Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/44c0ef-5da6-4ff2-b5ef-79f048bd2a7a/1/JfyFWJsAlusyphW0hLGQqi2VZ-8.roa
File:                     JfyFWJsAlusyphW0hLGQqi2VZ-8.roa (raw, json)
Hash identifier:          LU8vOR3QAqnfPx9/oDFx4cyc8PeNhhwY5JYT6O6a/4U=
Subject key identifier:   25:FC:85:58:9B:00:96:EB:32:A6:15:B4:84:B1:90:AA:2D:95:67:EF
Certificate issuer:       /CN=1daf46a40c246d6540d992c321b1cc3623d65995
Certificate serial:       018E13B6A72830272A82725CF0DC96499AD1
Authority key identifier: 1D:AF:46:A4:0C:24:6D:65:40:D9:92:C3:21:B1:CC:36:23:D6:59:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ha9GpAwkbWVA2ZLDIbHMNiPWWZU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/44c0ef-5da6-4ff2-b5ef-79f048bd2a7a/1/JfyFWJsAlusyphW0hLGQqi2VZ-8.roa
Signing time:             Wed 06 Mar 2024 12:22:01 +0000
ROA not before:           Wed 06 Mar 2024 12:22:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62370
IP address blocks:        5.104.224.0/21 maxlen: 21
                          37.148.160.0/21 maxlen: 21
                          77.95.224.0/21 maxlen: 21
                          78.41.200.0/21 maxlen: 21
                          89.207.128.0/21 maxlen: 21
                          128.204.192.0/20 maxlen: 20
                          185.62.56.0/22 maxlen: 22
                          193.33.60.0/23 maxlen: 23
                          193.34.166.0/23 maxlen: 23
                          195.20.204.0/23 maxlen: 23
                          195.20.204.0/24 maxlen: 24
                          195.20.205.0/24 maxlen: 24
                          2a00:7b80::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 09 Apr 2024 07:26:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:13:b6:a7:28:30:27:2a:82:72:5c:f0:dc:96:49:9a:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1daf46a40c246d6540d992c321b1cc3623d65995
        Validity
            Not Before: Mar  6 12:22:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=25fc85589b0096eb32a615b484b190aa2d9567ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:88:1b:3e:50:85:4e:bd:ab:b2:82:69:dd:34:
                    db:7b:40:ff:b0:10:8b:57:1d:79:3a:bf:1c:d1:43:
                    1a:f7:99:11:76:24:88:67:cb:00:40:ce:f4:c1:c2:
                    b1:1a:b5:08:a1:b9:28:c6:bb:0e:21:12:b4:25:d3:
                    4c:9a:6e:18:37:20:8d:c9:af:bf:e3:0d:16:7a:f0:
                    b6:0c:68:12:b2:e3:84:09:fb:16:d0:c0:47:79:82:
                    ee:93:27:de:5f:be:30:72:16:44:e8:0c:fa:ee:89:
                    db:3c:35:a4:e0:13:ea:24:d5:00:ea:09:70:35:b4:
                    f3:23:9c:b5:76:06:34:d1:30:86:23:e6:ba:64:a1:
                    e9:d5:cb:01:b7:fd:8c:75:6a:f4:a2:0d:fe:2c:62:
                    0a:73:47:55:96:8e:bd:2e:4b:e8:c8:d2:64:ef:4d:
                    e3:93:78:fb:42:a2:89:9d:64:15:18:c6:82:64:1e:
                    d1:07:26:ec:de:38:d3:ad:be:e7:b2:5b:0e:8a:6e:
                    eb:1f:1f:ed:55:8c:97:f7:64:b7:24:68:cd:c4:19:
                    f4:a9:22:4e:1e:fe:c3:77:de:13:d9:44:34:7f:ef:
                    8f:8d:c8:fc:9e:f7:59:18:c7:48:4c:8e:34:3f:e6:
                    1a:ef:fe:dd:4d:e5:b7:66:5b:6c:33:3a:83:9b:57:
                    e0:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:FC:85:58:9B:00:96:EB:32:A6:15:B4:84:B1:90:AA:2D:95:67:EF
            X509v3 Authority Key Identifier:
                keyid:1D:AF:46:A4:0C:24:6D:65:40:D9:92:C3:21:B1:CC:36:23:D6:59:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ha9GpAwkbWVA2ZLDIbHMNiPWWZU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/44c0ef-5da6-4ff2-b5ef-79f048bd2a7a/1/JfyFWJsAlusyphW0hLGQqi2VZ-8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/44c0ef-5da6-4ff2-b5ef-79f048bd2a7a/1/Ha9GpAwkbWVA2ZLDIbHMNiPWWZU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.104.224.0/21
                  37.148.160.0/21
                  77.95.224.0/21
                  78.41.200.0/21
                  89.207.128.0/21
                  128.204.192.0/20
                  185.62.56.0/22
                  193.33.60.0/23
                  193.34.166.0/23
                  195.20.204.0/23
                IPv6:
                  2a00:7b80::/32

    Signature Algorithm: sha256WithRSAEncryption
         9c:52:34:2b:3b:6a:8b:f8:b2:c7:e5:5e:53:c3:30:60:d6:ac:
         41:db:61:7d:66:1e:6c:33:58:bc:a3:6d:84:56:3a:61:ad:57:
         a8:35:c5:25:d5:84:e1:f9:d1:ce:ab:05:3d:b9:ca:70:71:71:
         4d:05:49:90:48:e9:e7:84:37:b9:09:29:fd:90:33:38:ce:66:
         33:78:df:9e:8f:ae:3d:23:de:90:b9:71:8b:71:dd:e5:9d:64:
         38:bf:23:c3:01:84:96:a0:ec:ed:9d:2e:1b:e3:b2:ec:c0:ba:
         01:d5:2f:af:a0:e1:29:10:86:fd:36:83:e1:61:60:2f:2f:a4:
         cd:e5:8a:18:52:54:ac:f3:9e:36:df:62:b0:8d:cf:22:d4:ce:
         0e:00:3f:6f:cf:23:8d:3d:82:f6:ef:8b:a2:9a:a7:80:10:74:
         b1:d8:00:8d:fa:81:92:dd:3c:00:06:7c:39:56:e5:cf:d0:41:
         1d:84:a3:5e:29:2e:0e:c3:80:47:37:40:94:5f:a1:19:1c:9f:
         1b:fc:ce:9d:6a:10:97:cb:e5:c3:6d:6c:d7:a6:e7:02:36:e0:
         4c:38:2e:b4:ef:f6:89:c3:4e:4e:b3:98:f0:92:62:86:83:f6:
         eb:51:dd:11:85:23:40:c2:0f:3b:61:20:0a:25:be:1d:03:e3:
         c1:76:2b:04
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgISAY4TtqcoMCcqgnJc8NyWSZrRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkYWY0NmE0MGMyNDZkNjU0MGQ5OTJjMzIxYjFjYzM2MjNk
NjU5OTUwHhcNMjQwMzA2MTIyMjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWZjODU1ODliMDA5NmViMzJhNjE1YjQ4NGIxOTBhYTJkOTU2N2VmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkogbPlCFTr2rsoJp3TTbe0D/sBCL
Vx15Or8c0UMa95kRdiSIZ8sAQM70wcKxGrUIobkoxrsOIRK0JdNMmm4YNyCNya+/
4w0WevC2DGgSsuOECfsW0MBHeYLukyfeX74wchZE6Az67onbPDWk4BPqJNUA6glw
NbTzI5y1dgY00TCGI+a6ZKHp1csBt/2MdWr0og3+LGIKc0dVlo69LkvoyNJk703j
k3j7QqKJnWQVGMaCZB7RBybs3jjTrb7nslsOim7rHx/tVYyX92S3JGjNxBn0qSJO
Hv7Dd94T2UQ0f++Pjcj8nvdZGMdITI40P+Ya7/7dTeW3ZltsMzqDm1fgpQIDAQAB
o4ICTjCCAkowHQYDVR0OBBYEFCX8hVibAJbrMqYVtISxkKotlWfvMB8GA1UdIwQY
MBaAFB2vRqQMJG1lQNmSwyGxzDYj1lmVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGE5R3BBd2tiV1ZBMlpMREliSE1OaVBXV1pVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS80NGMwZWYtNWRhNi00ZmYyLWI1ZWYt
NzlmMDQ4YmQyYTdhLzEvSmZ5RldKc0FsdXN5cGhXMGhMR1FxaTJWWi04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS80NGMwZWYtNWRhNi00ZmYyLWI1ZWYtNzlmMDQ4YmQyYTdh
LzEvSGE5R3BBd2tiV1ZBMlpMREliSE1OaVBXV1pVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGQGCCsGAQUFBwEHAQH/BFUwUzBCBAIAATA8AwQDBWjgAwQD
JZSgAwQDTV/gAwQDTinIAwQDWc+AAwQEgMzAAwQCuT44AwQBwSE8AwQBwSKmAwQB
wxTMMA0EAgACMAcDBQAqAHuAMA0GCSqGSIb3DQEBCwUAA4IBAQCcUjQrO2qL+LLH
5V5TwzBg1qxB22F9Zh5sM1i8o22EVjphrVeoNcUl1YTh+dHOqwU9ucpwcXFNBUmQ
SOnnhDe5CSn9kDM4zmYzeN+ej649I96QuXGLcd3lnWQ4vyPDAYSWoOztnS4b47Ls
wLoB1S+voOEpEIb9NoPhYWAvL6TN5YoYUlSs854232Kwjc8i1M4OAD9vzyONPYL2
74uimqeAEHSx2ACN+oGS3TwABnw5VuXP0EEdhKNeKS4Ow4BHN0CUX6EZHJ8b/M6d
ahCXy+XDbWzXpucCNuBMOC607/aJw05Os5jwkmKGg/brUd0RhSNAwg87YSAKJb4d
A+PBdisE
-----END CERTIFICATE-----