Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/w5Xq0tE7_IhQpZBZSRgWcQAwPdA.roa
File:                     w5Xq0tE7_IhQpZBZSRgWcQAwPdA.roa (raw, json)
Hash identifier:          /mTTD2tp6slnLNnhNZq7RIZt9mK3MXsc9RBIt5VZRwc=
Subject key identifier:   C3:95:EA:D2:D1:3B:FC:88:50:A5:90:59:49:18:16:71:00:30:3D:D0
Certificate issuer:       /CN=dbe6ab8e0c46e841b44d2b9c6b03bb65f5621db1
Certificate serial:       018CC94DA48E624DABE6886E6BBA9DDA872E
Authority key identifier: DB:E6:AB:8E:0C:46:E8:41:B4:4D:2B:9C:6B:03:BB:65:F5:62:1D:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2-arjgxG6EG0TSucawO7ZfViHbE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/w5Xq0tE7_IhQpZBZSRgWcQAwPdA.roa
Signing time:             Tue 02 Jan 2024 08:32:37 +0000
ROA not before:           Tue 02 Jan 2024 08:32:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208046
IP address blocks:        193.142.147.0/24 maxlen: 24
                          193.142.146.0/24 maxlen: 24
                          193.142.59.0/24 maxlen: 24
                          2a0f:ca80:618::/48 maxlen: 48
                          2a0f:ca80:1338::/48 maxlen: 48
                          2a0f:ca86::/40 maxlen: 40
                          2a0f:ca80:1::/48 maxlen: 48
                          2a0f:ca80:617::/48 maxlen: 48
                          2a0f:ca80:1337::/48 maxlen: 48
                          2a0f:ca83:1337::/48 maxlen: 48
                          2a0f:ca84::/40 maxlen: 40
                          2a0f:ca80:1100::/40 maxlen: 40
                          2a0f:ca80:1200::/40 maxlen: 40
                          2a0f:ca80::/48 maxlen: 48
                          2a0f:ca80:619::/48 maxlen: 48

Validation:               Failed, certificate revoked on Thu 11 Jul 2024 12:35:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:a4:8e:62:4d:ab:e6:88:6e:6b:ba:9d:da:87:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbe6ab8e0c46e841b44d2b9c6b03bb65f5621db1
        Validity
            Not Before: Jan  2 08:32:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c395ead2d13bfc8850a590594918167100303dd0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:ae:b9:4e:ee:26:0c:01:f9:83:93:b0:9e:ad:
                    85:e7:69:ea:87:59:98:15:85:87:c4:47:e4:ec:8f:
                    94:d3:c8:5c:58:4f:77:81:c5:ba:0e:f9:1a:3d:75:
                    58:c3:5d:84:fc:04:fc:05:99:9b:7f:78:38:8a:07:
                    66:30:10:f0:72:cc:05:fe:13:37:c0:b2:7c:1c:1a:
                    c0:36:06:8b:29:df:fe:b6:cc:b1:1f:9b:57:05:d0:
                    12:df:45:a8:8b:2f:10:d0:55:b1:61:fe:96:7a:04:
                    08:69:23:9e:df:c2:23:a0:be:f9:02:93:ac:7c:05:
                    e3:8f:92:f4:3f:bc:c8:b6:a1:16:41:22:81:64:e0:
                    a5:fa:57:56:06:4a:63:99:a4:55:59:d3:56:b4:2d:
                    6d:fc:21:27:8b:f6:89:7e:7d:0e:c5:e1:63:38:ee:
                    69:68:6f:7e:a9:ec:18:a2:52:4b:90:bf:a2:65:39:
                    fe:8c:93:86:e9:b9:b2:00:f7:4f:1e:dd:01:ca:15:
                    aa:57:d4:45:4a:aa:a8:c9:9e:55:f8:1d:6f:d0:e8:
                    22:5e:2f:50:cc:58:96:8f:76:ae:5b:b5:b4:3a:2c:
                    f1:c8:17:fd:ad:07:d1:27:00:7a:c9:a6:91:de:1e:
                    77:6a:04:e0:bb:68:3d:c9:be:92:1f:1f:80:8f:28:
                    6f:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:95:EA:D2:D1:3B:FC:88:50:A5:90:59:49:18:16:71:00:30:3D:D0
            X509v3 Authority Key Identifier:
