Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/647eba-d666-49c7-a089-53edc626b287/1/_u5rdSd6Bn0W7YQgrOTpY-vxzXE.roa
File:                     _u5rdSd6Bn0W7YQgrOTpY-vxzXE.roa (raw, json)
Hash identifier:          VVfMms0V7zMS8bkvJWFoFsON/uvhz6m/1HHl32OJ1/A=
Subject key identifier:   FE:EE:6B:75:27:7A:06:7D:16:ED:84:20:AC:E4:E9:63:EB:F1:CD:71
Certificate issuer:       /CN=de90d43293cfebf87e7eab2b0d553fd21a6e9641
Certificate serial:       018CC6B8EC3E9F36B46FD6F88832ADB50039
Authority key identifier: DE:90:D4:32:93:CF:EB:F8:7E:7E:AB:2B:0D:55:3F:D2:1A:6E:96:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3pDUMpPP6_h-fqsrDVU_0hpulkE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/647eba-d666-49c7-a089-53edc626b287/1/_u5rdSd6Bn0W7YQgrOTpY-vxzXE.roa
Signing time:             Mon 01 Jan 2024 20:30:57 +0000
ROA not before:           Mon 01 Jan 2024 20:30:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47172
IP address blocks:        185.200.106.0/24 maxlen: 24
                          185.200.107.0/24 maxlen: 24
                          37.218.242.0/24 maxlen: 24
                          37.218.243.0/24 maxlen: 24
                          37.218.245.0/24 maxlen: 24
                          37.218.246.0/24 maxlen: 24
                          37.218.247.0/24 maxlen: 24
                          185.88.140.0/22 maxlen: 24
                          195.190.28.0/24 maxlen: 24
                          37.218.240.0/24 maxlen: 24
                          185.200.104.0/24 maxlen: 24
                          213.108.104.0/21 maxlen: 24
                          2a00:c6c0::/48 maxlen: 48

Validation:               Failed, certificate revoked on Thu 04 Apr 2024 04:56:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:ec:3e:9f:36:b4:6f:d6:f8:88:32:ad:b5:00:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de90d43293cfebf87e7eab2b0d553fd21a6e9641
        Validity
            Not Before: Jan  1 20:30:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=feee6b75277a067d16ed8420ace4e963ebf1cd71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:d6:d8:d5:60:98:f4:e6:10:20:c3:c2:a6:aa:
                    a2:4a:73:c4:55:fd:50:3b:d9:ab:e9:ae:b2:3b:97:
                    fc:39:ce:0a:fc:7c:48:68:8d:1d:97:16:d1:42:41:
                    6d:cb:a1:d9:d2:91:a7:c5:19:81:f4:bb:8b:d9:60:
                    8b:dc:47:c7:11:5b:f8:35:1b:db:fb:95:a9:f3:ff:
                    1d:81:c7:7a:e7:0e:26:9c:0a:a1:5c:03:ae:e7:47:
                    61:6e:13:ea:69:51:3c:1b:b1:a7:bc:16:5e:ad:4b:
                    02:c1:35:b7:77:be:c7:c0:39:1b:4a:56:5c:df:70:
                    56:69:ca:4e:ea:71:75:e4:dd:f2:db:d2:22:18:eb:
                    3b:90:a1:a3:66:53:de:07:1a:a6:09:27:62:32:ce:
                    0d:3b:f8:18:70:5e:f8:6e:89:4f:78:b8:ec:85:8c:
                    2c:d0:cf:c0:47:62:70:d3:48:dc:a4:05:0e:57:b9:
                    20:61:2e:7c:98:40:21:67:c2:50:cf:85:32:62:d0:
                    fc:39:e2:93:df:35:3f:b8:4e:60:09:1b:50:24:fe:
                    04:db:50:98:4e:bd:93:76:1c:59:c5:6d:f7:17:c0:
                    b3:75:a0:56:58:07:6e:de:f2:cc:37:02:37:3d:b2:
                    b1:1b:14:fb:45:e5:d7:44:b8:71:df:62:89:39:17:
                    10:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:EE:6B:75:27:7A:06:7D:16:ED:84:20:AC:E4:E9:63:EB:F1:CD:71
            X509v3 Authority Key Identifier:
