Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/c861c8-c89a-4043-a02d-664f04d2a68d/1/UJKnKwC4jhZfY0hvsnG0MbZdzmQ.roa
File:                     UJKnKwC4jhZfY0hvsnG0MbZdzmQ.roa (raw, json)
Hash identifier:          yDPO1+yc7p5sKvmPinpe6pl+GxdhbgbVsfSLuTZDpgM=
Subject key identifier:   50:92:A7:2B:00:B8:8E:16:5F:63:48:6F:B2:71:B4:31:B6:5D:CE:64
Certificate issuer:       /CN=dc02b18f588a50b9274fe3469ff8bd4a1649d74d
Certificate serial:       0189ABB97DD7A56FE109AC4C3CF56B96D91B
Authority key identifier: DC:02:B1:8F:58:8A:50:B9:27:4F:E3:46:9F:F8:BD:4A:16:49:D7:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3AKxj1iKULknT-NGn_i9ShZJ100.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/c861c8-c89a-4043-a02d-664f04d2a68d/1/UJKnKwC4jhZfY0hvsnG0MbZdzmQ.roa
Signing time:             Mon 31 Jul 2023 11:33:27 +0000
ROA not before:           Mon 31 Jul 2023 11:33:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     56484
IP address blocks:        93.187.39.0/24 maxlen: 24
                          185.52.116.0/22 maxlen: 22
                          185.52.117.0/24 maxlen: 24
                          185.52.118.0/24 maxlen: 24
                          185.52.119.0/24 maxlen: 24
                          93.187.37.0/24 maxlen: 24
                          93.187.38.0/24 maxlen: 24
                          93.187.32.0/21 maxlen: 21
                          93.187.32.0/24 maxlen: 24
                          93.187.33.0/24 maxlen: 24
                          93.187.34.0/24 maxlen: 24
                          93.187.35.0/24 maxlen: 24
                          93.187.36.0/24 maxlen: 24
                          2a00:dd00:6::/48 maxlen: 48
                          2a00:dd00:7::/48 maxlen: 48
                          2a00:dd00:5::/48 maxlen: 48
                          2a00:dd00::/32 maxlen: 32
                          2a00:dd00:4::/48 maxlen: 48
                          2a00:dd00:3::/48 maxlen: 48

Validation:               Failed, certificate revoked on Sat 05 Aug 2023 10:01:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:ab:b9:7d:d7:a5:6f:e1:09:ac:4c:3c:f5:6b:96:d9:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc02b18f588a50b9274fe3469ff8bd4a1649d74d
        Validity
            Not Before: Jul 31 11:33:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5092a72b00b88e165f63486fb271b431b65dce64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:38:0a:b0:dc:4e:85:ff:10:5e:e5:e3:60:de:
                    32:6b:23:26:e0:8d:ed:3c:22:f2:46:71:eb:5d:32:
                    33:8c:d8:f9:d8:a9:a7:b2:94:6d:f1:af:65:c3:7b:
                    2e:b6:eb:c9:d1:89:81:9e:34:b8:c3:a6:df:2e:24:
                    0c:32:41:62:d7:05:67:7c:80:d0:b0:d2:9a:6c:c0:
                    75:58:64:40:16:a7:19:3e:b9:3a:b2:05:61:71:6b:
                    dd:8a:3f:ed:c7:e2:48:79:12:2f:97:bd:95:1b:77:
                    ca:11:c3:50:f3:52:53:80:ee:6e:0e:05:ad:cb:6c:
                    ef:b6:ea:61:33:6c:41:de:2e:31:e9:8f:74:ff:3c:
                    ec:5b:4b:08:74:0f:74:10:ec:48:cb:68:9e:bc:2d:
                    78:d8:52:54:82:6f:7a:47:10:5f:c7:79:f9:9c:59:
                    68:d0:a0:ea:29:da:9a:19:24:ed:e8:b7:96:1e:f5:
                    f6:9d:b2:62:7c:b6:5f:9b:61:a9:7e:0e:31:53:ae:
                    f8:90:3a:ad:e0:f1:70:e1:74:b5:91:f3:c7:3b:87:
                    d3:14:78:89:d8:cc:86:95:36:97:97:fe:b4:4c:14:
                    83:a5:19:66:83:f7:16:c7:5f:6b:ee:b0:40:ed:0d:
                    5b:dc:75:ac:ad:50:c1:e5:a4:5b:cd:99:f4:99:d8:
                    a1:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:92:A7:2B:00:B8:8E:16:5F:63:48:6F:B2:71:B4:31:B6:5D:CE:64
            X509v3 Authority Key Identifier:
                keyid:DC:02:B1:8F:58:8A:50:B9:27:4F:E3:46:9F:F8:BD:4A:16:49:D7:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3AKxj1iKULknT-NGn_i9ShZJ100.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/c861c8-c89a-4043-a02d-664f04d2a68d/1/UJKnKwC4jhZfY0hvsnG0MbZdzmQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/c861c8-c89a-4043-a02d-664f04d2a68d/1/3AKxj1iKULknT-NGn_i9ShZJ100.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.187.32.0/21
                  185.52.116.0/22
                IPv6:
                  2a00:dd00::/32

    Signature Algorithm: sha256WithRSAEncryption
         2b:9f:c1:f9:e5:61:be:f9:b7:b4:c6:0a:c6:9e:6b:ab:56:4c:
         7a:3d:26:31:77:53:a3:79:f4:ff:d3:8c:6d:10:46:54:c4:bc:
         9e:5d:7e:2a:89:3f:cb:08:74:80:9d:5b:69:26:a6:ac:c3:bf:
         06:bf:5d:f5:58:8b:b2:63:2b:56:ed:82:71:eb:d1:f2:53:64:
         62:da:7f:43:40:d5:d5:0a:7a:7f:0d:76:be:81:f5:82:5a:be:
         7b:8c:91:f8:dc:5e:b5:3b:51:95:89:f3:35:ee:70:c9:4f:ca:
         e0:21:dd:b0:fe:32:6b:4f:d0:f2:56:1b:36:30:60:d6:5a:e0:
         9e:ce:8f:1f:3a:30:21:da:d4:1a:67:7e:90:e5:5c:5b:2e:7a:
         73:75:5c:6c:9b:c4:e4:30:43:3b:c5:b8:5c:42:48:f4:eb:c4:
         6a:bf:34:3d:07:7f:74:f4:dc:00:a8:f7:e2:46:3c:aa:b5:40:
         e1:d6:de:52:9b:4b:46:30:9a:96:0a:6a:5d:f0:4c:c1:c0:e0:
         f8:ec:14:29:25:b0:9c:a9:5f:a5:21:16:8f:e0:58:70:3c:cb:
         9f:f5:24:ba:dd:0b:ba:76:30:55:10:8a:ee:7e:b9:d2:56:47:
         eb:47:f2:7f:9b:80:b4:c6:4b:2c:8f:4f:7a:6c:f3:93:6d:b7:
         8b:1e:f2:1b
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYmruX3XpW/hCaxMPPVrltkbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjMDJiMThmNTg4YTUwYjkyNzRmZTM0NjlmZjhiZDRhMTY0
OWQ3NGQwHhcNMjMwNzMxMTEzMzI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDkyYTcyYjAwYjg4ZTE2NWY2MzQ4NmZiMjcxYjQzMWI2NWRjZTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApTgKsNxOhf8QXuXjYN4yayMm4I3t
PCLyRnHrXTIzjNj52KmnspRt8a9lw3sutuvJ0YmBnjS4w6bfLiQMMkFi1wVnfIDQ
sNKabMB1WGRAFqcZPrk6sgVhcWvdij/tx+JIeRIvl72VG3fKEcNQ81JTgO5uDgWt
y2zvtuphM2xB3i4x6Y90/zzsW0sIdA90EOxIy2ievC142FJUgm96RxBfx3n5nFlo
0KDqKdqaGSTt6LeWHvX2nbJifLZfm2Gpfg4xU674kDqt4PFw4XS1kfPHO4fTFHiJ
2MyGlTaXl/60TBSDpRlmg/cWx19r7rBA7Q1b3HWsrVDB5aRbzZn0mdihAQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFFCSpysAuI4WX2NIb7JxtDG2Xc5kMB8GA1UdIwQY
MBaAFNwCsY9YilC5J0/jRp/4vUoWSddNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0FLeGoxaUtVTGtuVC1OR25faTlTaFpKMTAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9jODYxYzgtYzg5YS00MDQzLWEwMmQt
NjY0ZjA0ZDJhNjhkLzEvVUpLbkt3QzRqaFpmWTBodnNuRzBNYlpkem1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9jODYxYzgtYzg5YS00MDQzLWEwMmQtNjY0ZjA0ZDJhNjhk
LzEvM0FLeGoxaUtVTGtuVC1OR25faTlTaFpKMTAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDXbsgAwQC
uTR0MA0EAgACMAcDBQAqAN0AMA0GCSqGSIb3DQEBCwUAA4IBAQArn8H55WG++be0
xgrGnmurVkx6PSYxd1OjefT/04xtEEZUxLyeXX4qiT/LCHSAnVtpJqasw78Gv131
WIuyYytW7YJx69HyU2Ri2n9DQNXVCnp/DXa+gfWCWr57jJH43F61O1GVifM17nDJ
T8rgId2w/jJrT9DyVhs2MGDWWuCezo8fOjAh2tQaZ36Q5VxbLnpzdVxsm8TkMEM7
xbhcQkj068RqvzQ9B3909NwAqPfiRjyqtUDh1t5Sm0tGMJqWCmpd8EzBwOD47BQp
JbCcqV+lIRaP4FhwPMuf9SS63Qu6djBVEIrufrnSVkfrR/J/m4C0xkssj096bPOT
bbeLHvIb
-----END CERTIFICATE-----