Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/A_y8AkAroj23Nuzo4LwhITM1mrU.roa
File:                     A_y8AkAroj23Nuzo4LwhITM1mrU.roa (raw, json)
Hash identifier:          qVo2hbLaiq5n/3VZVORYzF11gGhngOK4jLdpCkuoUTk=
Subject key identifier:   03:FC:BC:02:40:2B:A2:3D:B7:36:EC:E8:E0:BC:21:21:33:35:9A:B5
Certificate issuer:       /CN=0c5140282591f9912f9639ee1412b6d1dcff0861
Certificate serial:       018CC500D66BD688B10AAF46CEB0F14B02D8
Authority key identifier: 0C:51:40:28:25:91:F9:91:2F:96:39:EE:14:12:B6:D1:DC:FF:08:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DFFAKCWR-ZEvljnuFBK20dz_CGE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/A_y8AkAroj23Nuzo4LwhITM1mrU.roa
Signing time:             Mon 01 Jan 2024 12:30:15 +0000
ROA not before:           Mon 01 Jan 2024 12:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39216
IP address blocks:        188.72.56.0/24 maxlen: 24
                          188.72.63.0/24 maxlen: 24
                          188.72.62.0/24 maxlen: 24
                          188.72.61.0/24 maxlen: 24
                          188.72.60.0/24 maxlen: 24
                          188.72.59.0/24 maxlen: 24
                          188.72.4.0/24 maxlen: 24
                          188.72.2.0/24 maxlen: 24
                          188.72.7.0/24 maxlen: 24
                          188.72.6.0/24 maxlen: 24
                          188.72.5.0/24 maxlen: 24
                          188.72.35.0/24 maxlen: 24
                          188.72.34.0/24 maxlen: 24
                          185.72.253.0/24 maxlen: 24
                          185.72.252.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 06 May 2024 07:49:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:d6:6b:d6:88:b1:0a:af:46:ce:b0:f1:4b:02:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c5140282591f9912f9639ee1412b6d1dcff0861
        Validity
            Not Before: Jan  1 12:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=03fcbc02402ba23db736ece8e0bc212133359ab5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:0b:50:9a:06:89:24:52:df:cb:75:aa:10:b1:
                    ad:37:8b:f6:89:b9:9b:eb:3d:87:c4:bc:c8:51:fe:
                    cc:7e:43:32:77:fb:96:d1:2e:17:c9:11:01:d0:5a:
                    74:45:1b:22:01:9d:48:85:b2:12:43:fc:69:3e:93:
                    74:c8:66:34:03:91:40:33:be:df:2f:ef:79:b9:95:
                    dc:ff:2e:27:66:ae:d6:83:9f:0d:7c:4e:c8:da:81:
                    9b:87:a6:bc:9d:19:36:de:98:fb:26:db:ac:15:ad:
                    85:6e:30:7c:27:32:fa:9f:2a:08:ba:f2:4e:66:7a:
                    0a:82:2f:15:eb:dd:1a:54:27:d2:21:a3:c3:c0:c1:
                    a1:a3:70:b8:45:46:ac:6c:75:36:a6:27:5f:6d:dc:
                    4d:3b:07:b4:13:b4:76:81:0f:e0:23:d6:d4:88:02:
                    10:b2:a1:fe:86:84:62:66:73:c1:0e:e0:c8:75:4a:
                    71:5b:fe:7b:2e:20:b2:ae:70:c5:d0:83:2f:37:3e:
                    0e:81:f8:83:ae:65:a3:ab:8f:94:ae:dd:53:b1:92:
                    dd:30:0f:68:0f:0b:9b:b8:9d:bb:cb:9d:19:82:79:
                    2c:4e:cd:41:68:9d:b8:a4:56:ac:c9:e9:82:5a:66:
                    ec:4a:db:e6:a6:5a:ec:46:4b:bb:75:93:79:81:14:
                    bc:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:FC:BC:02:40:2B:A2:3D:B7:36:EC:E8:E0:BC:21:21:33:35:9A:B5
