Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/qFgtrcWiL3H0aFh5aMf0VpGRmpA.roa
File:                     qFgtrcWiL3H0aFh5aMf0VpGRmpA.roa (raw, json)
Hash identifier:          Yc6g0J/6A4sQscqP1bd2EGYfsWUZuehCKd/F38VFk1M=
Subject key identifier:   A8:58:2D:AD:C5:A2:2F:71:F4:68:58:79:68:C7:F4:56:91:91:9A:90
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       018B806701241AB252B3F1F6A3CFC129BCF1
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/qFgtrcWiL3H0aFh5aMf0VpGRmpA.roa
Signing time:             Mon 30 Oct 2023 11:45:16 +0000
ROA not before:           Mon 30 Oct 2023 11:45:16 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43160
IP address blocks:        185.44.233.0/24 maxlen: 24
                          185.130.24.0/23 maxlen: 24
                          88.98.96.0/23 maxlen: 24
                          88.98.98.0/24 maxlen: 24
                          88.98.104.0/23 maxlen: 24
                          88.98.99.0/24 maxlen: 24
                          88.98.100.0/22 maxlen: 24
                          88.98.106.0/23 maxlen: 24
                          88.98.111.0/24 maxlen: 24
                          88.98.110.0/24 maxlen: 24
                          185.130.26.0/23 maxlen: 24
                          185.235.103.0/24 maxlen: 24
                          185.202.166.0/23 maxlen: 24
                          185.196.202.0/23 maxlen: 24
                          185.196.202.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 28 Nov 2023 12:51:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:80:67:01:24:1a:b2:52:b3:f1:f6:a3:cf:c1:29:bc:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Oct 30 11:45:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a8582dadc5a22f71f468587968c7f45691919a90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:f5:6a:db:fb:af:a6:55:48:ec:b8:3e:4d:71:
                    e8:63:3a:6b:c8:95:55:d9:0e:fb:83:1d:ba:ff:27:
                    a6:cb:1d:48:58:73:04:4d:c1:07:67:5e:bb:83:60:
                    6f:2b:59:4d:d7:89:3a:b4:6f:e1:3c:f1:9e:51:c8:
                    2a:c8:5b:41:21:35:2a:8b:73:66:0f:2d:c7:a8:bb:
                    04:58:a7:1e:58:49:d9:41:4f:ee:6a:75:28:84:6e:
                    4f:b6:82:ff:9f:d8:fe:d0:f2:e0:e7:f1:ac:fa:41:
                    7f:6d:bf:35:f4:5b:f3:ed:89:ff:94:f0:77:49:2b:
                    f7:07:56:81:14:b0:7c:37:0a:55:b5:34:09:d3:89:
                    d4:4a:82:6a:33:cb:1f:ef:8b:41:22:6c:a4:b8:8a:
                    b2:aa:ec:42:84:87:4b:7e:ba:68:a4:eb:7b:24:cd:
                    a1:e5:93:0d:7a:45:e6:33:cd:ea:31:0b:01:5d:51:
                    0e:31:1b:4d:ab:3d:5b:e9:99:f6:fa:29:40:df:ba:
                    f7:1f:b2:1d:4a:5f:d3:c8:ef:76:8e:86:24:e8:0c:
                    ef:53:e8:86:90:5f:c5:cc:c1:7e:f1:ba:e8:ed:84:
                    bc:82:b1:22:3d:f6:87:78:c8:d7:a7:2e:3d:0f:0d:
