Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/WBpvZLkXz4I108tIIvhbd4dsbbc.roa
File:                     WBpvZLkXz4I108tIIvhbd4dsbbc.roa (raw, json)
Hash identifier:          +jOCCYoCyKTcMbTWeHzFm1Ba0yiIzBpj5oScBDRIYxk=
Subject key identifier:   58:1A:6F:64:B9:17:CF:82:35:D3:CB:48:22:F8:5B:77:87:6C:6D:B7
Certificate issuer:       /CN=6d69da44ae067fc1a98a5f6f05f12e545d0fc62a
Certificate serial:       018CFD128FDBA7D9F2F383C89F7133917562
Authority key identifier: 6D:69:DA:44:AE:06:7F:C1:A9:8A:5F:6F:05:F1:2E:54:5D:0F:C6:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/WBpvZLkXz4I108tIIvhbd4dsbbc.roa
Signing time:             Fri 12 Jan 2024 09:48:21 +0000
ROA not before:           Fri 12 Jan 2024 09:48:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9121
IP address blocks:        185.33.63.0/24 maxlen: 24
                          31.169.69.0/24 maxlen: 24
                          31.169.70.0/24 maxlen: 24
                          31.169.65.0/24 maxlen: 24
                          31.169.66.0/24 maxlen: 24
                          31.169.67.0/24 maxlen: 24
                          31.169.71.0/24 maxlen: 24
                          31.169.78.0/24 maxlen: 24
                          31.169.77.0/24 maxlen: 24
                          31.169.72.0/24 maxlen: 24
                          31.169.81.0/24 maxlen: 24
                          31.169.88.0/24 maxlen: 24
                          31.169.92.0/24 maxlen: 24
                          31.169.93.0/24 maxlen: 24
                          31.169.94.0/24 maxlen: 24
                          31.169.64.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 15 Mar 2024 11:47:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:fd:12:8f:db:a7:d9:f2:f3:83:c8:9f:71:33:91:75:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d69da44ae067fc1a98a5f6f05f12e545d0fc62a
        Validity
            Not Before: Jan 12 09:48:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=581a6f64b917cf8235d3cb4822f85b77876c6db7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:a6:a2:58:32:31:ca:bd:bf:45:7a:4b:5a:e8:
                    97:37:7e:b3:80:ed:ba:e9:dc:cb:1a:c5:17:d1:71:
                    90:2e:75:0c:67:b0:3f:1e:e0:25:97:82:e1:00:fc:
                    d5:15:b8:0b:a4:bb:14:98:d3:22:d7:8a:91:3d:b6:
                    dd:f9:b4:33:8d:f5:8f:3c:38:d6:f6:55:3a:33:4e:
                    d9:7f:c6:2f:18:c3:1b:2d:c5:16:e4:73:1b:83:a9:
                    2b:97:bb:95:81:ea:5d:57:2a:b9:48:75:af:dd:21:
                    cb:d3:7e:e1:1e:23:59:a6:d1:13:fb:1c:4d:0a:7e:
                    a0:b7:4f:64:8d:00:6a:bd:e1:6d:1e:e8:1d:ac:81:
                    d5:47:de:24:fe:9b:11:75:6f:ae:1e:b9:90:23:9a:
                    03:85:ae:67:4d:7b:49:3c:b0:b7:c2:39:a6:d1:f6:
                    46:81:5a:ab:82:21:1a:10:bd:5b:ca:b8:8a:7f:73:
                    e3:6f:ec:b2:6b:e0:dc:22:09:5f:99:61:f6:c8:69:
                    73:9d:6e:2e:eb:d5:29:4c:5b:cb:1c:11:13:6f:05:
                    b7:36:77:4b:dc:7f:64:7c:16:0c:0f:2d:97:4c:10:
                    79:3c:27:2c:52:71:e4:fb:71:d3:a8:eb:ea:6e:34:
                    e8:a5:11:8c:4b:4e:e1:a1:b1:74:ba:d9:8b:b1:aa:
                    83:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:1A:6F:64:B9:17:CF:82:35:D3:CB:48:22:F8:5B:77:87:6C:6D:B7
