Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/59e8c3-626b-4ece-8e39-df793a940bab/1/n4Vffeh1cEkBj3KjCu7XqhaKSgM.roa
File:                     n4Vffeh1cEkBj3KjCu7XqhaKSgM.roa (raw, json)
Hash identifier:          qIYt9moxBMhORErJJ1KIbSZ1sDUVO2PwniUYOmTpokU=
Subject key identifier:   9F:85:5F:7D:E8:75:70:49:01:8F:72:A3:0A:EE:D7:AA:16:8A:4A:03
Certificate issuer:       /CN=1e36de27974727aa0046b3e9c8d0624674541255
Certificate serial:       018D858003B6B0E1EFB7E336B9EDEC0882DB
Authority key identifier: 1E:36:DE:27:97:47:27:AA:00:46:B3:E9:C8:D0:62:46:74:54:12:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HjbeJ5dHJ6oARrPpyNBiRnRUElU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/59e8c3-626b-4ece-8e39-df793a940bab/1/n4Vffeh1cEkBj3KjCu7XqhaKSgM.roa
Signing time:             Wed 07 Feb 2024 21:36:15 +0000
ROA not before:           Wed 07 Feb 2024 21:36:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51032
IP address blocks:        31.128.128.0/19 maxlen: 24
                          62.122.88.0/21 maxlen: 24
                          89.23.128.0/19 maxlen: 19
                          89.23.128.0/21 maxlen: 24
                          89.23.144.0/20 maxlen: 24
                          89.23.146.0/24 maxlen: 24
                          89.23.147.0/24 maxlen: 24
                          89.23.160.0/19 maxlen: 19
                          89.23.168.0/21 maxlen: 21
                          89.23.176.0/21 maxlen: 21
                          91.123.80.0/20 maxlen: 20
                          91.202.204.0/22 maxlen: 22
                          93.157.160.0/21 maxlen: 21
                          93.157.162.0/24 maxlen: 24
                          93.157.163.0/24 maxlen: 24
                          178.212.80.0/21 maxlen: 24
                          178.216.176.0/21 maxlen: 21
                          2a13:2c80::/29 maxlen: 32

Validation:               Failed, certificate revoked on Wed 07 Feb 2024 23:46:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:85:80:03:b6:b0:e1:ef:b7:e3:36:b9:ed:ec:08:82:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e36de27974727aa0046b3e9c8d0624674541255
        Validity
            Not Before: Feb  7 21:36:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9f855f7de8757049018f72a30aeed7aa168a4a03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:64:f7:8d:2d:e1:28:e0:8f:3f:6b:6f:d9:24:
                    c5:67:c5:68:88:71:53:ac:20:c8:b3:18:76:d3:59:
                    95:0d:f1:18:e5:87:d3:2a:2a:69:cb:6a:9d:e7:a2:
                    15:df:37:69:bc:fa:b2:cb:d6:d2:14:20:9a:6d:86:
                    e6:b1:d8:dc:fb:9c:22:77:d7:1a:53:86:02:b2:35:
                    24:e8:c1:ff:4b:a2:30:14:db:d1:ef:80:69:06:01:
                    4d:a4:ab:da:7a:69:f1:24:d3:34:0e:4f:d1:f4:69:
                    c5:6f:73:47:af:9e:bb:b8:b3:64:ae:d3:0e:c9:2e:
                    28:7b:41:70:5e:b9:f0:39:ea:3b:7f:a7:22:fc:6f:
                    0b:d3:64:de:72:db:0c:3f:af:40:59:3a:b9:c4:58:
                    cf:fe:a5:01:6a:3f:0b:bb:07:4e:53:63:19:27:43:
                    a2:bf:8a:50:95:4e:b5:d7:62:b3:74:e2:bd:35:1a:
                    da:cf:8b:2c:02:6e:e7:84:be:21:83:2d:da:85:70:
                    b0:55:ec:e6:4e:ea:cd:38:b8:a2:2c:ac:3c:f1:8d:
                    e9:d3:59:24:c7:b0:ae:68:17:32:8b:6a:8a:66:83:
                    96:2f:dc:4f:66:57:e3:09:44:97:ff:55:db:fa:e9:
                    6f:8f:30:5b:04:8f:56:3c:5f:e4:15:0f:ea:5b:29:
                    66:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:85:5F:7D:E8:75:70:49:01:8F:72:A3:0A:EE:D7:AA:16:8A:4A:03
