Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/f70e1a-732e-4e6b-b3b5-f562b8974d8b/1/d1DXl5r8mIfOU0gn481n_cqgXJo.roa
File:                     d1DXl5r8mIfOU0gn481n_cqgXJo.roa (raw, json)
Hash identifier:          OiD3sxwmfAzHKIXhGyG8H6AbP/n+5wrYvyQrHcZ9TgY=
Subject key identifier:   77:50:D7:97:9A:FC:98:87:CE:53:48:27:E3:CD:67:FD:CA:A0:5C:9A
Certificate issuer:       /CN=f10d39eddb008d1b89df9741960dbf2044f657fb
Certificate serial:       018D305D6D156E736B6FF130C2206D215AB9
Authority key identifier: F1:0D:39:ED:DB:00:8D:1B:89:DF:97:41:96:0D:BF:20:44:F6:57:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8Q057dsAjRuJ35dBlg2_IET2V_s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/f70e1a-732e-4e6b-b3b5-f562b8974d8b/1/d1DXl5r8mIfOU0gn481n_cqgXJo.roa
Signing time:             Mon 22 Jan 2024 08:50:45 +0000
ROA not before:           Mon 22 Jan 2024 08:50:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39923
IP address blocks:        91.238.219.0/24 maxlen: 24
                          109.68.160.0/21 maxlen: 21
                          109.68.164.0/24 maxlen: 24
                          185.35.164.0/22 maxlen: 22
                          185.58.96.0/22 maxlen: 22
                          185.111.204.0/22 maxlen: 22
                          185.111.204.0/24 maxlen: 24
                          185.111.205.0/24 maxlen: 24
                          185.111.206.0/24 maxlen: 24
                          194.145.127.0/24 maxlen: 24
                          194.145.152.0/24 maxlen: 24
                          194.146.23.0/24 maxlen: 24
                          195.189.202.0/23 maxlen: 23
                          2a02:2a08::/32 maxlen: 32
                          2a04:6480::/29 maxlen: 29

Validation:               Failed, certificate revoked on Tue 13 Feb 2024 13:46:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:30:5d:6d:15:6e:73:6b:6f:f1:30:c2:20:6d:21:5a:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f10d39eddb008d1b89df9741960dbf2044f657fb
        Validity
            Not Before: Jan 22 08:50:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7750d7979afc9887ce534827e3cd67fdcaa05c9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:47:69:ec:52:ad:e6:28:fd:c2:20:d5:97:e2:
                    74:34:27:97:14:bb:55:5e:5b:5a:60:f5:71:69:93:
                    7d:30:40:dd:a2:5b:fd:f2:19:ce:bb:57:06:30:49:
                    ff:7f:d4:79:13:e4:e4:b0:0e:80:78:d5:67:31:cd:
                    c2:6a:28:a1:4c:f4:cb:3e:35:46:94:40:68:2a:2b:
                    1b:75:18:20:b9:f5:5f:c6:80:de:1f:46:c7:67:b9:
                    4b:74:8d:60:9a:98:30:5f:84:7d:67:ab:e3:89:7e:
                    d1:6f:92:c9:9a:2c:0d:29:78:da:b7:56:cf:10:89:
                    48:76:87:fc:d7:b4:c5:93:2f:72:53:fd:a4:2b:bc:
                    70:77:99:61:c6:4e:a1:f6:cb:09:65:76:93:44:74:
                    aa:56:05:fb:bc:2f:c5:0a:7d:b3:03:3c:12:f6:47:
                    fd:98:cf:0c:3e:f2:c4:d4:ed:ab:9a:a4:3b:a0:b4:
                    fa:71:9a:54:c1:12:a6:f7:cf:cf:d2:80:1e:05:7c:
                    d4:69:3c:82:32:8f:06:5d:36:e2:68:69:79:3d:e3:
                    64:0c:19:3c:8f:39:42:be:91:60:75:89:6d:cd:3b:
                    c1:4f:7f:40:1e:93:a4:50:f7:9d:10:12:71:1e:d0:
                    a3:e8:e1:0e:85:33:2e:97:39:49:5e:aa:0f:8e:4a:
                    15:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:50:D7:97:9A:FC:98:87:CE:53:48:27:E3:CD:67:FD:CA:A0:5C:9A
            X509v3 Authority Key Identifier:
                keyid:F1:0D:39:ED:DB:00:8D:1B:89:DF:97:41:96:0D:BF:20:44:F6:57:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8Q057dsAjRuJ35dBlg2_IET2V_s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/f70e1a-732e-4e6b-b3b5-f562b8974d8b/1/d1DXl5r8mIfOU0gn481n_cqgXJo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/f70e1a-732e-4e6b-b3b5-f562b8974d8b/1/8Q057dsAjRuJ35dBlg2_IET2V_s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.238.219.0/24
                  109.68.160.0/21
                  185.35.164.0/22
                  185.58.96.0/22
                  185.111.204.0/22
                  194.145.127.0/24
                  194.145.152.0/24
                  194.146.23.0/24
                  195.189.202.0/23
                IPv6:
                  2a02:2a08::/32
                  2a04:6480::/29

    Signature Algorithm: sha256WithRSAEncryption
         1d:7e:01:7b:fa:04:77:50:2c:5b:cd:d1:6b:35:6e:30:46:35:
         71:85:e8:e3:66:2a:7a:00:28:4c:2e:19:66:3d:b8:94:e6:80:
         be:8b:6d:e9:90:52:86:52:3e:e4:73:71:e6:df:82:e1:28:07:
         fd:c0:13:9f:9f:ad:4d:7c:1f:83:6c:33:da:22:73:6e:a6:45:
         7b:c8:eb:0d:e9:88:a4:0d:0e:73:a6:fd:5b:db:51:13:c3:2d:
         a5:37:49:2e:42:b1:f0:b8:79:e7:c0:5e:18:3e:f5:cf:15:b0:
         27:ba:f8:a5:d8:cf:51:eb:bb:a0:d4:ab:0e:48:9d:d1:ba:45:
         12:a6:b1:57:db:f7:20:da:23:fe:e1:76:01:b7:19:61:8d:81:
         4a:b1:94:c7:ba:df:00:ac:d4:66:60:9d:3d:f3:85:53:3f:e3:
         74:88:5d:c2:14:dc:87:51:75:9e:7c:80:fc:a7:ed:0d:0e:d6:
         46:b2:a7:a3:84:40:af:22:6c:07:66:0f:61:5e:da:b6:6d:1c:
         de:07:16:ef:90:3a:69:b5:62:6e:ce:aa:25:8f:d0:1b:c8:a0:
         45:c5:17:1c:9e:7a:74:84:92:e5:a8:7f:2f:cc:80:5d:a9:89:
         c3:9d:44:43:32:58:5c:56:f1:e6:81:3f:93:a3:02:6e:1f:40:
         c3:b3:a5:76
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAY0wXW0VbnNrb/EwwiBtIVq5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMGQzOWVkZGIwMDhkMWI4OWRmOTc0MTk2MGRiZjIwNDRm
NjU3ZmIwHhcNMjQwMTIyMDg1MDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzUwZDc5NzlhZmM5ODg3Y2U1MzQ4MjdlM2NkNjdmZGNhYTA1YzlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Udp7FKt5ij9wiDVl+J0NCeXFLtV
XltaYPVxaZN9MEDdolv98hnOu1cGMEn/f9R5E+TksA6AeNVnMc3CaiihTPTLPjVG
lEBoKisbdRggufVfxoDeH0bHZ7lLdI1gmpgwX4R9Z6vjiX7Rb5LJmiwNKXjat1bP
EIlIdof817TFky9yU/2kK7xwd5lhxk6h9ssJZXaTRHSqVgX7vC/FCn2zAzwS9kf9
mM8MPvLE1O2rmqQ7oLT6cZpUwRKm98/P0oAeBXzUaTyCMo8GXTbiaGl5PeNkDBk8
jzlCvpFgdYltzTvBT39AHpOkUPedEBJxHtCj6OEOhTMulzlJXqoPjkoVfwIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFHdQ15ea/JiHzlNIJ+PNZ/3KoFyaMB8GA1UdIwQY
MBaAFPENOe3bAI0bid+XQZYNvyBE9lf7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFEwNTdkc0FqUnVKMzVkQmxnMl9JRVQyVl9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9mNzBlMWEtNzMyZS00ZTZiLWIzYjUt
ZjU2MmI4OTc0ZDhiLzEvZDFEWGw1cjhtSWZPVTBnbjQ4MW5fY3FnWEpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9mNzBlMWEtNzMyZS00ZTZiLWIzYjUtZjU2MmI4OTc0ZDhi
LzEvOFEwNTdkc0FqUnVKMzVkQmxnMl9JRVQyVl9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDA8BAIAATA2AwQAW+7bAwQD
bUSgAwQCuSOkAwQCuTpgAwQCuW/MAwQAwpF/AwQAwpGYAwQAwpIXAwQBw73KMBQE
AgACMA4DBQAqAioIAwUDKgRkgDANBgkqhkiG9w0BAQsFAAOCAQEAHX4Be/oEd1As
W83RazVuMEY1cYXo42YqegAoTC4ZZj24lOaAvott6ZBShlI+5HNx5t+C4SgH/cAT
n5+tTXwfg2wz2iJzbqZFe8jrDemIpA0Oc6b9W9tRE8MtpTdJLkKx8Lh558BeGD71
zxWwJ7r4pdjPUeu7oNSrDkid0bpFEqaxV9v3INoj/uF2AbcZYY2BSrGUx7rfAKzU
ZmCdPfOFUz/jdIhdwhTch1F1nnyA/KftDQ7WRrKno4RAryJsB2YPYV7atm0c3gcW
75A6abVibs6qJY/QG8igRcUXHJ56dISS5ah/L8yAXamJw51EQzJYXFbx5oE/k6MC
bh9Aw7Oldg==
-----END CERTIFICATE-----