Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/6891df-971e-4e60-8cbc-e3c2f32cf3b7/1/PDx50crqM6Nf3tSSjFd4bZUqzOw.roa
File:                     PDx50crqM6Nf3tSSjFd4bZUqzOw.roa (raw, json)
Hash identifier:          U2exo0uVAHomD3humvvOUp+7myy62WuY9ELXcZJALXQ=
Subject key identifier:   3C:3C:79:D1:CA:EA:33:A3:5F:DE:D4:92:8C:57:78:6D:95:2A:CC:EC
Certificate issuer:       /CN=966b05c661c76a5bcc48da838eedb6973f153b86
Certificate serial:       018C1500D72F4686B9C2BAE73C1E8749C9C7
Authority key identifier: 96:6B:05:C6:61:C7:6A:5B:CC:48:DA:83:8E:ED:B6:97:3F:15:3B:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lmsFxmHHalvMSNqDju22lz8VO4Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/6891df-971e-4e60-8cbc-e3c2f32cf3b7/1/PDx50crqM6Nf3tSSjFd4bZUqzOw.roa
Signing time:             Tue 28 Nov 2023 08:17:05 +0000
ROA not before:           Tue 28 Nov 2023 08:17:05 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     206316
IP address blocks:        195.242.177.0/24 maxlen: 24
                          195.242.178.0/24 maxlen: 24
                          5.183.97.0/24 maxlen: 24
                          5.183.98.0/24 maxlen: 24
                          5.183.96.0/22 maxlen: 22
                          5.183.96.0/24 maxlen: 24
                          5.183.99.0/24 maxlen: 24
                          195.238.248.0/24 maxlen: 24
                          195.238.252.0/24 maxlen: 24
                          185.219.130.0/24 maxlen: 24
                          185.219.131.0/24 maxlen: 24
                          185.219.128.0/22 maxlen: 22
                          185.219.129.0/24 maxlen: 24
                          185.219.128.0/24 maxlen: 24
                          2a0e:bc00::/29 maxlen: 29
                          2a0b:e640::/29 maxlen: 29

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 04:29:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:15:00:d7:2f:46:86:b9:c2:ba:e7:3c:1e:87:49:c9:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=966b05c661c76a5bcc48da838eedb6973f153b86
        Validity
            Not Before: Nov 28 08:17:05 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3c3c79d1caea33a35fded4928c57786d952accec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:12:58:ff:0a:20:36:b1:2c:f0:66:45:0f:0f:
                    1b:b1:a2:67:80:e4:b0:45:4a:06:75:40:bb:de:04:
                    3b:d9:e1:36:ca:30:29:aa:7a:77:0a:bb:1c:24:3e:
                    80:39:bb:37:71:09:37:95:4d:39:b8:e6:63:4d:0a:
                    95:ac:4f:0d:61:06:30:e0:b6:9f:10:b2:a6:02:af:
                    01:56:99:ec:6a:5e:e9:63:be:31:7d:1e:1a:47:bd:
                    81:f1:f7:be:f4:47:5d:57:fe:ca:41:15:9d:38:87:
                    6a:50:4a:d3:30:47:e8:15:fd:97:82:bd:9d:1c:27:
                    85:b0:62:c1:94:73:e5:a7:ab:ea:55:98:07:49:0a:
                    ff:f5:bf:f1:a0:4f:1e:1a:ef:ed:33:c7:37:78:89:
                    42:47:d3:30:4d:27:ed:82:52:b4:64:ef:ec:8a:b0:
                    79:91:c9:f1:b9:b1:ab:e9:b0:d7:32:64:e6:bb:bd:
                    6a:41:6c:cd:86:7c:7e:93:a0:cf:c8:da:b7:f2:6b:
                    a0:60:c4:7e:5c:39:d3:fa:02:ba:d7:2d:ff:48:3e:
                    b6:a0:c9:65:b6:35:17:57:9b:ee:6b:f3:68:5d:14:
                    25:a0:c5:61:90:23:ae:a0:f8:4a:df:fc:a8:99:6e:
                    92:5e:dc:77:0e:aa:2d:12:c1:0c:e0:1a:a0:6d:e0:
                    c8:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:3C:79:D1:CA:EA:33:A3:5F:DE:D4:92:8C:57:78:6D:95:2A:CC:EC
