Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/HQnF0QVvRu8COz4BPkZXM0251bY.roa
File:                     HQnF0QVvRu8COz4BPkZXM0251bY.roa (raw, json)
Hash identifier:          TkvJ6sH7sL5CWOQttY+g9sl8rIQwTubsZIxy3f5Sl+I=
Subject key identifier:   1D:09:C5:D1:05:6F:46:EF:02:3B:3E:01:3E:46:57:33:4D:B9:D5:B6
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       018B8052DD74F9AF90A45F92E8FAFA4762D8
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/HQnF0QVvRu8COz4BPkZXM0251bY.roa
Signing time:             Mon 30 Oct 2023 11:23:16 +0000
ROA not before:           Mon 30 Oct 2023 11:23:16 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43160
IP address blocks:        185.44.233.0/24 maxlen: 24
                          212.63.123.0/24 maxlen: 24
                          212.63.120.0/24 maxlen: 24
                          212.63.122.0/24 maxlen: 24
                          185.130.24.0/23 maxlen: 24
                          88.98.96.0/23 maxlen: 24
                          88.98.96.0/20 maxlen: 24
                          88.98.98.0/24 maxlen: 24
                          88.98.104.0/23 maxlen: 24
                          88.98.99.0/24 maxlen: 24
                          88.98.100.0/22 maxlen: 24
                          88.98.106.0/23 maxlen: 24
                          88.98.111.0/24 maxlen: 24
                          88.98.110.0/24 maxlen: 24
                          185.130.26.0/23 maxlen: 24
                          185.235.103.0/24 maxlen: 24
                          185.202.166.0/23 maxlen: 24
                          185.196.202.0/23 maxlen: 24
                          185.196.202.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 30 Oct 2023 11:42:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:80:52:dd:74:f9:af:90:a4:5f:92:e8:fa:fa:47:62:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Oct 30 11:23:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1d09c5d1056f46ef023b3e013e4657334db9d5b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:dd:3c:f2:40:bd:78:4d:54:73:cf:f1:c4:70:
                    df:29:52:9d:05:d4:1a:df:21:f9:18:65:2f:f3:75:
                    db:54:05:be:df:31:a8:7e:b8:53:af:77:11:5e:be:
                    09:64:5d:80:e4:ba:6a:38:42:bc:c1:11:b2:1a:34:
                    18:84:f5:3f:db:8b:40:6d:40:9b:09:52:ae:b8:a7:
                    fe:cf:f3:82:d0:d1:8a:c6:32:7a:c5:a6:6b:99:8a:
                    60:61:df:aa:4c:a7:28:ee:4e:8d:05:4b:c4:79:8d:
                    cf:9b:09:02:5e:8f:ff:6c:28:c0:c4:04:3f:47:a2:
                    41:9a:d9:dc:0c:c4:fd:e3:a7:94:69:ec:7f:fc:3c:
                    76:cc:ef:92:16:3f:69:aa:d6:35:37:fe:70:82:38:
                    9e:98:4e:ae:07:4e:bb:80:97:3d:3e:d3:d2:9f:17:
                    5d:de:aa:7b:b7:ae:32:21:bb:4b:02:c0:e9:60:bf:
                    a0:2b:40:1e:90:c7:8c:49:82:a1:8b:33:1b:df:af:
                    f2:b6:46:a1:f9:ae:8e:4f:c2:29:33:b5:7d:3c:72:
                    25:d6:63:b4:cd:59:9a:a1:d8:ee:34:6e:6d:07:a8:
                    ce:06:eb:eb:54:f0:88:6d:62:45:3d:10:e5:6d:58:
                    68:5c:fe:6c:11:a5:b1:9d:d5:6e:cf:75:fc:c8:4e:
                    e0:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:09:C5:D1:05:6F:46:EF:02:3B:3E:01:3E:46:57:33:4D:B9:D5:B6
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/HQnF0QVvRu8COz4BPkZXM0251bY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.98.96.0/20
                  185.44.233.0/24
                  185.130.24.0/22
                  185.196.202.0/23
                  185.202.166.0/23
                  185.235.103.0/24
                  212.63.120.0/24
                  212.63.122.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6a:c6:ab:cc:98:34:ac:f1:9a:61:35:5c:8e:8b:eb:6e:4e:3e:
         e0:aa:00:d9:bc:f0:d8:9f:ed:81:ad:37:12:3f:0b:00:48:c3:
         d0:3e:58:b3:2a:75:ca:ea:dc:52:a7:51:ef:7d:62:45:59:df:
         6a:fa:5e:2d:79:af:af:ae:b4:3d:ba:8a:67:f7:5b:20:9b:78:
         3a:4b:02:30:28:c1:bb:b4:f7:fa:ce:2d:65:ca:cd:ff:45:35:
         02:62:1e:8b:80:fe:ce:c2:8b:07:52:f9:bd:f5:2a:8b:61:ee:
         77:fe:05:e0:c7:62:95:29:23:26:37:1d:8f:98:ba:bd:df:dc:
         69:a6:ed:fb:74:0a:7a:fd:1d:b9:e9:ad:bf:ec:f4:b7:d9:db:
         44:62:29:8f:f3:39:f3:90:6c:36:93:ad:be:f0:5d:f9:f7:09:
         9e:bd:27:e5:dc:5f:b3:12:e9:bf:48:ce:9e:1a:bc:70:4c:12:
         b6:9d:a3:0f:36:01:96:85:ea:e8:0b:f4:41:20:01:53:46:2a:
         68:e0:ff:1e:d0:41:d8:e2:88:d2:3e:b0:7c:18:84:4d:2a:a7:
         11:b2:20:de:4c:49:70:e0:7a:b2:a7:ae:9b:82:1c:7a:a4:2c:
         fc:0b:89:de:ec:70:4d:cb:d2:ee:7a:0b:87:89:2b:02:1c:11:
         10:75:e1:ec
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYuAUt10+a+QpF+S6Pr6R2LYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjMxMDMwMTEyMzE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDA5YzVkMTA1NmY0NmVmMDIzYjNlMDEzZTQ2NTczMzRkYjlkNWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApt088kC9eE1Uc8/xxHDfKVKdBdQa
3yH5GGUv83XbVAW+3zGofrhTr3cRXr4JZF2A5LpqOEK8wRGyGjQYhPU/24tAbUCb
CVKuuKf+z/OC0NGKxjJ6xaZrmYpgYd+qTKco7k6NBUvEeY3PmwkCXo//bCjAxAQ/
R6JBmtncDMT946eUaex//Dx2zO+SFj9pqtY1N/5wgjiemE6uB067gJc9PtPSnxdd
3qp7t64yIbtLAsDpYL+gK0AekMeMSYKhizMb36/ytkah+a6OT8IpM7V9PHIl1mO0
zVmaodjuNG5tB6jOBuvrVPCIbWJFPRDlbVhoXP5sEaWxndVuz3X8yE7ggwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFB0JxdEFb0bvAjs+AT5GVzNNudW2MB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvSFFuRjBRVnZSdThDT3o0QlBrWlhNMDI1MWJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQEWGJgAwQA
uSzpAwQCuYIYAwQBucTKAwQBucqmAwQAuetnAwQA1D94AwQB1D96MA0GCSqGSIb3
DQEBCwUAA4IBAQBqxqvMmDSs8ZphNVyOi+tuTj7gqgDZvPDYn+2BrTcSPwsASMPQ
PlizKnXK6txSp1HvfWJFWd9q+l4tea+vrrQ9uopn91sgm3g6SwIwKMG7tPf6zi1l
ys3/RTUCYh6LgP7OwosHUvm99SqLYe53/gXgx2KVKSMmNx2PmLq939xppu37dAp6
/R256a2/7PS32dtEYimP8znzkGw2k62+8F359wmevSfl3F+zEum/SM6eGrxwTBK2
naMPNgGWheroC/RBIAFTRipo4P8e0EHY4ojSPrB8GIRNKqcRsiDeTElw4Hqyp66b
ghx6pCz8C4ne7HBNy9LueguHiSsCHBEQdeHs
-----END CERTIFICATE-----