Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/220318-46f1-4ebf-a795-dd4a217d606b/1/z-m8hBN961cQ-KC_xIxKx8pOypQ.roa
File:                     z-m8hBN961cQ-KC_xIxKx8pOypQ.roa (raw, json)
Hash identifier:          0G4beV7GETbRghYumAraqISKNNCXU18uWBqs9qM0wMU=
Subject key identifier:   CF:E9:BC:84:13:7D:EB:57:10:F8:A0:BF:C4:8C:4A:C7:CA:4E:CA:94
Certificate issuer:       /CN=bb8d64a0dc21996b1c99e68cc951694e293edefe
Certificate serial:       018CC6B796D18CA2ECCE17E6DB35D6C9B568
Authority key identifier: BB:8D:64:A0:DC:21:99:6B:1C:99:E6:8C:C9:51:69:4E:29:3E:DE:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u41koNwhmWscmeaMyVFpTik-3v4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/220318-46f1-4ebf-a795-dd4a217d606b/1/z-m8hBN961cQ-KC_xIxKx8pOypQ.roa
Signing time:             Mon 01 Jan 2024 20:29:29 +0000
ROA not before:           Mon 01 Jan 2024 20:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29286
IP address blocks:        185.71.116.0/24 maxlen: 24
                          185.71.118.0/24 maxlen: 24
                          185.71.117.0/24 maxlen: 24
                          185.71.119.0/24 maxlen: 24
                          212.50.35.0/24 maxlen: 24
                          212.50.43.0/24 maxlen: 24
                          212.50.42.0/24 maxlen: 24
                          212.50.51.0/24 maxlen: 24
                          212.50.50.0/24 maxlen: 24
                          212.50.47.0/24 maxlen: 24
                          212.50.46.0/24 maxlen: 24
                          212.50.49.0/24 maxlen: 24
                          212.50.48.0/24 maxlen: 24
                          212.50.45.0/24 maxlen: 24
                          212.50.58.0/24 maxlen: 24
                          212.50.57.0/24 maxlen: 24
                          212.50.53.0/24 maxlen: 24
                          212.50.56.0/24 maxlen: 24
                          212.50.52.0/24 maxlen: 24
                          212.50.60.0/24 maxlen: 24
                          212.50.63.0/24 maxlen: 24
                          212.50.62.0/24 maxlen: 24
                          212.50.59.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Wed 28 Feb 2024 09:06:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:96:d1:8c:a2:ec:ce:17:e6:db:35:d6:c9:b5:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bb8d64a0dc21996b1c99e68cc951694e293edefe
        Validity
            Not Before: Jan  1 20:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cfe9bc84137deb5710f8a0bfc48c4ac7ca4eca94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:89:dc:69:09:69:35:ba:0f:28:a5:3e:8d:9c:
                    b1:99:42:c0:d7:8b:2a:30:ea:a0:c9:5b:d6:dd:3e:
                    a9:3b:70:5e:78:5f:b6:c5:29:29:6a:74:5b:48:54:
                    1f:fc:4d:b9:95:34:3c:14:bc:74:71:06:e0:73:2a:
                    5f:fc:1f:b9:cd:7e:df:1b:0e:41:fb:e9:2d:0e:05:
                    be:3a:1e:cf:6f:5c:a7:a5:ed:5d:ef:55:b9:2c:4d:
                    6b:7b:49:5e:37:be:fa:38:cd:b4:89:7f:32:b7:50:
                    75:0f:6e:ce:a9:ee:08:51:c7:f0:81:29:69:e7:c9:
                    96:5a:81:63:a4:00:fe:c0:98:b6:f8:69:24:21:07:
                    01:bd:72:ec:c6:83:d2:f8:a1:bc:eb:75:49:3f:dd:
                    b8:01:a6:8e:d0:b9:6b:c4:ad:85:a2:f5:ae:eb:f3:
                    11:8d:67:dd:cd:58:0a:32:b6:c5:9a:98:ed:bc:94:
                    a7:4b:3e:67:2a:b7:df:40:2f:c1:58:24:ef:2e:48:
                    4f:ac:fe:87:5a:5d:85:db:1b:ce:20:f6:17:87:9b:
                    b3:71:e4:19:62:74:9b:f8:d4:dc:c5:7e:82:64:ad:
                    4a:77:03:1d:f1:c0:26:7c:f2:69:e3:38:43:24:eb:
                    bf:8e:08:75:e2:82:65:93:dd:37:34:57:61:fe:0f:
                    6e:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:E9:BC:84:13:7D:EB:57:10:F8:A0:BF:C4:8C:4A:C7:CA:4E:CA:94
            X509v3 Authority Key Identifier:
                keyid:BB:8D:64:A0:DC:21:99:6B:1C:99:E6:8C:C9:51:69:4E:29:3E:DE:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u41koNwhmWscmeaMyVFpTik-3v4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/220318-46f1-4ebf-a795-dd4a217d606b/1/z-m8hBN961cQ-KC_xIxKx8pOypQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/220318-46f1-4ebf-a795-dd4a217d606b/1/u41koNwhmWscmeaMyVFpTik-3v4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.71.116.0/22
                  212.50.35.0/24
                  212.50.42.0/23
                  212.50.45.0-212.50.53.255
                  212.50.56.0-212.50.60.255
                  212.50.62.0/23

    Signature Algorithm: sha256WithRSAEncryption
         56:18:65:b9:61:2a:f4:cf:1d:fb:ad:07:7f:83:80:c6:62:0e:
         4f:0b:13:d5:33:39:ae:e0:54:fb:00:5f:6e:78:cc:4d:b9:c7:
         26:3d:7a:cf:67:b5:b1:64:a8:eb:c5:29:78:8f:58:a7:37:fa:
         72:65:55:e3:70:8d:04:15:a0:3d:f3:3e:85:fc:f8:f9:c6:78:
         82:17:62:4b:74:df:8f:d8:1c:23:a9:41:90:1f:1f:80:20:47:
         b7:21:ef:62:d3:84:df:4f:95:62:f1:db:58:26:98:8a:b4:49:
         4f:12:18:ec:5e:8e:69:d9:e3:e0:8d:0d:96:e8:a2:c1:6f:80:
         a3:19:e9:d1:ef:6d:cc:78:3e:ee:9f:ab:42:71:ca:10:de:4d:
         bd:5e:2f:06:7f:28:8e:75:fc:8c:ec:0c:f6:7b:35:2e:a0:92:
         53:bd:46:06:ea:18:20:44:93:88:b2:13:b3:e4:ef:e1:c5:30:
         0e:38:71:8f:a7:e2:af:d4:4a:58:ed:e7:5b:e1:24:65:3f:8a:
         9c:fe:8d:ab:5f:39:db:30:64:3d:3c:e4:c0:25:c9:08:9e:54:
         0f:3e:04:ff:1e:a9:25:fc:43:92:3e:3c:6c:ea:8e:1d:13:62:
         d0:be:c2:7d:04:11:56:7c:ee:a5:ad:80:04:fa:84:82:ea:4b:
         f5:bd:11:e7
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAYzGt5bRjKLszhfm2zXWybVoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiOGQ2NGEwZGMyMTk5NmIxYzk5ZTY4Y2M5NTE2OTRlMjkz
ZWRlZmUwHhcNMjQwMTAxMjAyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmU5YmM4NDEzN2RlYjU3MTBmOGEwYmZjNDhjNGFjN2NhNGVjYTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvYncaQlpNboPKKU+jZyxmULA14sq
MOqgyVvW3T6pO3BeeF+2xSkpanRbSFQf/E25lTQ8FLx0cQbgcypf/B+5zX7fGw5B
++ktDgW+Oh7Pb1ynpe1d71W5LE1re0leN776OM20iX8yt1B1D27Oqe4IUcfwgSlp
58mWWoFjpAD+wJi2+GkkIQcBvXLsxoPS+KG863VJP924AaaO0LlrxK2FovWu6/MR
jWfdzVgKMrbFmpjtvJSnSz5nKrffQC/BWCTvLkhPrP6HWl2F2xvOIPYXh5uzceQZ
YnSb+NTcxX6CZK1KdwMd8cAmfPJp4zhDJOu/jgh14oJlk903NFdh/g9u4QIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFM/pvIQTfetXEPigv8SMSsfKTsqUMB8GA1UdIwQY
MBaAFLuNZKDcIZlrHJnmjMlRaU4pPt7+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTQxa29Od2htV3NjbWVhTXlWRnBUaWstM3Y0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC8yMjAzMTgtNDZmMS00ZWJmLWE3OTUt
ZGQ0YTIxN2Q2MDZiLzEvei1tOGhCTjk2MWNRLUtDX3hJeEt4OHBPeXBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC8yMjAzMTgtNDZmMS00ZWJmLWE3OTUtZGQ0YTIxN2Q2MDZi
LzEvdTQxa29Od2htV3NjbWVhTXlWRnBUaWstM3Y0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDA6BAIAATA0AwQCuUd0AwQA
1DIjAwQB1DIqMAwDBADUMi0DBAHUMjQwDAMEA9QyOAMEANQyPAMEAdQyPjANBgkq
hkiG9w0BAQsFAAOCAQEAVhhluWEq9M8d+60Hf4OAxmIOTwsT1TM5ruBU+wBfbnjM
TbnHJj16z2e1sWSo68UpeI9Ypzf6cmVV43CNBBWgPfM+hfz4+cZ4ghdiS3Tfj9gc
I6lBkB8fgCBHtyHvYtOE30+VYvHbWCaYirRJTxIY7F6Oadnj4I0NluiiwW+Aoxnp
0e9tzHg+7p+rQnHKEN5NvV4vBn8ojnX8jOwM9ns1LqCSU71GBuoYIESTiLITs+Tv
4cUwDjhxj6fir9RKWO3nW+EkZT+KnP6Nq1852zBkPTzkwCXJCJ5UDz4E/x6pJfxD
kj48bOqOHRNi0L7CfQQRVnzupa2ABPqEgupL9b0R5w==
-----END CERTIFICATE-----