Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/ZoaEu88VCCGjRCQWI9ARABOX04c.roa
File:                     ZoaEu88VCCGjRCQWI9ARABOX04c.roa (raw, json)
Hash identifier:          8fgmYCoLIIa7RoU65b/5DTk+pZM3sZ5YD2rkfnECzio=
Subject key identifier:   66:86:84:BB:CF:15:08:21:A3:44:24:16:23:D0:11:00:13:97:D3:87
Certificate issuer:       /CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
Certificate serial:       018E090248BEC03126B02E97864553048220
Authority key identifier: 7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/ZoaEu88VCCGjRCQWI9ARABOX04c.roa
Signing time:             Mon 04 Mar 2024 10:28:48 +0000
ROA not before:           Mon 04 Mar 2024 10:28:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15723
IP address blocks:        62.217.129.0/24 maxlen: 24
                          62.217.131.0/24 maxlen: 24
                          62.217.134.0/24 maxlen: 24
                          62.217.138.0/24 maxlen: 24
                          62.217.141.0/24 maxlen: 24
                          62.217.142.0/24 maxlen: 24
                          62.217.146.0/24 maxlen: 24
                          62.217.147.0/24 maxlen: 24
                          62.217.148.0/24 maxlen: 24
                          62.217.149.0/24 maxlen: 24
                          62.217.151.0/24 maxlen: 24
                          62.217.156.0/24 maxlen: 24
                          62.217.157.0/24 maxlen: 24
                          62.217.158.0/24 maxlen: 24
                          62.217.159.0/24 maxlen: 24
                          185.81.217.0/24 maxlen: 24
                          188.64.8.0/22 maxlen: 22

Validation:               Failed, certificate revoked on Thu 07 Mar 2024 15:22:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:09:02:48:be:c0:31:26:b0:2e:97:86:45:53:04:82:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
        Validity
            Not Before: Mar  4 10:28:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=668684bbcf150821a344241623d011001397d387
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:e9:35:19:82:69:05:84:72:da:0f:73:6a:d1:
                    bf:74:a1:dc:2a:22:7c:22:e9:52:9a:61:b8:e3:60:
                    f8:72:24:4b:c4:4d:81:71:5c:5c:79:cb:3e:01:b6:
                    10:83:bf:5f:cd:72:b8:aa:77:83:49:44:31:43:75:
                    05:24:4a:64:d4:37:8e:c1:96:80:7a:08:68:81:a0:
                    16:83:03:5f:3b:ac:1b:fb:d5:3d:a9:3c:de:80:f8:
                    ba:95:dc:7e:33:ef:4b:02:08:73:49:01:9c:1b:88:
                    38:f2:0b:d4:e0:45:d8:53:dc:ac:5d:47:fa:df:ab:
                    f8:50:6d:28:c8:67:94:c7:3d:05:7b:6f:2c:f5:bc:
                    a8:ae:35:86:4f:6d:0b:8c:89:7b:8d:ce:2c:09:af:
                    3b:2d:61:4d:53:6f:8b:a2:ff:7b:e7:1f:67:4e:77:
                    40:c5:e2:4f:87:cb:0d:6e:4d:59:6e:d0:ca:2f:16:
                    21:15:da:72:5b:a6:c4:9d:5f:ee:2d:5d:93:56:31:
                    74:dc:bf:17:ac:13:85:2b:63:54:7d:88:a1:95:f8:
                    0f:21:4b:06:3e:ed:85:43:55:8a:d6:9e:fc:d9:47:
                    4c:8d:a8:5e:8f:b5:09:c8:4b:c4:73:62:47:5d:72:
                    92:8e:8d:28:f7:a3:23:a8:43:4f:df:a1:78:85:ab:
                    c6:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:86:84:BB:CF:15:08:21:A3:44:24:16:23:D0:11:00:13:97:D3:87
            X509v3 Authority Key Identifier:
                keyid:7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/ZoaEu88VCCGjRCQWI9ARABOX04c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.217.129.0/24
                  62.217.131.0/24
                  62.217.134.0/24
                  62.217.138.0/24
                  62.217.141.0-62.217.142.255
                  62.217.146.0-62.217.149.255
                  62.217.151.0/24
                  62.217.156.0/22
                  185.81.217.0/24
                  188.64.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         30:7b:10:33:1f:5f:de:fc:ed:0f:3d:d5:14:80:96:49:61:a4:
         ad:f2:1f:4d:14:3b:81:47:90:aa:c3:8c:f6:4f:a1:e4:4f:37:
         32:8c:1e:27:7d:69:f4:92:cd:3d:a2:8e:04:a4:73:de:5e:d5:
         cd:e3:b3:4e:25:59:1c:4d:9d:99:fc:36:0b:cb:f6:46:40:9b:
         49:6a:d2:b4:78:c4:15:55:76:96:02:d5:91:62:b7:af:f1:80:
         0e:e1:32:96:2a:55:9c:b0:a5:2f:ab:3e:fc:1c:f9:42:3c:37:
         12:d2:5f:f5:d7:50:cd:71:80:08:d3:71:42:83:03:65:1a:a7:
         a9:54:69:4d:2f:f2:fe:d5:32:1c:75:01:fb:b1:14:f5:56:76:
         8e:58:ef:1a:ce:ff:99:75:98:99:dc:b7:dd:3c:d2:74:8c:a0:
         61:a6:1f:47:ad:79:8f:29:1f:7d:52:26:9e:1f:e5:fe:32:60:
         92:b0:39:7c:16:32:5c:8f:cd:9c:f5:bb:85:03:cd:1f:17:84:
         ee:b4:91:9f:4d:f9:ee:d5:f1:ac:4d:bd:e2:75:de:ba:ed:c9:
         8d:d2:1a:e7:6a:0a:33:cc:85:ca:bb:4b:6f:63:87:e9:3e:02:
         83:6a:cf:3d:70:a8:83:23:32:85:1c:e8:25:2e:ce:ad:95:16:
         2a:ed:81:92
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAY4JAki+wDEmsC6XhkVTBIIgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMDZhNDJiYjI0NDZlNTFmMTkyZWEzNzViZGY3ZWVjNWE1
MWM3N2YwHhcNMjQwMzA0MTAyODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Njg2ODRiYmNmMTUwODIxYTM0NDI0MTYyM2QwMTEwMDEzOTdkMzg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAguk1GYJpBYRy2g9zatG/dKHcKiJ8
IulSmmG442D4ciRLxE2BcVxcecs+AbYQg79fzXK4qneDSUQxQ3UFJEpk1DeOwZaA
eghogaAWgwNfO6wb+9U9qTzegPi6ldx+M+9LAghzSQGcG4g48gvU4EXYU9ysXUf6
36v4UG0oyGeUxz0Fe28s9byorjWGT20LjIl7jc4sCa87LWFNU2+Lov975x9nTndA
xeJPh8sNbk1ZbtDKLxYhFdpyW6bEnV/uLV2TVjF03L8XrBOFK2NUfYihlfgPIUsG
Pu2FQ1WK1p782UdMjahej7UJyEvEc2JHXXKSjo0o96MjqENP36F4havGtwIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFGaGhLvPFQgho0QkFiPQEQATl9OHMB8GA1UdIwQY
MBaAFH0GpCuyRG5R8ZLqN1vffuxaUcd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUt
MmNmODA2YjJkMGYyLzEvWm9hRXU4OFZDQ0dqUkNRV0k5QVJBQk9YMDRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUtMmNmODA2YjJkMGYy
LzEvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAATBMAwQAPtmBAwQA
PtmDAwQAPtmGAwQAPtmKMAwDBAA+2Y0DBAA+2Y4wDAMEAT7ZkgMEAT7ZlAMEAD7Z
lwMEAj7ZnAMEALlR2QMEArxACDANBgkqhkiG9w0BAQsFAAOCAQEAMHsQMx9f3vzt
Dz3VFICWSWGkrfIfTRQ7gUeQqsOM9k+h5E83MoweJ31p9JLNPaKOBKRz3l7VzeOz
TiVZHE2dmfw2C8v2RkCbSWrStHjEFVV2lgLVkWK3r/GADuEylipVnLClL6s+/Bz5
Qjw3EtJf9ddQzXGACNNxQoMDZRqnqVRpTS/y/tUyHHUB+7EU9VZ2jljvGs7/mXWY
mdy33TzSdIygYaYfR615jykffVImnh/l/jJgkrA5fBYyXI/NnPW7hQPNHxeE7rSR
n0357tXxrE294nXeuu3JjdIa52oKM8yFyrtLb2OH6T4Cg2rPPXCogyMyhRzoJS7O
rZUWKu2Bkg==
-----END CERTIFICATE-----