Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/01ebc2-84d0-4ae3-a2c2-a3b6be4a9e9b/1/RguoqG93fOR2J4Y2XxSYRnN5bhk.roa
File:                     RguoqG93fOR2J4Y2XxSYRnN5bhk.roa (raw, json)
Hash identifier:          G9x2AMg1x0YFhQtzXvXLbsC3KplEkK8hso1WABDC5Fg=
Subject key identifier:   46:0B:A8:A8:6F:77:7C:E4:76:27:86:36:5F:14:98:46:73:79:6E:19
Certificate issuer:       /CN=c0fbd5876613edc56e0f5de468cce5eb2885ff29
Certificate serial:       018CC8DF2A8692300FE3202A95B906339A48
Authority key identifier: C0:FB:D5:87:66:13:ED:C5:6E:0F:5D:E4:68:CC:E5:EB:28:85:FF:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wPvVh2YT7cVuD13kaMzl6yiF_yk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/01ebc2-84d0-4ae3-a2c2-a3b6be4a9e9b/1/RguoqG93fOR2J4Y2XxSYRnN5bhk.roa
Signing time:             Tue 02 Jan 2024 06:31:57 +0000
ROA not before:           Tue 02 Jan 2024 06:31:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203724
IP address blocks:        185.212.107.0/24 maxlen: 24
                          185.212.106.0/24 maxlen: 24
                          185.125.226.0/24 maxlen: 24
                          185.125.225.0/24 maxlen: 24
                          185.125.224.0/24 maxlen: 24
                          185.212.105.0/24 maxlen: 24
                          185.125.227.0/24 maxlen: 24
                          2a06:bcc0:5::/48 maxlen: 48
                          2a06:bcc0:9::/48 maxlen: 48
                          2a06:bcc0:4::/48 maxlen: 48
                          2a06:bcc0:2::/48 maxlen: 48
                          2a06:bcc0:3::/48 maxlen: 48
                          2a06:bcc0:1::/48 maxlen: 48
                          2a06:bcc0:11::/48 maxlen: 48

Validation:               Failed, certificate revoked on Thu 04 Apr 2024 11:15:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:2a:86:92:30:0f:e3:20:2a:95:b9:06:33:9a:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c0fbd5876613edc56e0f5de468cce5eb2885ff29
        Validity
            Not Before: Jan  2 06:31:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=460ba8a86f777ce4762786365f14984673796e19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:95:a7:e7:2d:51:a1:79:39:b2:51:60:92:d3:
                    fa:0c:9c:d0:d1:80:96:f1:71:45:3c:74:ed:93:91:
                    3e:e2:43:66:07:dc:60:77:26:9d:d8:41:a9:6d:8e:
                    75:92:74:3f:ad:c6:22:a2:f9:7c:db:c4:c8:a5:4a:
                    26:83:ba:48:1d:08:2e:e4:1e:24:bb:9a:42:66:b8:
                    22:a4:0e:39:5e:36:54:f1:9e:cc:3e:97:66:d6:0c:
                    e2:a6:20:34:a3:83:27:ed:a7:24:3e:3d:e4:f0:43:
                    e4:21:a3:c3:f4:8d:b9:83:c0:9a:70:1d:d9:69:22:
                    25:15:da:e1:ac:5d:73:0f:b3:42:4e:d9:a3:9a:f3:
                    ba:d4:7a:88:b5:2e:8c:74:7d:fd:22:da:3a:82:26:
                    2a:72:e0:79:f0:fe:9f:c3:d0:1a:35:95:ea:a6:cc:
                    79:1a:dd:7a:55:cd:87:ae:05:f8:82:62:6d:20:6e:
                    76:f9:b2:15:72:d5:e8:10:4d:0d:4f:c9:ec:1e:3b:
                    0e:82:e7:b1:c3:19:a8:c4:88:e4:4f:48:bc:7d:d3:
                    87:cb:8a:fd:34:fe:5c:5c:ec:37:f8:f3:a4:c6:9b:
                    c9:ff:4d:e6:a4:bf:b3:9b:65:26:8d:de:a5:b2:82:
                    1a:c2:5f:d1:d0:8e:bc:df:2c:86:60:b9:89:05:68:
                    21:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:0B:A8:A8:6F:77:7C:E4:76:27:86:36:5F:14:98:46:73:79:6E:19
