Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/gDOifpwNfpxsFFx2p51M3YSiK44.roa
File:                     gDOifpwNfpxsFFx2p51M3YSiK44.roa (raw, json)
Hash identifier:          WHfOS7dOiz34CU75YXc1s30EKT1NCJdBXuMdhdZkWZQ=
Subject key identifier:   80:33:A2:7E:9C:0D:7E:9C:6C:14:5C:76:A7:9D:4C:DD:84:A2:2B:8E
Certificate issuer:       /CN=05f3e160172ecc75c8cab1bae271be3ebf407a80
Certificate serial:       0185E8DD945B7E44327F60B7A042A9F95638
Authority key identifier: 05:F3:E1:60:17:2E:CC:75:C8:CA:B1:BA:E2:71:BE:3E:BF:40:7A:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BfPhYBcuzHXIyrG64nG-Pr9AeoA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/gDOifpwNfpxsFFx2p51M3YSiK44.roa
Signing time:             Wed 25 Jan 2023 12:18:33 +0000
ROA not before:           Wed 25 Jan 2023 12:18:33 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     3356
IP address blocks:        83.245.70.0/24 maxlen: 24
                          83.245.69.0/24 maxlen: 24
                          83.245.80.0/20 maxlen: 20
                          80.253.124.0/24 maxlen: 24
                          89.167.152.0/22 maxlen: 22
                          89.167.146.0/24 maxlen: 24
                          89.167.166.0/24 maxlen: 24
                          83.245.32.0/22 maxlen: 22
                          213.228.229.0/24 maxlen: 24
                          213.228.243.0/24 maxlen: 24
                          213.228.253.0/24 maxlen: 24
                          80.253.104.0/24 maxlen: 24
                          80.253.115.0/24 maxlen: 24
                          89.167.144.0/24 maxlen: 24
                          213.228.204.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 12:33:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:e8:dd:94:5b:7e:44:32:7f:60:b7:a0:42:a9:f9:56:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05f3e160172ecc75c8cab1bae271be3ebf407a80
        Validity
            Not Before: Jan 25 12:18:33 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8033a27e9c0d7e9c6c145c76a79d4cdd84a22b8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:bb:3f:83:df:13:fd:f7:80:30:84:1d:51:39:
                    c2:d6:1e:ef:e7:6d:f4:34:51:26:fe:31:67:a9:ac:
                    b4:f3:33:c2:53:02:f9:3a:ee:69:6c:45:0f:d0:5a:
                    a6:b2:e1:22:93:31:f0:83:c2:13:a0:72:20:52:bd:
                    48:a8:46:4d:17:1e:0a:01:7c:81:a1:12:61:5d:f0:
                    64:61:90:21:42:93:66:9f:00:17:0e:3b:e7:a3:94:
                    a5:a3:ab:3e:fc:9a:e7:a5:08:2a:3f:2e:21:d4:86:
                    91:bf:6b:5f:32:b4:c2:8a:8d:a7:5e:7b:82:dc:0a:
                    93:88:28:47:f2:59:b1:89:0c:5e:38:b8:64:f3:cf:
                    a5:de:52:e5:86:50:6e:55:04:00:c8:42:b2:d3:1a:
                    91:7a:83:74:68:a9:79:f0:32:2d:2e:2f:54:ce:90:
                    8c:c6:d5:a2:23:ae:2d:61:06:3c:d2:26:c7:eb:cc:
                    d1:63:0c:55:ae:48:3d:73:28:c3:02:0d:b5:0a:ca:
                    31:cb:c4:55:29:e1:6a:8a:c8:f0:a2:d9:14:66:f8:
                    e1:26:17:b8:01:70:56:cf:db:8a:3b:ef:11:52:ff:
                    d7:7a:9a:ac:1a:5b:cb:79:19:48:d8:2e:fd:0c:eb:
                    5d:e7:d8:d1:63:8f:c8:a5:75:e9:03:e6:52:4b:ab:
                    21:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:33:A2:7E:9C:0D:7E:9C:6C:14:5C:76:A7:9D:4C:DD:84:A2:2B:8E
            X509v3 Authority Key Identifier:
