Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/DOhfl-dEPGBdKCOgl7Rt8f3Xw88.roa
File:                     DOhfl-dEPGBdKCOgl7Rt8f3Xw88.roa (raw, json)
Hash identifier:          1D1LIiipV+m2WCajTCC0hr8z3uZq8kz+PntoP2dNyng=
Subject key identifier:   0C:E8:5F:97:E7:44:3C:60:5D:28:23:A0:97:B4:6D:F1:FD:D7:C3:CF
Certificate issuer:       /CN=641975583b250362c8150f63adb30a0f6a0c6fc3
Certificate serial:       01910E1BBE60D6483310020C43FF7292F7A5
Authority key identifier: 64:19:75:58:3B:25:03:62:C8:15:0F:63:AD:B3:0A:0F:6A:0C:6F:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/DOhfl-dEPGBdKCOgl7Rt8f3Xw88.roa
Signing time:             Thu 01 Aug 2024 13:23:04 +0000
ROA not before:           Thu 01 Aug 2024 13:23:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50261
IP address blocks:        37.220.128.0/20 maxlen: 20
                          77.111.112.0/22 maxlen: 22
                          77.111.124.0/22 maxlen: 22
                          80.64.64.0/21 maxlen: 21
                          80.64.72.0/21 maxlen: 21
                          109.74.48.0/20 maxlen: 20
                          194.152.130.0/24 maxlen: 24
                          194.152.131.0/24 maxlen: 24
                          194.152.133.0/24 maxlen: 24
                          194.152.134.0/24 maxlen: 24
                          194.152.135.0/24 maxlen: 24
                          194.152.136.0/24 maxlen: 24
                          194.152.137.0/24 maxlen: 24
                          194.152.138.0/24 maxlen: 24
                          194.152.139.0/24 maxlen: 24
                          194.152.143.0/24 maxlen: 24
                          194.152.144.0/24 maxlen: 24
                          194.152.145.0/24 maxlen: 24
                          194.152.146.0/24 maxlen: 24
                          2a02:d400::/29 maxlen: 29

Validation:               Failed, certificate revoked on Mon 05 Aug 2024 08:26:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:0e:1b:be:60:d6:48:33:10:02:0c:43:ff:72:92:f7:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=641975583b250362c8150f63adb30a0f6a0c6fc3
        Validity
            Not Before: Aug  1 13:23:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0ce85f97e7443c605d2823a097b46df1fdd7c3cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:17:5e:e5:b8:72:41:27:a1:ad:c1:4d:e8:89:
                    4d:68:e5:4e:6a:2e:72:42:12:46:34:9a:a8:d0:60:
                    a1:86:11:98:90:0a:98:c6:7f:e0:ed:b5:95:10:72:
                    d3:7c:c0:93:b3:b7:70:d5:3d:8c:bb:3f:7b:b8:bf:
                    c7:e2:b6:31:ee:a4:f6:01:54:53:fa:6c:02:65:62:
                    97:28:7a:45:a1:ea:57:49:36:c1:9b:8f:06:32:43:
                    5f:b4:3a:43:75:49:a2:44:2a:fc:71:09:48:eb:ad:
                    f6:c6:e2:f1:94:d8:3a:a0:04:2d:c6:79:53:e7:5d:
                    89:80:e6:e0:34:4a:82:f6:9d:eb:1b:ff:64:af:46:
                    a1:68:6b:17:3d:ee:3f:8a:53:71:c4:02:d7:4c:8d:
                    a6:b6:f4:f5:d7:c8:e3:d2:e3:ff:22:a1:a7:3b:fe:
                    e8:92:cb:02:ee:84:1d:75:de:fa:b6:65:e5:9e:32:
                    1a:71:ca:20:be:ae:c5:17:e5:9f:b1:53:df:ae:cc:
                    f3:ad:5f:f1:b3:54:a6:17:74:19:91:5a:4e:ab:25:
                    54:f2:1b:2d:b2:66:33:43:d3:38:dc:f6:cb:b1:6c:
                    b8:c7:61:49:bd:cf:ad:9e:7e:53:fa:7e:09:7d:98:
                    95:45:76:df:01:98:1f:5b:d1:fd:aa:e1:47:07:73:
