Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/d5da0c-9cf3-4f8b-a562-cb11bc5b2f1b/1/oHKDzhCeoA0Lebna2aMtbpZnopQ.roa
File:                     oHKDzhCeoA0Lebna2aMtbpZnopQ.roa (raw, json)
Hash identifier:          HSVwqRpVmX2/czuuT/BldH4DXjRZJee7l0Ihx/6Csvw=
Subject key identifier:   A0:72:83:CE:10:9E:A0:0D:0B:79:B9:DA:D9:A3:2D:6E:96:67:A2:94
Certificate issuer:       /CN=b32c9c26df7ccd8ad38d89bd5d49380b93b1e009
Certificate serial:       018D32CE36BD7881DA3F2DDB43CC5A5F0A0B
Authority key identifier: B3:2C:9C:26:DF:7C:CD:8A:D3:8D:89:BD:5D:49:38:0B:93:B1:E0:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/syycJt98zYrTjYm9XUk4C5Ox4Ak.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/d5da0c-9cf3-4f8b-a562-cb11bc5b2f1b/1/oHKDzhCeoA0Lebna2aMtbpZnopQ.roa
Signing time:             Mon 22 Jan 2024 20:13:11 +0000
ROA not before:           Mon 22 Jan 2024 20:13:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6698
IP address blocks:        45.11.57.0/24 maxlen: 24
                          45.12.0.0/24 maxlen: 24
                          45.12.1.0/24 maxlen: 24
                          45.12.3.0/24 maxlen: 24
                          91.208.115.0/24 maxlen: 24
                          176.97.112.0/23 maxlen: 24
                          176.119.31.0/24 maxlen: 24
                          185.254.199.0/24 maxlen: 24
                          194.42.204.0/24 maxlen: 24
                          195.66.210.0/24 maxlen: 24
                          195.128.248.0/23 maxlen: 24
                          2a09:2dc2::/32 maxlen: 32

Validation:               Failed, certificate revoked on Thu 22 Feb 2024 11:22:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:32:ce:36:bd:78:81:da:3f:2d:db:43:cc:5a:5f:0a:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b32c9c26df7ccd8ad38d89bd5d49380b93b1e009
        Validity
            Not Before: Jan 22 20:13:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a07283ce109ea00d0b79b9dad9a32d6e9667a294
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:c6:b2:bc:4b:b9:e7:f2:d6:a7:b5:64:cd:b2:
                    74:f8:54:7a:c3:a7:9c:4e:1f:ff:40:72:ee:74:0a:
                    bc:1b:b1:c6:58:3f:17:4b:d0:9b:cd:b7:f1:6c:c1:
                    3e:85:1d:3a:f0:32:2b:fd:b7:22:1f:21:1e:da:ea:
                    cb:22:61:5a:68:03:82:60:7a:03:29:70:6b:07:65:
                    0c:78:98:ce:12:86:c6:d5:33:c1:a7:9c:e7:de:fc:
                    9e:47:36:80:ed:be:ef:c9:60:9c:c3:6f:85:5f:83:
                    77:4a:0b:aa:af:b7:ab:82:a5:e0:1b:8d:f1:69:f8:
                    8e:a7:15:ad:02:b9:05:16:f3:d4:1e:e9:c5:e1:4b:
                    b8:8d:e0:c8:94:56:ba:dc:0f:14:9a:a2:77:b3:a0:
                    ce:16:8f:44:3a:03:59:27:32:4c:7e:67:2b:b4:25:
                    4b:e3:4e:9f:90:31:e4:cf:e2:35:fc:4a:08:9a:fa:
                    f0:8e:a0:66:30:f8:a4:ae:6e:3f:66:a0:e9:38:f8:
                    5e:97:17:50:d9:e0:36:e3:7e:aa:38:4c:4c:d9:8e:
                    5b:d0:82:a5:9f:de:e0:b1:23:81:65:dc:be:ae:43:
                    11:cc:f5:f4:ec:86:28:11:30:c7:52:41:75:b2:4c:
                    52:77:b2:fa:6a:ef:6c:92:0e:bb:39:8a:11:1e:fa:
                    73:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:72:83:CE:10:9E:A0:0D:0B:79:B9:DA:D9:A3:2D:6E:96:67:A2:94
            X509v3 Authority Key Identifier:
