Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/b0fc0c-c537-40b4-9b5b-56b006ef0d3b/1/NoeGg8nqTESucl0MAVPWdqEJ9Xc.roa
File:                     NoeGg8nqTESucl0MAVPWdqEJ9Xc.roa (raw, json)
Hash identifier:          hoVPjkqryhCIYnslG3PyCQ5GLYrsvUwtIhq9t7pPv2Q=
Subject key identifier:   36:87:86:83:C9:EA:4C:44:AE:72:5D:0C:01:53:D6:76:A1:09:F5:77
Certificate issuer:       /CN=91d01c47f00e64f35cc752d03b34a71b71406b3f
Certificate serial:       01856BB8049670718E8F6FF6E1BB26D9492B
Authority key identifier: 91:D0:1C:47:F0:0E:64:F3:5C:C7:52:D0:3B:34:A7:1B:71:40:6B:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kdAcR_AOZPNcx1LQOzSnG3FAaz8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/b0fc0c-c537-40b4-9b5b-56b006ef0d3b/1/NoeGg8nqTESucl0MAVPWdqEJ9Xc.roa
Signing time:             Sun 01 Jan 2023 05:04:59 +0000
ROA not before:           Sun 01 Jan 2023 05:04:59 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     49675
IP address blocks:        185.161.180.0/24 maxlen: 24
                          185.161.180.0/22 maxlen: 22
                          185.161.181.0/24 maxlen: 24
                          185.161.183.0/24 maxlen: 24
                          185.161.182.0/24 maxlen: 24
                          46.17.201.0/24 maxlen: 24
                          46.17.200.0/21 maxlen: 21
                          46.17.202.0/24 maxlen: 24
                          46.17.206.0/24 maxlen: 24
                          46.17.200.0/24 maxlen: 24
                          46.17.204.0/24 maxlen: 24
                          46.17.205.0/24 maxlen: 24
                          46.17.203.0/24 maxlen: 24
                          46.17.207.0/24 maxlen: 24
                          2a02:26a8:f001::/48 maxlen: 48
                          2a02:26a8:ffff::/48 maxlen: 48
                          2a02:26a8:3::/48 maxlen: 48
                          2a02:26a8:fffe::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 14:35:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6b:b8:04:96:70:71:8e:8f:6f:f6:e1:bb:26:d9:49:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=91d01c47f00e64f35cc752d03b34a71b71406b3f
        Validity
            Not Before: Jan  1 05:04:59 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=36878683c9ea4c44ae725d0c0153d676a109f577
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:98:a7:75:68:94:db:60:03:84:12:73:cd:4d:
                    95:48:fd:f2:5e:e7:dd:51:91:7e:3f:3b:0a:9f:35:
                    57:47:88:88:83:23:9f:ff:1e:42:3f:20:12:20:46:
                    98:55:d2:e5:06:89:44:55:ea:a4:0b:22:49:5e:43:
                    10:64:46:29:ea:81:c9:a1:41:32:c3:ca:07:90:4e:
                    e1:c5:a3:a4:ae:c7:5c:b5:61:1d:b4:18:95:f2:c0:
                    65:6a:80:d8:b3:9e:e4:ed:98:61:3a:5f:fb:fe:3f:
                    75:68:af:62:e9:84:bc:b4:76:69:fe:de:59:bc:e5:
                    82:a8:4c:e3:fb:31:56:a3:f2:35:99:24:d8:db:f2:
                    6d:88:63:3d:da:69:e8:2e:80:ec:02:45:a5:91:b0:
                    fb:0f:fe:6b:33:8f:fc:b5:c8:3d:06:a1:f5:3a:07:
                    2e:57:4f:c0:b4:66:4a:7e:ee:5e:e3:b9:6a:f9:43:
                    56:3c:17:aa:45:4a:64:6c:8d:1a:e5:14:fe:ce:49:
                    d7:55:da:2c:0e:23:e0:60:d4:c6:c2:ff:38:39:40:
                    fb:c6:3f:c0:6f:25:c6:8b:51:d5:c0:b5:53:ce:78:
                    0f:90:c6:5b:26:2f:43:59:50:81:b1:a7:39:5e:e4:
                    8b:65:31:c9:08:72:c7:4c:92:87:bf:80:db:46:17:
                    6e:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:87:86:83:C9:EA:4C:44:AE:72:5D:0C:01:53:D6:76:A1:09:F5:77
            X509v3 Authority Key Identifier:
                keyid:91:D0:1C:47:F0:0E:64:F3:5C:C7:52:D0:3B:34:A7:1B:71:40:6B:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kdAcR_AOZPNcx1LQOzSnG3FAaz8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/b0fc0c-c537-40b4-9b5b-56b006ef0d3b/1/NoeGg8nqTESucl0MAVPWdqEJ9Xc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/b0fc0c-c537-40b4-9b5b-56b006ef0d3b/1/kdAcR_AOZPNcx1LQOzSnG3FAaz8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.17.200.0/21
                  185.161.180.0/22
                IPv6:
                  2a02:26a8:3::/48
                  2a02:26a8:f001::/48
                  2a02:26a8:fffe::/47

    Signature Algorithm: sha256WithRSAEncryption
         32:79:9c:be:d8:c6:fd:a2:4d:6f:98:e9:13:81:6b:98:78:f3:
         0d:0b:3d:6b:8a:d0:58:29:28:28:23:70:2d:fe:93:6b:14:78:
         58:09:69:39:cd:ae:a4:de:eb:e4:65:f1:3d:32:5c:d1:48:85:
         ff:39:c9:ae:93:3a:60:fd:45:89:d4:45:9a:e7:04:22:eb:3f:
         74:7a:79:cf:0a:c0:51:16:e5:b8:1f:35:30:e7:1c:22:e7:0b:
         18:26:e4:a0:14:aa:b7:47:c9:57:e3:d5:c1:9e:02:6e:6b:33:
         78:6b:51:b4:8b:bd:04:e2:05:9a:aa:69:5b:95:77:b9:e3:df:
         e4:e9:b8:e2:d4:34:0c:e4:3f:d2:c1:21:ec:aa:26:8f:00:c1:
         39:41:c9:3a:90:27:7c:6a:f4:e5:71:04:e7:63:ae:1f:d9:be:
         bc:6b:04:1a:77:da:99:09:19:37:a2:ec:0c:8a:55:29:1f:2b:
         7e:86:d4:1d:4f:9c:25:d0:48:2d:46:c5:b2:12:15:78:95:fc:
         12:b8:8c:ad:ab:f7:8f:23:99:a6:be:e2:7d:de:69:df:73:7d:
         5e:3e:31:f8:d2:1d:60:d0:8b:86:7d:18:be:c7:1d:6f:b7:f3:
         df:3e:be:c3:cf:0a:89:d6:66:38:7c:a3:03:ad:45:31:dd:45:
         aa:04:ba:5d
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAYVruASWcHGOj2/24bsm2UkrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxZDAxYzQ3ZjAwZTY0ZjM1Y2M3NTJkMDNiMzRhNzFiNzE0
MDZiM2YwHhcNMjMwMTAxMDUwNDU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjg3ODY4M2M5ZWE0YzQ0YWU3MjVkMGMwMTUzZDY3NmExMDlmNTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArpindWiU22ADhBJzzU2VSP3yXufd
UZF+PzsKnzVXR4iIgyOf/x5CPyASIEaYVdLlBolEVeqkCyJJXkMQZEYp6oHJoUEy
w8oHkE7hxaOkrsdctWEdtBiV8sBlaoDYs57k7ZhhOl/7/j91aK9i6YS8tHZp/t5Z
vOWCqEzj+zFWo/I1mSTY2/JtiGM92mnoLoDsAkWlkbD7D/5rM4/8tcg9BqH1Ogcu
V0/AtGZKfu5e47lq+UNWPBeqRUpkbI0a5RT+zknXVdosDiPgYNTGwv84OUD7xj/A
byXGi1HVwLVTzngPkMZbJi9DWVCBsac5XuSLZTHJCHLHTJKHv4DbRhduwQIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFDaHhoPJ6kxErnJdDAFT1nahCfV3MB8GA1UdIwQY
MBaAFJHQHEfwDmTzXMdS0Ds0pxtxQGs/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2RBY1JfQU9aUE5jeDFMUU96U25HM0ZBYXo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi9iMGZjMGMtYzUzNy00MGI0LTliNWIt
NTZiMDA2ZWYwZDNiLzEvTm9lR2c4bnFURVN1Y2wwTUFWUFdkcUVKOVhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi9iMGZjMGMtYzUzNy00MGI0LTliNWItNTZiMDA2ZWYwZDNi
LzEva2RBY1JfQU9aUE5jeDFMUU96U25HM0ZBYXo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzASBAIAATAMAwQDLhHIAwQC
uaG0MCEEAgACMBsDBwAqAiaoAAMDBwAqAiao8AEDBwEqAiao//4wDQYJKoZIhvcN
AQELBQADggEBADJ5nL7Yxv2iTW+Y6ROBa5h48w0LPWuK0FgpKCgjcC3+k2sUeFgJ
aTnNrqTe6+Rl8T0yXNFIhf85ya6TOmD9RYnURZrnBCLrP3R6ec8KwFEW5bgfNTDn
HCLnCxgm5KAUqrdHyVfj1cGeAm5rM3hrUbSLvQTiBZqqaVuVd7nj3+TpuOLUNAzk
P9LBIeyqJo8AwTlByTqQJ3xq9OVxBOdjrh/ZvrxrBBp32pkJGTei7AyKVSkfK36G
1B1PnCXQSC1GxbISFXiV/BK4jK2r948jmaa+4n3ead9zfV4+MfjSHWDQi4Z9GL7H
HW+3898+vsPPConWZjh8owOtRTHdRaoEul0=
-----END CERTIFICATE-----