Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/xzXqjVWNTKd54EBaWP1L7zr-PVc.roa
File:                     xzXqjVWNTKd54EBaWP1L7zr-PVc.roa (raw, json)
Hash identifier:          iSLpy+pZYLekvVDZlxeKEwAPjyX0XWPjTL9v0KiOybQ=
Subject key identifier:   C7:35:EA:8D:55:8D:4C:A7:79:E0:40:5A:58:FD:4B:EF:3A:FE:3D:57
Certificate issuer:       /CN=5dd6f6d299bcdec73d13f2d842fc1df4bc1ee2d3
Certificate serial:       0190E37095031D80C4D771628BAED087EC76
Authority key identifier: 5D:D6:F6:D2:99:BC:DE:C7:3D:13:F2:D8:42:FC:1D:F4:BC:1E:E2:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xdb20pm83sc9E_LYQvwd9Lwe4tM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/xzXqjVWNTKd54EBaWP1L7zr-PVc.roa
Signing time:             Wed 24 Jul 2024 06:32:04 +0000
ROA not before:           Wed 24 Jul 2024 06:32:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43700
IP address blocks:        31.172.224.0/22 maxlen: 22
                          31.172.224.0/23 maxlen: 23
                          31.172.226.0/23 maxlen: 23
                          45.84.244.0/22 maxlen: 22
                          45.84.244.0/23 maxlen: 23
                          78.158.0.0/19 maxlen: 19
                          78.158.0.0/20 maxlen: 20
                          78.158.16.0/20 maxlen: 20
                          91.200.252.0/22 maxlen: 24
                          95.215.140.0/22 maxlen: 22
                          95.215.140.0/23 maxlen: 23
                          95.215.142.0/23 maxlen: 23
                          185.246.240.0/22 maxlen: 22
                          185.246.240.0/23 maxlen: 23
                          185.246.242.0/23 maxlen: 23
                          185.252.108.0/22 maxlen: 22
                          185.252.108.0/23 maxlen: 23
                          185.252.110.0/23 maxlen: 23
                          185.252.204.0/22 maxlen: 22
                          185.252.204.0/23 maxlen: 23
                          185.252.206.0/23 maxlen: 23

Validation:               Failed, certificate revoked on Wed 24 Jul 2024 13:32:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:e3:70:95:03:1d:80:c4:d7:71:62:8b:ae:d0:87:ec:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5dd6f6d299bcdec73d13f2d842fc1df4bc1ee2d3
        Validity
            Not Before: Jul 24 06:32:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c735ea8d558d4ca779e0405a58fd4bef3afe3d57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:63:6c:d1:24:35:cd:b6:cd:9a:9f:fc:c7:21:
                    e3:c2:84:fe:c1:c0:5d:66:67:8e:1e:3b:26:a8:87:
                    78:e0:e9:65:fc:b5:aa:02:4d:55:7a:d2:4b:af:cc:
                    53:ee:38:4b:71:e8:08:dd:f9:9e:43:de:f1:dc:41:
                    93:1c:1a:87:e4:4b:8b:29:dd:c9:ef:86:40:c5:b2:
                    c6:cf:67:87:3a:ad:1a:7f:56:6c:78:b7:82:ad:57:
                    4a:30:01:18:30:2e:9c:8c:ce:b9:cd:2c:f4:31:50:
                    26:14:27:2b:06:f6:ba:57:ed:95:94:f1:ba:cc:9e:
                    cb:2f:95:80:83:6f:f8:a4:b2:04:1e:f9:4d:e9:4b:
                    8f:41:10:42:ec:ce:30:8a:1b:dd:44:2b:82:22:b4:
                    83:bd:f3:aa:fe:b2:b1:58:86:d1:14:6f:d9:b5:97:
                    e7:75:fc:49:76:25:95:be:a7:6a:3c:7c:3a:6c:d7:
                    40:0a:01:ff:a8:f9:41:e1:6e:40:cd:e2:64:77:b5:
                    db:0d:60:b1:4e:33:e6:b6:17:d6:32:c6:e8:b1:c8:
                    72:63:e1:33:5f:bf:07:13:dc:0d:c3:8a:5f:44:81:
                    78:c2:cc:d9:63:93:8f:8e:2d:52:d1:6c:f2:40:1a:
                    3e:dd:60:6f:6b:bc:f5:3c:12:92:e5:6b:5e:9c:b5:
                    84:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:35:EA:8D:55:8D:4C:A7:79:E0:40:5A:58:FD:4B:EF:3A:FE:3D:57
            X509v3 Authority Key Identifier:
                keyid:5D:D6:F6:D2:99:BC:DE:C7:3D:13:F2:D8:42:FC:1D:F4:BC:1E:E2:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xdb20pm83sc9E_LYQvwd9Lwe4tM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/xzXqjVWNTKd54EBaWP1L7zr-PVc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/Xdb20pm83sc9E_LYQvwd9Lwe4tM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.172.224.0/22
                  45.84.244.0/22
                  78.158.0.0/19
                  91.200.252.0/22
                  95.215.140.0/22
                  185.246.240.0/22
                  185.252.108.0/22
                  185.252.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         33:fd:68:21:aa:71:6c:7f:99:31:eb:95:87:ed:6a:8a:9e:2b:
         51:55:0a:58:a9:aa:13:2e:33:b7:86:f5:2c:07:b8:ba:15:7b:
         04:78:77:1a:20:16:e7:07:f1:61:2b:4d:e5:13:4a:56:00:3a:
         a1:45:f7:81:7b:94:64:2e:72:f9:94:71:b1:a1:46:30:13:49:
         1c:ff:dd:3a:d2:22:af:a6:11:2c:5a:25:bf:04:27:de:a3:71:
         0c:db:30:ed:8b:f4:6e:24:a9:bd:85:0e:ef:78:52:4e:dc:39:
         46:31:7b:d1:e9:8a:d5:1d:17:b2:88:9a:1d:90:29:78:6b:88:
         6c:05:9e:47:9d:6e:0d:49:46:81:55:c8:c0:b7:46:b2:bc:f4:
         2c:c5:8a:19:c0:4f:df:21:ad:12:36:e7:1a:d2:f4:bb:0d:83:
         fc:a7:e3:e5:92:23:81:58:3e:b3:83:68:87:1f:c4:85:e3:84:
         02:7c:60:57:71:3e:99:54:c1:86:b2:cb:44:8e:75:79:4b:76:
         5b:41:f6:a8:8b:d0:c3:71:43:ca:ef:cc:ca:57:97:16:31:8f:
         cb:6a:b6:70:54:3c:48:0c:2f:c9:e8:b3:e5:38:79:91:4e:94:
         e0:7a:63:7c:3d:5f:7d:d7:2c:f5:07:c5:3a:de:1e:5b:4e:7f:
         02:f5:b7:0c
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZDjcJUDHYDE13Fii67Qh+x2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZDZmNmQyOTliY2RlYzczZDEzZjJkODQyZmMxZGY0YmMx
ZWUyZDMwHhcNMjQwNzI0MDYzMjA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzM1ZWE4ZDU1OGQ0Y2E3NzllMDQwNWE1OGZkNGJlZjNhZmUzZDU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxmNs0SQ1zbbNmp/8xyHjwoT+wcBd
ZmeOHjsmqId44Oll/LWqAk1VetJLr8xT7jhLcegI3fmeQ97x3EGTHBqH5EuLKd3J
74ZAxbLGz2eHOq0af1ZseLeCrVdKMAEYMC6cjM65zSz0MVAmFCcrBva6V+2VlPG6
zJ7LL5WAg2/4pLIEHvlN6UuPQRBC7M4wihvdRCuCIrSDvfOq/rKxWIbRFG/ZtZfn
dfxJdiWVvqdqPHw6bNdACgH/qPlB4W5AzeJkd7XbDWCxTjPmthfWMsboschyY+Ez
X78HE9wNw4pfRIF4wszZY5OPji1S0WzyQBo+3WBva7z1PBKS5WtenLWEmQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFMc16o1VjUyneeBAWlj9S+86/j1XMB8GA1UdIwQY
MBaAFF3W9tKZvN7HPRPy2EL8HfS8HuLTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGRiMjBwbTgzc2M5RV9MWVF2d2Q5THdlNHRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC9hNGI0NDYtYmI3Mi00NWJlLWJjNDYt
NTFmNWZmODFjMTE3LzEveHpYcWpWV05US2Q1NEVCYVdQMUw3enItUFZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC9hNGI0NDYtYmI3Mi00NWJlLWJjNDYtNTFmNWZmODFjMTE3
LzEvWGRiMjBwbTgzc2M5RV9MWVF2d2Q5THdlNHRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQCH6zgAwQC
LVT0AwQFTp4AAwQCW8j8AwQCX9eMAwQCufbwAwQCufxsAwQCufzMMA0GCSqGSIb3
DQEBCwUAA4IBAQAz/WghqnFsf5kx65WH7WqKnitRVQpYqaoTLjO3hvUsB7i6FXsE
eHcaIBbnB/FhK03lE0pWADqhRfeBe5RkLnL5lHGxoUYwE0kc/9060iKvphEsWiW/
BCfeo3EM2zDti/RuJKm9hQ7veFJO3DlGMXvR6YrVHReyiJodkCl4a4hsBZ5HnW4N
SUaBVcjAt0ayvPQsxYoZwE/fIa0SNuca0vS7DYP8p+PlkiOBWD6zg2iHH8SF44QC
fGBXcT6ZVMGGsstEjnV5S3ZbQfaoi9DDcUPK78zKV5cWMY/LarZwVDxIDC/J6LPl
OHmRTpTgemN8PV991yz1B8U63h5bTn8C9bcM
-----END CERTIFICATE-----