            X509v3 Authority Key Identifier:
                keyid:6D:69:DA:44:AE:06:7F:C1:A9:8A:5F:6F:05:F1:2E:54:5D:0F:C6:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/WBpvZLkXz4I108tIIvhbd4dsbbc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.169.64.0/22
                  31.169.69.0-31.169.72.255
                  31.169.77.0-31.169.78.255
                  31.169.81.0/24
                  31.169.88.0/24
                  31.169.92.0-31.169.94.255
                  185.33.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:a4:b8:69:43:3f:bf:b1:1b:cd:40:ae:27:67:f4:40:f9:02:
         3d:2a:28:36:8e:93:b0:43:39:f3:7c:5a:6e:16:58:83:61:9f:
         8b:f3:78:e8:29:b1:63:fd:59:81:ae:d9:49:ef:43:d3:b3:19:
         f9:17:0c:a8:2b:0b:80:a6:4f:71:25:68:f2:df:6f:92:8b:bb:
         a2:01:9a:ee:b4:58:2b:bd:38:a4:f0:42:9b:b2:6d:1b:ca:1a:
         4b:a0:e4:79:17:74:bd:9b:74:2c:7d:1d:7d:64:e8:ea:f8:10:
         82:97:0d:62:a6:75:d5:ef:8e:f2:24:41:10:c2:84:a4:17:6f:
         49:c0:da:ef:4c:50:5c:04:82:d1:09:6d:bf:06:c1:7d:0b:15:
         03:59:31:1a:97:68:d9:bc:57:f2:d3:14:9b:93:48:69:d4:a6:
         e6:d2:c9:9d:ff:51:5b:2f:18:48:84:64:3d:a0:a0:73:81:1f:
         9e:8e:ef:4d:4a:df:0c:93:78:bf:89:3f:62:f4:49:75:86:bb:
         90:06:30:80:e7:f0:cb:d6:99:72:a9:da:f4:48:6d:4f:85:65:
         ce:1d:f5:e4:15:23:1a:16:83:d7:55:a1:cb:2d:dc:5d:49:b0:
         40:fa:a1:0d:6d:d3:22:c1:03:30:84:bc:df:ab:d8:46:24:15:
         31:b0:e7:5f
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYz9Eo/bp9ny84PIn3EzkXViMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNjlkYTQ0YWUwNjdmYzFhOThhNWY2ZjA1ZjEyZTU0NWQw
ZmM2MmEwHhcNMjQwMTEyMDk0ODIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODFhNmY2NGI5MTdjZjgyMzVkM2NiNDgyMmY4NWI3Nzg3NmM2ZGI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoKaiWDIxyr2/RXpLWuiXN36zgO26
6dzLGsUX0XGQLnUMZ7A/HuAll4LhAPzVFbgLpLsUmNMi14qRPbbd+bQzjfWPPDjW
9lU6M07Zf8YvGMMbLcUW5HMbg6krl7uVgepdVyq5SHWv3SHL037hHiNZptET+xxN
Cn6gt09kjQBqveFtHugdrIHVR94k/psRdW+uHrmQI5oDha5nTXtJPLC3wjmm0fZG
gVqrgiEaEL1byriKf3Pjb+yya+DcIglfmWH2yGlznW4u69UpTFvLHBETbwW3NndL
3H9kfBYMDy2XTBB5PCcsUnHk+3HTqOvqbjTopRGMS07hobF0utmLsaqDaQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFFgab2S5F8+CNdPLSCL4W3eHbG23MB8GA1UdIwQY
MBaAFG1p2kSuBn/BqYpfbwXxLlRdD8YqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlduYVJLNEdmOEdwaWw5dkJmRXVWRjBQeGlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS9iMWE4MmEtNDkwZi00M2ZiLTk4NmUt
MjYxNzBkYTRhMGIxLzEvV0JwdlpMa1h6NEkxMDh0SUl2aGJkNGRzYmJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS9iMWE4MmEtNDkwZi00M2ZiLTk4NmUtMjYxNzBkYTRhMGIx
LzEvYlduYVJLNEdmOEdwaWw5dkJmRXVWRjBQeGlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQCH6lAMAwD
BAAfqUUDBAAfqUgwDAMEAB+pTQMEAB+pTgMEAB+pUQMEAB+pWDAMAwQCH6lcAwQA
H6leAwQAuSE/MA0GCSqGSIb3DQEBCwUAA4IBAQBBpLhpQz+/sRvNQK4nZ/RA+QI9
Kig2jpOwQznzfFpuFliDYZ+L83joKbFj/VmBrtlJ70PTsxn5FwyoKwuApk9xJWjy
32+Si7uiAZrutFgrvTik8EKbsm0byhpLoOR5F3S9m3QsfR19ZOjq+BCClw1ipnXV
747yJEEQwoSkF29JwNrvTFBcBILRCW2/BsF9CxUDWTEal2jZvFfy0xSbk0hp1Kbm
0smd/1FbLxhIhGQ9oKBzgR+eju9NSt8Mk3i/iT9i9El1hruQBjCA5/DL1plyqdr0
SG1PhWXOHfXkFSMaFoPXVaHLLdxdSbBA+qENbdMiwQMwhLzfq9hGJBUxsOdf
-----END CERTIFICATE-----