:68:
                    d1:f1:8f:1c:50:13:ee:b5:0d:98:1b:2b:cd:33:07:
                    a4:cc:de:77:bc:e3:4a:14:d9:ce:4e:9f:cd:62:ba:
                    a3:f1:ac:e5:59:cd:c6:cc:33:06:d3:70:0d:73:b3:
                    97:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:47:77:38:49:F6:F7:10:EF:4E:A3:B2:D6:BB:06:74:AE:28:2D:B5
            X509v3 Authority Key Identifier:
                keyid:D7:97:85:DE:62:DC:F9:E7:93:0B:AB:D7:B1:D3:9C:58:53:D1:94:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/15eF3mLc-eeTC6vXsdOcWFPRlE8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/7f9728-9559-4263-bcfa-75855db7151f/1/u0d3OEn29xDvTqOy1rsGdK4oLbU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/7f9728-9559-4263-bcfa-75855db7151f/1/15eF3mLc-eeTC6vXsdOcWFPRlE8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.57.16.0-5.57.21.255
                  5.57.23.0/24
                  37.10.0.0/23
                  37.10.4.0/22
                  37.10.30.0/23
                  37.10.63.0/24
                  185.28.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         de:20:19:eb:ce:91:2d:5b:c9:68:28:3d:60:f2:33:f7:2a:7f:
         2b:6b:de:25:e3:de:62:b4:bc:bc:b3:79:dc:fe:b7:ce:40:e3:
         50:de:83:33:9c:c6:c5:15:26:f4:bf:0d:8f:dd:78:ab:ee:33:
         42:b1:cc:78:97:44:be:1e:76:64:83:2e:56:d5:ab:bd:e6:84:
         a2:31:df:5b:9a:51:a9:d8:63:00:3c:08:21:2f:5c:c9:40:fa:
         44:93:2c:72:11:99:81:fe:d0:c4:42:02:b1:7e:b4:09:2e:75:
         f1:18:a4:95:cd:15:8b:d1:2a:d2:13:ac:09:0e:6b:c6:8e:10:
         4a:1e:a4:33:92:eb:de:7a:0e:af:3b:33:3f:b3:a8:b1:54:00:
         e0:b2:5d:f6:53:46:cf:ca:0f:69:29:97:cc:c7:a6:20:14:46:
         a8:8c:89:b2:ed:32:21:99:a3:e9:98:04:4b:77:12:d6:23:0f:
         e6:e7:c9:3f:a9:45:66:67:bf:2f:30:f7:29:5f:68:08:01:38:
         b6:40:d0:51:22:ed:85:73:b8:ff:54:c8:3c:d8:29:b3:66:58:
         60:54:ef:4e:f4:48:69:48:1e:39:8f:7e:1f:e4:28:ab:f8:d2:
         f4:2d:51:6c:9d:29:9d:14:52:0f:88:95:29:cd:df:b7:c8:f8:
         ca:50:55:cb
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYVxaahv2reUncCnSVuE+plpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3OTc4NWRlNjJkY2Y5ZTc5MzBiYWJkN2IxZDM5YzU4NTNk
MTk0NGYwHhcNMjMwMTAyMDczNzA3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjQ3NzczODQ5ZjZmNzEwZWY0ZWEzYjJkNmJiMDY3NGFlMjgyZGI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoB0lxb1AXQCSwNPKgSHMk1j+iSM9
h9LITvr1rHNHWyw1/l7iPaSOcVbfdp8ZKPGgXJ1kIH3hpCDwF2YQIxgYek/KOYYe
0OnUBYf2hrOjTctvCwrtR/f3l2YaiLJzBQC2P25+P8rDDY5Rf3GyoSdifV1whHb5
xx4iwYJEnrGW/b+B+NTdPQut+91Wrw7iIIvfk4r0jTCIBu98HRdlk9kOXg/zHJHN
tLKb0J0ggk/GiGwmcirkw4dn3sNlzhGKs2PQ61DvA0E5CEFwBCpDpX6EcWjR8Y8c
UBPutQ2YGyvNMwekzN53vONKFNnOTp/NYrqj8azlWc3GzDMG03ANc7OXswIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFLtHdzhJ9vcQ706jsta7BnSuKC21MB8GA1UdIwQY
MBaAFNeXhd5i3Pnnkwur17HTnFhT0ZRPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTVlRjNtTGMtZWVUQzZ2WHNkT2NXRlBSbEU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi83Zjk3MjgtOTU1OS00MjYzLWJjZmEt
NzU4NTVkYjcxNTFmLzEvdTBkM09FbjI5eER2VHFPeTFyc0dkSzRvTGJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi83Zjk3MjgtOTU1OS00MjYzLWJjZmEtNzU4NTVkYjcxNTFm
LzEvMTVlRjNtTGMtZWVUQzZ2WHNkT2NXRlBSbEU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyMAwDBAQFORAD
BAEFORQDBAAFORcDBAElCgADBAIlCgQDBAElCh4DBAAlCj8DBAK5HNwwDQYJKoZI
hvcNAQELBQADggEBAN4gGevOkS1byWgoPWDyM/cqfytr3iXj3mK0vLyzedz+t85A
41DegzOcxsUVJvS/DY/deKvuM0KxzHiXRL4edmSDLlbVq73mhKIx31uaUanYYwA8
CCEvXMlA+kSTLHIRmYH+0MRCArF+tAkudfEYpJXNFYvRKtITrAkOa8aOEEoepDOS
6956Dq87Mz+zqLFUAOCyXfZTRs/KD2kpl8zHpiAURqiMibLtMiGZo+mYBEt3EtYj
D+bnyT+pRWZnvy8w9ylfaAgBOLZA0FEi7YVzuP9UyDzYKbNmWGBU7070SGlIHjmP
fh/kKKv40vQtUWydKZ0UUg+IlSnN37fI+MpQVcs=
-----END CERTIFICATE-----