Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/3d9bfa-cfd0-44a8-842e-0dbb3b8db15f/1/p5y-6OQy4SbCsNFV2KNjxB42wWI.roa
File:                     p5y-6OQy4SbCsNFV2KNjxB42wWI.roa (raw, json)
Hash identifier:          LqMhNFH+3lxdaMZgsAWGA7pi8pvvdFBtecMNdR4p0HE=
Subject key identifier:   A7:9C:BE:E8:E4:32:E1:26:C2:B0:D1:55:D8:A3:63:C4:1E:36:C1:62
Certificate issuer:       /CN=ce958f181fb507a0a2a821856b8be0d54b118b85
Certificate serial:       018AD7EC8D8B43AE0DEE8F53581C4FDBC62C
Authority key identifier: CE:95:8F:18:1F:B5:07:A0:A2:A8:21:85:6B:8B:E0:D5:4B:11:8B:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zpWPGB-1B6CiqCGFa4vg1UsRi4U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/3d9bfa-cfd0-44a8-842e-0dbb3b8db15f/1/p5y-6OQy4SbCsNFV2KNjxB42wWI.roa
Signing time:             Wed 27 Sep 2023 18:35:18 +0000
ROA not before:           Wed 27 Sep 2023 18:35:18 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207023
IP address blocks:        185.174.90.0/23 maxlen: 23
                          185.60.202.0/23 maxlen: 23
                          185.168.158.0/23 maxlen: 23
                          185.242.94.0/23 maxlen: 23
                          185.242.92.0/23 maxlen: 23
                          185.115.64.0/22 maxlen: 22
                          185.126.72.0/22 maxlen: 24
                          185.126.76.0/22 maxlen: 24
                          185.120.8.0/23 maxlen: 23
                          185.120.10.0/23 maxlen: 23
                          2a0a:d05::/32 maxlen: 32
                          2a0a:d01::/32 maxlen: 32
                          2a0a:d04::/32 maxlen: 32
                          2a0a:d02::/32 maxlen: 32
                          2a0a:d03::/32 maxlen: 32
                          2a0a:d07::/32 maxlen: 32
                          2a0a:d06::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 14:30:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:d7:ec:8d:8b:43:ae:0d:ee:8f:53:58:1c:4f:db:c6:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ce958f181fb507a0a2a821856b8be0d54b118b85
        Validity
            Not Before: Sep 27 18:35:18 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a79cbee8e432e126c2b0d155d8a363c41e36c162
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:fb:4a:61:2e:ae:86:e6:fb:fb:22:f9:1e:43:
                    5d:ba:e0:80:e3:8d:29:ab:e6:2b:24:ea:8f:14:79:
                    c3:00:be:53:5b:64:39:f3:aa:5e:14:17:54:b0:05:
                    ff:ce:83:d9:13:f6:75:a8:54:19:8c:19:63:5b:90:
                    3d:29:a2:55:17:8c:ff:7c:09:5b:4b:eb:b2:57:e3:
                    d3:56:ef:c9:60:d0:5a:2e:05:41:00:89:31:a0:ed:
                    95:48:af:96:8e:ff:10:5b:20:54:85:0f:01:c3:44:
                    30:01:74:fc:a0:c9:c4:c1:9f:7b:7b:4e:a2:57:55:
                    78:b2:89:d4:66:2b:17:e1:2d:6b:1b:a4:c3:d5:73:
                    c3:22:b7:62:87:08:02:e0:93:84:9d:08:bc:ec:3c:
                    5c:c6:7b:fe:01:37:56:1f:7d:5b:08:c0:00:22:9d:
                    42:a5:1c:e7:0e:bc:76:d6:8e:01:e5:d4:ed:ca:f5:
                    df:1b:8d:b9:81:99:9b:33:55:0a:3c:20:20:3d:0f:
                    1c:b4:bc:49:53:b9:3c:b7:3f:fa:42:4f:75:6f:f8:
                    a3:0e:41:f5:2f:5a:00:91:dd:08:d5:23:49:c6:14:
                    4d:d5:1d:06:b1:a7:1f:ce:ff:f0:0b:5f:3a:d3:b1:
                    6a:bd:66:c7:61:99:80:41:d4:73:2f:0c:e9:54:8a:
                    7c:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:9C:BE:E8:E4:32:E1:26:C2:B0:D1:55:D8:A3:63:C4:1E:36:C1:62