            X509v3 Authority Key Identifier:
                keyid:C0:FB:D5:87:66:13:ED:C5:6E:0F:5D:E4:68:CC:E5:EB:28:85:FF:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wPvVh2YT7cVuD13kaMzl6yiF_yk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/01ebc2-84d0-4ae3-a2c2-a3b6be4a9e9b/1/RguoqG93fOR2J4Y2XxSYRnN5bhk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/01ebc2-84d0-4ae3-a2c2-a3b6be4a9e9b/1/wPvVh2YT7cVuD13kaMzl6yiF_yk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.125.224.0/22
                  185.212.105.0-185.212.107.255
                IPv6:
                  2a06:bcc0:1::-2a06:bcc0:5:ffff:ffff:ffff:ffff:ffff
                  2a06:bcc0:9::/48
                  2a06:bcc0:11::/48

    Signature Algorithm: sha256WithRSAEncryption
         9e:19:37:9e:79:12:86:f3:15:cb:db:d7:b7:a8:0e:46:3e:35:
         12:10:30:5e:89:35:1b:f4:6b:12:b3:d3:78:73:a5:47:3b:0c:
         c2:8b:f2:8a:5d:ed:5c:f7:ff:45:17:97:98:f7:35:ab:29:73:
         29:30:aa:01:0e:59:1a:fc:29:5b:17:1b:a9:6a:7f:1f:c2:25:
         d8:60:9f:37:0e:4f:ef:6c:fd:05:c8:b3:ca:e6:17:65:b7:f6:
         2f:bf:30:67:a7:65:cb:b7:7c:44:92:51:ed:9d:d7:da:80:d8:
         65:ab:a1:21:b2:bc:a5:af:8c:b1:58:0f:37:51:fd:53:bf:b9:
         ed:c7:03:c4:f1:78:5e:45:3f:4e:01:34:17:1a:70:56:21:2c:
         55:41:37:fb:3e:f0:f4:fd:a0:f7:c8:df:fc:36:84:ea:06:8e:
         09:a8:a2:51:10:f3:0c:72:81:f7:21:af:33:48:f4:1c:7c:7b:
         a3:0a:fc:4c:b8:72:05:24:8c:78:e6:73:6e:cd:56:cc:41:d7:
         30:3a:c0:a8:c1:e3:c7:7b:01:4e:89:04:53:fa:66:99:fd:8e:
         8f:29:09:a2:a3:b4:77:e3:4c:07:56:5c:c1:2b:a0:c0:dd:d0:
         43:fe:23:41:86:a0:80:1c:6a:9f:3d:a9:12:17:d0:00:cb:30:
         7d:c1:43:bf
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYzI3yqGkjAP4yAqlbkGM5pIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwZmJkNTg3NjYxM2VkYzU2ZTBmNWRlNDY4Y2NlNWViMjg4
NWZmMjkwHhcNMjQwMTAyMDYzMTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjBiYThhODZmNzc3Y2U0NzYyNzg2MzY1ZjE0OTg0NjczNzk2ZTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiZWn5y1RoXk5slFgktP6DJzQ0YCW
8XFFPHTtk5E+4kNmB9xgdyad2EGpbY51knQ/rcYiovl828TIpUomg7pIHQgu5B4k
u5pCZrgipA45XjZU8Z7MPpdm1gzipiA0o4Mn7ackPj3k8EPkIaPD9I25g8CacB3Z
aSIlFdrhrF1zD7NCTtmjmvO61HqItS6MdH39Ito6giYqcuB58P6fw9AaNZXqpsx5
Gt16Vc2HrgX4gmJtIG52+bIVctXoEE0NT8nsHjsOguexwxmoxIjkT0i8fdOHy4r9
NP5cXOw3+POkxpvJ/03mpL+zm2Umjd6lsoIawl/R0I683yyGYLmJBWghqQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFEYLqKhvd3zkdieGNl8UmEZzeW4ZMB8GA1UdIwQY
MBaAFMD71YdmE+3Fbg9d5GjM5esohf8pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1B2VmgyWVQ3Y1Z1RDEza2FNemw2eWlGX3lrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS8wMWViYzItODRkMC00YWUzLWEyYzIt
YTNiNmJlNGE5ZTliLzEvUmd1b3FHOTNmT1IySjRZMlh4U1lSbk41YmhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS8wMWViYzItODRkMC00YWUzLWEyYzItYTNiNmJlNGE5ZTli
LzEvd1B2VmgyWVQ3Y1Z1RDEza2FNemw2eWlGX3lrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjAaBAIAATAUAwQCuX3gMAwD
BAC51GkDBAK51GgwLAQCAAIwJjASAwcAKga8wAABAwcBKga8wAAEAwcAKga8wAAJ
AwcAKga8wAARMA0GCSqGSIb3DQEBCwUAA4IBAQCeGTeeeRKG8xXL29e3qA5GPjUS
EDBeiTUb9GsSs9N4c6VHOwzCi/KKXe1c9/9FF5eY9zWrKXMpMKoBDlka/ClbFxup
an8fwiXYYJ83Dk/vbP0FyLPK5hdlt/YvvzBnp2XLt3xEklHtndfagNhlq6Ehsryl
r4yxWA83Uf1Tv7ntxwPE8XheRT9OATQXGnBWISxVQTf7PvD0/aD3yN/8NoTqBo4J
qKJREPMMcoH3Ia8zSPQcfHujCvxMuHIFJIx45nNuzVbMQdcwOsCowePHewFOiQRT
+maZ/Y6PKQmio7R340wHVlzBK6DA3dBD/iNBhqCAHGqfPakSF9AAyzB9wUO/
-----END CERTIFICATE-----