Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/63ff81-6460-4c05-852d-262eb39bbe76/1/VmYJAB1JKPL9TfGjdwEegI_L780.roa
File:                     VmYJAB1JKPL9TfGjdwEegI_L780.roa (raw, json)
Hash identifier:          yOcRwec+ucLkpE+XYyriL2IzHhiujwe7y74RLcxWwkg=
Subject key identifier:   56:66:09:00:1D:49:28:F2:FD:4D:F1:A3:77:01:1E:80:8F:CB:EF:CD
Certificate issuer:       /CN=435416b2282b4533c3509c18e957ce0c836bc837
Certificate serial:       018B0393DCB504446F980AEE581DD1F24817
Authority key identifier: 43:54:16:B2:28:2B:45:33:C3:50:9C:18:E9:57:CE:0C:83:6B:C8:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q1QWsigrRTPDUJwY6VfODINryDc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/63ff81-6460-4c05-852d-262eb39bbe76/1/VmYJAB1JKPL9TfGjdwEegI_L780.roa
Signing time:             Fri 06 Oct 2023 06:01:43 +0000
ROA not before:           Fri 06 Oct 2023 06:01:43 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207990
IP address blocks:        185.23.200.0/23 maxlen: 32
                          185.251.44.0/23 maxlen: 32
                          185.251.46.0/23 maxlen: 32
                          185.247.230.0/23 maxlen: 32
                          185.247.229.0/24 maxlen: 32
                          185.247.228.0/24 maxlen: 32
                          195.66.220.0/22 maxlen: 32
                          95.175.80.0/20 maxlen: 32
                          185.251.248.0/23 maxlen: 32
                          185.251.250.0/23 maxlen: 32
                          194.156.112.0/22 maxlen: 32
                          193.8.80.0/22 maxlen: 32
                          178.239.22.0/23 maxlen: 32
                          88.218.144.0/22 maxlen: 32
                          45.133.136.0/24 maxlen: 32
                          91.193.100.0/22 maxlen: 32

Validation:               Failed, certificate revoked on Fri 06 Oct 2023 07:29:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:03:93:dc:b5:04:44:6f:98:0a:ee:58:1d:d1:f2:48:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=435416b2282b4533c3509c18e957ce0c836bc837
        Validity
            Not Before: Oct  6 06:01:43 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=566609001d4928f2fd4df1a377011e808fcbefcd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:2e:12:3c:30:8e:00:7e:08:41:54:0e:2a:8b:
                    e5:97:83:24:ae:5b:13:1c:08:66:73:92:01:61:dc:
                    f6:e9:c7:24:f3:41:44:19:e8:f9:d8:f6:f3:b7:e0:
                    a2:cb:d9:d8:88:8f:9b:be:2d:51:36:fa:7e:27:a5:
                    a7:b3:09:8c:c9:a4:dd:4d:d8:56:b9:0d:7d:e5:2c:
                    db:59:60:aa:0f:1f:15:30:f6:7f:55:c9:ce:2e:8e:
                    16:e8:81:53:ad:09:44:e7:72:34:cd:a6:25:f5:c4:
                    4d:1d:a1:91:c9:16:12:b0:4e:a9:b8:0f:92:77:ba:
                    07:2b:8a:1b:ee:28:a1:8b:5c:19:fa:95:72:88:39:
                    03:f9:8a:c5:99:9e:c4:8d:20:bd:da:37:33:23:27:
                    fb:f2:12:aa:53:57:cf:d4:29:78:a0:4e:2a:f4:dc:
                    54:57:3f:94:89:af:90:08:9d:66:c2:b8:df:10:e1:
                    d8:3c:ef:3e:02:3b:d7:7a:3f:41:5e:e8:b1:0d:f3:
                    7f:cd:0e:67:1e:d0:16:f6:24:76:a1:83:7b:58:ed:
                    20:69:01:d2:86:05:44:5e:e6:fb:6a:f5:7b:24:34:
                    c4:25:0a:ad:4a:64:1e:12:55:4e:b7:ce:bb:27:59:
                    64:0e:b0:4c:96:8d:f1:d2:45:0b:63:0a:c9:b6:e1:
                    f5:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:66:09:00:1D:49:28:F2:FD:4D:F1:A3:77:01:1E:80:8F:CB:EF:CD
            X509v3 Authority Key Identifier:
                keyid:43:54:16:B2:28:2B:45:33:C3:50:9C:18:E9:57:CE:0C:83:6B:C8:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q1QWsigrRTPDUJwY6VfODINryDc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/63ff81-6460-4c05-852d-262eb39bbe76/1/VmYJAB1JKPL9TfGjdwEegI_L780.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/63ff81-6460-4c05-852d-262eb39bbe76/1/Q1QWsigrRTPDUJwY6VfODINryDc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.136.0/24
                  88.218.144.0/22
                  91.193.100.0/22
                  95.175.80.0/20
                  178.239.22.0/23
                  185.23.200.0/23
                  185.247.228.0/22
                  185.251.44.0/22
                  185.251.248.0/22
                  193.8.80.0/22
                  194.156.112.0/22
                  195.66.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5c:59:dc:3f:dc:22:ae:03:6e:60:1c:ee:97:73:01:1b:14:88:
         ed:d4:f8:f4:dd:d0:87:cd:41:30:ef:7a:dd:fe:9b:24:9a:36:
         0f:27:55:2d:59:00:19:48:5c:17:62:73:c6:29:3e:8f:38:e7:
         ec:ce:d5:62:a3:2c:de:91:7f:a8:8a:d8:e3:48:ae:e0:60:4a:
         74:c2:ec:35:0e:4d:32:f7:45:6c:e8:2c:a5:d4:e5:61:55:43:
         31:22:76:d2:6b:23:34:02:45:a2:68:85:70:1d:6f:05:59:85:
         09:c7:64:68:bc:2c:fe:5b:30:5e:ea:5c:af:b3:06:12:7e:1e:
         34:49:df:06:79:1c:7f:d4:82:e8:98:03:41:bf:a8:44:ff:a4:
         19:5d:02:41:2a:64:aa:d9:6e:b6:95:8c:34:d9:20:04:ca:af:
         02:45:a6:ba:5e:25:81:92:c0:4e:fd:df:ff:a1:60:63:5b:14:
         e5:80:bc:c9:b7:c3:13:6c:9a:97:d8:18:73:d4:6d:be:e0:68:
         31:26:19:c0:46:57:34:63:6b:40:5f:be:22:47:43:5f:72:0c:
         78:bf:d6:d2:73:48:04:a5:b2:dd:82:35:0b:f3:00:ea:28:8f:
         1b:3a:d8:80:df:c3:62:c1:53:ef:73:23:e9:5b:16:64:7e:21:
         ef:51:96:39
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYsDk9y1BERvmAruWB3R8kgXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzNTQxNmIyMjgyYjQ1MzNjMzUwOWMxOGU5NTdjZTBjODM2
YmM4MzcwHhcNMjMxMDA2MDYwMTQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjY2MDkwMDFkNDkyOGYyZmQ0ZGYxYTM3NzAxMWU4MDhmY2JlZmNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvC4SPDCOAH4IQVQOKovll4MkrlsT
HAhmc5IBYdz26cck80FEGej52Pbzt+Ciy9nYiI+bvi1RNvp+J6WnswmMyaTdTdhW
uQ195SzbWWCqDx8VMPZ/VcnOLo4W6IFTrQlE53I0zaYl9cRNHaGRyRYSsE6puA+S
d7oHK4ob7iihi1wZ+pVyiDkD+YrFmZ7EjSC92jczIyf78hKqU1fP1Cl4oE4q9NxU
Vz+Uia+QCJ1mwrjfEOHYPO8+AjvXej9BXuixDfN/zQ5nHtAW9iR2oYN7WO0gaQHS
hgVEXub7avV7JDTEJQqtSmQeElVOt867J1lkDrBMlo3x0kULYwrJtuH1uwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFFZmCQAdSSjy/U3xo3cBHoCPy+/NMB8GA1UdIwQY
MBaAFENUFrIoK0Uzw1CcGOlXzgyDa8g3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTFRV3NpZ3JSVFBEVUp3WTZWZk9ESU5yeURjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy82M2ZmODEtNjQ2MC00YzA1LTg1MmQt
MjYyZWIzOWJiZTc2LzEvVm1ZSkFCMUpLUEw5VGZHamR3RWVnSV9MNzgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy82M2ZmODEtNjQ2MC00YzA1LTg1MmQtMjYyZWIzOWJiZTc2
LzEvUTFRV3NpZ3JSVFBEVUp3WTZWZk9ESU5yeURjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQALYWIAwQC
WNqQAwQCW8FkAwQEX69QAwQBsu8WAwQBuRfIAwQCuffkAwQCufssAwQCufv4AwQC
wQhQAwQCwpxwAwQCw0LcMA0GCSqGSIb3DQEBCwUAA4IBAQBcWdw/3CKuA25gHO6X
cwEbFIjt1Pj03dCHzUEw73rd/pskmjYPJ1UtWQAZSFwXYnPGKT6POOfsztVioyze
kX+oitjjSK7gYEp0wuw1Dk0y90Vs6Cyl1OVhVUMxInbSayM0AkWiaIVwHW8FWYUJ
x2RovCz+WzBe6lyvswYSfh40Sd8GeRx/1ILomANBv6hE/6QZXQJBKmSq2W62lYw0
2SAEyq8CRaa6XiWBksBO/d//oWBjWxTlgLzJt8MTbJqX2Bhz1G2+4GgxJhnARlc0
Y2tAX74iR0Nfcgx4v9bSc0gEpbLdgjUL8wDqKI8bOtiA38NiwVPvcyPpWxZkfiHv
UZY5
-----END CERTIFICATE-----