            X509v3 Authority Key Identifier:
                keyid:1E:36:DE:27:97:47:27:AA:00:46:B3:E9:C8:D0:62:46:74:54:12:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HjbeJ5dHJ6oARrPpyNBiRnRUElU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/59e8c3-626b-4ece-8e39-df793a940bab/1/n4Vffeh1cEkBj3KjCu7XqhaKSgM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/59e8c3-626b-4ece-8e39-df793a940bab/1/HjbeJ5dHJ6oARrPpyNBiRnRUElU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.128.128.0/19
                  62.122.88.0/21
                  89.23.128.0/18
                  91.123.80.0/20
                  91.202.204.0/22
                  93.157.160.0/21
                  178.212.80.0/21
                  178.216.176.0/21
                IPv6:
                  2a13:2c80::/29

    Signature Algorithm: sha256WithRSAEncryption
         61:91:c7:36:f7:ff:36:df:0d:ab:69:23:35:d9:6a:43:9d:36:
         2a:e9:0d:8b:bd:18:8c:cc:03:b0:39:b5:54:43:1c:f0:52:98:
         c3:60:1a:99:33:c6:c3:f6:13:4e:67:e2:6b:1a:55:df:7b:8e:
         e6:1c:1c:17:46:fc:2f:97:68:92:ef:f0:97:e5:dc:4e:95:e4:
         5b:75:fd:88:b9:2b:20:95:46:b5:8d:7f:cf:35:8c:c3:65:a6:
         ed:46:24:7e:08:5f:e7:0a:61:21:37:6d:72:ff:67:74:65:c1:
         b2:13:cf:ea:82:22:a1:0f:e6:4a:38:ea:88:3c:ea:f2:0b:2e:
         80:7d:ae:e4:6f:f3:b5:55:3f:d3:67:a7:d4:b7:05:58:b9:5a:
         50:fe:fe:13:24:72:64:e3:45:7e:74:09:dd:da:00:0e:b9:5e:
         d7:01:e6:7f:25:5f:73:21:20:d7:47:22:91:b4:00:5f:cb:19:
         44:29:3c:e8:ea:71:5f:ac:12:d9:24:f1:91:95:29:33:00:78:
         09:66:9d:80:8d:fc:65:a7:d2:e6:96:fb:cb:c4:51:bc:ef:9b:
         2f:55:c0:e6:4f:dd:7b:96:41:e3:1b:de:8b:b8:65:3c:b0:b3:
         7d:a8:c8:06:db:b2:6c:fb:41:35:af:49:c3:06:fe:fa:25:54:
         3c:b0:5d:bf
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAY2FgAO2sOHvt+M2ue3sCILbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlMzZkZTI3OTc0NzI3YWEwMDQ2YjNlOWM4ZDA2MjQ2NzQ1
NDEyNTUwHhcNMjQwMjA3MjEzNjE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Zjg1NWY3ZGU4NzU3MDQ5MDE4ZjcyYTMwYWVlZDdhYTE2OGE0YTAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm2T3jS3hKOCPP2tv2STFZ8VoiHFT
rCDIsxh201mVDfEY5YfTKippy2qd56IV3zdpvPqyy9bSFCCabYbmsdjc+5wid9ca
U4YCsjUk6MH/S6IwFNvR74BpBgFNpKvaemnxJNM0Dk/R9GnFb3NHr567uLNkrtMO
yS4oe0FwXrnwOeo7f6ci/G8L02TectsMP69AWTq5xFjP/qUBaj8LuwdOU2MZJ0Oi
v4pQlU6112KzdOK9NRraz4ssAm7nhL4hgy3ahXCwVezmTurNOLiiLKw88Y3p01kk
x7CuaBcyi2qKZoOWL9xPZlfjCUSX/1Xb+ulvjzBbBI9WPF/kFQ/qWylmWwIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFJ+FX33odXBJAY9yowru16oWikoDMB8GA1UdIwQY
MBaAFB423ieXRyeqAEaz6cjQYkZ0VBJVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGpiZUo1ZEhKNm9BUnJQcHlOQmlSblJVRWxVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy81OWU4YzMtNjI2Yi00ZWNlLThlMzkt
ZGY3OTNhOTQwYmFiLzEvbjRWZmZlaDFjRWtCajNLakN1N1hxaGFLU2dNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy81OWU4YzMtNjI2Yi00ZWNlLThlMzktZGY3OTNhOTQwYmFi
LzEvSGpiZUo1ZEhKNm9BUnJQcHlOQmlSblJVRWxVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQFH4CAAwQD
PnpYAwQGWReAAwQEW3tQAwQCW8rMAwQDXZ2gAwQDstRQAwQDstiwMA0EAgACMAcD
BQMqEyyAMA0GCSqGSIb3DQEBCwUAA4IBAQBhkcc29/823w2raSM12WpDnTYq6Q2L
vRiMzAOwObVUQxzwUpjDYBqZM8bD9hNOZ+JrGlXfe47mHBwXRvwvl2iS7/CX5dxO
leRbdf2IuSsglUa1jX/PNYzDZabtRiR+CF/nCmEhN21y/2d0ZcGyE8/qgiKhD+ZK
OOqIPOryCy6Afa7kb/O1VT/TZ6fUtwVYuVpQ/v4TJHJk40V+dAnd2gAOuV7XAeZ/
JV9zISDXRyKRtABfyxlEKTzo6nFfrBLZJPGRlSkzAHgJZp2Ajfxlp9LmlvvLxFG8
75svVcDmT917lkHjG96LuGU8sLN9qMgG27Js+0E1r0nDBv76JVQ8sF2/
-----END CERTIFICATE-----