            X509v3 Authority Key Identifier:
                keyid:0C:51:40:28:25:91:F9:91:2F:96:39:EE:14:12:B6:D1:DC:FF:08:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DFFAKCWR-ZEvljnuFBK20dz_CGE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/A_y8AkAroj23Nuzo4LwhITM1mrU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/DFFAKCWR-ZEvljnuFBK20dz_CGE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.72.252.0/23
                  188.72.2.0/24
                  188.72.4.0/22
                  188.72.34.0/23
                  188.72.56.0/24
                  188.72.59.0-188.72.63.255

    Signature Algorithm: sha256WithRSAEncryption
         b8:77:fe:76:1f:3a:16:75:9f:6e:86:ab:e4:ef:df:4a:89:d7:
         43:09:c9:06:c7:22:99:2e:09:f7:81:cc:04:fc:4c:a7:f1:89:
         32:81:42:be:b4:d5:9b:1b:b7:95:7d:3d:00:67:09:70:ad:ba:
         99:c0:cb:80:8f:c7:26:c5:b4:25:89:0b:24:9b:16:43:42:35:
         3e:6f:66:41:2e:c2:3f:24:07:6b:27:c6:a1:f2:5b:36:c6:02:
         b8:44:a8:c0:ec:04:71:4f:fb:85:79:61:f4:a3:b2:88:2c:45:
         85:74:13:f4:f7:4c:62:4b:be:96:9d:32:e2:70:9c:9d:8e:e1:
         79:d7:1c:91:80:fa:a4:3d:c4:7e:fd:c0:cb:4f:e7:35:53:b1:
         52:96:b5:96:93:32:ff:62:3a:bf:c0:29:a3:ca:f9:c3:fb:2e:
         b3:6f:47:f6:2d:22:c9:7f:7a:e9:f6:90:c5:88:b0:49:1a:ba:
         17:af:e2:99:5d:9c:2a:9c:e4:40:42:53:b5:05:09:bb:da:b3:
         d6:27:76:21:ea:36:3d:6a:14:4c:ca:c0:e6:bb:88:32:36:6b:
         9a:a4:11:a3:3e:bb:c4:5b:29:26:7a:b6:30:ac:54:54:9d:b8:
         3b:f6:6f:bf:61:68:19:55:d4:62:35:71:ba:f4:a9:72:27:51:
         92:d6:29:90
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAYzFANZr1oixCq9GzrDxSwLYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjNTE0MDI4MjU5MWY5OTEyZjk2MzllZTE0MTJiNmQxZGNm
ZjA4NjEwHhcNMjQwMTAxMTIzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2ZjYmMwMjQwMmJhMjNkYjczNmVjZThlMGJjMjEyMTMzMzU5YWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArQtQmgaJJFLfy3WqELGtN4v2ibmb
6z2HxLzIUf7MfkMyd/uW0S4XyREB0Fp0RRsiAZ1IhbISQ/xpPpN0yGY0A5FAM77f
L+95uZXc/y4nZq7Wg58NfE7I2oGbh6a8nRk23pj7JtusFa2FbjB8JzL6nyoIuvJO
ZnoKgi8V690aVCfSIaPDwMGho3C4RUasbHU2pidfbdxNOwe0E7R2gQ/gI9bUiAIQ
sqH+hoRiZnPBDuDIdUpxW/57LiCyrnDF0IMvNz4OgfiDrmWjq4+Urt1TsZLdMA9o
DwubuJ27y50ZgnksTs1BaJ24pFasyemCWmbsStvmplrsRku7dZN5gRS8FwIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFAP8vAJAK6I9tzbs6OC8ISEzNZq1MB8GA1UdIwQY
MBaAFAxRQCglkfmRL5Y57hQSttHc/whhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREZGQUtDV1ItWkV2bGpudUZCSzIwZHpfQ0dFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8wNTU0YTItZDNkOS00ZmM0LThlZDUt
ZGU5MTQ2OWQzNzcyLzEvQV95OEFrQXJvajIzTnV6bzRMd2hJVE0xbXJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8wNTU0YTItZDNkOS00ZmM0LThlZDUtZGU5MTQ2OWQzNzcy
LzEvREZGQUtDV1ItWkV2bGpudUZCSzIwZHpfQ0dFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQBuUj8AwQA
vEgCAwQCvEgEAwQBvEgiAwQAvEg4MAwDBAC8SDsDBAa8SAAwDQYJKoZIhvcNAQEL
BQADggEBALh3/nYfOhZ1n26Gq+Tv30qJ10MJyQbHIpkuCfeBzAT8TKfxiTKBQr60
1Zsbt5V9PQBnCXCtupnAy4CPxybFtCWJCySbFkNCNT5vZkEuwj8kB2snxqHyWzbG
ArhEqMDsBHFP+4V5YfSjsogsRYV0E/T3TGJLvpadMuJwnJ2O4XnXHJGA+qQ9xH79
wMtP5zVTsVKWtZaTMv9iOr/AKaPK+cP7LrNvR/YtIsl/eun2kMWIsEkauhev4pld
nCqc5EBCU7UFCbvas9YndiHqNj1qFEzKwOa7iDI2a5qkEaM+u8RbKSZ6tjCsVFSd
uDv2b79haBlV1GI1cbr0qXInUZLWKZA=
-----END CERTIFICATE-----