                keyid:DE:90:D4:32:93:CF:EB:F8:7E:7E:AB:2B:0D:55:3F:D2:1A:6E:96:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3pDUMpPP6_h-fqsrDVU_0hpulkE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/647eba-d666-49c7-a089-53edc626b287/1/_u5rdSd6Bn0W7YQgrOTpY-vxzXE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/647eba-d666-49c7-a089-53edc626b287/1/3pDUMpPP6_h-fqsrDVU_0hpulkE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.218.240.0/24
                  37.218.242.0/23
                  37.218.245.0-37.218.247.255
                  185.88.140.0/22
                  185.200.104.0/24
                  185.200.106.0/23
                  195.190.28.0/24
                  213.108.104.0/21
                IPv6:
                  2a00:c6c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         94:4f:23:fd:b5:9c:7f:9a:e2:d9:6e:85:10:3a:1c:d5:7f:99:
         4a:64:3f:aa:dc:64:a0:67:4d:a7:dc:cc:0f:36:49:77:48:47:
         9c:68:b6:53:c6:dd:bd:95:05:13:34:a7:4c:93:56:27:1b:1e:
         9a:f2:5e:b7:41:d2:a3:b6:fe:32:3c:d2:4b:1e:b9:93:a3:6a:
         8e:0b:8c:1f:e6:92:df:74:7b:d4:9a:e8:eb:8c:b9:98:dd:09:
         df:c4:fc:4d:eb:2c:0a:07:da:39:bb:b7:a8:e8:dd:46:11:3b:
         79:83:28:60:3f:11:df:f7:8e:f3:3a:b9:3f:ab:d1:63:f3:dd:
         33:6f:4e:25:ad:e8:88:36:1d:eb:e7:42:9c:52:df:9e:68:09:
         56:56:53:a4:9f:25:f3:c9:20:bc:0f:94:f2:ae:da:73:4d:62:
         7c:d3:cb:dd:0e:4d:62:22:fc:0d:71:a1:da:e9:08:fb:e3:70:
         3e:50:f1:db:68:56:11:3a:5c:ab:09:62:cb:93:6c:65:2a:e2:
         f0:9b:94:d5:38:cb:bf:ed:72:74:7d:79:2b:21:35:74:89:6d:
         32:45:34:92:05:10:19:69:d2:20:c3:3b:fa:a3:3c:93:3e:fb:
         d0:51:2f:92:db:91:fb:7d:1d:de:b3:00:61:24:83:4c:6d:91:
         f1:81:0f:d3
-----BEGIN CERTIFICATE-----
MIIFQDCCBCigAwIBAgISAYzGuOw+nza0b9b4iDKttQA5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlOTBkNDMyOTNjZmViZjg3ZTdlYWIyYjBkNTUzZmQyMWE2
ZTk2NDEwHhcNMjQwMTAxMjAzMDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWVlNmI3NTI3N2EwNjdkMTZlZDg0MjBhY2U0ZTk2M2ViZjFjZDcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA09bY1WCY9OYQIMPCpqqiSnPEVf1Q
O9mr6a6yO5f8Oc4K/HxIaI0dlxbRQkFty6HZ0pGnxRmB9LuL2WCL3EfHEVv4NRvb
+5Wp8/8dgcd65w4mnAqhXAOu50dhbhPqaVE8G7GnvBZerUsCwTW3d77HwDkbSlZc
33BWacpO6nF15N3y29IiGOs7kKGjZlPeBxqmCSdiMs4NO/gYcF74bolPeLjshYws
0M/AR2Jw00jcpAUOV7kgYS58mEAhZ8JQz4UyYtD8OeKT3zU/uE5gCRtQJP4E21CY
Tr2TdhxZxW33F8CzdaBWWAdu3vLMNwI3PbKxGxT7ReXXRLhx32KJORcQKwIDAQAB
o4ICTDCCAkgwHQYDVR0OBBYEFP7ua3UnegZ9Fu2EIKzk6WPr8c1xMB8GA1UdIwQY
MBaAFN6Q1DKTz+v4fn6rKw1VP9IabpZBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3BEVU1wUFA2X2gtZnFzckRWVV8waHB1bGtFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi82NDdlYmEtZDY2Ni00OWM3LWEwODkt
NTNlZGM2MjZiMjg3LzEvX3U1cmRTZDZCbjBXN1lRZ3JPVHBZLXZ4elhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi82NDdlYmEtZDY2Ni00OWM3LWEwODktNTNlZGM2MjZiMjg3
LzEvM3BEVU1wUFA2X2gtZnFzckRWVV8waHB1bGtFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGIGCCsGAQUFBwEHAQH/BFMwUTA+BAIAATA4AwQAJdrwAwQB
JdryMAwDBAAl2vUDBAMl2vADBAK5WIwDBAC5yGgDBAG5yGoDBADDvhwDBAPVbGgw
DwQCAAIwCQMHACoAxsAAADANBgkqhkiG9w0BAQsFAAOCAQEAlE8j/bWcf5ri2W6F
EDoc1X+ZSmQ/qtxkoGdNp9zMDzZJd0hHnGi2U8bdvZUFEzSnTJNWJxsemvJet0HS
o7b+MjzSSx65k6NqjguMH+aS33R71Jro64y5mN0J38T8TessCgfaObu3qOjdRhE7
eYMoYD8R3/eO8zq5P6vRY/PdM29OJa3oiDYd6+dCnFLfnmgJVlZTpJ8l88kgvA+U
8q7ac01ifNPL3Q5NYiL8DXGh2ukI++NwPlDx22hWETpcqwliy5NsZSri8JuU1TjL
v+1ydH15KyE1dIltMkU0kgUQGWnSIMM7+qM8kz770FEvktuR+30d3rMAYSSDTG2R
8YEP0w==
-----END CERTIFICATE-----