                keyid:DB:E6:AB:8E:0C:46:E8:41:B4:4D:2B:9C:6B:03:BB:65:F5:62:1D:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2-arjgxG6EG0TSucawO7ZfViHbE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/w5Xq0tE7_IhQpZBZSRgWcQAwPdA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/2-arjgxG6EG0TSucawO7ZfViHbE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.142.59.0/24
                  193.142.146.0/23
                IPv6:
                  2a0f:ca80::/47
                  2a0f:ca80:617::-2a0f:ca80:619:ffff:ffff:ffff:ffff:ffff
                  2a0f:ca80:1100::-2a0f:ca80:12ff:ffff:ffff:ffff:ffff:ffff
                  2a0f:ca80:1337::-2a0f:ca80:1338:ffff:ffff:ffff:ffff:ffff
                  2a0f:ca83:1337::/48
                  2a0f:ca84::/40
                  2a0f:ca86::/40

    Signature Algorithm: sha256WithRSAEncryption
         c4:19:33:b3:78:df:17:06:c9:82:2a:c5:49:58:c2:cf:d5:46:
         1e:6a:de:b4:33:83:d0:d9:17:06:21:94:30:db:e0:7b:e5:2e:
         a5:0a:bb:ec:8f:20:4e:0a:87:95:b1:e4:c6:7b:3d:30:09:30:
         65:9b:9d:3e:51:62:ee:50:09:22:55:8e:3e:62:b9:b7:b7:6f:
         85:36:19:e1:5a:9a:55:26:c5:28:c7:50:b1:c9:77:09:86:11:
         99:2b:30:2c:ee:02:7e:5e:ef:6e:53:34:14:50:86:72:20:11:
         97:6c:f6:eb:05:0b:99:a9:13:d1:53:05:88:b8:ef:06:ba:8d:
         87:c7:6d:84:0d:d3:61:1e:70:6b:35:6e:80:75:61:d7:69:dd:
         1a:09:ac:21:53:ea:36:48:48:04:b1:ff:ac:c3:24:fb:3c:c5:
         08:2c:b8:1a:1c:f3:86:42:7a:e3:ee:86:88:89:d0:f4:3b:81:
         57:c0:e5:3a:62:9f:74:d2:a2:b2:64:fd:35:b6:75:1c:57:90:
         ce:f0:c9:4a:a2:f9:a0:46:48:6f:43:e3:23:03:93:29:d3:1f:
         de:39:aa:67:8d:ad:8c:43:f0:66:7f:f3:1c:e8:c9:4f:27:3e:
         75:65:1e:75:21:3b:94:0e:e8:36:d0:02:25:c6:0b:62:b9:84:
         5d:11:68:d4
-----BEGIN CERTIFICATE-----
MIIFaDCCBFCgAwIBAgISAYzJTaSOYk2r5ohua7qd2ocuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiZTZhYjhlMGM0NmU4NDFiNDRkMmI5YzZiMDNiYjY1ZjU2
MjFkYjEwHhcNMjQwMTAyMDgzMjM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzk1ZWFkMmQxM2JmYzg4NTBhNTkwNTk0OTE4MTY3MTAwMzAzZGQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiK65Tu4mDAH5g5Ownq2F52nqh1mY
FYWHxEfk7I+U08hcWE93gcW6DvkaPXVYw12E/AT8BZmbf3g4igdmMBDwcswF/hM3
wLJ8HBrANgaLKd/+tsyxH5tXBdAS30Woiy8Q0FWxYf6WegQIaSOe38IjoL75ApOs
fAXjj5L0P7zItqEWQSKBZOCl+ldWBkpjmaRVWdNWtC1t/CEni/aJfn0OxeFjOO5p
aG9+qewYolJLkL+iZTn+jJOG6bmyAPdPHt0ByhWqV9RFSqqoyZ5V+B1v0OgiXi9Q
zFiWj3auW7W0OizxyBf9rQfRJwB6yaaR3h53agTgu2g9yb6SHx+AjyhvawIDAQAB
o4ICdDCCAnAwHQYDVR0OBBYEFMOV6tLRO/yIUKWQWUkYFnEAMD3QMB8GA1UdIwQY
MBaAFNvmq44MRuhBtE0rnGsDu2X1Yh2xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMi1hcmpneEc2RUcwVFN1Y2F3TzdaZlZpSGJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS85NjQzNmMtZjZmYS00MGJhLWEyN2Mt
ZmIxMDMwNjUxMDY3LzEvdzVYcTB0RTdfSWhRcFpCWlNSZ1djUUF3UGRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS85NjQzNmMtZjZmYS00MGJhLWEyN2MtZmIxMDMwNjUxMDY3
LzEvMi1hcmpneEc2RUcwVFN1Y2F3TzdaZlZpSGJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGJBggrBgEFBQcBBwEB/wR6MHgwEgQCAAEwDAMEAMGOOwME
AcGOkjBiBAIAAjBcAwcBKg/KgAAAMBIDBwAqD8qABhcDBwEqD8qABhgwEAMGACoP
yoARAwYAKg/KgBIwEgMHACoPyoATNwMHACoPyoATOAMHACoPyoMTNwMGACoPyoQA
AwYAKg/KhgAwDQYJKoZIhvcNAQELBQADggEBAMQZM7N43xcGyYIqxUlYws/VRh5q
3rQzg9DZFwYhlDDb4HvlLqUKu+yPIE4Kh5Wx5MZ7PTAJMGWbnT5RYu5QCSJVjj5i
ube3b4U2GeFamlUmxSjHULHJdwmGEZkrMCzuAn5e725TNBRQhnIgEZds9usFC5mp
E9FTBYi47wa6jYfHbYQN02EecGs1boB1Yddp3RoJrCFT6jZISASx/6zDJPs8xQgs
uBoc84ZCeuPuhoiJ0PQ7gVfA5Tpin3TSorJk/TW2dRxXkM7wyUqi+aBGSG9D4yMD
kynTH945qmeNrYxD8GZ/8xzoyU8nPnVlHnUhO5QO6DbQAiXGC2K5hF0RaNQ=
-----END CERTIFICATE-----