Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/qTBCpmHDFVfRZ9mUwHoIh9s4Cc8.roa
File:                     qTBCpmHDFVfRZ9mUwHoIh9s4Cc8.roa (raw, json)
Hash identifier:          oWJChv24Rpo9a8K7ACFTVuNZTmFgGtYk7A9zBSoAiWA=
Subject key identifier:   A9:30:42:A6:61:C3:15:57:D1:67:D9:94:C0:7A:08:87:DB:38:09:CF
Certificate issuer:       /CN=f4b762950eb7916668bbfa8d1b870560b1ca7739
Certificate serial:       018570D52E5E88F58D1F789090D395A53DB1
Authority key identifier: F4:B7:62:95:0E:B7:91:66:68:BB:FA:8D:1B:87:05:60:B1:CA:77:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9LdilQ63kWZou_qNG4cFYLHKdzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/qTBCpmHDFVfRZ9mUwHoIh9s4Cc8.roa
Signing time:             Mon 02 Jan 2023 04:54:57 +0000
ROA not before:           Mon 02 Jan 2023 04:54:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     12444
IP address blocks:        185.118.177.0/24 maxlen: 24
                          185.118.176.0/24 maxlen: 24
                          185.118.178.0/24 maxlen: 24
                          185.118.179.0/24 maxlen: 24
                          84.17.69.0/24 maxlen: 24
                          84.17.70.0/24 maxlen: 24
                          84.17.67.0/24 maxlen: 24
                          84.17.68.0/24 maxlen: 24
                          84.17.71.0/24 maxlen: 24
                          84.17.78.0/24 maxlen: 24
                          84.17.72.0/24 maxlen: 24
                          84.17.76.0/24 maxlen: 24
                          84.17.75.0/24 maxlen: 24
                          84.17.79.0/24 maxlen: 24
                          84.17.84.0/24 maxlen: 24
                          84.17.87.0/24 maxlen: 24
                          84.17.86.0/24 maxlen: 24
                          84.17.90.0/24 maxlen: 24
                          84.17.89.0/24 maxlen: 24
                          84.17.93.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 02:30:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:d5:2e:5e:88:f5:8d:1f:78:90:90:d3:95:a5:3d:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4b762950eb7916668bbfa8d1b870560b1ca7739
        Validity
            Not Before: Jan  2 04:54:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a93042a661c31557d167d994c07a0887db3809cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:ca:44:e2:8c:85:1f:3b:42:aa:ff:43:fb:ff:
                    9e:57:8e:94:23:dc:91:d3:1e:11:ed:5d:1e:79:cf:
                    62:a0:db:09:ac:e8:34:4f:0c:81:68:52:4f:58:11:
                    27:36:df:e7:8f:a1:bb:56:f7:24:8f:ad:7f:f0:8b:
                    f7:16:24:77:b4:20:a4:19:d5:a8:53:a2:af:e1:ea:
                    40:5d:54:1c:02:30:5f:b9:a3:cd:26:cb:54:89:49:
                    fe:0c:69:b8:73:df:b1:96:95:c7:48:41:b0:c3:ce:
                    9e:74:7f:1e:3d:f0:3c:87:73:e7:9e:40:d2:c5:9b:
                    01:ab:50:84:a7:e4:9c:6a:dd:ad:9b:16:2e:8f:b4:
                    ae:8f:e2:b5:05:ae:68:8b:08:b5:2b:cd:c4:c4:14:
                    b6:ee:be:68:06:9d:8b:b6:20:96:1d:83:c0:76:e6:
                    e5:16:80:91:c1:05:9b:b4:ca:e9:75:d6:a6:b7:a8:
                    71:56:f7:1c:b7:93:ba:84:77:8a:35:2c:f1:79:dc:
                    00:30:f2:d2:f2:48:95:fa:73:14:a3:8b:e1:f3:09:
                    77:68:fb:f6:71:a4:48:75:e1:6c:6c:6b:d7:3a:ab:
                    8d:ad:fd:9b:69:28:0e:c6:44:c7:7b:c1:31:d7:45:
                    31:0a:da:97:23:59:89:20:81:46:a4:e0:99:c5:78:
