Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/3UkbiFU3wqbbn4sjjWOojaTRDZo.roa
File:                     3UkbiFU3wqbbn4sjjWOojaTRDZo.roa (raw, json)
Hash identifier:          5lXzIeLsOu3xxEQPb44ZPzfyP1l7EHNwwPhKn9EbScQ=
Subject key identifier:   DD:49:1B:88:55:37:C2:A6:DB:9F:8B:23:8D:63:A8:8D:A4:D1:0D:9A
Certificate issuer:       /CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
Certificate serial:       018D44980C01E839FFD140F8EE607B7E1A15
Authority key identifier: 7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/3UkbiFU3wqbbn4sjjWOojaTRDZo.roa
Signing time:             Fri 26 Jan 2024 07:07:11 +0000
ROA not before:           Fri 26 Jan 2024 07:07:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15723
IP address blocks:        46.23.110.0/24 maxlen: 24
                          62.217.129.0/24 maxlen: 24
                          62.217.131.0/24 maxlen: 24
                          62.217.134.0/24 maxlen: 24
                          62.217.138.0/24 maxlen: 24
                          62.217.141.0/24 maxlen: 24
                          62.217.142.0/24 maxlen: 24
                          62.217.146.0/24 maxlen: 24
                          62.217.147.0/24 maxlen: 24
                          62.217.148.0/24 maxlen: 24
                          62.217.149.0/24 maxlen: 24
                          62.217.151.0/24 maxlen: 24
                          62.217.156.0/24 maxlen: 24
                          62.217.157.0/24 maxlen: 24
                          62.217.158.0/24 maxlen: 24
                          62.217.159.0/24 maxlen: 24
                          164.215.97.0/24 maxlen: 24
                          188.64.8.0/22 maxlen: 22

Validation:               Failed, certificate revoked on Tue 30 Jan 2024 17:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:44:98:0c:01:e8:39:ff:d1:40:f8:ee:60:7b:7e:1a:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
        Validity
            Not Before: Jan 26 07:07:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dd491b885537c2a6db9f8b238d63a88da4d10d9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:74:94:4e:a9:85:d2:1e:83:0a:8a:e2:01:b1:
                    c9:d5:4b:c0:b8:7a:9a:20:7e:37:8e:a4:cf:8a:89:
                    67:4a:7a:27:65:8f:4c:a7:cb:ad:7f:e3:7f:e1:ab:
                    0a:1d:5a:fd:b6:f1:7a:3e:b7:e4:4c:43:32:6b:c8:
                    f5:81:77:f4:81:4b:e6:43:b0:75:65:d8:00:80:da:
                    18:af:d5:26:fb:4c:30:6a:9e:cc:c6:66:d5:e9:5e:
                    71:11:f7:1e:cb:ec:3a:83:2b:32:79:a9:a9:e9:82:
                    a1:22:f9:86:86:88:e4:00:31:e0:79:19:22:81:14:
                    52:58:a2:f2:9f:bd:86:9a:35:66:0d:6f:4f:ef:58:
                    9d:62:c7:8d:a8:92:c9:82:6e:42:bf:ba:87:a2:6f:
                    49:f9:c6:c6:53:fa:89:9e:26:36:bd:12:5f:a2:75:
                    fb:14:1b:64:13:7b:29:67:6c:94:39:0d:d0:43:71:
                    b4:57:8b:36:1b:9c:82:4a:12:c4:33:22:05:1e:25:
                    91:40:b1:eb:9c:c8:8f:d7:f5:e4:ba:ce:b5:f2:58:
                    8a:42:fc:1d:c7:19:af:bd:aa:90:ca:00:44:29:0e:
                    ca:ec:0c:b7:91:d3:e6:a8:3d:6e:f7:4b:b3:44:f5:
                    e0:82:a9:8e:66:68:60:a3:f1:fe:7c:ba:e5:c1:46:
                    e2:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:49:1B:88:55:37:C2:A6:DB:9F:8B:23:8D:63:A8:8D:A4:D1:0D:9A
            X509v3 Authority Key Identifier:
                keyid:7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/3UkbiFU3wqbbn4sjjWOojaTRDZo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.23.110.0/24
                  62.217.129.0/24
                  62.217.131.0/24
                  62.217.134.0/24
                  62.217.138.0/24
                  62.217.141.0-62.217.142.255
                  62.217.146.0-62.217.149.255
                  62.217.151.0/24
                  62.217.156.0/22
                  164.215.97.0/24
                  188.64.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8e:d7:b2:61:92:8b:1e:3c:cd:cf:b4:e8:93:cf:01:5d:43:84:
         f0:8a:f7:d1:00:0d:1d:3e:13:1c:6a:cf:17:a1:7e:b0:c3:55:
         b6:0d:d5:65:61:f7:d6:3c:3d:de:14:06:43:90:f2:ef:96:64:
         85:18:4d:95:21:d7:19:24:04:d0:c8:52:64:2d:97:14:f6:72:
         fe:dd:0c:b6:7b:8b:65:1a:4c:57:6e:a4:75:67:aa:8c:63:8d:
         8d:ab:31:bb:51:f5:d3:6f:94:ca:f9:a1:cb:87:43:8b:e7:84:
         aa:12:09:a6:d2:a3:b1:79:48:80:0f:22:f9:6d:95:50:69:db:
         71:ee:85:83:a7:10:73:71:6a:98:d0:1f:28:1a:3d:93:04:da:
         a2:1f:7b:2c:45:f7:43:01:8a:81:94:82:c1:27:62:b3:0d:23:
         04:09:a4:75:61:bf:03:6c:2c:32:22:23:3a:fc:79:61:65:86:
         b6:49:1f:b1:4d:b2:f1:f9:83:2b:26:a7:3f:c9:6b:53:bd:9b:
         61:b7:49:62:f2:a2:8e:08:f3:86:90:12:11:f1:55:37:52:14:
         44:89:a3:a0:aa:1b:38:72:c8:a4:f9:b7:24:b7:f1:03:43:d7:
         cd:46:d7:2d:fd:97:62:05:18:c7:af:c2:84:39:28:43:62:d7:
         b8:e5:38:6f
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAY1EmAwB6Dn/0UD47mB7fhoVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMDZhNDJiYjI0NDZlNTFmMTkyZWEzNzViZGY3ZWVjNWE1
MWM3N2YwHhcNMjQwMTI2MDcwNzExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDQ5MWI4ODU1MzdjMmE2ZGI5ZjhiMjM4ZDYzYTg4ZGE0ZDEwZDlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0HSUTqmF0h6DCoriAbHJ1UvAuHqa
IH43jqTPiolnSnonZY9Mp8utf+N/4asKHVr9tvF6PrfkTEMya8j1gXf0gUvmQ7B1
ZdgAgNoYr9Um+0wwap7MxmbV6V5xEfcey+w6gysyeamp6YKhIvmGhojkADHgeRki
gRRSWKLyn72GmjVmDW9P71idYseNqJLJgm5Cv7qHom9J+cbGU/qJniY2vRJfonX7
FBtkE3spZ2yUOQ3QQ3G0V4s2G5yCShLEMyIFHiWRQLHrnMiP1/Xkus618liKQvwd
xxmvvaqQygBEKQ7K7Ay3kdPmqD1u90uzRPXggqmOZmhgo/H+fLrlwUbi3wIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFN1JG4hVN8Km25+LI41jqI2k0Q2aMB8GA1UdIwQY
MBaAFH0GpCuyRG5R8ZLqN1vffuxaUcd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUt
MmNmODA2YjJkMGYyLzEvM1VrYmlGVTN3cWJibjRzampXT29qYVRSRFpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUtMmNmODA2YjJkMGYy
LzEvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjBYBAIAATBSAwQALhduAwQA
PtmBAwQAPtmDAwQAPtmGAwQAPtmKMAwDBAA+2Y0DBAA+2Y4wDAMEAT7ZkgMEAT7Z
lAMEAD7ZlwMEAj7ZnAMEAKTXYQMEArxACDANBgkqhkiG9w0BAQsFAAOCAQEAjtey
YZKLHjzNz7Tok88BXUOE8Ir30QANHT4THGrPF6F+sMNVtg3VZWH31jw93hQGQ5Dy
75ZkhRhNlSHXGSQE0MhSZC2XFPZy/t0MtnuLZRpMV26kdWeqjGONjasxu1H102+U
yvmhy4dDi+eEqhIJptKjsXlIgA8i+W2VUGnbce6Fg6cQc3FqmNAfKBo9kwTaoh97
LEX3QwGKgZSCwSdisw0jBAmkdWG/A2wsMiIjOvx5YWWGtkkfsU2y8fmDKyanP8lr
U72bYbdJYvKijgjzhpASEfFVN1IURImjoKobOHLIpPm3JLfxA0PXzUbXLf2XYgUY
x6/ChDkoQ2LXuOU4bw==
-----END CERTIFICATE-----