Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/ffbf6a-72f0-401f-b2c3-8b8d72172090/1/40ngl0e-20byyic0pTrfirl2Zjc.roa
File:                     40ngl0e-20byyic0pTrfirl2Zjc.roa (raw, json)
Hash identifier:          Wy1Qope/RU0WgZyUfC9vsKvrImzLHhNli29sx20PitM=
Subject key identifier:   E3:49:E0:97:47:BE:DB:46:F2:CA:27:34:A5:3A:DF:8A:B9:76:66:37
Certificate issuer:       /CN=56d0e3b28f2be33ec5a9d2ca00ac64155536cbc6
Certificate serial:       018A5F9EE98B821FBDDCA7A3830D80716F59
Authority key identifier: 56:D0:E3:B2:8F:2B:E3:3E:C5:A9:D2:CA:00:AC:64:15:55:36:CB:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VtDjso8r4z7FqdLKAKxkFVU2y8Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/ffbf6a-72f0-401f-b2c3-8b8d72172090/1/40ngl0e-20byyic0pTrfirl2Zjc.roa
Signing time:             Mon 04 Sep 2023 09:56:04 +0000
ROA not before:           Mon 04 Sep 2023 09:56:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     8697
IP address blocks:        86.108.0.0/17 maxlen: 24
                          46.185.128.0/17 maxlen: 24
                          79.173.192.0/18 maxlen: 24
                          185.98.220.0/22 maxlen: 24
                          92.253.0.0/17 maxlen: 24
                          217.23.32.0/20 maxlen: 24
                          194.165.128.0/19 maxlen: 24
                          149.200.128.0/17 maxlen: 24
                          213.186.160.0/19 maxlen: 24
                          94.249.0.0/17 maxlen: 24
                          37.202.64.0/18 maxlen: 24
                          2a01:9700::/32 maxlen: 48

Validation:               Failed, certificate revoked on Mon 11 Sep 2023 12:39:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:5f:9e:e9:8b:82:1f:bd:dc:a7:a3:83:0d:80:71:6f:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56d0e3b28f2be33ec5a9d2ca00ac64155536cbc6
        Validity
            Not Before: Sep  4 09:56:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e349e09747bedb46f2ca2734a53adf8ab9766637
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:26:f1:2f:6f:84:dd:b3:76:4b:25:c2:5c:28:
                    20:11:48:dd:29:0b:8c:38:ba:5e:8f:e8:21:74:76:
                    3b:a6:b7:80:03:86:51:3f:6e:85:f2:f1:86:7b:28:
                    4c:c5:11:5d:57:e6:be:05:3f:7e:12:7a:59:df:3b:
                    5c:5d:fd:d3:62:87:fa:6f:c2:34:92:e2:20:c5:a7:
                    c3:70:28:13:7c:f6:14:00:c8:6c:42:d1:5f:a7:44:
                    ca:d8:18:9d:f8:90:aa:ef:4f:ef:18:20:3f:72:fb:
                    50:2d:b5:d0:59:9a:64:54:d3:72:05:e3:41:58:18:
                    b6:bc:d3:0a:27:c6:d8:17:fc:a2:c0:ca:c6:93:11:
                    e6:c7:8d:f9:12:1b:71:ad:e1:45:f7:a6:f2:28:45:
                    c4:91:da:e1:d7:f1:06:a9:38:33:31:13:8f:52:37:
                    1a:54:bf:d3:e0:ad:d0:f9:e3:99:7c:7d:f6:07:8c:
                    f5:3c:65:b4:fb:7a:f4:e3:a7:a7:1c:6a:47:c5:ff:
                    d9:ee:27:0c:1b:20:c2:dc:51:4e:70:32:d4:78:0e:
                    55:48:ed:76:bc:04:92:5d:06:43:ad:0a:1d:09:7e:
                    3c:d1:2d:32:ef:fc:69:10:dc:81:3d:da:9f:34:b6:
                    82:d6:63:dc:07:84:96:ee:0c:65:af:b3:09:96:d2:
                    6b:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:49:E0:97:47:BE:DB:46:F2:CA:27:34:A5:3A:DF:8A:B9:76:66:37
            X509v3 Authority Key Identifier:
                keyid:56:D0:E3:B2:8F:2B:E3:3E:C5:A9:D2:CA:00:AC:64:15:55:36:CB:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VtDjso8r4z7FqdLKAKxkFVU2y8Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/ffbf6a-72f0-401f-b2c3-8b8d72172090/1/40ngl0e-20byyic0pTrfirl2Zjc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/ffbf6a-72f0-401f-b2c3-8b8d72172090/1/VtDjso8r4z7FqdLKAKxkFVU2y8Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.202.64.0/18
                  46.185.128.0/17
                  79.173.192.0/18
                  86.108.0.0/17
                  92.253.0.0/17
                  94.249.0.0/17
                  149.200.128.0/17
                  185.98.220.0/22
                  194.165.128.0/19
                  213.186.160.0/19
                  217.23.32.0/20
                IPv6:
                  2a01:9700::/32

    Signature Algorithm: sha256WithRSAEncryption
         68:df:20:5f:39:39:0f:09:d9:47:4a:50:5a:2f:73:39:a6:31:
         e5:28:89:e5:15:e1:35:4a:d4:aa:85:1c:44:ff:69:a8:f8:92:
         e0:0f:35:75:f3:5c:f8:d9:bb:8e:ab:37:20:1e:b1:72:5e:a7:
         a6:13:36:d0:1e:26:82:d6:5a:a8:f6:c2:b7:09:43:76:b4:74:
         26:93:0a:3e:dc:a9:7a:15:05:30:bc:d1:86:a2:2f:a3:17:e4:
         9d:48:10:a2:9d:38:87:c3:2c:ca:c6:2c:5c:4c:d9:bd:1b:d1:
         c7:11:af:af:43:5e:aa:61:d0:f1:eb:91:aa:62:1c:a0:77:3c:
         bb:d9:a0:1b:05:c8:cc:07:d3:10:33:e7:ae:0b:2d:3b:f3:6e:
         07:50:be:1f:b0:5e:e3:be:e2:b6:71:bf:d7:93:15:f8:fb:33:
         41:7d:6a:f7:03:c5:cb:73:3c:03:8e:53:ce:6e:33:46:86:39:
         bc:b3:bb:45:9e:cd:52:d1:99:cf:d5:cf:b3:ea:62:15:a3:9e:
         68:7c:24:de:6a:5b:b6:5e:82:fb:15:cd:0e:6b:fb:06:70:db:
         80:3c:ca:c7:0d:23:cd:aa:d0:d4:79:01:87:ee:c5:d7:4f:ea:
         11:4a:06:b4:b1:f5:45:d2:8f:dd:28:85:71:50:85:96:e9:c9:
         42:43:07:43
-----BEGIN CERTIFICATE-----
MIIFSDCCBDCgAwIBAgISAYpfnumLgh+93Kejgw2AcW9ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2ZDBlM2IyOGYyYmUzM2VjNWE5ZDJjYTAwYWM2NDE1NTUz
NmNiYzYwHhcNMjMwOTA0MDk1NjA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzQ5ZTA5NzQ3YmVkYjQ2ZjJjYTI3MzRhNTNhZGY4YWI5NzY2NjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtibxL2+E3bN2SyXCXCggEUjdKQuM
OLpej+ghdHY7preAA4ZRP26F8vGGeyhMxRFdV+a+BT9+EnpZ3ztcXf3TYof6b8I0
kuIgxafDcCgTfPYUAMhsQtFfp0TK2Bid+JCq70/vGCA/cvtQLbXQWZpkVNNyBeNB
WBi2vNMKJ8bYF/yiwMrGkxHmx435EhtxreFF96byKEXEkdrh1/EGqTgzMROPUjca
VL/T4K3Q+eOZfH32B4z1PGW0+3r046enHGpHxf/Z7icMGyDC3FFOcDLUeA5VSO12
vASSXQZDrQodCX480S0y7/xpENyBPdqfNLaC1mPcB4SW7gxlr7MJltJrOwIDAQAB
o4ICVDCCAlAwHQYDVR0OBBYEFONJ4JdHvttG8sonNKU634q5dmY3MB8GA1UdIwQY
MBaAFFbQ47KPK+M+xanSygCsZBVVNsvGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnREanNvOHI0ejdGcWRMS0FLeGtGVlUyeThZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9mZmJmNmEtNzJmMC00MDFmLWIyYzMt
OGI4ZDcyMTcyMDkwLzEvNDBuZ2wwZS0yMGJ5eWljMHBUcmZpcmwyWmpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9mZmJmNmEtNzJmMC00MDFmLWIyYzMtOGI4ZDcyMTcyMDkw
LzEvVnREanNvOHI0ejdGcWRMS0FLeGtGVlUyeThZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGoGCCsGAQUFBwEHAQH/BFswWTBIBAIAATBCAwQGJcpAAwQH
LrmAAwQGT63AAwQHVmwAAwQHXP0AAwQHXvkAAwQHlciAAwQCuWLcAwQFwqWAAwQF
1bqgAwQE2RcgMA0EAgACMAcDBQAqAZcAMA0GCSqGSIb3DQEBCwUAA4IBAQBo3yBf
OTkPCdlHSlBaL3M5pjHlKInlFeE1StSqhRxE/2mo+JLgDzV181z42buOqzcgHrFy
XqemEzbQHiaC1lqo9sK3CUN2tHQmkwo+3Kl6FQUwvNGGoi+jF+SdSBCinTiHwyzK
xixcTNm9G9HHEa+vQ16qYdDx65GqYhygdzy72aAbBcjMB9MQM+euCy07824HUL4f
sF7jvuK2cb/XkxX4+zNBfWr3A8XLczwDjlPObjNGhjm8s7tFns1S0ZnP1c+z6mIV
o55ofCTealu2XoL7Fc0Oa/sGcNuAPMrHDSPNqtDUeQGH7sXXT+oRSga0sfVF0o/d
KIVxUIWW6clCQwdD
-----END CERTIFICATE-----