                    59:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:30:42:A6:61:C3:15:57:D1:67:D9:94:C0:7A:08:87:DB:38:09:CF
            X509v3 Authority Key Identifier:
                keyid:F4:B7:62:95:0E:B7:91:66:68:BB:FA:8D:1B:87:05:60:B1:CA:77:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9LdilQ63kWZou_qNG4cFYLHKdzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/qTBCpmHDFVfRZ9mUwHoIh9s4Cc8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/9LdilQ63kWZou_qNG4cFYLHKdzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.17.67.0-84.17.72.255
                  84.17.75.0-84.17.76.255
                  84.17.78.0/23
                  84.17.84.0/24
                  84.17.86.0/23
                  84.17.89.0-84.17.90.255
                  84.17.93.0/24
                  185.118.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2d:c1:c1:75:3b:6a:89:c1:89:f4:86:6d:26:1f:6f:58:3c:7b:
         4e:ba:66:b8:bc:35:7d:46:0d:83:3a:2f:37:8f:18:6a:b3:bc:
         31:2c:15:e8:4c:48:40:47:86:f0:13:3f:0f:28:b8:08:d5:e2:
         5b:f8:6a:2a:af:b0:91:4a:d3:ea:75:f4:3e:6b:ed:40:59:a2:
         9a:c3:cf:d0:b4:f1:1d:71:51:ed:33:e3:f3:62:d8:c7:96:0e:
         08:cf:18:7f:39:32:4f:99:55:d0:d1:ea:aa:01:fc:e6:9d:cd:
         91:f1:c3:a1:36:86:d1:f4:1f:d4:a2:77:00:84:01:c7:d4:43:
         f7:f1:42:29:0d:92:45:08:22:9a:7a:47:1b:6a:a6:a0:23:bb:
         af:01:ab:ce:25:f1:b6:7e:9d:1e:01:75:5a:58:7d:8a:27:65:
         7f:0d:29:df:97:63:ef:4c:04:77:8c:0a:7c:f6:89:8e:b1:22:
         df:b9:2b:08:32:ab:96:d3:ee:bb:be:f1:ef:f3:15:01:1d:af:
         af:cd:6a:9d:f9:39:14:bd:ff:fd:a8:e0:2a:07:b7:e8:b5:6a:
         5b:4d:87:86:1b:ef:8f:1f:d2:a9:9d:e6:c7:89:84:d6:da:0a:
         59:0b:ac:db:75:a6:a4:f1:0d:dc:7e:6e:de:35:0e:d3:10:04:
         ec:8c:6b:21
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYVw1S5eiPWNH3iQkNOVpT2xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0Yjc2Mjk1MGViNzkxNjY2OGJiZmE4ZDFiODcwNTYwYjFj
YTc3MzkwHhcNMjMwMTAyMDQ1NDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTMwNDJhNjYxYzMxNTU3ZDE2N2Q5OTRjMDdhMDg4N2RiMzgwOWNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjcpE4oyFHztCqv9D+/+eV46UI9yR
0x4R7V0eec9ioNsJrOg0TwyBaFJPWBEnNt/nj6G7Vvckj61/8Iv3FiR3tCCkGdWo
U6Kv4epAXVQcAjBfuaPNJstUiUn+DGm4c9+xlpXHSEGww86edH8ePfA8h3PnnkDS
xZsBq1CEp+Scat2tmxYuj7Suj+K1Ba5oiwi1K83ExBS27r5oBp2LtiCWHYPAdubl
FoCRwQWbtMrpddamt6hxVvcct5O6hHeKNSzxedwAMPLS8kiV+nMUo4vh8wl3aPv2
caRIdeFsbGvXOquNrf2baSgOxkTHe8Ex10UxCtqXI1mJIIFGpOCZxXhZIwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFKkwQqZhwxVX0WfZlMB6CIfbOAnPMB8GA1UdIwQY
MBaAFPS3YpUOt5FmaLv6jRuHBWCxync5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUxkaWxRNjNrV1pvdV9xTkc0Y0ZZTEhLZHprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi8wYjIzYzUtMjFiNS00YWIzLTk3YTAt
MmY4ZGYxODdmOThiLzEvcVRCQ3BtSERGVmZSWjltVXdIb0loOXM0Q2M4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi8wYjIzYzUtMjFiNS00YWIzLTk3YTAtMmY4ZGYxODdmOThi
LzEvOUxkaWxRNjNrV1pvdV9xTkc0Y0ZZTEhLZHprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIMAwDBABUEUMD
BABUEUgwDAMEAFQRSwMEAFQRTAMEAVQRTgMEAFQRVAMEAVQRVjAMAwQAVBFZAwQA
VBFaAwQAVBFdAwQCuXawMA0GCSqGSIb3DQEBCwUAA4IBAQAtwcF1O2qJwYn0hm0m
H29YPHtOuma4vDV9Rg2DOi83jxhqs7wxLBXoTEhAR4bwEz8PKLgI1eJb+Goqr7CR
StPqdfQ+a+1AWaKaw8/QtPEdcVHtM+PzYtjHlg4Izxh/OTJPmVXQ0eqqAfzmnc2R
8cOhNobR9B/UoncAhAHH1EP38UIpDZJFCCKaekcbaqagI7uvAavOJfG2fp0eAXVa
WH2KJ2V/DSnfl2PvTAR3jAp89omOsSLfuSsIMquW0+67vvHv8xUBHa+vzWqd+TkU
vf/9qOAqB7fotWpbTYeGG++PH9KpnebHiYTW2gpZC6zbdaak8Q3cfm7eNQ7TEATs
jGsh
-----END CERTIFICATE-----