Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/4cd72d-d8a5-46ce-8674-0d22232c34a0/1/X5yOyxMXPhGUfzjiAKfIjnJUTwE.roa
File:                     X5yOyxMXPhGUfzjiAKfIjnJUTwE.roa (raw, json)
Hash identifier:          0QFVj6JJYKea2vH5tJt6265o7SAnnBi0OuODKO4IrZc=
Subject key identifier:   5F:9C:8E:CB:13:17:3E:11:94:7F:38:E2:00:A7:C8:8E:72:54:4F:01
Certificate issuer:       /CN=a4eb9eb5547c7f5f1aafc0ada140805419618726
Certificate serial:       018CC6B84A3173E06DD9670C4EC4C4D1EFFE
Authority key identifier: A4:EB:9E:B5:54:7C:7F:5F:1A:AF:C0:AD:A1:40:80:54:19:61:87:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pOuetVR8f18ar8CtoUCAVBlhhyY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/4cd72d-d8a5-46ce-8674-0d22232c34a0/1/X5yOyxMXPhGUfzjiAKfIjnJUTwE.roa
Signing time:             Mon 01 Jan 2024 20:30:15 +0000
ROA not before:           Mon 01 Jan 2024 20:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35467
IP address blocks:        145.87.224.0/19 maxlen: 20
                          83.136.192.0/21 maxlen: 24
                          93.95.144.0/21 maxlen: 22
                          81.92.176.0/20 maxlen: 21
                          37.0.16.0/21 maxlen: 22
                          217.27.224.0/21 maxlen: 22
                          217.27.232.0/21 maxlen: 23
                          212.52.224.0/19 maxlen: 22
                          185.55.108.0/22 maxlen: 23
                          91.106.224.0/21 maxlen: 23
                          31.186.160.0/21 maxlen: 22
                          185.250.160.0/22 maxlen: 24
                          185.35.32.0/22 maxlen: 23
                          2a02:5b0::/32 maxlen: 32
                          2a02:5b0::/40 maxlen: 40

Validation:               Failed, certificate revoked on Wed 29 May 2024 14:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:4a:31:73:e0:6d:d9:67:0c:4e:c4:c4:d1:ef:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4eb9eb5547c7f5f1aafc0ada140805419618726
        Validity
            Not Before: Jan  1 20:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5f9c8ecb13173e11947f38e200a7c88e72544f01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:a4:6f:e7:27:8a:a8:11:60:cc:08:07:e4:21:
                    aa:de:8b:bf:ad:c4:36:25:84:aa:26:05:71:a9:8b:
                    7f:69:de:89:f4:39:bf:26:cf:e5:73:2f:26:16:2c:
                    62:f8:42:1d:20:c4:09:ee:51:56:47:75:68:f1:22:
                    b0:0a:ab:f8:ac:e5:6e:01:28:5b:45:e6:f1:81:ae:
                    d6:0c:24:df:38:0f:39:e3:0d:c9:0d:58:a9:22:52:
                    a5:98:6f:a7:93:ee:48:a6:f1:bd:a6:b4:6d:70:03:
                    e8:98:54:25:37:23:d0:3e:a6:7d:bf:ae:46:f3:10:
                    fb:a3:82:19:d6:b5:6a:ba:62:d4:73:60:14:e0:4a:
                    7b:8d:ba:86:98:01:83:42:94:e9:dd:ee:f4:c9:4b:
                    77:13:84:21:77:ed:ff:9f:70:70:38:2d:61:0d:5d:
                    88:ef:d0:6b:f3:51:10:95:7b:7e:5b:c2:a2:58:ed:
                    c3:ea:eb:ce:e6:14:df:7b:09:fe:1f:79:34:1d:c2:
                    9e:9c:74:98:cb:91:36:c2:49:67:0f:74:46:00:5e:
                    62:6c:77:71:90:16:fa:e2:c6:f6:51:70:61:b6:2a:
                    a1:00:8d:71:95:49:a4:d0:f6:02:8b:87:2c:86:c8:
                    4f:b7:95:e6:d3:79:4f:a3:93:60:1c:f3:7d:b4:ea:
                    a7:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:9C:8E:CB:13:17:3E:11:94:7F:38:E2:00:A7:C8:8E:72:54:4F:01
            X509v3 Authority Key Identifier:
                keyid:A4:EB:9E:B5:54:7C:7F:5F:1A:AF:C0:AD:A1:40:80:54:19:61:87:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pOuetVR8f18ar8CtoUCAVBlhhyY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/4cd72d-d8a5-46ce-8674-0d22232c34a0/1/X5yOyxMXPhGUfzjiAKfIjnJUTwE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/4cd72d-d8a5-46ce-8674-0d22232c34a0/1/pOuetVR8f18ar8CtoUCAVBlhhyY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.186.160.0/21
                  37.0.16.0/21
                  81.92.176.0/20
                  83.136.192.0/21
                  91.106.224.0/21
                  93.95.144.0/21
                  145.87.224.0/19
                  185.35.32.0/22
                  185.55.108.0/22
                  185.250.160.0/22
                  212.52.224.0/19
                  217.27.224.0/20
                IPv6:
                  2a02:5b0::/32

    Signature Algorithm: sha256WithRSAEncryption
         44:35:ce:78:d6:c8:87:8b:2f:d3:6b:95:d8:09:29:10:63:c2:
         86:2f:bd:3b:ca:92:ee:ba:65:b8:31:34:79:9d:3d:dd:3e:69:
         11:13:0c:fb:75:cb:93:4f:7f:00:d2:78:26:a5:aa:04:59:51:
         a1:7b:2d:13:7e:81:ad:3d:4e:62:75:f2:e2:b4:a5:7e:f1:ff:
         b5:cb:28:1c:c2:f9:ab:52:2d:26:17:29:fd:d8:06:1d:69:0f:
         0c:33:ea:6b:c6:b2:22:fb:31:c1:da:ca:45:a5:3b:46:e6:a4:
         91:89:00:0f:ff:cb:ea:5a:da:44:2c:b4:ef:1f:b6:6d:6e:72:
         96:d2:25:7c:ef:dc:6e:9a:5b:a9:1b:40:09:55:53:7d:2f:55:
         59:55:0b:28:0b:67:62:8c:93:62:46:0f:de:c4:c1:9b:8f:ff:
         0c:5b:a1:c0:12:8d:cd:85:ff:a1:d5:71:19:15:84:b1:88:2e:
         49:5f:b1:d1:1b:96:d7:06:23:6a:62:22:f5:80:76:bf:2f:53:
         a5:c9:cd:ef:4c:83:34:86:9d:d4:a0:93:ca:33:2a:fd:de:3c:
         3a:74:0f:28:d8:a2:69:b9:08:5f:30:96:03:5c:f2:62:95:13:
         3c:0d:df:66:db:cd:a5:81:bb:1b:ba:82:99:41:4a:f8:e1:1a:
         9f:ef:7e:72
-----BEGIN CERTIFICATE-----
MIIFTjCCBDagAwIBAgISAYzGuEoxc+Bt2WcMTsTE0e/+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0ZWI5ZWI1NTQ3YzdmNWYxYWFmYzBhZGExNDA4MDU0MTk2
MTg3MjYwHhcNMjQwMTAxMjAzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjljOGVjYjEzMTczZTExOTQ3ZjM4ZTIwMGE3Yzg4ZTcyNTQ0ZjAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgaRv5yeKqBFgzAgH5CGq3ou/rcQ2
JYSqJgVxqYt/ad6J9Dm/Js/lcy8mFixi+EIdIMQJ7lFWR3Vo8SKwCqv4rOVuAShb
Rebxga7WDCTfOA854w3JDVipIlKlmG+nk+5IpvG9prRtcAPomFQlNyPQPqZ9v65G
8xD7o4IZ1rVqumLUc2AU4Ep7jbqGmAGDQpTp3e70yUt3E4Qhd+3/n3BwOC1hDV2I
79Br81EQlXt+W8KiWO3D6uvO5hTfewn+H3k0HcKenHSYy5E2wklnD3RGAF5ibHdx
kBb64sb2UXBhtiqhAI1xlUmk0PYCi4cshshPt5Xm03lPo5NgHPN9tOqnKwIDAQAB
o4ICWjCCAlYwHQYDVR0OBBYEFF+cjssTFz4RlH844gCnyI5yVE8BMB8GA1UdIwQY
MBaAFKTrnrVUfH9fGq/AraFAgFQZYYcmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcE91ZXRWUjhmMThhcjhDdG9VQ0FWQmxoaHlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi80Y2Q3MmQtZDhhNS00NmNlLTg2NzQt
MGQyMjIzMmMzNGEwLzEvWDV5T3l4TVhQaEdVZnpqaUFLZklqbkpVVHdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi80Y2Q3MmQtZDhhNS00NmNlLTg2NzQtMGQyMjIzMmMzNGEw
LzEvcE91ZXRWUjhmMThhcjhDdG9VQ0FWQmxoaHlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHAGCCsGAQUFBwEHAQH/BGEwXzBOBAIAATBIAwQDH7qgAwQD
JQAQAwQEUVywAwQDU4jAAwQDW2rgAwQDXV+QAwQFkVfgAwQCuSMgAwQCuTdsAwQC
ufqgAwQF1DTgAwQE2RvgMA0EAgACMAcDBQAqAgWwMA0GCSqGSIb3DQEBCwUAA4IB
AQBENc541siHiy/Ta5XYCSkQY8KGL707ypLuumW4MTR5nT3dPmkREwz7dcuTT38A
0ngmpaoEWVGhey0TfoGtPU5idfLitKV+8f+1yygcwvmrUi0mFyn92AYdaQ8MM+pr
xrIi+zHB2spFpTtG5qSRiQAP/8vqWtpELLTvH7ZtbnKW0iV879xumlupG0AJVVN9
L1VZVQsoC2dijJNiRg/exMGbj/8MW6HAEo3Nhf+h1XEZFYSxiC5JX7HRG5bXBiNq
YiL1gHa/L1Olyc3vTIM0hp3UoJPKMyr93jw6dA8o2KJpuQhfMJYDXPJilRM8Dd9m
282lgbsbuoKZQUr44Rqf735y
-----END CERTIFICATE-----