Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/ffbf6a-72f0-401f-b2c3-8b8d72172090/1/ZAalnAR205NCyF-fvipyJvkyMHU.roa
File:                     ZAalnAR205NCyF-fvipyJvkyMHU.roa (raw, json)
Hash identifier:          bg6pCTHktheLhE90grcrZrQz6PwBwOh5f2BwHLktEog=
Subject key identifier:   64:06:A5:9C:04:76:D3:93:42:C8:5F:9F:BE:2A:72:26:F9:32:30:75
Certificate issuer:       /CN=56d0e3b28f2be33ec5a9d2ca00ac64155536cbc6
Certificate serial:       018CC492351300D32A4BDFDE66DF39255465
Authority key identifier: 56:D0:E3:B2:8F:2B:E3:3E:C5:A9:D2:CA:00:AC:64:15:55:36:CB:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VtDjso8r4z7FqdLKAKxkFVU2y8Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/ffbf6a-72f0-401f-b2c3-8b8d72172090/1/ZAalnAR205NCyF-fvipyJvkyMHU.roa
Signing time:             Mon 01 Jan 2024 10:29:25 +0000
ROA not before:           Mon 01 Jan 2024 10:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8376
IP address blocks:        86.108.0.0/17 maxlen: 24
                          46.185.128.0/17 maxlen: 24
                          79.173.192.0/18 maxlen: 24
                          185.98.220.0/22 maxlen: 24
                          92.253.0.0/17 maxlen: 24
                          217.23.32.0/20 maxlen: 24
                          149.200.128.0/17 maxlen: 24
                          37.202.64.0/18 maxlen: 24
                          194.165.128.0/19 maxlen: 24
                          213.186.160.0/19 maxlen: 24
                          94.249.0.0/17 maxlen: 24
                          2a01:9700::/29 maxlen: 48
                          2a01:9700::/32 maxlen: 48

Validation:               Failed, certificate revoked on Sun 04 Feb 2024 07:48:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:35:13:00:d3:2a:4b:df:de:66:df:39:25:54:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56d0e3b28f2be33ec5a9d2ca00ac64155536cbc6
        Validity
            Not Before: Jan  1 10:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6406a59c0476d39342c85f9fbe2a7226f9323075
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:a7:ba:ba:d3:10:6b:ba:4b:8a:b1:b7:cd:5f:
                    66:1c:9a:60:3f:5d:bd:2b:41:79:a3:e4:37:b4:a5:
                    e8:37:69:c6:a2:6c:fa:bd:94:e0:bf:3c:49:02:1c:
                    ed:88:43:e3:27:84:6f:47:7d:a5:be:d7:48:52:4d:
                    3b:e2:52:87:da:16:98:a9:44:00:ae:b2:24:af:ac:
                    ae:2d:5c:f1:d1:97:75:79:42:19:95:fd:9d:ef:99:
                    c3:d2:dc:4a:78:b6:cf:26:a0:77:0e:b7:c8:98:3a:
                    37:df:d5:dc:41:d1:13:98:8c:04:7b:c7:ae:f5:d4:
                    f6:0b:a1:e2:76:bc:7a:e8:a3:63:05:f1:15:8b:68:
                    81:fe:97:b8:01:95:39:34:26:90:b6:21:df:75:74:
                    bd:07:40:ee:13:d7:01:68:65:42:5b:e4:a1:2d:f7:
                    69:30:e8:66:4a:06:74:2f:10:d8:5c:9b:a3:5b:15:
                    28:15:e1:8e:92:a4:27:5e:d2:db:75:93:f7:cb:cb:
                    aa:ee:0a:8c:f1:06:d0:5f:8d:72:90:45:b8:37:da:
                    a6:b6:4d:9e:99:34:59:bd:e3:01:82:74:6a:b6:52:
                    0d:1f:62:46:f4:3d:47:56:66:9f:c2:fd:4e:a9:41:
                    f5:c3:f7:6c:d6:bf:c7:aa:86:c9:4a:b9:f2:81:73:
                    4a:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:06:A5:9C:04:76:D3:93:42:C8:5F:9F:BE:2A:72:26:F9:32:30:75
            X509v3 Authority Key Identifier:
                keyid:56:D0:E3:B2:8F:2B:E3:3E:C5:A9:D2:CA:00:AC:64:15:55:36:CB:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VtDjso8r4z7FqdLKAKxkFVU2y8Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/ffbf6a-72f0-401f-b2c3-8b8d72172090/1/ZAalnAR205NCyF-fvipyJvkyMHU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/ffbf6a-72f0-401f-b2c3-8b8d72172090/1/VtDjso8r4z7FqdLKAKxkFVU2y8Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.202.64.0/18
                  46.185.128.0/17
                  79.173.192.0/18
                  86.108.0.0/17
                  92.253.0.0/17
                  94.249.0.0/17
                  149.200.128.0/17
                  185.98.220.0/22
                  194.165.128.0/19
                  213.186.160.0/19
                  217.23.32.0/20
                IPv6:
                  2a01:9700::/29

    Signature Algorithm: sha256WithRSAEncryption
         18:97:b4:30:cc:66:4f:b9:35:71:0d:03:f6:da:39:f5:82:2d:
         31:24:e7:2e:36:4a:02:28:f8:db:1c:5a:a0:a8:0b:63:07:8d:
         c6:7b:ce:bf:25:98:11:fc:5d:39:48:5c:12:c3:f1:82:66:cb:
         cd:a0:63:e6:f4:71:42:15:94:aa:a3:54:d3:5b:df:a9:cc:d9:
         09:15:92:6d:1b:5a:bf:a3:6b:40:b6:7a:3f:a3:6a:09:db:7e:
         c3:31:89:63:ba:d3:55:a2:10:61:79:09:d3:89:8b:62:b7:26:
         25:29:c8:fd:7b:a9:9d:04:90:11:62:6d:9d:f8:bf:3a:d6:71:
         4e:5c:9b:d1:9f:a7:95:d4:a9:61:bf:fc:53:09:91:6d:38:9b:
         cc:50:86:d9:cf:4c:ed:31:76:57:8f:fd:d0:9a:8e:8c:15:eb:
         ce:12:40:b2:de:23:0f:d6:82:5a:d5:4d:c1:71:70:db:6a:a3:
         e9:33:18:58:44:e5:d6:5f:7e:8e:7e:95:46:3f:d6:14:f0:79:
         64:7a:53:96:c3:72:ba:5f:94:ce:01:f5:b0:01:64:b9:ea:6c:
         ad:f0:b8:4b:5c:86:19:2f:46:f1:79:9d:17:38:7f:fa:11:e8:
         ed:8f:27:70:0c:0a:1e:bf:af:e5:54:42:69:3d:e7:7f:cb:3c:
         9b:23:a6:a6
-----BEGIN CERTIFICATE-----
MIIFSDCCBDCgAwIBAgISAYzEkjUTANMqS9/eZt85JVRlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2ZDBlM2IyOGYyYmUzM2VjNWE5ZDJjYTAwYWM2NDE1NTUz
NmNiYzYwHhcNMjQwMTAxMTAyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDA2YTU5YzA0NzZkMzkzNDJjODVmOWZiZTJhNzIyNmY5MzIzMDc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoae6utMQa7pLirG3zV9mHJpgP129
K0F5o+Q3tKXoN2nGomz6vZTgvzxJAhztiEPjJ4RvR32lvtdIUk074lKH2haYqUQA
rrIkr6yuLVzx0Zd1eUIZlf2d75nD0txKeLbPJqB3DrfImDo339XcQdETmIwEe8eu
9dT2C6Hidrx66KNjBfEVi2iB/pe4AZU5NCaQtiHfdXS9B0DuE9cBaGVCW+ShLfdp
MOhmSgZ0LxDYXJujWxUoFeGOkqQnXtLbdZP3y8uq7gqM8QbQX41ykEW4N9qmtk2e
mTRZveMBgnRqtlINH2JG9D1HVmafwv1OqUH1w/ds1r/HqobJSrnygXNKTQIDAQAB
o4ICVDCCAlAwHQYDVR0OBBYEFGQGpZwEdtOTQshfn74qcib5MjB1MB8GA1UdIwQY
MBaAFFbQ47KPK+M+xanSygCsZBVVNsvGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnREanNvOHI0ejdGcWRMS0FLeGtGVlUyeThZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9mZmJmNmEtNzJmMC00MDFmLWIyYzMt
OGI4ZDcyMTcyMDkwLzEvWkFhbG5BUjIwNU5DeUYtZnZpcHlKdmt5TUhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9mZmJmNmEtNzJmMC00MDFmLWIyYzMtOGI4ZDcyMTcyMDkw
LzEvVnREanNvOHI0ejdGcWRMS0FLeGtGVlUyeThZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGoGCCsGAQUFBwEHAQH/BFswWTBIBAIAATBCAwQGJcpAAwQH
LrmAAwQGT63AAwQHVmwAAwQHXP0AAwQHXvkAAwQHlciAAwQCuWLcAwQFwqWAAwQF
1bqgAwQE2RcgMA0EAgACMAcDBQMqAZcAMA0GCSqGSIb3DQEBCwUAA4IBAQAYl7Qw
zGZPuTVxDQP22jn1gi0xJOcuNkoCKPjbHFqgqAtjB43Ge86/JZgR/F05SFwSw/GC
ZsvNoGPm9HFCFZSqo1TTW9+pzNkJFZJtG1q/o2tAtno/o2oJ237DMYljutNVohBh
eQnTiYtityYlKcj9e6mdBJARYm2d+L861nFOXJvRn6eV1Klhv/xTCZFtOJvMUIbZ
z0ztMXZXj/3Qmo6MFevOEkCy3iMP1oJa1U3BcXDbaqPpMxhYROXWX36OfpVGP9YU
8HlkelOWw3K6X5TOAfWwAWS56myt8LhLXIYZL0bxeZ0XOH/6EejtjydwDAoev6/l
VEJpPed/yzybI6am
-----END CERTIFICATE-----