Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/cf7f6d-b225-4bdf-9504-838ebf412a61/1/z2mWZN9zpehZ0StuYauUlPmkRF8.roa
File:                     z2mWZN9zpehZ0StuYauUlPmkRF8.roa (raw, json)
Hash identifier:          dXhT9u+txsubMs+tZf1Xj0MT3uzt0UEKcsVyjFZKMUw=
Subject key identifier:   CF:69:96:64:DF:73:A5:E8:59:D1:2B:6E:61:AB:94:94:F9:A4:44:5F
Certificate issuer:       /CN=c8acf59abd4abbfbf830a060225a96a2179a2694
Certificate serial:       018E2CC23AD27D9BBBB82671C3E330953B60
Authority key identifier: C8:AC:F5:9A:BD:4A:BB:FB:F8:30:A0:60:22:5A:96:A2:17:9A:26:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yKz1mr1Ku_v4MKBgIlqWoheaJpQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/cf7f6d-b225-4bdf-9504-838ebf412a61/1/z2mWZN9zpehZ0StuYauUlPmkRF8.roa
Signing time:             Mon 11 Mar 2024 09:05:10 +0000
ROA not before:           Mon 11 Mar 2024 09:05:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39405
IP address blocks:        45.153.92.0/22 maxlen: 24
                          93.93.40.0/21 maxlen: 24
                          141.0.200.0/21 maxlen: 24
                          185.116.128.0/22 maxlen: 24
                          185.117.16.0/22 maxlen: 24
                          185.227.0.0/22 maxlen: 24
                          185.244.72.0/22 maxlen: 24
                          185.246.96.0/22 maxlen: 24
                          185.247.86.0/23 maxlen: 24
                          185.249.184.0/22 maxlen: 24
                          185.253.92.0/22 maxlen: 24
                          193.84.73.0/24 maxlen: 24
                          2a01:6600::/32 maxlen: 32
                          2a0c:4400::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 28 May 2024 16:28:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:2c:c2:3a:d2:7d:9b:bb:b8:26:71:c3:e3:30:95:3b:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c8acf59abd4abbfbf830a060225a96a2179a2694
        Validity
            Not Before: Mar 11 09:05:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cf699664df73a5e859d12b6e61ab9494f9a4445f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:d7:97:4d:e1:36:69:8d:a8:f9:d8:e8:71:93:
                    72:46:96:c0:48:8a:3c:c2:c4:67:33:bd:c7:a4:6c:
                    0b:a6:09:37:b6:3a:ac:c8:fa:88:52:25:be:10:58:
                    3e:a7:fc:4d:b6:9f:e5:99:2a:86:47:54:6c:18:76:
                    1d:38:49:1c:01:db:b0:33:d9:06:26:36:68:02:84:
                    a2:21:9e:d2:29:f4:01:c2:09:11:b2:60:c1:d3:13:
                    0d:75:49:ea:2f:d9:cb:90:dd:c5:98:5a:be:c3:d8:
                    b2:cf:b4:03:0b:b6:a0:9a:6b:66:40:9a:84:db:64:
                    36:39:8b:91:8d:57:27:ef:63:27:a0:06:32:6c:f6:
                    9f:2d:5d:eb:ff:12:c6:55:7c:8e:4d:af:d0:85:11:
                    9a:3a:8c:c5:d6:8f:47:80:98:df:cc:80:e5:6f:d6:
                    86:bc:81:4e:a4:2b:68:2d:a1:1c:aa:19:3a:ea:1b:
                    c0:ee:a6:01:63:9a:42:d4:6b:a8:0c:f8:2f:e5:c1:
                    ae:28:77:3c:e6:be:1c:b4:e4:67:d1:5a:29:02:4f:
                    56:bb:e0:41:8d:a8:da:96:5c:9e:0d:00:34:6d:42:
                    37:c9:99:c5:2d:03:18:8c:13:39:5e:79:62:ed:61:
                    fd:b3:45:b5:a0:e5:e9:f3:bd:8e:51:fc:93:72:f7:
                    b7:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:69:96:64:DF:73:A5:E8:59:D1:2B:6E:61:AB:94:94:F9:A4:44:5F
            X509v3 Authority Key Identifier:
                keyid:C8:AC:F5:9A:BD:4A:BB:FB:F8:30:A0:60:22:5A:96:A2:17:9A:26:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yKz1mr1Ku_v4MKBgIlqWoheaJpQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/cf7f6d-b225-4bdf-9504-838ebf412a61/1/z2mWZN9zpehZ0StuYauUlPmkRF8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/cf7f6d-b225-4bdf-9504-838ebf412a61/1/yKz1mr1Ku_v4MKBgIlqWoheaJpQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.153.92.0/22
                  93.93.40.0/21
                  141.0.200.0/21
                  185.116.128.0/22
                  185.117.16.0/22
                  185.227.0.0/22
                  185.244.72.0/22
                  185.246.96.0/22
                  185.247.86.0/23
                  185.249.184.0/22
                  185.253.92.0/22
                  193.84.73.0/24
                IPv6:
                  2a01:6600::/32
                  2a0c:4400::/32

    Signature Algorithm: sha256WithRSAEncryption
         22:f7:6e:9d:cf:87:65:f7:42:4f:a9:ec:6c:2c:30:e2:ba:31:
         fd:6d:ac:2e:a0:ec:0e:dd:af:a1:6d:ca:dd:53:7e:a1:5e:a4:
         1d:06:28:b8:05:00:e3:96:ec:38:65:11:12:39:f6:39:11:39:
         65:0f:0a:ad:f5:ad:52:01:e7:69:bb:0f:e8:96:91:43:0f:0d:
         8b:2e:d6:82:8f:ab:09:5e:7c:3c:f7:9d:f7:f8:b0:3c:4d:c2:
         59:07:91:aa:0d:2d:af:91:db:69:64:34:01:12:43:50:ef:43:
         3e:b6:c1:82:d8:f0:ad:fb:07:85:c8:e1:db:00:8f:2e:d5:6a:
         0f:89:48:f4:1c:6b:3b:be:64:3d:10:9d:f1:ab:ac:d8:13:16:
         ca:d7:86:17:02:8d:df:c2:32:cd:e8:ad:a3:ce:f0:af:f2:53:
         9d:db:53:45:60:01:f1:82:de:83:a0:e2:3e:17:a4:8b:af:17:
         e7:f4:ea:23:4d:8b:27:d3:ed:68:44:7c:e6:fa:b6:f0:ab:9a:
         f5:44:29:6a:b3:30:53:79:64:af:e6:c2:38:cd:cb:29:8f:64:
         47:7b:80:65:05:da:df:94:b6:fe:f5:17:2e:b5:ba:9c:39:b8:
         7c:36:ee:4e:d9:ec:c8:c9:62:9f:9a:68:75:7d:a9:d1:00:38:
         db:4d:f7:3f
-----BEGIN CERTIFICATE-----
MIIFVTCCBD2gAwIBAgISAY4swjrSfZu7uCZxw+MwlTtgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4YWNmNTlhYmQ0YWJiZmJmODMwYTA2MDIyNWE5NmEyMTc5
YTI2OTQwHhcNMjQwMzExMDkwNTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjY5OTY2NGRmNzNhNWU4NTlkMTJiNmU2MWFiOTQ5NGY5YTQ0NDVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApdeXTeE2aY2o+djocZNyRpbASIo8
wsRnM73HpGwLpgk3tjqsyPqIUiW+EFg+p/xNtp/lmSqGR1RsGHYdOEkcAduwM9kG
JjZoAoSiIZ7SKfQBwgkRsmDB0xMNdUnqL9nLkN3FmFq+w9iyz7QDC7agmmtmQJqE
22Q2OYuRjVcn72MnoAYybPafLV3r/xLGVXyOTa/QhRGaOozF1o9HgJjfzIDlb9aG
vIFOpCtoLaEcqhk66hvA7qYBY5pC1GuoDPgv5cGuKHc85r4ctORn0VopAk9Wu+BB
jajallyeDQA0bUI3yZnFLQMYjBM5Xnli7WH9s0W1oOXp872OUfyTcve3uwIDAQAB
o4ICYTCCAl0wHQYDVR0OBBYEFM9plmTfc6XoWdErbmGrlJT5pERfMB8GA1UdIwQY
MBaAFMis9Zq9Srv7+DCgYCJalqIXmiaUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUt6MW1yMUt1X3Y0TUtCZ0lscVdvaGVhSnBRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy9jZjdmNmQtYjIyNS00YmRmLTk1MDQt
ODM4ZWJmNDEyYTYxLzEvejJtV1pOOXpwZWhaMFN0dVlhdVVsUG1rUkY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy9jZjdmNmQtYjIyNS00YmRmLTk1MDQtODM4ZWJmNDEyYTYx
LzEveUt6MW1yMUt1X3Y0TUtCZ0lscVdvaGVhSnBRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHcGCCsGAQUFBwEHAQH/BGgwZjBOBAIAATBIAwQCLZlcAwQD
XV0oAwQDjQDIAwQCuXSAAwQCuXUQAwQCueMAAwQCufRIAwQCufZgAwQBufdWAwQC
ufm4AwQCuf1cAwQAwVRJMBQEAgACMA4DBQAqAWYAAwUAKgxEADANBgkqhkiG9w0B
AQsFAAOCAQEAIvdunc+HZfdCT6nsbCww4rox/W2sLqDsDt2voW3K3VN+oV6kHQYo
uAUA45bsOGUREjn2ORE5ZQ8KrfWtUgHnabsP6JaRQw8Niy7Wgo+rCV58PPed9/iw
PE3CWQeRqg0tr5HbaWQ0ARJDUO9DPrbBgtjwrfsHhcjh2wCPLtVqD4lI9BxrO75k
PRCd8aus2BMWyteGFwKN38Iyzeito87wr/JTndtTRWAB8YLeg6DiPheki68X5/Tq
I02LJ9PtaER85vq28Kua9UQparMwU3lkr+bCOM3LKY9kR3uAZQXa35S2/vUXLrW6
nDm4fDbuTtnsyMlin5podX2p0QA42033Pw==
-----END CERTIFICATE-----