Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/6891df-971e-4e60-8cbc-e3c2f32cf3b7/1/PMWdMgWq0xIUIZVOdizYC37xtuY.roa
File:                     PMWdMgWq0xIUIZVOdizYC37xtuY.roa (raw, json)
Hash identifier:          Old7EAUJIhHPcoB5DeCN+//i2P4Yad5PYDHT9WFGIA4=
Subject key identifier:   3C:C5:9D:32:05:AA:D3:12:14:21:95:4E:76:2C:D8:0B:7E:F1:B6:E6
Certificate issuer:       /CN=966b05c661c76a5bcc48da838eedb6973f153b86
Certificate serial:       01878E758D152F3494895D4B02F2C598AD31
Authority key identifier: 96:6B:05:C6:61:C7:6A:5B:CC:48:DA:83:8E:ED:B6:97:3F:15:3B:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lmsFxmHHalvMSNqDju22lz8VO4Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/6891df-971e-4e60-8cbc-e3c2f32cf3b7/1/PMWdMgWq0xIUIZVOdizYC37xtuY.roa
Signing time:             Mon 17 Apr 2023 09:04:41 +0000
ROA not before:           Mon 17 Apr 2023 09:04:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     206316
IP address blocks:        195.242.177.0/24 maxlen: 24
                          5.183.97.0/24 maxlen: 24
                          5.183.98.0/24 maxlen: 24
                          5.183.96.0/22 maxlen: 22
                          5.183.96.0/24 maxlen: 24
                          5.183.99.0/24 maxlen: 24
                          195.238.248.0/24 maxlen: 24
                          195.238.252.0/24 maxlen: 24
                          185.219.130.0/24 maxlen: 24
                          185.219.131.0/24 maxlen: 24
                          185.219.128.0/22 maxlen: 22
                          185.219.129.0/24 maxlen: 24
                          185.219.128.0/24 maxlen: 24
                          2a0e:bc04::/30 maxlen: 64
                          2a0b:e640::/30 maxlen: 64
                          2a0e:bc00::/30 maxlen: 64
                          2a0b:e640:1::/48 maxlen: 64
                          2a0b:e644::/30 maxlen: 64

Validation:               Failed, certificate revoked on Thu 28 Sep 2023 21:04:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:8e:75:8d:15:2f:34:94:89:5d:4b:02:f2:c5:98:ad:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=966b05c661c76a5bcc48da838eedb6973f153b86
        Validity
            Not Before: Apr 17 09:04:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3cc59d3205aad3121421954e762cd80b7ef1b6e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:cd:4c:a7:72:d1:77:aa:f0:6a:de:3c:98:16:
                    77:37:18:43:04:b8:97:f0:11:97:80:91:c9:cb:78:
                    9b:af:73:8c:6c:d0:e7:bb:3a:ed:91:cd:d3:a1:51:
                    6d:b7:6e:4a:17:d6:56:74:ce:a1:fe:32:a9:cf:c6:
                    9e:63:12:ad:54:52:d5:cb:f3:ed:44:c4:5d:96:15:
                    01:11:99:1f:8d:a4:0b:9c:95:8b:fb:53:08:cd:34:
                    73:ee:2e:f4:6b:9c:f2:cd:75:8a:bd:03:ff:0c:ab:
                    19:43:a0:27:19:0c:2e:3b:b2:86:3f:86:b2:1e:86:
                    b4:eb:b0:e8:e6:67:d7:39:b7:1e:0f:7a:3f:9d:d9:
                    0f:3a:b3:1e:18:48:7f:35:2a:83:8b:c3:90:bc:32:
                    21:30:a5:49:7b:6b:1b:a6:f2:09:2f:31:5e:56:aa:
                    c8:fa:31:63:32:ed:9f:1e:e1:20:54:43:f1:2f:36:
                    6b:81:bc:8e:7a:45:c8:83:41:2c:ea:30:0b:1a:61:
                    6f:61:f2:0b:df:64:4c:36:f2:6a:6e:db:b7:c4:a7:
                    95:55:0b:21:77:f4:ce:bd:48:8d:89:12:56:c6:dd:
                    df:16:39:f7:f2:aa:d1:24:db:9d:36:ba:36:63:cd:
                    d8:45:19:cc:d7:fc:be:d6:32:e0:c4:1d:23:33:14:
                    6e:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:C5:9D:32:05:AA:D3:12:14:21:95:4E:76:2C:D8:0B:7E:F1:B6:E6
            X509v3 Authority Key Identifier:
                keyid:96:6B:05:C6:61:C7:6A:5B:CC:48:DA:83:8E:ED:B6:97:3F:15:3B:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lmsFxmHHalvMSNqDju22lz8VO4Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/6891df-971e-4e60-8cbc-e3c2f32cf3b7/1/PMWdMgWq0xIUIZVOdizYC37xtuY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/6891df-971e-4e60-8cbc-e3c2f32cf3b7/1/lmsFxmHHalvMSNqDju22lz8VO4Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.183.96.0/22
                  185.219.128.0/22
                  195.238.248.0/24
                  195.238.252.0/24
                  195.242.177.0/24
                IPv6:
                  2a0b:e640::/29
                  2a0e:bc00::/29

    Signature Algorithm: sha256WithRSAEncryption
         4e:62:9e:0d:0a:c4:95:0d:5a:5b:dd:c7:d7:53:d5:9f:0c:3a:
         14:b2:9f:cc:b6:a4:b3:fd:8a:7d:bc:0c:96:ee:e2:a0:21:e9:
         56:3d:b5:06:28:7d:b9:22:cd:e1:22:bf:ec:15:4b:b9:9b:3a:
         e1:fa:fd:4e:2a:1e:40:6b:32:c9:2e:45:24:94:b5:25:02:5e:
         e1:0b:ba:30:95:2f:6c:a2:9d:09:ef:da:ae:d5:63:be:87:eb:
         0a:28:94:39:35:d6:3d:b3:8a:19:7e:1d:70:88:4b:05:a0:77:
         a2:00:e6:b5:c6:56:3f:b4:03:72:d3:56:8f:ff:dc:03:a3:2d:
         58:fd:9d:83:03:02:80:55:bc:22:16:90:d0:19:9b:f3:c1:7d:
         37:da:31:a8:58:0e:9b:8c:28:cb:9b:d6:79:f4:23:bd:b1:bf:
         89:8e:03:ae:22:c3:0e:70:cf:91:a3:36:af:25:81:7f:0d:e3:
         1b:1d:08:ec:97:cf:d4:70:56:2d:05:ef:40:52:2d:48:2a:0d:
         61:ed:bf:28:37:f3:42:7a:c9:26:fc:0d:9b:5c:4f:7b:b9:ad:
         08:12:37:36:ba:b0:70:49:5a:4f:cd:b8:a5:75:48:76:f8:50:
         49:d1:98:80:7e:39:43:f1:57:48:07:4f:95:0b:33:69:20:51:
         e0:ad:f3:89
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAYeOdY0VLzSUiV1LAvLFmK0xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2NmIwNWM2NjFjNzZhNWJjYzQ4ZGE4MzhlZWRiNjk3M2Yx
NTNiODYwHhcNMjMwNDE3MDkwNDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2M1OWQzMjA1YWFkMzEyMTQyMTk1NGU3NjJjZDgwYjdlZjFiNmU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmc1Mp3LRd6rwat48mBZ3NxhDBLiX
8BGXgJHJy3ibr3OMbNDnuzrtkc3ToVFtt25KF9ZWdM6h/jKpz8aeYxKtVFLVy/Pt
RMRdlhUBEZkfjaQLnJWL+1MIzTRz7i70a5zyzXWKvQP/DKsZQ6AnGQwuO7KGP4ay
Hoa067Do5mfXObceD3o/ndkPOrMeGEh/NSqDi8OQvDIhMKVJe2sbpvIJLzFeVqrI
+jFjMu2fHuEgVEPxLzZrgbyOekXIg0Es6jALGmFvYfIL32RMNvJqbtu3xKeVVQsh
d/TOvUiNiRJWxt3fFjn38qrRJNudNro2Y83YRRnM1/y+1jLgxB0jMxRupQIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFDzFnTIFqtMSFCGVTnYs2At+8bbmMB8GA1UdIwQY
MBaAFJZrBcZhx2pbzEjag47ttpc/FTuGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbG1zRnhtSEhhbHZNU05xRGp1MjJsejhWTzRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC82ODkxZGYtOTcxZS00ZTYwLThjYmMt
ZTNjMmYzMmNmM2I3LzEvUE1XZE1nV3EweElVSVpWT2RpellDMzd4dHVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC82ODkxZGYtOTcxZS00ZTYwLThjYmMtZTNjMmYzMmNmM2I3
LzEvbG1zRnhtSEhhbHZNU05xRGp1MjJsejhWTzRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDAkBAIAATAeAwQCBbdgAwQC
uduAAwQAw+74AwQAw+78AwQAw/KxMBQEAgACMA4DBQMqC+ZAAwUDKg68ADANBgkq
hkiG9w0BAQsFAAOCAQEATmKeDQrElQ1aW93H11PVnww6FLKfzLaks/2KfbwMlu7i
oCHpVj21Bih9uSLN4SK/7BVLuZs64fr9TioeQGsyyS5FJJS1JQJe4Qu6MJUvbKKd
Ce/artVjvofrCiiUOTXWPbOKGX4dcIhLBaB3ogDmtcZWP7QDctNWj//cA6MtWP2d
gwMCgFW8IhaQ0Bmb88F9N9oxqFgOm4woy5vWefQjvbG/iY4DriLDDnDPkaM2ryWB
fw3jGx0I7JfP1HBWLQXvQFItSCoNYe2/KDfzQnrJJvwNm1xPe7mtCBI3NrqwcEla
T824pXVIdvhQSdGYgH45Q/FXSAdPlQszaSBR4K3ziQ==
-----END CERTIFICATE-----