                    80:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:E8:5F:97:E7:44:3C:60:5D:28:23:A0:97:B4:6D:F1:FD:D7:C3:CF
            X509v3 Authority Key Identifier:
                keyid:64:19:75:58:3B:25:03:62:C8:15:0F:63:AD:B3:0A:0F:6A:0C:6F:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/DOhfl-dEPGBdKCOgl7Rt8f3Xw88.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.220.128.0/20
                  77.111.112.0/22
                  77.111.124.0/22
                  80.64.64.0/20
                  109.74.48.0/20
                  194.152.130.0/23
                  194.152.133.0-194.152.139.255
                  194.152.143.0-194.152.146.255
                IPv6:
                  2a02:d400::/29

    Signature Algorithm: sha256WithRSAEncryption
         8b:74:1f:ff:b4:57:4b:67:30:f1:e6:74:69:9e:94:26:0b:40:
         0b:09:a0:0e:39:29:f6:b2:ff:10:08:95:2a:0f:33:de:64:d5:
         dd:c2:06:9d:fa:f5:fb:12:2d:ea:71:3d:c1:c5:0e:7b:0a:26:
         1d:3c:9d:65:43:62:a8:f7:80:c0:0b:bf:33:3a:bf:47:5b:4e:
         59:7b:99:14:76:e8:f1:6d:3f:c8:65:8f:89:c6:00:09:e8:ab:
         eb:7a:f4:b4:47:92:25:f9:86:ab:5d:08:d1:f2:91:53:54:a3:
         95:bf:63:3b:aa:e3:02:7c:bd:40:63:03:2f:e3:18:19:88:35:
         a1:43:3d:c1:e0:b1:c2:fa:35:f0:f1:68:47:87:3d:f8:e8:8d:
         eb:76:37:23:c5:32:60:3a:93:94:d2:be:58:b7:e4:65:86:9f:
         bc:e6:e6:79:1b:66:46:9a:fb:fc:52:a5:1f:a8:93:47:e5:1c:
         f0:43:83:0b:52:0b:eb:98:53:49:2d:ef:19:98:36:6c:d0:c4:
         b4:c8:cb:b0:bd:9c:a9:2a:b0:3c:2e:dc:18:68:3d:f2:c4:71:
         9a:e0:61:e2:f6:9e:83:7b:2e:05:e5:c5:b4:2f:13:f4:ca:58:
         39:3f:50:68:23:42:ac:de:44:17:79:62:85:44:67:53:d6:1e:
         30:50:88:fd
-----BEGIN CERTIFICATE-----
MIIFRjCCBC6gAwIBAgISAZEOG75g1kgzEAIMQ/9ykvelMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0MTk3NTU4M2IyNTAzNjJjODE1MGY2M2FkYjMwYTBmNmEw
YzZmYzMwHhcNMjQwODAxMTMyMzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2U4NWY5N2U3NDQzYzYwNWQyODIzYTA5N2I0NmRmMWZkZDdjM2NmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtBde5bhyQSehrcFN6IlNaOVOai5y
QhJGNJqo0GChhhGYkAqYxn/g7bWVEHLTfMCTs7dw1T2Muz97uL/H4rYx7qT2AVRT
+mwCZWKXKHpFoepXSTbBm48GMkNftDpDdUmiRCr8cQlI6632xuLxlNg6oAQtxnlT
512JgObgNEqC9p3rG/9kr0ahaGsXPe4/ilNxxALXTI2mtvT118jj0uP/IqGnO/7o
kssC7oQddd76tmXlnjIaccogvq7FF+WfsVPfrszzrV/xs1SmF3QZkVpOqyVU8hst
smYzQ9M43PbLsWy4x2FJvc+tnn5T+n4JfZiVRXbfAZgfW9H9quFHB3OAYwIDAQAB
o4ICUjCCAk4wHQYDVR0OBBYEFAzoX5fnRDxgXSgjoJe0bfH918PPMB8GA1UdIwQY
MBaAFGQZdVg7JQNiyBUPY62zCg9qDG/DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkJsMVdEc2xBMkxJRlE5anJiTUtEMm9NYjhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC85OGE1ZWQtOTA1ZS00YmZhLTkxNTQt
ZjFjMzNhYTJmZDUwLzEvRE9oZmwtZEVQR0JkS0NPZ2w3UnQ4ZjNYdzg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC85OGE1ZWQtOTA1ZS00YmZhLTkxNTQtZjFjMzNhYTJmZDUw
LzEvWkJsMVdEc2xBMkxJRlE5anJiTUtEMm9NYjhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGgGCCsGAQUFBwEHAQH/BFkwVzBGBAIAATBAAwQEJdyAAwQC
TW9wAwQCTW98AwQEUEBAAwQEbUowAwQBwpiCMAwDBADCmIUDBALCmIgwDAMEAMKY
jwMEAMKYkjANBAIAAjAHAwUDKgLUADANBgkqhkiG9w0BAQsFAAOCAQEAi3Qf/7RX
S2cw8eZ0aZ6UJgtACwmgDjkp9rL/EAiVKg8z3mTV3cIGnfr1+xIt6nE9wcUOewom
HTydZUNiqPeAwAu/Mzq/R1tOWXuZFHbo8W0/yGWPicYACeir63r0tEeSJfmGq10I
0fKRU1Sjlb9jO6rjAny9QGMDL+MYGYg1oUM9weCxwvo18PFoR4c9+OiN63Y3I8Uy
YDqTlNK+WLfkZYafvObmeRtmRpr7/FKlH6iTR+Uc8EODC1IL65hTSS3vGZg2bNDE
tMjLsL2cqSqwPC7cGGg98sRxmuBh4vaeg3suBeXFtC8T9MpYOT9QaCNCrN5EF3li
hURnU9YeMFCI/Q==