Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/Zpx_7h1QMmNo13gN07dbUu1h0H0.roa
File:                     Zpx_7h1QMmNo13gN07dbUu1h0H0.roa (raw, json)
Hash identifier:          svlMLl1bBRS5wUencieVGrSUPE5+/Jcabw1i/5qBYC0=
Subject key identifier:   66:9C:7F:EE:1D:50:32:63:68:D7:78:0D:D3:B7:5B:52:ED:61:D0:7D
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       018BAE829D425FCFAB65C2966606FD7ED0CA
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/Zpx_7h1QMmNo13gN07dbUu1h0H0.roa
Signing time:             Wed 08 Nov 2023 10:37:57 +0000
ROA not before:           Wed 08 Nov 2023 10:37:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     203380
IP address blocks:        82.118.245.0/24 maxlen: 24
                          79.124.7.0/24 maxlen: 24
                          77.76.13.0/24 maxlen: 24
                          91.148.141.0/24 maxlen: 24
                          78.128.99.0/24 maxlen: 24
                          94.72.140.0/23 maxlen: 24
                          94.72.141.0/24 maxlen: 24
                          94.72.143.0/24 maxlen: 24
                          82.118.227.0/24 maxlen: 24
                          82.118.230.0/24 maxlen: 24
                          82.118.234.0/24 maxlen: 24
                          82.118.235.0/24 maxlen: 24
                          130.185.251.0/24 maxlen: 24
                          79.124.77.0/24 maxlen: 24
                          78.128.127.0/24 maxlen: 24
                          2a01:8740:1::/48 maxlen: 48

Validation:               Failed, certificate revoked on Wed 20 Dec 2023 10:50:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:ae:82:9d:42:5f:cf:ab:65:c2:96:66:06:fd:7e:d0:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Nov  8 10:37:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=669c7fee1d50326368d7780dd3b75b52ed61d07d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:3c:59:72:ba:42:cc:00:3a:ff:3c:5f:84:cb:
                    57:36:7c:a7:98:d5:e3:be:80:71:44:7f:a5:8e:e8:
                    06:43:d8:f4:3a:63:1c:76:c8:7c:dd:c5:d0:a2:ed:
                    c1:67:f3:56:d6:93:ef:38:02:62:41:0b:a9:23:98:
                    a3:58:7b:d2:53:bd:2a:19:3d:52:93:84:1b:63:a2:
                    08:6b:79:4e:99:33:12:03:5e:18:28:c1:30:a3:99:
                    7c:84:94:96:fa:cf:ca:a1:8b:69:23:d5:45:64:51:
                    42:ce:22:83:93:d7:41:1b:33:95:a2:d2:cb:7f:d5:
                    44:b2:ac:3f:f9:fe:48:71:25:ef:04:6a:28:22:f7:
                    15:df:0d:e9:37:5b:77:92:6e:71:47:47:d5:ee:7e:
                    c2:db:b4:fc:a6:f4:04:3a:ca:e8:f0:37:4a:1e:43:
                    c0:02:c6:ba:81:64:78:d0:2d:10:34:bd:13:82:50:
                    ae:bc:68:f2:88:49:fa:8d:9b:ac:60:74:a4:b4:18:
                    6c:f6:4b:3e:34:08:67:9e:18:e5:20:49:50:57:25:
                    cf:02:04:d5:25:83:27:bb:c5:9c:ed:ec:ad:43:c1:
                    86:50:cb:71:ce:29:c9:77:fd:1a:0a:2e:e4:7b:f2:
                    4e:02:97:f0:33:0c:18:0d:11:07:28:31:5c:29:0e:
