Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/vT56fU1VYdj0N9cnCy9eAROl87c.roa
File:                     vT56fU1VYdj0N9cnCy9eAROl87c.roa (raw, json)
Hash identifier:          EYk8kENE9/fo3g5C+B0/HAjm0QxODONno7AMbbLRRPo=
Subject key identifier:   BD:3E:7A:7D:4D:55:61:D8:F4:37:D7:27:0B:2F:5E:01:13:A5:F3:B7
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       0188E3DDADDDA9DB9E6DE42EE7264DD1D5C7
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/vT56fU1VYdj0N9cnCy9eAROl87c.roa
Signing time:             Thu 22 Jun 2023 16:08:55 +0000
ROA not before:           Thu 22 Jun 2023 16:08:55 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     29119
IP address blocks:        45.146.224.0/22 maxlen: 24
                          185.131.188.0/22 maxlen: 24
                          185.248.208.0/22 maxlen: 24
                          5.182.72.0/22 maxlen: 24
                          185.198.108.0/22 maxlen: 24
                          185.151.176.0/22 maxlen: 24
                          185.230.0.0/22 maxlen: 24
                          141.98.52.0/22 maxlen: 24
                          185.114.64.0/22 maxlen: 24
                          45.136.32.0/22 maxlen: 24
                          185.123.136.0/22 maxlen: 24
                          185.126.232.0/22 maxlen: 24

Validation:               Failed, certificate revoked on Thu 20 Jul 2023 11:16:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:e3:dd:ad:dd:a9:db:9e:6d:e4:2e:e7:26:4d:d1:d5:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jun 22 16:08:55 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=bd3e7a7d4d5561d8f437d7270b2f5e0113a5f3b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:d7:87:2b:b6:bf:b4:22:99:fe:58:32:ee:6f:
                    ec:da:b3:06:fe:6c:4f:6e:7c:6c:4f:7c:11:87:94:
                    96:02:7a:e1:bc:91:df:0e:1f:e8:31:bd:e5:35:7b:
                    86:89:b8:cf:46:c8:31:94:88:8e:71:de:ba:b7:92:
                    f8:b0:06:c8:fd:0f:2e:1f:c6:04:87:10:28:52:f4:
                    52:b3:f7:c4:d7:5d:4b:91:ef:e7:bd:e6:63:8b:ca:
                    f6:32:d1:50:ab:f2:20:6a:83:3d:a0:f9:7b:89:29:
                    23:71:7a:a4:e0:87:ac:cd:27:71:e6:ce:84:70:31:
                    0b:3f:c8:3f:39:b5:e6:c5:be:59:6a:ed:c0:96:44:
                    b4:ea:a8:67:a6:5a:a0:ba:ca:e1:39:6e:be:2a:9c:
                    9d:40:ae:ea:d7:42:b6:08:c5:69:7d:ed:19:d9:0e:
                    8e:6c:b8:c5:6b:b0:c5:66:49:9e:82:10:64:38:3d:
                    ba:d0:00:4f:cf:35:59:d3:5f:bd:5c:48:d7:47:e5:
                    4f:45:e0:94:05:48:55:2b:85:be:ef:6f:97:de:1c:
                    e8:5c:d7:b8:b7:55:14:3e:c1:95:04:92:50:ee:af:
                    88:d6:a0:7e:f3:3c:84:5c:b5:40:bf:ec:25:50:a3:
                    93:3b:17:c7:19:c9:45:a5:3a:7a:a1:63:60:f0:3e:
                    95:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:3E:7A:7D:4D:55:61:D8:F4:37:D7:27:0B:2F:5E:01:13:A5:F3:B7
