Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/ffbf6a-72f0-401f-b2c3-8b8d72172090/1/tPO6qzj5PRGSnYxmv6kQW0UdHAI.roa
File:                     tPO6qzj5PRGSnYxmv6kQW0UdHAI.roa (raw, json)
Hash identifier:          DBU1PiaaxVNdP0KZ6faC8vWYZq/3YaRDGpi3jXfOEmI=
Subject key identifier:   B4:F3:BA:AB:38:F9:3D:11:92:9D:8C:66:BF:A9:10:5B:45:1D:1C:02
Certificate issuer:       /CN=56d0e3b28f2be33ec5a9d2ca00ac64155536cbc6
Certificate serial:       018A8358D79EC79834BBA2409FC5EE80FD06
Authority key identifier: 56:D0:E3:B2:8F:2B:E3:3E:C5:A9:D2:CA:00:AC:64:15:55:36:CB:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VtDjso8r4z7FqdLKAKxkFVU2y8Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/ffbf6a-72f0-401f-b2c3-8b8d72172090/1/tPO6qzj5PRGSnYxmv6kQW0UdHAI.roa
Signing time:             Mon 11 Sep 2023 08:25:52 +0000
ROA not before:           Mon 11 Sep 2023 08:25:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     8376
IP address blocks:        86.108.0.0/17 maxlen: 24
                          46.185.128.0/17 maxlen: 24
                          79.173.192.0/18 maxlen: 24
                          185.98.220.0/22 maxlen: 24
                          92.253.0.0/17 maxlen: 24
                          217.23.32.0/20 maxlen: 24
                          149.200.128.0/17 maxlen: 24
                          37.202.64.0/18 maxlen: 24
                          194.165.128.0/19 maxlen: 24
                          213.186.160.0/19 maxlen: 24
                          94.249.0.0/17 maxlen: 24
                          2a01:9700::/29 maxlen: 48
                          2a01:9700::/32 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 10:29:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:83:58:d7:9e:c7:98:34:bb:a2:40:9f:c5:ee:80:fd:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56d0e3b28f2be33ec5a9d2ca00ac64155536cbc6
        Validity
            Not Before: Sep 11 08:25:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b4f3baab38f93d11929d8c66bfa9105b451d1c02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:2a:88:c7:7b:d0:e7:8e:88:49:1f:fc:8b:b5:
                    de:a2:db:be:bd:ad:a1:7d:c1:f9:51:64:6a:83:61:
                    0c:d7:38:2b:db:6e:f0:a7:05:9f:1a:31:5e:b6:b5:
                    4f:b5:90:49:7b:23:56:ab:b4:5f:b6:66:12:5d:21:
                    0f:45:5a:fa:e9:62:2f:b2:cc:90:6f:49:ad:ea:91:
                    21:e7:2b:2c:9d:66:54:0f:5f:98:29:d9:75:47:0c:
                    22:79:cf:d2:63:35:c4:ec:f0:5b:65:b2:c6:6b:72:
                    d3:e9:71:f6:23:a0:16:b4:f5:f3:97:42:53:ba:35:
                    86:c7:76:a4:0f:8e:25:7a:80:d2:5a:a7:3b:b0:e6:
                    5d:c7:48:cc:e6:0d:1c:c2:97:2b:4d:94:cd:d8:20:
                    dd:64:e1:a9:11:76:8c:2a:40:54:ed:f1:df:0d:f6:
                    8b:23:96:02:22:5d:62:dc:fb:01:2a:03:44:63:76:
                    8d:c8:4c:5c:33:13:b5:26:b8:07:91:96:fe:fe:ac:
                    05:b0:86:28:20:6a:ad:32:0c:6a:7f:e4:dd:95:26:
                    0b:ae:1b:6c:14:c3:f8:ff:06:95:9b:41:39:43:99:
                    66:d8:9a:96:75:92:e9:3a:09:0f:cd:63:00:02:10:
                    c1:ae:99:98:79:34:42:c1:93:45:45:a4:4b:b4:86:
                    76:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:F3:BA:AB:38:F9:3D:11:92:9D:8C:66:BF:A9:10:5B:45:1D:1C:02
            X509v3 Authority Key Identifier:
