Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/bc1d14-15c8-48fd-9ec3-969c94de89a5/1/r-DfKG8m4n3QJbp-EW0JQDjX8uI.roa
File:                     r-DfKG8m4n3QJbp-EW0JQDjX8uI.roa (raw, json)
Hash identifier:          p2ejsWRhQdbbVloh9uUySQyTTd/1zNTNtg9ZIsXbHp0=
Subject key identifier:   AF:E0:DF:28:6F:26:E2:7D:D0:25:BA:7E:11:6D:09:40:38:D7:F2:E2
Certificate issuer:       /CN=2452ab1d2d29bac9d52eb479de64c0700fc6724f
Certificate serial:       018BDB86DFE69EF8A82AB495E25756CDAC12
Authority key identifier: 24:52:AB:1D:2D:29:BA:C9:D5:2E:B4:79:DE:64:C0:70:0F:C6:72:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JFKrHS0pusnVLrR53mTAcA_Gck8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/bc1d14-15c8-48fd-9ec3-969c94de89a5/1/r-DfKG8m4n3QJbp-EW0JQDjX8uI.roa
Signing time:             Fri 17 Nov 2023 04:25:31 +0000
ROA not before:           Fri 17 Nov 2023 04:25:31 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     202024
IP address blocks:        46.31.70.0/24 maxlen: 24
                          185.54.16.0/24 maxlen: 24
                          185.54.16.0/23 maxlen: 23
                          185.54.16.0/22 maxlen: 22
                          185.54.17.0/24 maxlen: 24
                          185.54.19.0/24 maxlen: 24
                          185.54.18.0/23 maxlen: 23
                          185.54.18.0/24 maxlen: 24
                          79.98.127.0/24 maxlen: 24
                          185.141.15.0/24 maxlen: 24
                          185.141.14.0/23 maxlen: 23
                          185.141.14.0/24 maxlen: 24
                          185.141.12.0/24 maxlen: 24
                          185.141.12.0/23 maxlen: 23
                          185.141.12.0/22 maxlen: 22
                          185.141.13.0/24 maxlen: 24
                          2a00:d30:16::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 10:32:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:db:86:df:e6:9e:f8:a8:2a:b4:95:e2:57:56:cd:ac:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2452ab1d2d29bac9d52eb479de64c0700fc6724f
        Validity
            Not Before: Nov 17 04:25:31 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=afe0df286f26e27dd025ba7e116d094038d7f2e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:65:27:b9:53:13:c8:35:33:ce:db:34:1b:96:
                    f3:79:fb:00:3a:0c:01:3f:f1:8f:a8:d6:eb:7d:13:
                    7e:c7:c8:d9:ee:f0:14:e6:5e:81:bc:0b:16:4b:30:
                    f9:eb:d2:95:cd:48:f5:49:ce:1a:24:77:aa:93:fb:
                    79:96:f1:b3:5a:40:d5:7a:d8:e1:b5:2c:f5:5d:aa:
                    aa:1e:ad:60:06:ac:13:9e:e6:d9:37:42:0d:ae:40:
                    08:6a:61:bc:b3:a0:43:07:bd:f2:b4:fb:e2:b6:e4:
                    21:4f:73:d6:3c:19:f8:36:4c:be:eb:dd:57:3b:69:
                    e0:5f:3f:c2:eb:90:cf:cc:55:d1:d4:7c:e1:7d:a3:
                    73:4f:89:5c:2f:5c:20:b6:f9:71:78:de:2c:ab:4f:
                    ae:97:41:b1:33:67:8f:3a:71:1a:71:43:62:18:da:
                    f3:3f:26:cc:36:43:39:a0:9a:0b:ca:69:db:b5:fa:
                    76:0a:c0:2a:90:1b:27:a0:86:a0:9e:b1:d3:79:b1:
                    62:f4:3d:2a:e1:6e:25:ab:e6:31:e9:26:93:8a:67:
                    89:13:2c:00:92:70:2a:60:8e:52:84:26:fd:17:28:
                    1b:5d:14:5b:e2:57:90:b6:5d:c2:77:7f:f1:a1:b3:
                    92:7b:4c:22:7d:ea:4d:28:65:fd:b0:1e:fc:31:08:
                    82:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:E0:DF:28:6F:26:E2:7D:D0:25:BA:7E:11:6D:09:40:38:D7:F2:E2
            X509v3 Authority Key Identifier:
                keyid:24:52:AB:1D:2D:29:BA:C9:D5:2E:B4:79:DE:64:C0:70:0F:C6:72:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JFKrHS0pusnVLrR53mTAcA_Gck8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/bc1d14-15c8-48fd-9ec3-969c94de89a5/1/r-DfKG8m4n3QJbp-EW0JQDjX8uI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/bc1d14-15c8-48fd-9ec3-969c94de89a5/1/JFKrHS0pusnVLrR53mTAcA_Gck8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.31.70.0/24
                  79.98.127.0/24
                  185.54.16.0/22
                  185.141.12.0/22
                IPv6:
                  2a00:d30:16::/48

    Signature Algorithm: sha256WithRSAEncryption
         b7:a3:a5:26:b8:88:b0:58:f6:db:a2:d9:f7:25:c8:48:7b:56:
         47:4b:c8:5e:7e:26:fa:47:f0:e2:ad:f0:00:69:56:0b:ff:8d:
         9e:8c:1c:af:b8:41:a4:14:42:1d:aa:55:2e:12:66:e0:6e:90:
         0e:7b:db:95:73:2e:20:0e:9a:f6:fa:bf:8b:fa:f8:1a:18:8b:
         36:25:3e:8f:f5:97:df:d1:2d:76:88:64:f9:3c:5d:9b:38:26:
         2c:36:ce:41:4f:fe:b9:4a:be:76:fe:d9:02:eb:7f:45:d8:64:
         5c:39:f1:04:19:d1:e5:55:d0:bd:a2:a3:65:8f:f2:f9:17:dc:
         4e:c2:8e:2e:f1:ae:bd:2b:76:3f:d5:b8:d6:f1:c4:b5:41:9f:
         00:72:c2:f7:03:1b:b2:2f:c8:67:4a:69:0c:3b:70:5f:87:e7:
         74:5d:98:09:7c:fd:a7:27:00:39:56:e2:61:ad:79:66:f2:71:
         c7:67:e2:1a:81:ce:0c:e4:e4:0b:87:74:20:c6:31:b4:0a:c1:
         e2:1d:c0:8c:bb:49:dc:97:a5:43:4b:d5:62:94:21:3a:d5:d9:
         e7:68:75:ba:bc:bb:cd:17:a2:42:96:08:e3:e9:97:f8:4b:87:
         09:d0:b9:b6:f6:39:ac:91:4e:25:8c:d3:50:22:ae:23:68:fd:
         50:49:da:60
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISAYvbht/mnvioKrSV4ldWzawSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0NTJhYjFkMmQyOWJhYzlkNTJlYjQ3OWRlNjRjMDcwMGZj
NjcyNGYwHhcNMjMxMTE3MDQyNTMxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmUwZGYyODZmMjZlMjdkZDAyNWJhN2UxMTZkMDk0MDM4ZDdmMmUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApGUnuVMTyDUzzts0G5bzefsAOgwB
P/GPqNbrfRN+x8jZ7vAU5l6BvAsWSzD569KVzUj1Sc4aJHeqk/t5lvGzWkDVetjh
tSz1XaqqHq1gBqwTnubZN0INrkAIamG8s6BDB73ytPvituQhT3PWPBn4Nky+691X
O2ngXz/C65DPzFXR1HzhfaNzT4lcL1wgtvlxeN4sq0+ul0GxM2ePOnEacUNiGNrz
PybMNkM5oJoLymnbtfp2CsAqkBsnoIagnrHTebFi9D0q4W4lq+Yx6SaTimeJEywA
knAqYI5ShCb9FygbXRRb4leQtl3Cd3/xobOSe0wifepNKGX9sB78MQiCKwIDAQAB
o4ICLDCCAigwHQYDVR0OBBYEFK/g3yhvJuJ90CW6fhFtCUA41/LiMB8GA1UdIwQY
MBaAFCRSqx0tKbrJ1S60ed5kwHAPxnJPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkZLckhTMHB1c25WTHJSNTNtVEFjQV9HY2s4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9iYzFkMTQtMTVjOC00OGZkLTllYzMt
OTY5Yzk0ZGU4OWE1LzEvci1EZktHOG00bjNRSmJwLUVXMEpRRGpYOHVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9iYzFkMTQtMTVjOC00OGZkLTllYzMtOTY5Yzk0ZGU4OWE1
LzEvSkZLckhTMHB1c25WTHJSNTNtVEFjQV9HY2s4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEIGCCsGAQUFBwEHAQH/BDMwMTAeBAIAATAYAwQALh9GAwQA
T2J/AwQCuTYQAwQCuY0MMA8EAgACMAkDBwAqAA0wABYwDQYJKoZIhvcNAQELBQAD
ggEBALejpSa4iLBY9tui2fclyEh7VkdLyF5+JvpH8OKt8ABpVgv/jZ6MHK+4QaQU
Qh2qVS4SZuBukA5725VzLiAOmvb6v4v6+BoYizYlPo/1l9/RLXaIZPk8XZs4Jiw2
zkFP/rlKvnb+2QLrf0XYZFw58QQZ0eVV0L2io2WP8vkX3E7Cji7xrr0rdj/VuNbx
xLVBnwBywvcDG7IvyGdKaQw7cF+H53RdmAl8/acnADlW4mGteWbyccdn4hqBzgzk
5AuHdCDGMbQKweIdwIy7SdyXpUNL1WKUITrV2edodbq8u80XokKWCOPpl/hLhwnQ
ubb2OayRTiWM01AiriNo/VBJ2mA=
-----END CERTIFICATE-----