                keyid:B3:2C:9C:26:DF:7C:CD:8A:D3:8D:89:BD:5D:49:38:0B:93:B1:E0:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/syycJt98zYrTjYm9XUk4C5Ox4Ak.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/d5da0c-9cf3-4f8b-a562-cb11bc5b2f1b/1/oHKDzhCeoA0Lebna2aMtbpZnopQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/d5da0c-9cf3-4f8b-a562-cb11bc5b2f1b/1/syycJt98zYrTjYm9XUk4C5Ox4Ak.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.57.0/24
                  45.12.0.0/23
                  45.12.3.0/24
                  91.208.115.0/24
                  176.97.112.0/23
                  176.119.31.0/24
                  185.254.199.0/24
                  194.42.204.0/24
                  195.66.210.0/24
                  195.128.248.0/23
                IPv6:
                  2a09:2dc2::/32

    Signature Algorithm: sha256WithRSAEncryption
         54:22:08:2a:57:40:df:76:21:4d:3a:5f:7f:40:96:04:d8:1e:
         93:ee:e2:c5:1b:c8:69:dc:04:4a:1c:24:df:8a:d0:16:d0:d2:
         8e:c4:45:88:29:c8:e0:cb:61:7c:fb:c9:8e:9b:ee:5f:c6:a3:
         d3:d9:6d:9d:d2:4d:8c:df:43:42:87:c3:d8:02:94:19:2c:85:
         1b:6f:52:42:63:17:22:37:dd:00:06:fd:ad:1e:c0:41:1a:51:
         6b:58:f4:65:83:2a:a2:83:da:64:15:0c:30:11:d0:1c:5b:41:
         9d:3a:a5:0a:13:fc:29:d1:38:39:9b:2d:83:fd:6a:18:30:18:
         4a:9e:0f:b7:8d:aa:e5:6d:9d:bd:f7:72:d8:bc:c3:49:41:03:
         cb:b9:5c:8b:e2:2c:f6:e4:81:54:b7:e0:c6:b3:5e:06:c3:11:
         86:f9:32:e8:f6:ab:13:26:37:41:61:54:05:35:ca:20:20:7e:
         bf:04:5a:d4:db:90:7e:d1:9c:7f:9f:74:7d:b5:4a:34:55:aa:
         2c:ec:48:b6:d5:f8:fa:16:2a:d8:42:da:db:3a:41:3e:cd:a9:
         3e:81:b0:b2:9d:3c:6f:c1:39:05:46:b3:44:62:1f:e9:ac:e7:
         17:44:92:0f:78:3c:cc:7f:31:87:09:aa:14:15:cf:67:80:a9:
         cb:ad:5e:05
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgISAY0yzja9eIHaPy3bQ8xaXwoLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzMmM5YzI2ZGY3Y2NkOGFkMzhkODliZDVkNDkzODBiOTNi
MWUwMDkwHhcNMjQwMTIyMjAxMzExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDcyODNjZTEwOWVhMDBkMGI3OWI5ZGFkOWEzMmQ2ZTk2NjdhMjk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhcayvEu55/LWp7VkzbJ0+FR6w6ec
Th//QHLudAq8G7HGWD8XS9CbzbfxbME+hR068DIr/bciHyEe2urLImFaaAOCYHoD
KXBrB2UMeJjOEobG1TPBp5zn3vyeRzaA7b7vyWCcw2+FX4N3Sguqr7ergqXgG43x
afiOpxWtArkFFvPUHunF4Uu4jeDIlFa63A8UmqJ3s6DOFo9EOgNZJzJMfmcrtCVL
406fkDHkz+I1/EoImvrwjqBmMPikrm4/ZqDpOPhelxdQ2eA2436qOExM2Y5b0IKl
n97gsSOBZdy+rkMRzPX07IYoETDHUkF1skxSd7L6au9skg67OYoRHvpzcwIDAQAB
o4ICTjCCAkowHQYDVR0OBBYEFKByg84QnqANC3m52tmjLW6WZ6KUMB8GA1UdIwQY
MBaAFLMsnCbffM2K042JvV1JOAuTseAJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3l5Y0p0OTh6WXJUalltOVhVazRDNU94NEFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC9kNWRhMGMtOWNmMy00ZjhiLWE1NjIt
Y2IxMWJjNWIyZjFiLzEvb0hLRHpoQ2VvQTBMZWJuYTJhTXRicFpub3BRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC9kNWRhMGMtOWNmMy00ZjhiLWE1NjItY2IxMWJjNWIyZjFi
LzEvc3l5Y0p0OTh6WXJUalltOVhVazRDNU94NEFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGQGCCsGAQUFBwEHAQH/BFUwUzBCBAIAATA8AwQALQs5AwQB
LQwAAwQALQwDAwQAW9BzAwQBsGFwAwQAsHcfAwQAuf7HAwQAwirMAwQAw0LSAwQB
w4D4MA0EAgACMAcDBQAqCS3CMA0GCSqGSIb3DQEBCwUAA4IBAQBUIggqV0DfdiFN
Ol9/QJYE2B6T7uLFG8hp3ARKHCTfitAW0NKOxEWIKcjgy2F8+8mOm+5fxqPT2W2d
0k2M30NCh8PYApQZLIUbb1JCYxciN90ABv2tHsBBGlFrWPRlgyqig9pkFQwwEdAc
W0GdOqUKE/wp0Tg5my2D/WoYMBhKng+3jarlbZ2993LYvMNJQQPLuVyL4iz25IFU
t+DGs14GwxGG+TLo9qsTJjdBYVQFNcogIH6/BFrU25B+0Zx/n3R9tUo0Vaos7Ei2
1fj6FirYQtrbOkE+zak+gbCynTxvwTkFRrNEYh/prOcXRJIPeDzMfzGHCaoUFc9n
gKnLrV4F
-----END CERTIFICATE-----