Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/RI5bv1Sdfr7K_5ns8XveV2o3G_I.roa
File:                     RI5bv1Sdfr7K_5ns8XveV2o3G_I.roa (raw, json)
Hash identifier:          N/ouFDp4fFjmJdnueOhwC9aGxYqgSSfHVzH5+xB/hiE=
Subject key identifier:   44:8E:5B:BF:54:9D:7E:BE:CA:FF:99:EC:F1:7B:DE:57:6A:37:1B:F2
Certificate issuer:       /CN=22f344a63dcb70e89057deb8e2761dc45165881a
Certificate serial:       01912C2CB5DC3119DD8D721A4455D7A8ED0D
Authority key identifier: 22:F3:44:A6:3D:CB:70:E8:90:57:DE:B8:E2:76:1D:C4:51:65:88:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IvNEpj3LcOiQV9644nYdxFFliBo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/RI5bv1Sdfr7K_5ns8XveV2o3G_I.roa
Signing time:             Wed 07 Aug 2024 09:30:13 +0000
ROA not before:           Wed 07 Aug 2024 09:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209372
IP address blocks:        85.28.32.0/23 maxlen: 23
                          85.28.34.0/24 maxlen: 24
                          85.28.35.0/24 maxlen: 24
                          85.28.36.0/22 maxlen: 22
                          85.28.40.0/23 maxlen: 23
                          85.28.42.0/24 maxlen: 24
                          85.28.43.0/24 maxlen: 24
                          85.28.44.0/23 maxlen: 23
                          85.28.48.0/22 maxlen: 22
                          85.28.52.0/23 maxlen: 23
                          85.28.54.0/23 maxlen: 23
                          85.28.56.0/24 maxlen: 24
                          85.28.57.0/24 maxlen: 24
                          85.28.58.0/24 maxlen: 24
                          85.28.59.0/24 maxlen: 24
                          85.28.60.0/22 maxlen: 22
                          85.28.60.0/24 maxlen: 24
                          109.238.200.0/24 maxlen: 24
                          109.238.203.0/24 maxlen: 24
                          109.238.205.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 21 Oct 2024 16:28:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:2c:2c:b5:dc:31:19:dd:8d:72:1a:44:55:d7:a8:ed:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22f344a63dcb70e89057deb8e2761dc45165881a
        Validity
            Not Before: Aug  7 09:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=448e5bbf549d7ebecaff99ecf17bde576a371bf2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:eb:42:51:5c:41:50:0e:f2:f7:45:81:b3:6c:
                    fe:67:84:aa:13:d1:93:cc:31:fb:d2:f5:7e:38:47:
                    7c:3d:6c:3e:6a:38:17:b6:1f:f7:82:51:6a:a6:2f:
                    aa:6b:a9:33:c0:db:91:77:7d:5b:c2:10:03:6d:13:
                    bd:56:85:50:2f:c2:d4:37:3c:ae:2d:2c:af:2a:82:
                    a5:80:88:26:6a:7d:77:38:30:27:79:6f:12:5a:19:
                    ac:f6:90:16:39:2d:47:e4:6a:01:ae:86:d7:05:8f:
                    14:69:c7:38:34:07:c5:90:ba:2a:3c:7a:88:93:46:
                    f4:6c:11:34:dc:b3:59:40:0d:ea:6e:14:92:ff:4a:
                    81:59:bc:51:08:e6:36:35:ab:6f:ae:70:57:8f:dc:
                    34:47:e5:c3:ea:40:dd:1c:b5:7e:56:1f:24:0c:b1:
                    5d:dc:e4:f8:78:da:a0:b6:de:30:e0:a5:b9:1b:4c:
                    b7:82:3d:ce:cb:9d:d8:50:03:e0:2e:7b:66:70:c3:
                    e0:b7:a9:34:cf:98:9b:7c:33:bf:58:e7:99:90:07:
                    19:2c:4f:ae:d1:f9:05:1b:3b:33:43:47:4c:b1:e8:
                    51:44:da:df:00:1b:71:f1:42:e1:aa:99:6e:dc:f7:
                    c5:cc:88:49:04:8f:95:61:d7:ab:c5:1e:fe:ca:df:
                    1d:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:8E:5B:BF:54:9D:7E:BE:CA:FF:99:EC:F1:7B:DE:57:6A:37:1B:F2
            X509v3 Authority Key Identifier:
                keyid:22:F3:44:A6:3D:CB:70:E8:90:57:DE:B8:E2:76:1D:C4:51:65:88:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IvNEpj3LcOiQV9644nYdxFFliBo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/RI5bv1Sdfr7K_5ns8XveV2o3G_I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/IvNEpj3LcOiQV9644nYdxFFliBo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.28.32.0-85.28.45.255
                  85.28.48.0/20
                  109.238.200.0/24
                  109.238.203.0/24
                  109.238.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c1:ac:e0:95:62:a9:d6:d6:1b:a4:62:32:2d:46:04:57:8a:7d:
         f0:05:47:2d:c8:c6:10:e3:7c:06:73:7e:61:46:a2:47:ca:68:
         e9:47:d3:94:68:d1:43:b8:ae:ff:dd:29:04:a6:5b:d0:dc:db:
         06:59:06:51:51:4f:e9:20:4b:a9:b3:da:7c:37:58:5a:db:02:
         3a:56:6b:86:72:7a:09:37:21:98:7b:0e:b0:dd:fb:47:4a:d6:
         0c:93:50:23:b9:5a:a8:2a:e0:88:cb:1e:30:e0:11:9f:c0:ae:
         ce:ed:a1:e9:8a:97:91:0a:8d:28:2b:28:94:cc:87:3e:f7:d4:
         7a:d7:9b:0d:7d:b4:85:f4:e1:7d:86:b3:1d:ac:cb:24:93:75:
         d5:fe:e4:67:58:3c:60:f7:f3:ff:0d:c9:5c:b0:08:05:da:c5:
         38:0d:13:e6:ce:d6:4b:a5:d8:44:69:e1:84:13:c5:8c:80:58:
         f0:f9:19:93:ea:04:22:80:8a:4d:75:01:bb:aa:1f:67:e1:01:
         5f:c0:40:3d:9b:96:3e:9a:e2:65:7b:6f:d1:6b:ca:4e:bc:d7:
         6e:8d:91:15:75:d1:98:d1:bc:36:d7:d4:3e:65:24:ca:24:5b:
         05:64:37:96:07:2e:de:c8:fe:f7:05:e0:51:45:06:f8:98:dd:
         6a:99:d0:34
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAZEsLLXcMRndjXIaRFXXqO0NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyZjM0NGE2M2RjYjcwZTg5MDU3ZGViOGUyNzYxZGM0NTE2
NTg4MWEwHhcNMjQwODA3MDkzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDhlNWJiZjU0OWQ3ZWJlY2FmZjk5ZWNmMTdiZGU1NzZhMzcxYmYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApetCUVxBUA7y90WBs2z+Z4SqE9GT
zDH70vV+OEd8PWw+ajgXth/3glFqpi+qa6kzwNuRd31bwhADbRO9VoVQL8LUNzyu
LSyvKoKlgIgman13ODAneW8SWhms9pAWOS1H5GoBrobXBY8Uacc4NAfFkLoqPHqI
k0b0bBE03LNZQA3qbhSS/0qBWbxRCOY2NatvrnBXj9w0R+XD6kDdHLV+Vh8kDLFd
3OT4eNqgtt4w4KW5G0y3gj3Oy53YUAPgLntmcMPgt6k0z5ibfDO/WOeZkAcZLE+u
0fkFGzszQ0dMsehRRNrfABtx8ULhqplu3PfFzIhJBI+VYderxR7+yt8dLwIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFESOW79UnX6+yv+Z7PF73ldqNxvyMB8GA1UdIwQY
MBaAFCLzRKY9y3DokFfeuOJ2HcRRZYgaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXZORXBqM0xjT2lRVjk2NDRuWWR4RkZsaUJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi81MzYwZTctZjAyYS00NzM3LTk5Yzct
ZmViYjY0YjVlMTY0LzEvUkk1YnYxU2RmcjdLXzVuczhYdmVWMm8zR19JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi81MzYwZTctZjAyYS00NzM3LTk5YzctZmViYjY0YjVlMTY0
LzEvSXZORXBqM0xjT2lRVjk2NDRuWWR4RkZsaUJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmMAwDBAVVHCAD
BAFVHCwDBARVHDADBABt7sgDBABt7ssDBABt7s0wDQYJKoZIhvcNAQELBQADggEB
AMGs4JViqdbWG6RiMi1GBFeKffAFRy3IxhDjfAZzfmFGokfKaOlH05Ro0UO4rv/d
KQSmW9Dc2wZZBlFRT+kgS6mz2nw3WFrbAjpWa4Zyegk3IZh7DrDd+0dK1gyTUCO5
Wqgq4IjLHjDgEZ/Ars7toemKl5EKjSgrKJTMhz731HrXmw19tIX04X2Gsx2syyST
ddX+5GdYPGD38/8NyVywCAXaxTgNE+bO1kul2ERp4YQTxYyAWPD5GZPqBCKAik11
AbuqH2fhAV/AQD2blj6a4mV7b9Fryk68126NkRV10ZjRvDbX1D5lJMokWwVkN5YH
Lt7I/vcF4FFFBviY3WqZ0DQ=
-----END CERTIFICATE-----