Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/220318-46f1-4ebf-a795-dd4a217d606b/1/5DsYsJQAGEI2o5IzOclNStRtnRU.roa
File:                     5DsYsJQAGEI2o5IzOclNStRtnRU.roa (raw, json)
Hash identifier:          kQxQHzBNnzYJ0Ccj+iK/r/ptihrgCTMFSm+O/t0Jj5o=
Subject key identifier:   E4:3B:18:B0:94:00:18:42:36:A3:92:33:39:C9:4D:4A:D4:6D:9D:15
Certificate issuer:       /CN=bb8d64a0dc21996b1c99e68cc951694e293edefe
Certificate serial:       018CC6B7962F56EBC1D93B0C64A7850D879C
Authority key identifier: BB:8D:64:A0:DC:21:99:6B:1C:99:E6:8C:C9:51:69:4E:29:3E:DE:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u41koNwhmWscmeaMyVFpTik-3v4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/220318-46f1-4ebf-a795-dd4a217d606b/1/5DsYsJQAGEI2o5IzOclNStRtnRU.roa
Signing time:             Mon 01 Jan 2024 20:29:29 +0000
ROA not before:           Mon 01 Jan 2024 20:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7155
IP address blocks:        185.71.116.0/24 maxlen: 24
                          185.71.117.0/24 maxlen: 24
                          185.71.118.0/24 maxlen: 24
                          185.71.119.0/24 maxlen: 24
                          212.50.35.0/24 maxlen: 24
                          212.50.42.0/24 maxlen: 24
                          212.50.43.0/24 maxlen: 24
                          212.50.45.0/24 maxlen: 24
                          212.50.46.0/24 maxlen: 24
                          212.50.47.0/24 maxlen: 24
                          212.50.48.0/24 maxlen: 24
                          212.50.49.0/24 maxlen: 24
                          212.50.50.0/24 maxlen: 24
                          212.50.51.0/24 maxlen: 24
                          212.50.52.0/24 maxlen: 24
                          212.50.53.0/24 maxlen: 24
                          212.50.56.0/24 maxlen: 24
                          212.50.57.0/24 maxlen: 24
                          212.50.58.0/24 maxlen: 24
                          212.50.59.0/24 maxlen: 24
                          212.50.60.0/24 maxlen: 24
                          212.50.62.0/24 maxlen: 24
                          212.50.63.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Thu 02 Jan 2025 01:49:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:96:2f:56:eb:c1:d9:3b:0c:64:a7:85:0d:87:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bb8d64a0dc21996b1c99e68cc951694e293edefe
        Validity
            Not Before: Jan  1 20:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e43b18b09400184236a3923339c94d4ad46d9d15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:36:b4:99:33:7b:d0:bf:01:07:dc:52:7e:74:
                    b9:e5:24:4e:d9:86:72:b3:8e:1c:8f:4a:e6:c9:60:
                    fb:13:88:e2:3e:68:0e:ba:e5:12:12:1e:39:7d:a7:
                    65:d1:38:1a:72:c6:87:b0:77:6d:8e:3b:26:2f:d9:
                    d8:33:ef:3e:8d:b8:7a:62:53:76:b4:8f:5d:61:6a:
                    5c:a5:76:ae:79:54:65:f1:8f:d9:46:9a:4b:51:12:
                    b8:6a:22:bb:fe:7e:3e:5b:2c:91:b2:fe:09:ea:c7:
                    89:1e:85:f0:41:a1:58:d9:3c:a5:5a:89:8c:25:61:
                    2f:02:fc:41:1b:5f:94:ce:27:f2:34:e0:7a:0b:7f:
                    28:3d:d6:41:ad:64:f0:af:c3:68:e3:02:8e:92:df:
                    57:8e:cf:34:e0:78:78:a8:48:0b:3e:22:71:57:8e:
                    48:3a:70:3e:db:46:9d:6f:e8:c2:98:f8:66:c7:a3:
                    c8:f4:9c:1e:88:77:5a:b2:34:91:7e:94:99:56:70:
                    df:d7:b3:3f:bb:b9:a3:45:b7:1d:55:4c:f3:90:90:
                    f5:e3:cf:65:20:93:a6:05:9c:8c:54:af:9f:fc:57:
                    63:b4:05:db:ab:ba:31:00:ac:c3:5f:ba:3d:1d:5a:
                    c1:74:7b:2f:49:c6:7c:e3:c2:0d:3c:86:20:af:2c:
                    89:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:3B:18:B0:94:00:18:42:36:A3:92:33:39:C9:4D:4A:D4:6D:9D:15
            X509v3 Authority Key Identifier:
                keyid:BB:8D:64:A0:DC:21:99:6B:1C:99:E6:8C:C9:51:69:4E:29:3E:DE:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u41koNwhmWscmeaMyVFpTik-3v4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/220318-46f1-4ebf-a795-dd4a217d606b/1/5DsYsJQAGEI2o5IzOclNStRtnRU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/220318-46f1-4ebf-a795-dd4a217d606b/1/u41koNwhmWscmeaMyVFpTik-3v4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.71.116.0/22
                  212.50.35.0/24
                  212.50.42.0/23
                  212.50.45.0-212.50.53.255
                  212.50.56.0-212.50.60.255
                  212.50.62.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6f:6f:9e:e3:c4:97:83:5d:62:ff:ba:7b:26:34:72:8b:8e:b0:
         f8:b4:e6:a7:31:f5:1c:25:1b:dc:9d:e8:8d:11:55:af:e9:08:
         eb:10:80:4f:06:da:6e:91:62:11:6d:f3:0f:11:64:fc:97:84:
         38:c5:a6:d4:6f:b3:ba:59:8f:31:93:3f:aa:d6:60:3c:c6:3f:
         03:0a:4f:64:5a:1a:74:bd:d6:2f:93:d6:0f:4b:40:7c:9c:d4:
         d0:24:e7:58:24:26:76:46:13:d1:d6:24:53:97:9b:81:7b:d8:
         f7:2e:d1:d9:af:de:a5:e9:2f:52:b8:14:91:ad:ba:6b:10:6c:
         aa:4d:05:30:92:4d:5b:e8:9b:7f:0d:17:f0:fc:3f:0e:fe:f5:
         28:9a:78:08:4f:fb:42:05:15:21:d5:23:d2:74:51:68:0d:72:
         b8:16:f5:1e:c1:5a:71:ce:c9:be:7e:47:99:ab:8a:5e:c4:18:
         bd:e5:c1:38:df:12:02:5c:3d:a6:2d:9f:52:80:7f:53:b7:dd:
         7f:35:f3:f1:05:37:f5:a2:1d:6e:cf:87:7b:29:25:07:84:76:
         81:aa:6b:60:3e:47:d6:e8:42:9d:49:23:91:1e:f2:53:9a:bc:
         01:9c:26:aa:dc:5a:6b:27:59:69:91:5e:ae:c5:bb:17:26:da:
         d6:20:a3:67
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAYzGt5YvVuvB2TsMZKeFDYecMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiOGQ2NGEwZGMyMTk5NmIxYzk5ZTY4Y2M5NTE2OTRlMjkz
ZWRlZmUwHhcNMjQwMTAxMjAyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDNiMThiMDk0MDAxODQyMzZhMzkyMzMzOWM5NGQ0YWQ0NmQ5ZDE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4ja0mTN70L8BB9xSfnS55SRO2YZy
s44cj0rmyWD7E4jiPmgOuuUSEh45fadl0TgacsaHsHdtjjsmL9nYM+8+jbh6YlN2
tI9dYWpcpXaueVRl8Y/ZRppLURK4aiK7/n4+WyyRsv4J6seJHoXwQaFY2TylWomM
JWEvAvxBG1+UzifyNOB6C38oPdZBrWTwr8No4wKOkt9Xjs804Hh4qEgLPiJxV45I
OnA+20adb+jCmPhmx6PI9JweiHdasjSRfpSZVnDf17M/u7mjRbcdVUzzkJD1489l
IJOmBZyMVK+f/FdjtAXbq7oxAKzDX7o9HVrBdHsvScZ848INPIYgryyJ1QIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFOQ7GLCUABhCNqOSMznJTUrUbZ0VMB8GA1UdIwQY
MBaAFLuNZKDcIZlrHJnmjMlRaU4pPt7+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTQxa29Od2htV3NjbWVhTXlWRnBUaWstM3Y0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC8yMjAzMTgtNDZmMS00ZWJmLWE3OTUt
ZGQ0YTIxN2Q2MDZiLzEvNURzWXNKUUFHRUkybzVJek9jbE5TdFJ0blJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC8yMjAzMTgtNDZmMS00ZWJmLWE3OTUtZGQ0YTIxN2Q2MDZi
LzEvdTQxa29Od2htV3NjbWVhTXlWRnBUaWstM3Y0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDA6BAIAATA0AwQCuUd0AwQA
1DIjAwQB1DIqMAwDBADUMi0DBAHUMjQwDAMEA9QyOAMEANQyPAMEAdQyPjANBgkq
hkiG9w0BAQsFAAOCAQEAb2+e48SXg11i/7p7JjRyi46w+LTmpzH1HCUb3J3ojRFV
r+kI6xCATwbabpFiEW3zDxFk/JeEOMWm1G+zulmPMZM/qtZgPMY/AwpPZFoadL3W
L5PWD0tAfJzU0CTnWCQmdkYT0dYkU5ebgXvY9y7R2a/epekvUrgUka26axBsqk0F
MJJNW+ibfw0X8Pw/Dv71KJp4CE/7QgUVIdUj0nRRaA1yuBb1HsFacc7Jvn5HmauK
XsQYveXBON8SAlw9pi2fUoB/U7fdfzXz8QU39aIdbs+HeyklB4R2gaprYD5H1uhC
nUkjkR7yU5q8AZwmqtxaaydZaZFersW7Fyba1iCjZw==
-----END CERTIFICATE-----