                keyid:05:F3:E1:60:17:2E:CC:75:C8:CA:B1:BA:E2:71:BE:3E:BF:40:7A:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BfPhYBcuzHXIyrG64nG-Pr9AeoA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/gDOifpwNfpxsFFx2p51M3YSiK44.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/BfPhYBcuzHXIyrG64nG-Pr9AeoA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.253.104.0/24
                  80.253.115.0/24
                  80.253.124.0/24
                  83.245.32.0/22
                  83.245.69.0-83.245.70.255
                  83.245.80.0/20
                  89.167.144.0/24
                  89.167.146.0/24
                  89.167.152.0/22
                  89.167.166.0/24
                  213.228.204.0/24
                  213.228.229.0/24
                  213.228.243.0/24
                  213.228.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:19:1a:8d:0e:1a:65:e7:fd:a2:d1:6e:f3:c8:dc:07:a8:30:
         1a:04:e7:a8:8b:18:9b:e4:4b:b1:21:6b:11:a8:dd:d8:9b:12:
         de:2d:09:f0:1e:0f:3d:70:ea:47:59:fe:ce:94:31:9f:27:33:
         f9:5c:69:bc:c3:39:d1:c2:bb:a8:37:aa:5a:3f:2c:dc:f6:10:
         e4:59:e7:cf:4d:3f:46:ad:bc:46:1d:93:0e:48:a4:48:5b:f7:
         80:6a:1b:ff:13:53:f3:66:a3:9a:2e:83:50:6f:6f:ca:7d:44:
         ed:8c:78:da:f5:27:67:1a:11:31:1e:8b:2c:41:18:92:9e:e8:
         7a:de:7d:b4:5c:1a:61:5b:64:fb:a6:0f:ce:bc:ff:b1:5e:e6:
         5e:14:91:8c:01:7a:b5:23:40:a2:55:2d:78:d6:07:2e:52:22:
         cd:b5:15:0c:13:ac:6f:5c:a7:61:dd:7a:25:e6:d9:74:8d:30:
         65:e6:eb:a1:9f:ae:1c:31:64:c4:79:1c:c5:8c:99:e2:85:00:
         0c:66:3c:c6:9f:35:cb:b4:84:cd:67:e3:66:a9:b1:d9:f3:6e:
         45:70:60:92:6e:b1:28:2a:b1:1a:05:13:a5:b5:b5:50:34:c1:
         bd:de:60:d6:a5:aa:1a:25:46:e9:69:45:e9:ec:57:b9:9c:06:
         a8:0b:88:7b
-----BEGIN CERTIFICATE-----
MIIFUzCCBDugAwIBAgISAYXo3ZRbfkQyf2C3oEKp+VY4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1ZjNlMTYwMTcyZWNjNzVjOGNhYjFiYWUyNzFiZTNlYmY0
MDdhODAwHhcNMjMwMTI1MTIxODMzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDMzYTI3ZTljMGQ3ZTljNmMxNDVjNzZhNzlkNGNkZDg0YTIyYjhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArbs/g98T/feAMIQdUTnC1h7v5230
NFEm/jFnqay08zPCUwL5Ou5pbEUP0FqmsuEikzHwg8IToHIgUr1IqEZNFx4KAXyB
oRJhXfBkYZAhQpNmnwAXDjvno5Slo6s+/JrnpQgqPy4h1IaRv2tfMrTCio2nXnuC
3AqTiChH8lmxiQxeOLhk88+l3lLlhlBuVQQAyEKy0xqReoN0aKl58DItLi9UzpCM
xtWiI64tYQY80ibH68zRYwxVrkg9cyjDAg21Csoxy8RVKeFqisjwotkUZvjhJhe4
AXBWz9uKO+8RUv/XepqsGlvLeRlI2C79DOtd59jRY4/IpXXpA+ZSS6shXwIDAQAB
o4ICXzCCAlswHQYDVR0OBBYEFIAzon6cDX6cbBRcdqedTN2EoiuOMB8GA1UdIwQY
MBaAFAXz4WAXLsx1yMqxuuJxvj6/QHqAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmZQaFlCY3V6SFhJeXJHNjRuRy1QcjlBZW9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS9hYThiNDYtOTY0NS00NjIwLTg0Nzkt
NWQ1NjA5ODljZjdiLzEvZ0RPaWZwd05mcHhzRkZ4MnA1MU0zWVNpSzQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS9hYThiNDYtOTY0NS00NjIwLTg0NzktNWQ1NjA5ODljZjdi
LzEvQmZQaFlCY3V6SFhJeXJHNjRuRy1QcjlBZW9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHUGCCsGAQUFBwEHAQH/BGYwZDBiBAIAATBcAwQAUP1oAwQA
UP1zAwQAUP18AwQCU/UgMAwDBABT9UUDBABT9UYDBART9VADBABZp5ADBABZp5ID
BAJZp5gDBABZp6YDBADV5MwDBADV5OUDBADV5PMDBADV5P0wDQYJKoZIhvcNAQEL
BQADggEBAEcZGo0OGmXn/aLRbvPI3AeoMBoE56iLGJvkS7EhaxGo3dibEt4tCfAe
Dz1w6kdZ/s6UMZ8nM/lcabzDOdHCu6g3qlo/LNz2EORZ589NP0atvEYdkw5IpEhb
94BqG/8TU/Nmo5oug1Bvb8p9RO2MeNr1J2caETEeiyxBGJKe6HrefbRcGmFbZPum
D868/7Fe5l4UkYwBerUjQKJVLXjWBy5SIs21FQwTrG9cp2HdeiXm2XSNMGXm66Gf
rhwxZMR5HMWMmeKFAAxmPMafNcu0hM1n42apsdnzbkVwYJJusSgqsRoFE6W1tVA0
wb3eYNalqholRulpRensV7mcBqgLiHs=
-----END CERTIFICATE-----