Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/ba88f2-215f-4f89-a3af-138b787de3e3/1/tIEc-x61MznEORRMo_XjtNlyzfw.roa
File:                     tIEc-x61MznEORRMo_XjtNlyzfw.roa (raw, json)
Hash identifier:          WwZFQH4nFBskjeJ4Mp1QsVNqNW5t+htNf4QWtijqwUM=
Subject key identifier:   B4:81:1C:FB:1E:B5:33:39:C4:39:14:4C:A3:F5:E3:B4:D9:72:CD:FC
Certificate issuer:       /CN=999df7dc0ed518f1ec69974cf98cecaada1a8680
Certificate serial:       018FBF0BA6BA662D91BF9285793D97FB1BE3
Authority key identifier: 99:9D:F7:DC:0E:D5:18:F1:EC:69:97:4C:F9:8C:EC:AA:DA:1A:86:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mZ333A7VGPHsaZdM-YzsqtoahoA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/ba88f2-215f-4f89-a3af-138b787de3e3/1/tIEc-x61MznEORRMo_XjtNlyzfw.roa
Signing time:             Tue 28 May 2024 11:52:42 +0000
ROA not before:           Tue 28 May 2024 11:52:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42018
IP address blocks:        85.255.193.0/24 maxlen: 24
                          85.255.194.0/24 maxlen: 24
                          85.255.195.0/24 maxlen: 24
                          85.255.196.0/24 maxlen: 24
                          85.255.198.0/24 maxlen: 24
                          85.255.199.0/24 maxlen: 24
                          85.255.202.0/24 maxlen: 24
                          85.255.203.0/24 maxlen: 24
                          85.255.204.0/24 maxlen: 24
                          85.255.205.0/24 maxlen: 24
                          85.255.206.0/24 maxlen: 24
                          85.255.207.0/24 maxlen: 24
                          185.35.52.0/24 maxlen: 24
                          185.35.53.0/24 maxlen: 24
                          2a01:498::/32 maxlen: 32
                          2a01:498:500::/40 maxlen: 40
                          2a01:498:8100::/40 maxlen: 40
                          2a01:498:8500::/40 maxlen: 40

Validation:               Failed, certificate revoked on Thu 03 Oct 2024 13:24:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:bf:0b:a6:ba:66:2d:91:bf:92:85:79:3d:97:fb:1b:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=999df7dc0ed518f1ec69974cf98cecaada1a8680
        Validity
            Not Before: May 28 11:52:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b4811cfb1eb53339c439144ca3f5e3b4d972cdfc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:1d:c3:00:78:06:a0:c3:a9:9c:af:c7:6e:02:
                    3a:b5:90:6b:4f:6b:66:00:bc:83:4f:78:d0:29:4e:
                    f4:70:0f:db:21:86:5d:b4:c2:8d:82:5c:36:7b:89:
                    1c:9b:46:24:5d:29:95:f9:62:70:55:d8:7a:40:e2:
                    67:72:3d:b9:4a:df:3a:eb:b6:82:b9:56:31:08:e7:
                    b6:24:dd:d6:87:c4:b9:4c:f7:bb:81:ba:54:3c:e1:
                    5f:39:e1:13:2a:0f:73:2e:c1:f1:42:6a:3f:ef:af:
                    f6:77:97:b3:9a:df:c1:fe:52:ed:19:13:ab:2b:54:
                    eb:14:5c:9f:e1:e1:7d:1e:33:6d:05:a4:3f:1e:84:
                    ea:74:b6:c6:9c:f1:03:57:20:de:d3:04:8d:0f:15:
                    7b:06:6e:fb:46:69:c1:6b:f1:3d:87:3e:0d:f1:73:
                    59:5c:46:79:f9:72:15:4c:c8:0d:62:e6:87:45:d2:
                    44:74:fc:79:04:e0:87:4b:cd:2d:3d:55:5e:21:ff:
                    ee:93:4a:6f:57:53:0d:40:52:a0:e3:20:bc:20:33:
                    9a:59:ce:83:e6:da:83:52:3a:30:ac:ba:62:4d:85:
                    b5:8a:84:b8:13:78:79:0b:75:05:d7:e2:93:21:87:
                    21:96:3c:01:f6:f2:12:c8:b0:ab:84:eb:cb:ea:f5:
                    8e:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:81:1C:FB:1E:B5:33:39:C4:39:14:4C:A3:F5:E3:B4:D9:72:CD:FC
            X509v3 Authority Key Identifier:
                keyid:99:9D:F7:DC:0E:D5:18:F1:EC:69:97:4C:F9:8C:EC:AA:DA:1A:86:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mZ333A7VGPHsaZdM-YzsqtoahoA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/ba88f2-215f-4f89-a3af-138b787de3e3/1/tIEc-x61MznEORRMo_XjtNlyzfw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/ba88f2-215f-4f89-a3af-138b787de3e3/1/mZ333A7VGPHsaZdM-YzsqtoahoA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.255.193.0-85.255.196.255
                  85.255.198.0/23
                  85.255.202.0-85.255.207.255
                  185.35.52.0/23
                IPv6:
                  2a01:498::/32

    Signature Algorithm: sha256WithRSAEncryption
         1e:12:54:4a:7b:81:24:4f:0b:09:91:bb:6c:ea:aa:a7:cf:f9:
         6d:4c:b6:99:6b:88:24:6c:38:06:75:76:48:04:16:14:b5:66:
         66:65:8b:51:ff:e1:3e:dc:15:c8:77:f4:80:c1:4e:cd:4a:61:
         c8:01:8b:92:71:0f:f1:5f:af:ca:36:06:87:3f:d5:2f:50:f7:
         cd:3c:3b:c7:ed:b1:ae:03:85:aa:c5:69:60:1f:97:f9:34:ac:
         74:04:38:04:56:91:10:83:72:74:6b:0c:0c:49:82:a8:ad:65:
         d6:e6:f7:8f:b7:2d:f9:37:a1:2a:0a:a8:30:35:8d:cc:3f:99:
         1b:83:1a:8c:2f:f3:a7:d7:32:0a:17:21:ef:98:a9:86:0e:5b:
         49:f3:1e:f2:a1:e7:56:6a:fd:23:d9:41:f6:77:e4:64:89:79:
         60:6d:a2:f5:78:71:ff:65:87:98:09:aa:55:ea:5b:25:22:4d:
         16:34:cc:ec:8a:66:c4:d3:a7:dd:38:d8:01:d5:7d:99:82:d4:
         00:8d:ab:1c:3b:20:9a:5b:97:13:40:02:11:1d:fc:0f:00:bd:
         26:76:57:1f:22:13:82:19:36:89:1a:82:d9:95:22:ad:03:e6:
         8e:61:70:35:13:43:0a:cb:4b:a9:6a:81:f9:a7:23:92:de:b9:
         80:9b:99:bc
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgISAY+/C6a6Zi2Rv5KFeT2X+xvjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5OWRmN2RjMGVkNTE4ZjFlYzY5OTc0Y2Y5OGNlY2FhZGEx
YTg2ODAwHhcNMjQwNTI4MTE1MjQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDgxMWNmYjFlYjUzMzM5YzQzOTE0NGNhM2Y1ZTNiNGQ5NzJjZGZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuR3DAHgGoMOpnK/HbgI6tZBrT2tm
ALyDT3jQKU70cA/bIYZdtMKNglw2e4kcm0YkXSmV+WJwVdh6QOJncj25St8667aC
uVYxCOe2JN3Wh8S5TPe7gbpUPOFfOeETKg9zLsHxQmo/76/2d5ezmt/B/lLtGROr
K1TrFFyf4eF9HjNtBaQ/HoTqdLbGnPEDVyDe0wSNDxV7Bm77RmnBa/E9hz4N8XNZ
XEZ5+XIVTMgNYuaHRdJEdPx5BOCHS80tPVVeIf/uk0pvV1MNQFKg4yC8IDOaWc6D
5tqDUjowrLpiTYW1ioS4E3h5C3UF1+KTIYchljwB9vISyLCrhOvL6vWOQQIDAQAB
o4ICOjCCAjYwHQYDVR0OBBYEFLSBHPsetTM5xDkUTKP147TZcs38MB8GA1UdIwQY
MBaAFJmd99wO1Rjx7GmXTPmM7KraGoaAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVozMzNBN1ZHUEhzYVpkTS1ZenNxdG9haG9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy9iYTg4ZjItMjE1Zi00Zjg5LWEzYWYt
MTM4Yjc4N2RlM2UzLzEvdElFYy14NjFNem5FT1JSTW9fWGp0Tmx5emZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy9iYTg4ZjItMjE1Zi00Zjg5LWEzYWYtMTM4Yjc4N2RlM2Uz
LzEvbVozMzNBN1ZHUEhzYVpkTS1ZenNxdG9haG9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFAGCCsGAQUFBwEHAQH/BEEwPzAuBAIAATAoMAwDBABV/8ED
BABV/8QDBAFV/8YwDAMEAVX/ygMEBFX/wAMEAbkjNDANBAIAAjAHAwUAKgEEmDAN
BgkqhkiG9w0BAQsFAAOCAQEAHhJUSnuBJE8LCZG7bOqqp8/5bUy2mWuIJGw4BnV2
SAQWFLVmZmWLUf/hPtwVyHf0gMFOzUphyAGLknEP8V+vyjYGhz/VL1D3zTw7x+2x
rgOFqsVpYB+X+TSsdAQ4BFaREINydGsMDEmCqK1l1ub3j7ct+TehKgqoMDWNzD+Z
G4MajC/zp9cyChch75iphg5bSfMe8qHnVmr9I9lB9nfkZIl5YG2i9Xhx/2WHmAmq
VepbJSJNFjTM7IpmxNOn3TjYAdV9mYLUAI2rHDsgmluXE0ACER38DwC9JnZXHyIT
ghk2iRqC2ZUirQPmjmFwNRNDCstLqWqB+acjkt65gJuZvA==
-----END CERTIFICATE-----