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/vT56fU1VYdj0N9cnCy9eAROl87c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.72.0/22
                  45.136.32.0/22
                  45.146.224.0/22
                  141.98.52.0/22
                  185.114.64.0/22
                  185.123.136.0/22
                  185.126.232.0/22
                  185.131.188.0/22
                  185.151.176.0/22
                  185.198.108.0/22
                  185.230.0.0/22
                  185.248.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         84:48:62:53:c8:71:65:6c:82:df:83:62:b6:91:4f:c9:e5:92:
         5a:5b:1f:e8:7a:52:77:ab:ae:1a:6f:2b:cf:5c:93:65:8c:30:
         46:b1:bf:4c:d0:77:ed:1b:af:60:91:cf:e1:ab:ae:a8:de:b3:
         70:70:73:8f:bf:e8:54:14:38:fc:c1:4a:2f:8a:00:a8:5d:91:
         df:9c:ac:17:ca:b5:2c:c6:dc:14:67:0a:20:21:2a:f5:0e:96:
         92:a8:4d:b5:53:5f:d9:70:52:8d:7b:fd:74:55:57:a5:8e:44:
         3b:16:08:f7:32:55:40:b4:36:65:34:c3:20:97:5f:f8:df:43:
         c2:81:54:c3:cd:da:5d:08:da:1d:76:3d:b3:59:28:6f:b3:5a:
         cd:48:4f:e4:2f:2d:d6:96:3c:65:59:df:e1:22:ae:f5:eb:7b:
         b8:1e:1c:b7:50:97:4f:9e:48:2f:50:2c:b2:18:a8:ad:84:a5:
         72:fc:02:0d:7c:a1:62:27:a7:f2:08:0c:09:84:86:bf:3f:8a:
         b6:a7:39:55:f1:e7:fd:fb:a8:8b:e2:7a:76:db:58:d7:82:2e:
         ca:52:43:3f:5a:9a:db:61:99:cf:40:5b:d6:89:74:c3:78:f2:
         1f:32:a1:66:68:10:90:4e:30:94:7e:f6:9b:ac:c8:60:88:4e:
         50:0b:36:d7
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYjj3a3dqduebeQu5yZN0dXHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjMwNjIyMTYwODU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDNlN2E3ZDRkNTU2MWQ4ZjQzN2Q3MjcwYjJmNWUwMTEzYTVmM2I3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlteHK7a/tCKZ/lgy7m/s2rMG/mxP
bnxsT3wRh5SWAnrhvJHfDh/oMb3lNXuGibjPRsgxlIiOcd66t5L4sAbI/Q8uH8YE
hxAoUvRSs/fE111Lke/nveZji8r2MtFQq/IgaoM9oPl7iSkjcXqk4IeszSdx5s6E
cDELP8g/ObXmxb5Zau3AlkS06qhnplqgusrhOW6+KpydQK7q10K2CMVpfe0Z2Q6O
bLjFa7DFZkmeghBkOD260ABPzzVZ01+9XEjXR+VPReCUBUhVK4W+72+X3hzoXNe4
t1UUPsGVBJJQ7q+I1qB+8zyEXLVAv+wlUKOTOxfHGclFpTp6oWNg8D6V4QIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFL0+en1NVWHY9DfXJwsvXgETpfO3MB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvdlQ1NmZVMVZZZGowTjljbkN5OWVBUk9sODdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQCBbZIAwQC
LYggAwQCLZLgAwQCjWI0AwQCuXJAAwQCuXuIAwQCuX7oAwQCuYO8AwQCuZewAwQC
ucZsAwQCueYAAwQCufjQMA0GCSqGSIb3DQEBCwUAA4IBAQCESGJTyHFlbILfg2K2
kU/J5ZJaWx/oelJ3q64abyvPXJNljDBGsb9M0HftG69gkc/hq66o3rNwcHOPv+hU
FDj8wUovigCoXZHfnKwXyrUsxtwUZwogISr1DpaSqE21U1/ZcFKNe/10VVeljkQ7
Fgj3MlVAtDZlNMMgl1/430PCgVTDzdpdCNoddj2zWShvs1rNSE/kLy3WljxlWd/h
Iq7163u4Hhy3UJdPnkgvUCyyGKithKVy/AINfKFiJ6fyCAwJhIa/P4q2pzlV8ef9
+6iL4np221jXgi7KUkM/WprbYZnPQFvWiXTDePIfMqFmaBCQTjCUfvabrMhgiE5Q
CzbX
-----END CERTIFICATE-----