            X509v3 Authority Key Identifier:
                keyid:CE:95:8F:18:1F:B5:07:A0:A2:A8:21:85:6B:8B:E0:D5:4B:11:8B:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zpWPGB-1B6CiqCGFa4vg1UsRi4U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/3d9bfa-cfd0-44a8-842e-0dbb3b8db15f/1/p5y-6OQy4SbCsNFV2KNjxB42wWI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/3d9bfa-cfd0-44a8-842e-0dbb3b8db15f/1/zpWPGB-1B6CiqCGFa4vg1UsRi4U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.60.202.0/23
                  185.115.64.0/22
                  185.120.8.0/22
                  185.126.72.0/21
                  185.168.158.0/23
                  185.174.90.0/23
                  185.242.92.0/22
                IPv6:
                  2a0a:d01::-2a0a:d07:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         23:a0:8b:a7:f9:59:cd:1a:60:5b:c2:22:ba:66:99:2a:1f:47:
         0d:76:46:66:58:11:e7:8d:f7:3c:fb:f2:0f:cf:58:32:ae:ae:
         a4:fd:5d:e7:db:3a:97:c7:fb:59:38:bf:2f:7c:82:d3:5a:e2:
         29:59:eb:89:ed:93:ad:9e:50:c9:c2:89:ac:3c:95:1e:f3:d0:
         66:7d:95:e6:50:4c:cb:70:0d:3f:0d:d0:a9:f3:e0:38:f8:8a:
         0b:ac:0e:c7:43:5a:19:55:15:77:73:14:29:48:79:e9:a9:24:
         83:fe:6a:a4:8e:d2:37:30:d6:b0:05:0c:67:36:16:01:5b:cb:
         5d:b7:de:b0:6f:ad:7e:ff:bd:94:77:9a:cb:36:04:25:ba:45:
         f8:dc:9d:a8:bc:78:86:17:f9:f1:9e:04:e7:7b:76:05:ec:d0:
         23:ac:9f:fd:47:db:68:9d:60:88:65:09:4b:b8:40:36:ad:a6:
         40:22:85:1f:a0:dc:d4:93:f8:a5:85:ec:c8:84:e8:c9:8b:89:
         e5:ce:1e:33:f1:72:f3:94:3e:47:e6:6b:67:7f:dc:58:ce:e0:
         0c:92:04:c6:3c:e4:30:61:c5:e2:0f:65:31:4a:0d:0e:05:6a:
         c4:a7:5f:0c:a9:f0:eb:7e:34:5f:da:b2:05:d9:e0:0a:82:9a:
         62:15:78:86
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYrX7I2LQ64N7o9TWBxP28YsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlOTU4ZjE4MWZiNTA3YTBhMmE4MjE4NTZiOGJlMGQ1NGIx
MThiODUwHhcNMjMwOTI3MTgzNTE4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzljYmVlOGU0MzJlMTI2YzJiMGQxNTVkOGEzNjNjNDFlMzZjMTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgvtKYS6uhub7+yL5HkNduuCA440p
q+YrJOqPFHnDAL5TW2Q586peFBdUsAX/zoPZE/Z1qFQZjBljW5A9KaJVF4z/fAlb
S+uyV+PTVu/JYNBaLgVBAIkxoO2VSK+Wjv8QWyBUhQ8Bw0QwAXT8oMnEwZ97e06i
V1V4sonUZisX4S1rG6TD1XPDIrdihwgC4JOEnQi87Dxcxnv+ATdWH31bCMAAIp1C
pRznDrx21o4B5dTtyvXfG425gZmbM1UKPCAgPQ8ctLxJU7k8tz/6Qk91b/ijDkH1
L1oAkd0I1SNJxhRN1R0Gsacfzv/wC18607FqvWbHYZmAQdRzLwzpVIp8wQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFKecvujkMuEmwrDRVdijY8QeNsFiMB8GA1UdIwQY
MBaAFM6VjxgftQegoqghhWuL4NVLEYuFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenBXUEdCLTFCNkNpcUNHRmE0dmcxVXNSaTRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS8zZDliZmEtY2ZkMC00NGE4LTg0MmUt
MGRiYjNiOGRiMTVmLzEvcDV5LTZPUXk0U2JDc05GVjJLTmp4QjQyd1dJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS8zZDliZmEtY2ZkMC00NGE4LTg0MmUtMGRiYjNiOGRiMTVm
LzEvenBXUEdCLTFCNkNpcUNHRmE0dmcxVXNSaTRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjAwBAIAATAqAwQBuTzKAwQC
uXNAAwQCuXgIAwQDuX5IAwQBuaieAwQBua5aAwQCufJcMBYEAgACMBAwDgMFACoK
DQEDBQMqCg0AMA0GCSqGSIb3DQEBCwUAA4IBAQAjoIun+VnNGmBbwiK6ZpkqH0cN
dkZmWBHnjfc8+/IPz1gyrq6k/V3n2zqXx/tZOL8vfILTWuIpWeuJ7ZOtnlDJwoms
PJUe89BmfZXmUEzLcA0/DdCp8+A4+IoLrA7HQ1oZVRV3cxQpSHnpqSSD/mqkjtI3
MNawBQxnNhYBW8tdt96wb61+/72Ud5rLNgQlukX43J2ovHiGF/nxngTne3YF7NAj
rJ/9R9tonWCIZQlLuEA2raZAIoUfoNzUk/ilhezIhOjJi4nlzh4z8XLzlD5H5mtn
f9xYzuAMkgTGPOQwYcXiD2UxSg0OBWrEp18MqfDrfjRf2rIF2eAKgppiFXiG
-----END CERTIFICATE-----