Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/d5da0c-9cf3-4f8b-a562-cb11bc5b2f1b/1/gkYNioNfkH7RNnp7pLtZwDljWUA.roa
File:                     gkYNioNfkH7RNnp7pLtZwDljWUA.roa (raw, json)
Hash identifier:          wTChNYfwWGz6cooEvAqrxlh0sG87yxqhpDZux1bM/7g=
Subject key identifier:   82:46:0D:8A:83:5F:90:7E:D1:36:7A:7B:A4:BB:59:C0:39:63:59:40
Certificate issuer:       /CN=b32c9c26df7ccd8ad38d89bd5d49380b93b1e009
Certificate serial:       018F9A9EE0C18D7555BC14365CE48632FD6A
Authority key identifier: B3:2C:9C:26:DF:7C:CD:8A:D3:8D:89:BD:5D:49:38:0B:93:B1:E0:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/syycJt98zYrTjYm9XUk4C5Ox4Ak.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/d5da0c-9cf3-4f8b-a562-cb11bc5b2f1b/1/gkYNioNfkH7RNnp7pLtZwDljWUA.roa
Signing time:             Tue 21 May 2024 10:07:34 +0000
ROA not before:           Tue 21 May 2024 10:07:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6698
IP address blocks:        45.11.57.0/24 maxlen: 24
                          45.12.0.0/24 maxlen: 24
                          45.12.1.0/24 maxlen: 24
                          45.12.3.0/24 maxlen: 24
                          91.208.115.0/24 maxlen: 24
                          128.0.104.0/24 maxlen: 24
                          176.97.112.0/23 maxlen: 24
                          176.97.114.0/24 maxlen: 24
                          176.97.116.0/22 maxlen: 22
                          176.97.122.0/23 maxlen: 23
                          176.119.31.0/24 maxlen: 24
                          185.254.199.0/24 maxlen: 24
                          194.42.204.0/24 maxlen: 24
                          195.66.210.0/24 maxlen: 24
                          195.128.248.0/23 maxlen: 24
                          2a09:2dc2::/32 maxlen: 32

Validation:               Failed, certificate revoked on Fri 24 May 2024 09:21:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:9a:9e:e0:c1:8d:75:55:bc:14:36:5c:e4:86:32:fd:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b32c9c26df7ccd8ad38d89bd5d49380b93b1e009
        Validity
            Not Before: May 21 10:07:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=82460d8a835f907ed1367a7ba4bb59c039635940
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:cb:0d:cf:eb:14:3b:56:65:0f:90:1f:29:53:
                    f6:46:6d:d5:27:c6:77:03:cc:f7:f2:1e:a3:9d:0e:
                    26:eb:9b:2e:b6:33:d0:4d:61:07:b8:31:68:23:d6:
                    51:9e:b8:47:31:5e:af:db:ec:07:cf:e0:ce:d5:d2:
                    f6:39:ca:78:5e:3e:00:9e:16:a3:e3:89:dc:74:70:
                    f5:59:35:ad:06:76:e1:b3:70:c5:a6:77:d6:5e:cb:
                    07:b0:fa:e9:0a:8f:a9:be:dc:c9:5a:8d:bc:3c:53:
                    09:09:34:e1:80:37:3f:82:12:c1:33:1f:a0:d1:47:
                    55:34:b2:51:5e:e5:7f:3e:b9:a2:e9:de:f7:97:31:
                    77:48:aa:0c:73:88:0c:6b:48:3c:a5:ed:8c:11:39:
                    66:69:7f:d6:db:b9:e1:6a:99:80:73:50:24:d1:ae:
                    67:01:7c:27:e6:73:27:56:c7:f4:61:7d:7c:cd:41:
                    56:e0:d8:06:ce:63:00:3e:5e:f0:f7:a6:03:8c:9f:
                    5c:5d:f1:1f:44:b8:16:f1:6e:bd:0e:1a:1d:27:9e:
                    e9:4c:97:be:b4:db:34:f9:0c:23:ba:69:ef:5a:64:
                    3d:14:f6:60:03:34:96:45:35:d8:fb:67:21:d8:c5:
                    6b:75:fb:42:2c:ec:dc:d4:29:07:41:f0:cd:68:38:
                    6c:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:46:0D:8A:83:5F:90:7E:D1:36:7A:7B:A4:BB:59:C0:39:63:59:40
            X509v3 Authority Key Identifier:
                keyid:B3:2C:9C:26:DF:7C:CD:8A:D3:8D:89:BD:5D:49:38:0B:93:B1:E0:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/syycJt98zYrTjYm9XUk4C5Ox4Ak.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/d5da0c-9cf3-4f8b-a562-cb11bc5b2f1b/1/gkYNioNfkH7RNnp7pLtZwDljWUA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/d5da0c-9cf3-4f8b-a562-cb11bc5b2f1b/1/syycJt98zYrTjYm9XUk4C5Ox4Ak.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.57.0/24
                  45.12.0.0/23
                  45.12.3.0/24
                  91.208.115.0/24
                  128.0.104.0/24
                  176.97.112.0-176.97.114.255
                  176.97.116.0/22
                  176.97.122.0/23
                  176.119.31.0/24
                  185.254.199.0/24
                  194.42.204.0/24
                  195.66.210.0/24
                  195.128.248.0/23
                IPv6:
                  2a09:2dc2::/32

    Signature Algorithm: sha256WithRSAEncryption
         09:d6:bf:03:42:b3:f4:15:53:19:91:ce:0c:58:95:13:37:ac:
         e7:4a:c7:cb:da:4d:9e:9c:e3:6f:0a:28:d3:fe:fd:2f:73:5b:
         13:8d:c7:97:22:eb:a1:43:47:7c:8e:c7:7b:34:03:04:fb:fe:
         73:76:83:b0:5f:fb:bf:0e:d6:b1:51:bf:04:90:34:dc:ed:7c:
         f4:e1:2e:19:28:fd:bd:a7:4d:0e:5b:97:ea:da:21:26:e7:ff:
         6b:60:4c:0e:65:15:e4:b7:3d:28:ca:01:55:ad:f0:bd:e6:6c:
         0e:cd:1f:48:48:0e:8e:5d:57:71:7a:9d:c6:36:13:69:79:19:
         df:06:18:9c:58:60:e0:5f:73:9b:8c:d3:f4:19:12:7e:8a:90:
         53:17:77:4d:ea:c5:67:35:cd:e6:c8:8c:af:3f:da:89:b1:20:
         96:c8:a0:78:1b:55:09:2e:67:63:4e:72:6a:d0:f0:8e:08:12:
         32:36:d0:25:49:86:1f:b4:a2:ac:e5:a5:27:c8:a6:df:38:70:
         2b:e6:ef:65:cd:fe:17:4a:2c:9b:62:09:33:9f:29:6e:3a:13:
         c5:28:5f:2e:01:b4:8e:bf:f1:28:5d:d1:25:e9:e5:cd:99:3a:
         7f:5f:9e:0c:b0:3e:72:25:68:fd:e4:0f:ff:5e:62:cb:81:e3:
         03:52:10:52
-----BEGIN CERTIFICATE-----
MIIFXDCCBESgAwIBAgISAY+anuDBjXVVvBQ2XOSGMv1qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzMmM5YzI2ZGY3Y2NkOGFkMzhkODliZDVkNDkzODBiOTNi
MWUwMDkwHhcNMjQwNTIxMTAwNzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjQ2MGQ4YTgzNWY5MDdlZDEzNjdhN2JhNGJiNTljMDM5NjM1OTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1csNz+sUO1ZlD5AfKVP2Rm3VJ8Z3
A8z38h6jnQ4m65sutjPQTWEHuDFoI9ZRnrhHMV6v2+wHz+DO1dL2Ocp4Xj4Anhaj
44ncdHD1WTWtBnbhs3DFpnfWXssHsPrpCo+pvtzJWo28PFMJCTThgDc/ghLBMx+g
0UdVNLJRXuV/Prmi6d73lzF3SKoMc4gMa0g8pe2METlmaX/W27nhapmAc1Ak0a5n
AXwn5nMnVsf0YX18zUFW4NgGzmMAPl7w96YDjJ9cXfEfRLgW8W69DhodJ57pTJe+
tNs0+QwjumnvWmQ9FPZgAzSWRTXY+2ch2MVrdftCLOzc1CkHQfDNaDhs2QIDAQAB
o4ICaDCCAmQwHQYDVR0OBBYEFIJGDYqDX5B+0TZ6e6S7WcA5Y1lAMB8GA1UdIwQY
MBaAFLMsnCbffM2K042JvV1JOAuTseAJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3l5Y0p0OTh6WXJUalltOVhVazRDNU94NEFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC9kNWRhMGMtOWNmMy00ZjhiLWE1NjIt
Y2IxMWJjNWIyZjFiLzEvZ2tZTmlvTmZrSDdSTm5wN3BMdFp3RGxqV1VBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC9kNWRhMGMtOWNmMy00ZjhiLWE1NjItY2IxMWJjNWIyZjFi
LzEvc3l5Y0p0OTh6WXJUalltOVhVazRDNU94NEFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH4GCCsGAQUFBwEHAQH/BG8wbTBcBAIAATBWAwQALQs5AwQB
LQwAAwQALQwDAwQAW9BzAwQAgABoMAwDBASwYXADBACwYXIDBAKwYXQDBAGwYXoD
BACwdx8DBAC5/scDBADCKswDBADDQtIDBAHDgPgwDQQCAAIwBwMFACoJLcIwDQYJ
KoZIhvcNAQELBQADggEBAAnWvwNCs/QVUxmRzgxYlRM3rOdKx8vaTZ6c428KKNP+
/S9zWxONx5ci66FDR3yOx3s0AwT7/nN2g7Bf+78O1rFRvwSQNNztfPThLhko/b2n
TQ5bl+raISbn/2tgTA5lFeS3PSjKAVWt8L3mbA7NH0hIDo5dV3F6ncY2E2l5Gd8G
GJxYYOBfc5uM0/QZEn6KkFMXd03qxWc1zebIjK8/2omxIJbIoHgbVQkuZ2NOcmrQ
8I4IEjI20CVJhh+0oqzlpSfIpt84cCvm72XN/hdKLJtiCTOfKW46E8UoXy4BtI6/
8Shd0SXp5c2ZOn9fngywPnIlaP3kD/9eYsuB4wNSEFI=
-----END CERTIFICATE-----