Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/ffbf6a-72f0-401f-b2c3-8b8d72172090/1/mdWynD1gg15vBsGvm77WcBdgC9o.roa
File:                     mdWynD1gg15vBsGvm77WcBdgC9o.roa (raw, json)
Hash identifier:          B5cLN6eNwgRhNzkbfDPNUg7NFw+JknBYCV2T8xUsYdY=
Subject key identifier:   99:D5:B2:9C:3D:60:83:5E:6F:06:C1:AF:9B:BE:D6:70:17:60:0B:DA
Certificate issuer:       /CN=56d0e3b28f2be33ec5a9d2ca00ac64155536cbc6
Certificate serial:       018CC49235CED9BEF2F10AEAE24052AE7E80
Authority key identifier: 56:D0:E3:B2:8F:2B:E3:3E:C5:A9:D2:CA:00:AC:64:15:55:36:CB:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VtDjso8r4z7FqdLKAKxkFVU2y8Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/ffbf6a-72f0-401f-b2c3-8b8d72172090/1/mdWynD1gg15vBsGvm77WcBdgC9o.roa
Signing time:             Mon 01 Jan 2024 10:29:25 +0000
ROA not before:           Mon 01 Jan 2024 10:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8697
IP address blocks:        86.108.0.0/17 maxlen: 24
                          46.185.128.0/17 maxlen: 24
                          79.173.192.0/18 maxlen: 24
                          185.98.220.0/22 maxlen: 24
                          92.253.0.0/17 maxlen: 24
                          217.23.32.0/20 maxlen: 24
                          149.200.128.0/17 maxlen: 24
                          37.202.64.0/18 maxlen: 24
                          194.165.128.0/19 maxlen: 24
                          213.186.160.0/19 maxlen: 24
                          94.249.0.0/17 maxlen: 24
                          2a01:9700::/29 maxlen: 48
                          2a01:9700::/32 maxlen: 48

Validation:               Failed, certificate revoked on Sun 04 Feb 2024 07:47:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:35:ce:d9:be:f2:f1:0a:ea:e2:40:52:ae:7e:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56d0e3b28f2be33ec5a9d2ca00ac64155536cbc6
        Validity
            Not Before: Jan  1 10:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=99d5b29c3d60835e6f06c1af9bbed67017600bda
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:be:1e:5b:34:27:73:ed:19:0c:86:bc:8e:44:
                    25:bf:22:db:f1:de:fc:2b:04:bb:88:65:92:a1:04:
                    4c:62:a3:47:07:3b:0c:4f:5f:31:2b:04:ae:a3:ba:
                    84:90:3b:26:7f:5d:52:74:a5:fc:5b:a7:1d:07:a8:
                    41:28:53:42:e1:2d:1e:5b:95:ca:79:70:25:a8:c7:
                    06:09:80:81:53:94:67:f5:8a:65:db:cd:e7:e6:75:
                    52:9c:f6:4a:e3:4b:7e:56:2b:1c:58:28:00:b3:9a:
                    ba:05:e3:e7:67:bb:f4:93:df:52:60:f8:94:2d:48:
                    43:c4:d5:6f:10:f3:0a:2b:ff:09:d1:f4:59:40:28:
                    d2:b2:cb:b3:c8:e9:e8:0e:5e:b9:16:2c:fb:fb:df:
                    22:e3:b8:6f:c4:b4:e7:5a:4e:5a:dd:75:8b:d0:7e:
                    6a:63:91:d1:04:4c:ad:da:25:1c:2e:38:04:ac:51:
                    ac:2a:8e:6a:6a:bf:6b:79:91:7e:17:19:db:8b:d5:
                    cd:0d:05:c0:2b:87:63:76:17:11:47:4f:22:6a:75:
                    8f:1d:ed:ba:06:35:90:dc:a2:df:fe:49:bb:37:8f:
                    ce:4a:96:91:0c:5c:3d:6c:29:36:a8:06:1e:a3:f8:
                    84:d7:5f:a2:f6:56:1a:9f:b5:66:b4:7c:1d:b2:7e:
                    37:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:D5:B2:9C:3D:60:83:5E:6F:06:C1:AF:9B:BE:D6:70:17:60:0B:DA
            X509v3 Authority Key Identifier:
                keyid:56:D0:E3:B2:8F:2B:E3:3E:C5:A9:D2:CA:00:AC:64:15:55:36:CB:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VtDjso8r4z7FqdLKAKxkFVU2y8Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/ffbf6a-72f0-401f-b2c3-8b8d72172090/1/mdWynD1gg15vBsGvm77WcBdgC9o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/ffbf6a-72f0-401f-b2c3-8b8d72172090/1/VtDjso8r4z7FqdLKAKxkFVU2y8Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.202.64.0/18
                  46.185.128.0/17
                  79.173.192.0/18
                  86.108.0.0/17
                  92.253.0.0/17
                  94.249.0.0/17
                  149.200.128.0/17
                  185.98.220.0/22
                  194.165.128.0/19
                  213.186.160.0/19
                  217.23.32.0/20
                IPv6:
                  2a01:9700::/29

    Signature Algorithm: sha256WithRSAEncryption
         5b:d2:02:4b:64:5e:af:66:03:4e:0d:02:ef:40:40:e9:c7:f7:
         4f:f5:cc:c3:d6:5c:a5:1e:cc:1a:90:42:52:80:fd:b6:14:9b:
         f5:7e:2f:67:4c:2f:7f:a6:dd:30:d0:32:45:bf:46:c1:80:67:
         2f:a3:a9:b4:c5:31:16:6a:f9:66:9e:d0:df:98:cc:a3:bd:92:
         6b:07:6f:63:a7:b9:1d:7a:9d:7e:12:b2:df:bf:41:8a:93:3e:
         15:9d:ac:78:21:4c:40:54:1e:45:37:d0:ac:cf:6e:45:7f:8a:
         b6:b3:a5:de:23:f0:1d:b2:b2:44:7a:42:fd:e3:ad:0d:e0:b9:
         c6:48:da:4a:09:f5:37:3f:1a:2c:73:14:01:da:4b:56:58:55:
         1e:ac:81:db:48:8d:c8:a3:44:cd:5a:5a:86:d8:fb:df:6b:d4:
         18:4f:06:a0:31:15:37:1a:be:a8:e8:3a:ce:0a:84:47:25:34:
         fd:b5:21:81:fc:64:7b:2d:7e:59:68:ff:6b:e2:02:57:35:2f:
         38:dc:6c:1b:33:fb:25:ad:62:d8:3e:4a:0f:eb:ec:f6:f8:1d:
         8a:22:b9:9a:0f:4d:20:4d:d0:1f:05:e1:e1:38:3e:51:7b:a7:
         4a:8d:4b:3e:51:9e:5b:de:eb:29:61:5b:93:48:fe:6c:69:c5:
         f0:24:89:7f
-----BEGIN CERTIFICATE-----
MIIFSDCCBDCgAwIBAgISAYzEkjXO2b7y8Qrq4kBSrn6AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2ZDBlM2IyOGYyYmUzM2VjNWE5ZDJjYTAwYWM2NDE1NTUz
NmNiYzYwHhcNMjQwMTAxMTAyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWQ1YjI5YzNkNjA4MzVlNmYwNmMxYWY5YmJlZDY3MDE3NjAwYmRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiL4eWzQnc+0ZDIa8jkQlvyLb8d78
KwS7iGWSoQRMYqNHBzsMT18xKwSuo7qEkDsmf11SdKX8W6cdB6hBKFNC4S0eW5XK
eXAlqMcGCYCBU5Rn9Ypl283n5nVSnPZK40t+ViscWCgAs5q6BePnZ7v0k99SYPiU
LUhDxNVvEPMKK/8J0fRZQCjSssuzyOnoDl65Fiz7+98i47hvxLTnWk5a3XWL0H5q
Y5HRBEyt2iUcLjgErFGsKo5qar9reZF+Fxnbi9XNDQXAK4djdhcRR08ianWPHe26
BjWQ3KLf/km7N4/OSpaRDFw9bCk2qAYeo/iE11+i9lYan7VmtHwdsn436QIDAQAB
o4ICVDCCAlAwHQYDVR0OBBYEFJnVspw9YINebwbBr5u+1nAXYAvaMB8GA1UdIwQY
MBaAFFbQ47KPK+M+xanSygCsZBVVNsvGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnREanNvOHI0ejdGcWRMS0FLeGtGVlUyeThZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9mZmJmNmEtNzJmMC00MDFmLWIyYzMt
OGI4ZDcyMTcyMDkwLzEvbWRXeW5EMWdnMTV2QnNHdm03N1djQmRnQzlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9mZmJmNmEtNzJmMC00MDFmLWIyYzMtOGI4ZDcyMTcyMDkw
LzEvVnREanNvOHI0ejdGcWRMS0FLeGtGVlUyeThZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGoGCCsGAQUFBwEHAQH/BFswWTBIBAIAATBCAwQGJcpAAwQH
LrmAAwQGT63AAwQHVmwAAwQHXP0AAwQHXvkAAwQHlciAAwQCuWLcAwQFwqWAAwQF
1bqgAwQE2RcgMA0EAgACMAcDBQMqAZcAMA0GCSqGSIb3DQEBCwUAA4IBAQBb0gJL
ZF6vZgNODQLvQEDpx/dP9czD1lylHswakEJSgP22FJv1fi9nTC9/pt0w0DJFv0bB
gGcvo6m0xTEWavlmntDfmMyjvZJrB29jp7kdep1+ErLfv0GKkz4Vnax4IUxAVB5F
N9Csz25Ff4q2s6XeI/AdsrJEekL9460N4LnGSNpKCfU3PxoscxQB2ktWWFUerIHb
SI3Io0TNWlqG2Pvfa9QYTwagMRU3Gr6o6DrOCoRHJTT9tSGB/GR7LX5ZaP9r4gJX
NS843GwbM/slrWLYPkoP6+z2+B2KIrmaD00gTdAfBeHhOD5Re6dKjUs+UZ5b3usp
YVuTSP5sacXwJIl/
-----END CERTIFICATE-----