            X509v3 Authority Key Identifier:
                keyid:96:6B:05:C6:61:C7:6A:5B:CC:48:DA:83:8E:ED:B6:97:3F:15:3B:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lmsFxmHHalvMSNqDju22lz8VO4Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/6891df-971e-4e60-8cbc-e3c2f32cf3b7/1/PDx50crqM6Nf3tSSjFd4bZUqzOw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/6891df-971e-4e60-8cbc-e3c2f32cf3b7/1/lmsFxmHHalvMSNqDju22lz8VO4Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.183.96.0/22
                  185.219.128.0/22
                  195.238.248.0/24
                  195.238.252.0/24
                  195.242.177.0-195.242.178.255
                IPv6:
                  2a0b:e640::/29
                  2a0e:bc00::/29

    Signature Algorithm: sha256WithRSAEncryption
         39:39:36:6b:d7:4a:79:6b:e0:85:8b:98:f4:71:69:a2:81:ab:
         57:54:68:81:e7:66:76:fe:97:e3:38:f1:3a:21:f1:ab:fd:53:
         39:7a:03:73:e1:31:00:a6:ee:2b:8d:eb:db:0b:eb:7d:52:ea:
         f5:e4:30:fb:fd:8b:e7:9c:7b:76:cc:59:10:6b:28:3b:8d:20:
         8d:33:02:1c:64:6e:34:ff:10:95:01:ef:0e:cb:e3:db:94:4f:
         0c:7d:8d:10:fb:4e:cc:01:e6:49:a9:78:2d:e7:16:7c:97:e3:
         53:49:68:67:dc:3e:ae:fb:48:6c:8c:09:0c:d3:21:89:27:44:
         5a:98:2c:2c:8b:60:98:98:1b:f8:fb:d9:46:36:2e:34:6b:62:
         c4:c2:b6:61:27:3f:ea:0e:fc:df:24:d5:df:3b:a6:6c:b6:24:
         04:56:ff:65:03:13:b7:6b:83:e5:15:c5:39:dc:8b:9b:26:e4:
         72:76:52:b5:d3:7b:0b:86:3d:cb:de:22:03:76:2d:72:c8:f4:
         43:b6:32:57:82:31:be:85:da:71:76:c2:30:97:7f:65:3d:e3:
         e7:7d:67:5d:df:1a:da:10:eb:fa:d3:d1:ee:12:42:9c:11:b9:
         d1:54:2b:e7:f2:8c:35:ad:3c:a1:38:c5:5f:7b:a6:20:9b:22:
         94:b6:5c:87
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYwVANcvRoa5wrrnPB6HScnHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2NmIwNWM2NjFjNzZhNWJjYzQ4ZGE4MzhlZWRiNjk3M2Yx
NTNiODYwHhcNMjMxMTI4MDgxNzA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzNjNzlkMWNhZWEzM2EzNWZkZWQ0OTI4YzU3Nzg2ZDk1MmFjY2VjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3BJY/wogNrEs8GZFDw8bsaJngOSw
RUoGdUC73gQ72eE2yjApqnp3CrscJD6AObs3cQk3lU05uOZjTQqVrE8NYQYw4Laf
ELKmAq8BVpnsal7pY74xfR4aR72B8fe+9EddV/7KQRWdOIdqUErTMEfoFf2Xgr2d
HCeFsGLBlHPlp6vqVZgHSQr/9b/xoE8eGu/tM8c3eIlCR9MwTSftglK0ZO/sirB5
kcnxubGr6bDXMmTmu71qQWzNhnx+k6DPyNq38mugYMR+XDnT+gK61y3/SD62oMll
tjUXV5vua/NoXRQloMVhkCOuoPhK3/yomW6SXtx3DqotEsEM4BqgbeDIkwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFDw8edHK6jOjX97UkoxXeG2VKszsMB8GA1UdIwQY
MBaAFJZrBcZhx2pbzEjag47ttpc/FTuGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbG1zRnhtSEhhbHZNU05xRGp1MjJsejhWTzRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC82ODkxZGYtOTcxZS00ZTYwLThjYmMt
ZTNjMmYzMmNmM2I3LzEvUER4NTBjcnFNNk5mM3RTU2pGZDRiWlVxek93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC82ODkxZGYtOTcxZS00ZTYwLThjYmMtZTNjMmYzMmNmM2I3
LzEvbG1zRnhtSEhhbHZNU05xRGp1MjJsejhWTzRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDAsBAIAATAmAwQCBbdgAwQC
uduAAwQAw+74AwQAw+78MAwDBADD8rEDBADD8rIwFAQCAAIwDgMFAyoL5kADBQMq
DrwAMA0GCSqGSIb3DQEBCwUAA4IBAQA5OTZr10p5a+CFi5j0cWmigatXVGiB52Z2
/pfjOPE6IfGr/VM5egNz4TEApu4rjevbC+t9Uur15DD7/YvnnHt2zFkQayg7jSCN
MwIcZG40/xCVAe8Oy+PblE8MfY0Q+07MAeZJqXgt5xZ8l+NTSWhn3D6u+0hsjAkM
0yGJJ0RamCwsi2CYmBv4+9lGNi40a2LEwrZhJz/qDvzfJNXfO6ZstiQEVv9lAxO3
a4PlFcU53IubJuRydlK103sLhj3L3iIDdi1yyPRDtjJXgjG+hdpxdsIwl39lPePn
fWdd3xraEOv609HuEkKcEbnRVCvn8ow1rTyhOMVfe6YgmyKUtlyH
-----END CERTIFICATE-----