Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/90033c-5b03-4709-b6d3-a865e189ed8a/1/I6YAuD4fAVdA5rZN-1LBkGp0iSI.roa
File:                     I6YAuD4fAVdA5rZN-1LBkGp0iSI.roa (raw, json)
Hash identifier:          a/+/Y9yBFr40UiMC+1PpRHR6ujSHqAsTMlxLU7VahXg=
Subject key identifier:   23:A6:00:B8:3E:1F:01:57:40:E6:B6:4D:FB:52:C1:90:6A:74:89:22
Certificate issuer:       /CN=c2fca944458606b1017e26c3ca17430f7ff924b3
Certificate serial:       018CC94CCA454F90744CE245113B0D8D04B8
Authority key identifier: C2:FC:A9:44:45:86:06:B1:01:7E:26:C3:CA:17:43:0F:7F:F9:24:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wvypREWGBrEBfibDyhdDD3_5JLM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/90033c-5b03-4709-b6d3-a865e189ed8a/1/I6YAuD4fAVdA5rZN-1LBkGp0iSI.roa
Signing time:             Tue 02 Jan 2024 08:31:42 +0000
ROA not before:           Tue 02 Jan 2024 08:31:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2107
IP address blocks:        178.172.0.0/17 maxlen: 17
                          163.159.128.0/17 maxlen: 17
                          193.2.0.0/16 maxlen: 16
                          92.244.64.0/19 maxlen: 19
                          95.87.128.0/18 maxlen: 18
                          149.62.64.0/18 maxlen: 18
                          153.5.0.0/16 maxlen: 16
                          88.200.0.0/17 maxlen: 17
                          212.235.128.0/17 maxlen: 17
                          185.13.52.0/22 maxlen: 22
                          141.255.192.0/18 maxlen: 18
                          109.127.192.0/18 maxlen: 18
                          194.249.0.0/16 maxlen: 16
                          2001:1470::/29 maxlen: 32
Validation:               Failed, certificate revoked on Thu 02 Jan 2025 13:49:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:ca:45:4f:90:74:4c:e2:45:11:3b:0d:8d:04:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2fca944458606b1017e26c3ca17430f7ff924b3
        Validity
            Not Before: Jan  2 08:31:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=23a600b83e1f015740e6b64dfb52c1906a748922
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:63:d0:4c:7b:54:1f:77:8f:5d:0e:cc:ad:27:
                    4f:3f:b7:50:20:40:0a:da:8b:c3:e0:d7:52:49:25:
                    b0:a2:99:52:ec:60:27:d0:08:6a:ae:b4:99:c8:10:
                    40:32:d0:7f:f3:b5:62:7b:ad:b8:f5:54:53:96:a4:
                    95:27:15:7c:33:7b:24:c1:a5:18:f6:3a:1a:9b:a9:
                    9c:ef:c2:c0:35:6b:27:ea:4c:95:78:19:b6:71:42:
                    1e:7e:5b:24:af:5b:f2:1d:88:e8:94:c3:fb:7b:57:
                    60:e3:e8:3d:71:44:4f:74:60:7a:58:d6:28:11:92:
                    6a:04:e4:c4:44:3e:99:96:2a:a2:7b:ee:20:1f:f6:
                    ff:23:f2:d7:9b:d3:0c:fa:2b:70:5d:c5:40:33:47:
                    7e:d7:b3:f7:0f:cd:2b:78:83:c3:76:5f:0d:9f:b1:
                    1d:c3:ef:52:e0:a6:4a:5e:69:5f:49:5b:b6:41:88:
                    20:fd:7f:bf:cf:dd:ba:8a:26:40:14:64:d9:12:f7:
                    f0:80:f7:6e:2b:18:cb:c0:ac:5e:ab:34:4e:70:37:
                    ee:1e:f5:58:d6:ab:63:31:7b:46:07:21:a6:8e:0b:
                    b9:b7:62:6e:1e:dc:5f:89:9e:8d:69:fc:34:dd:f9:
                    34:16:57:67:62:19:ef:c6:af:69:68:a1:a1:0d:9e:
                    ee:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:A6:00:B8:3E:1F:01:57:40:E6:B6:4D:FB:52:C1:90:6A:74:89:22
            X509v3 Authority Key Identifier:
                keyid:C2:FC:A9:44:45:86:06:B1:01:7E:26:C3:CA:17:43:0F:7F:F9:24:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wvypREWGBrEBfibDyhdDD3_5JLM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/90033c-5b03-4709-b6d3-a865e189ed8a/1/I6YAuD4fAVdA5rZN-1LBkGp0iSI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/90033c-5b03-4709-b6d3-a865e189ed8a/1/wvypREWGBrEBfibDyhdDD3_5JLM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.200.0.0/17
                  92.244.64.0/19
                  95.87.128.0/18
                  109.127.192.0/18
                  141.255.192.0/18
                  149.62.64.0/18
                  153.5.0.0/16
                  163.159.128.0/17
                  178.172.0.0/17
                  185.13.52.0/22
                  193.2.0.0/16
                  194.249.0.0/16
                  212.235.128.0/17
                IPv6:
                  2001:1470::/29

    Signature Algorithm: sha256WithRSAEncryption
         29:6e:40:5c:07:c7:7a:dd:5a:75:0d:62:dc:ac:e3:04:78:6e:
         4f:6a:61:31:5e:b8:55:aa:d4:82:5f:e6:66:fb:fb:e3:42:59:
         03:8c:0c:f9:67:b6:56:eb:ef:66:c8:5c:0a:6d:1f:65:58:91:
         76:a2:2f:f2:bb:a8:be:10:53:29:15:ad:92:2c:da:fa:b3:5f:
         68:67:05:7d:a7:3d:19:22:64:98:73:87:34:db:c7:8b:79:40:
         60:25:cf:55:b0:6c:18:e2:88:87:13:6d:db:2a:b8:40:e5:db:
         b1:be:2c:da:70:34:d4:ff:98:ad:bb:8a:7a:22:81:4e:bd:8b:
         40:19:cf:98:41:05:05:dd:4a:bd:08:bd:53:60:32:16:d5:10:
         9d:ff:51:3e:ed:16:26:95:e2:55:76:84:24:2e:43:73:7f:47:
         47:41:1f:12:8c:05:41:99:82:76:b8:80:d2:31:44:54:61:56:
         43:9c:d0:e9:f3:41:fe:11:59:9a:c0:c6:25:2f:62:f2:b2:09:
         91:70:f9:59:a2:f5:9f:44:1e:e2:fa:ea:d6:90:1e:48:de:7a:
         a5:7c:33:f9:dc:c7:06:28:62:50:56:0b:e3:86:d7:6a:46:e4:
         8a:f7:54:48:5e:46:18:06:84:69:73:26:88:3c:f5:07:3c:55:
         92:1d:ff:be
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISAYzJTMpFT5B0TOJFETsNjQS4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZmNhOTQ0NDU4NjA2YjEwMTdlMjZjM2NhMTc0MzBmN2Zm
OTI0YjMwHhcNMjQwMTAyMDgzMTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2E2MDBiODNlMWYwMTU3NDBlNmI2NGRmYjUyYzE5MDZhNzQ4OTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgWPQTHtUH3ePXQ7MrSdPP7dQIEAK
2ovD4NdSSSWwoplS7GAn0AhqrrSZyBBAMtB/87Vie6249VRTlqSVJxV8M3skwaUY
9joam6mc78LANWsn6kyVeBm2cUIeflskr1vyHYjolMP7e1dg4+g9cURPdGB6WNYo
EZJqBOTERD6Zliqie+4gH/b/I/LXm9MM+itwXcVAM0d+17P3D80reIPDdl8Nn7Ed
w+9S4KZKXmlfSVu2QYgg/X+/z926iiZAFGTZEvfwgPduKxjLwKxeqzROcDfuHvVY
1qtjMXtGByGmjgu5t2JuHtxfiZ6Nafw03fk0FldnYhnvxq9paKGhDZ7uswIDAQAB
o4ICXTCCAlkwHQYDVR0OBBYEFCOmALg+HwFXQOa2TftSwZBqdIkiMB8GA1UdIwQY
MBaAFML8qURFhgaxAX4mw8oXQw9/+SSzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3Z5cFJFV0dCckVCZmliRHloZEREM181SkxNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS85MDAzM2MtNWIwMy00NzA5LWI2ZDMt
YTg2NWUxODllZDhhLzEvSTZZQXVENGZBVmRBNXJaTi0xTEJrR3AwaVNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS85MDAzM2MtNWIwMy00NzA5LWI2ZDMtYTg2NWUxODllZDhh
LzEvd3Z5cFJFV0dCckVCZmliRHloZEREM181SkxNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHMGCCsGAQUFBwEHAQH/BGQwYjBRBAIAATBLAwQHWMgAAwQF
XPRAAwQGX1eAAwQGbX/AAwQGjf/AAwQGlT5AAwMAmQUDBAejn4ADBAeyrAADBAK5
DTQDAwDBAgMDAML5AwQH1OuAMA0EAgACMAcDBQMgARRwMA0GCSqGSIb3DQEBCwUA
A4IBAQApbkBcB8d63Vp1DWLcrOMEeG5PamExXrhVqtSCX+Zm+/vjQlkDjAz5Z7ZW
6+9myFwKbR9lWJF2oi/yu6i+EFMpFa2SLNr6s19oZwV9pz0ZImSYc4c028eLeUBg
Jc9VsGwY4oiHE23bKrhA5duxvizacDTU/5itu4p6IoFOvYtAGc+YQQUF3Uq9CL1T
YDIW1RCd/1E+7RYmleJVdoQkLkNzf0dHQR8SjAVBmYJ2uIDSMURUYVZDnNDp80H+
EVmawMYlL2LysgmRcPlZovWfRB7i+urWkB5I3nqlfDP53McGKGJQVgvjhtdqRuSK
91RIXkYYBoRpcyaIPPUHPFWSHf++
-----END CERTIFICATE-----