                    63:36:dc:bd:0e:a1:4e:8e:26:ba:ad:12:6d:77:f4:
                    a6:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:58:2D:AD:C5:A2:2F:71:F4:68:58:79:68:C7:F4:56:91:91:9A:90
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/qFgtrcWiL3H0aFh5aMf0VpGRmpA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.98.96.0-88.98.107.255
                  88.98.110.0/23
                  185.44.233.0/24
                  185.130.24.0/22
                  185.196.202.0/23
                  185.202.166.0/23
                  185.235.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:62:e7:98:e5:e8:75:ad:65:f5:3b:93:d5:82:2d:94:07:80:
         07:21:33:bd:6c:e0:b1:08:d2:d5:74:94:69:0a:1e:a5:d6:10:
         c1:f2:4f:5f:6a:69:3b:12:b1:fb:8d:4b:ab:f6:3c:a5:1c:67:
         7d:93:16:9d:d6:12:35:c4:91:c5:87:16:84:3c:53:c9:b6:22:
         82:a6:75:7c:58:56:90:0a:d3:51:f4:d5:6d:ff:08:e7:c1:5d:
         68:da:70:cc:ea:69:e6:5f:e8:8d:cb:3a:b1:60:25:42:c7:5a:
         5f:f9:4d:06:bb:02:20:a9:9a:e9:83:37:4f:76:08:e0:8d:f1:
         ca:06:c2:f1:f4:b1:f5:06:8e:ac:2f:5b:d2:01:ea:ef:9c:4e:
         5c:4d:0d:de:69:c5:8a:c8:ff:26:5e:ad:3c:e0:0a:1f:e2:ac:
         dc:47:a0:42:b1:53:97:c7:90:04:86:9f:25:e5:ea:1f:76:eb:
         1f:cb:5d:42:68:65:e4:1b:41:6f:49:21:81:75:dd:fb:38:55:
         09:17:2a:82:7b:c6:42:c2:1c:11:27:f4:0a:4a:86:39:2d:37:
         5c:24:83:49:24:10:7a:46:c2:9d:0f:3d:42:42:fc:4d:5b:c6:
         05:6e:ba:d3:06:cc:99:1f:eb:ac:9c:b4:18:09:2a:f7:38:2f:
         74:a3:2f:ef
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYuAZwEkGrJSs/H2o8/BKbzxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjMxMDMwMTE0NTE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODU4MmRhZGM1YTIyZjcxZjQ2ODU4Nzk2OGM3ZjQ1NjkxOTE5YTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAofVq2/uvplVI7Lg+TXHoYzpryJVV
2Q77gx26/yemyx1IWHMETcEHZ167g2BvK1lN14k6tG/hPPGeUcgqyFtBITUqi3Nm
Dy3HqLsEWKceWEnZQU/uanUohG5PtoL/n9j+0PLg5/Gs+kF/bb819Fvz7Yn/lPB3
SSv3B1aBFLB8NwpVtTQJ04nUSoJqM8sf74tBImykuIqyquxChIdLfrpopOt7JM2h
5ZMNekXmM83qMQsBXVEOMRtNqz1b6Zn2+ilA37r3H7IdSl/TyO92joYk6AzvU+iG
kF/FzMF+8bro7YS8grEiPfaHeMjXpy49Dw1jNty9DqFOjia6rRJtd/SmfwIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFKhYLa3Foi9x9GhYeWjH9FaRkZqQMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvcUZndHJjV2lMM0gwYUZoNWFNZjBWcEdSbXBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyMAwDBAVYYmAD
BAJYYmgDBAFYYm4DBAC5LOkDBAK5ghgDBAG5xMoDBAG5yqYDBAC562cwDQYJKoZI
hvcNAQELBQADggEBALli55jl6HWtZfU7k9WCLZQHgAchM71s4LEI0tV0lGkKHqXW
EMHyT19qaTsSsfuNS6v2PKUcZ32TFp3WEjXEkcWHFoQ8U8m2IoKmdXxYVpAK01H0
1W3/COfBXWjacMzqaeZf6I3LOrFgJULHWl/5TQa7AiCpmumDN092COCN8coGwvH0
sfUGjqwvW9IB6u+cTlxNDd5pxYrI/yZerTzgCh/irNxHoEKxU5fHkASGnyXl6h92
6x/LXUJoZeQbQW9JIYF13fs4VQkXKoJ7xkLCHBEn9ApKhjktN1wkg0kkEHpGwp0P
PUJC/E1bxgVuutMGzJkf66yctBgJKvc4L3SjL+8=
-----END CERTIFICATE-----