                    b5:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:9C:7F:EE:1D:50:32:63:68:D7:78:0D:D3:B7:5B:52:ED:61:D0:7D
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/Zpx_7h1QMmNo13gN07dbUu1h0H0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.76.13.0/24
                  78.128.99.0/24
                  78.128.127.0/24
                  79.124.7.0/24
                  79.124.77.0/24
                  82.118.227.0/24
                  82.118.230.0/24
                  82.118.234.0/23
                  82.118.245.0/24
                  91.148.141.0/24
                  94.72.140.0/23
                  94.72.143.0/24
                  130.185.251.0/24
                IPv6:
                  2a01:8740:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         9a:2b:f4:98:fc:44:d4:e0:ad:e8:71:0e:47:fe:7c:27:33:21:
         b3:5a:69:f3:a2:a9:1f:dc:9f:68:b2:a8:5d:96:68:38:79:ef:
         73:04:8c:94:fa:a9:1e:af:7d:65:77:1e:9c:ba:86:ee:68:26:
         ed:8e:65:52:0d:c8:44:f4:74:18:98:e1:96:e0:86:16:94:20:
         24:0a:1d:a3:8f:15:9c:25:25:84:db:3f:e8:30:da:cc:93:cb:
         99:46:42:a8:1a:73:d9:f1:19:f7:0a:04:89:f8:c1:5c:f6:63:
         db:e9:8a:fb:5b:aa:4d:13:a5:6b:72:eb:8d:38:29:54:27:4e:
         1c:95:8e:55:cc:71:c4:9b:e1:04:70:b6:9b:c9:aa:23:0e:38:
         37:bc:64:c0:de:7f:49:2b:2b:82:2e:6d:3d:e0:e2:00:94:9e:
         62:41:c6:21:2b:ff:5d:c8:25:a0:02:4b:09:62:42:4a:0e:2a:
         87:12:d0:3d:a2:59:f7:d1:2c:d2:ac:e8:2a:09:8b:04:74:44:
         d6:56:45:6a:52:dd:77:b2:6d:94:07:be:83:64:be:94:ba:44:
         98:47:03:c8:73:cc:20:9f:29:02:96:44:51:32:12:91:a3:d7:
         42:01:75:63:21:ef:1d:13:6f:c9:c1:7a:c8:3e:78:78:af:e1:
         34:4b:c8:36
-----BEGIN CERTIFICATE-----
MIIFVjCCBD6gAwIBAgISAYuugp1CX8+rZcKWZgb9ftDKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjMxMTA4MTAzNzU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjljN2ZlZTFkNTAzMjYzNjhkNzc4MGRkM2I3NWI1MmVkNjFkMDdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiDxZcrpCzAA6/zxfhMtXNnynmNXj
voBxRH+ljugGQ9j0OmMcdsh83cXQou3BZ/NW1pPvOAJiQQupI5ijWHvSU70qGT1S
k4QbY6IIa3lOmTMSA14YKMEwo5l8hJSW+s/KoYtpI9VFZFFCziKDk9dBGzOVotLL
f9VEsqw/+f5IcSXvBGooIvcV3w3pN1t3km5xR0fV7n7C27T8pvQEOsro8DdKHkPA
Asa6gWR40C0QNL0TglCuvGjyiEn6jZusYHSktBhs9ks+NAhnnhjlIElQVyXPAgTV
JYMnu8Wc7eytQ8GGUMtxzinJd/0aCi7ke/JOApfwMwwYDREHKDFcKQ61RwIDAQAB
o4ICYjCCAl4wHQYDVR0OBBYEFGacf+4dUDJjaNd4DdO3W1LtYdB9MB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvWnB4XzdoMVFNbU5vMTNnTjA3ZGJVdTFoMEgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHgGCCsGAQUFBwEHAQH/BGkwZzBUBAIAATBOAwQATUwNAwQA
ToBjAwQAToB/AwQAT3wHAwQAT3xNAwQAUnbjAwQAUnbmAwQBUnbqAwQAUnb1AwQA
W5SNAwQBXkiMAwQAXkiPAwQAgrn7MA8EAgACMAkDBwAqAYdAAAEwDQYJKoZIhvcN
AQELBQADggEBAJor9Jj8RNTgrehxDkf+fCczIbNaafOiqR/cn2iyqF2WaDh573ME
jJT6qR6vfWV3Hpy6hu5oJu2OZVINyET0dBiY4ZbghhaUICQKHaOPFZwlJYTbP+gw
2syTy5lGQqgac9nxGfcKBIn4wVz2Y9vpivtbqk0TpWty6404KVQnThyVjlXMccSb
4QRwtpvJqiMOODe8ZMDef0krK4IubT3g4gCUnmJBxiEr/13IJaACSwliQkoOKocS
0D2iWffRLNKs6CoJiwR0RNZWRWpS3XeybZQHvoNkvpS6RJhHA8hzzCCfKQKWRFEy
EpGj10IBdWMh7x0Tb8nBesg+eHiv4TRLyDY=
-----END CERTIFICATE-----