                keyid:56:D0:E3:B2:8F:2B:E3:3E:C5:A9:D2:CA:00:AC:64:15:55:36:CB:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VtDjso8r4z7FqdLKAKxkFVU2y8Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/ffbf6a-72f0-401f-b2c3-8b8d72172090/1/tPO6qzj5PRGSnYxmv6kQW0UdHAI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/ffbf6a-72f0-401f-b2c3-8b8d72172090/1/VtDjso8r4z7FqdLKAKxkFVU2y8Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.202.64.0/18
                  46.185.128.0/17
                  79.173.192.0/18
                  86.108.0.0/17
                  92.253.0.0/17
                  94.249.0.0/17
                  149.200.128.0/17
                  185.98.220.0/22
                  194.165.128.0/19
                  213.186.160.0/19
                  217.23.32.0/20
                IPv6:
                  2a01:9700::/29

    Signature Algorithm: sha256WithRSAEncryption
         35:23:93:42:da:05:e6:af:68:a2:89:71:85:87:9a:ef:6f:07:
         dc:7c:11:35:77:d7:91:6f:0c:c8:ec:47:2b:55:fd:a1:8a:b9:
         e9:4e:61:8a:35:c4:63:48:26:02:d9:2d:28:5e:5e:6d:25:50:
         e2:f1:36:b2:c3:af:8d:7f:5a:7f:e8:c9:25:5b:5a:48:12:8e:
         e9:ff:ee:cb:a6:47:da:ad:f6:92:ef:73:a2:b5:f1:cf:41:50:
         9d:15:c0:d3:b7:98:f0:9a:96:72:cc:e5:37:11:5b:54:7e:d6:
         8e:f5:83:57:49:c5:8d:6f:ba:b7:7f:ec:84:c0:46:4b:b6:99:
         dd:bf:05:75:ee:67:28:d8:54:d6:cb:03:6d:25:fd:28:c1:6a:
         57:97:17:7e:54:c8:14:0b:59:ef:4f:bd:3f:14:52:9f:eb:16:
         d5:e6:aa:76:7b:1e:35:69:56:ae:3c:4f:9a:b9:2d:b0:c9:03:
         bd:ed:76:c0:7b:19:fd:25:6e:86:a8:32:4c:04:9e:cb:6d:b6:
         55:4e:83:cb:08:62:de:9b:87:fd:56:f3:fd:36:0d:4f:6d:8a:
         b3:7f:da:41:cf:ac:76:d8:1e:7f:fc:a1:0b:df:a0:79:22:34:
         75:60:a8:60:1f:f6:73:b9:f0:af:c2:73:86:93:5e:6e:86:2a:
         86:93:57:01
-----BEGIN CERTIFICATE-----
MIIFSDCCBDCgAwIBAgISAYqDWNeex5g0u6JAn8XugP0GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2ZDBlM2IyOGYyYmUzM2VjNWE5ZDJjYTAwYWM2NDE1NTUz
NmNiYzYwHhcNMjMwOTExMDgyNTUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGYzYmFhYjM4ZjkzZDExOTI5ZDhjNjZiZmE5MTA1YjQ1MWQxYzAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArSqIx3vQ546ISR/8i7Xeotu+va2h
fcH5UWRqg2EM1zgr227wpwWfGjFetrVPtZBJeyNWq7RftmYSXSEPRVr66WIvssyQ
b0mt6pEh5yssnWZUD1+YKdl1Rwwiec/SYzXE7PBbZbLGa3LT6XH2I6AWtPXzl0JT
ujWGx3akD44leoDSWqc7sOZdx0jM5g0cwpcrTZTN2CDdZOGpEXaMKkBU7fHfDfaL
I5YCIl1i3PsBKgNEY3aNyExcMxO1JrgHkZb+/qwFsIYoIGqtMgxqf+TdlSYLrhts
FMP4/waVm0E5Q5lm2JqWdZLpOgkPzWMAAhDBrpmYeTRCwZNFRaRLtIZ2YQIDAQAB
o4ICVDCCAlAwHQYDVR0OBBYEFLTzuqs4+T0Rkp2MZr+pEFtFHRwCMB8GA1UdIwQY
MBaAFFbQ47KPK+M+xanSygCsZBVVNsvGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnREanNvOHI0ejdGcWRMS0FLeGtGVlUyeThZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9mZmJmNmEtNzJmMC00MDFmLWIyYzMt
OGI4ZDcyMTcyMDkwLzEvdFBPNnF6ajVQUkdTbll4bXY2a1FXMFVkSEFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9mZmJmNmEtNzJmMC00MDFmLWIyYzMtOGI4ZDcyMTcyMDkw
LzEvVnREanNvOHI0ejdGcWRMS0FLeGtGVlUyeThZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGoGCCsGAQUFBwEHAQH/BFswWTBIBAIAATBCAwQGJcpAAwQH
LrmAAwQGT63AAwQHVmwAAwQHXP0AAwQHXvkAAwQHlciAAwQCuWLcAwQFwqWAAwQF
1bqgAwQE2RcgMA0EAgACMAcDBQMqAZcAMA0GCSqGSIb3DQEBCwUAA4IBAQA1I5NC
2gXmr2iiiXGFh5rvbwfcfBE1d9eRbwzI7EcrVf2hirnpTmGKNcRjSCYC2S0oXl5t
JVDi8Tayw6+Nf1p/6MklW1pIEo7p/+7LpkfarfaS73OitfHPQVCdFcDTt5jwmpZy
zOU3EVtUftaO9YNXScWNb7q3f+yEwEZLtpndvwV17mco2FTWywNtJf0owWpXlxd+
VMgUC1nvT70/FFKf6xbV5qp2ex41aVauPE+auS2wyQO97XbAexn9JW6GqDJMBJ7L
bbZVToPLCGLem4f9VvP9Ng1PbYqzf9pBz6x22B5//KEL36B5IjR1YKhgH/ZzufCv
wnOGk15uhiqGk1cB
-----END CERTIFICATE-----