Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/Jj6eUoW6xW-aN3SczQ3MZZ0uCD4.roa
File:                     Jj6eUoW6xW-aN3SczQ3MZZ0uCD4.roa (raw, json)
Hash identifier:          B4omgs948gl2FLfcwRyOTqs1T7757teif99LFbVsXks=
Subject key identifier:   26:3E:9E:52:85:BA:C5:6F:9A:37:74:9C:CD:0D:CC:65:9D:2E:08:3E
Certificate issuer:       /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial:       018D884F4A47BB6B69CE0215D291E6B67FFE
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/Jj6eUoW6xW-aN3SczQ3MZZ0uCD4.roa
Signing time:             Thu 08 Feb 2024 10:41:54 +0000
ROA not before:           Thu 08 Feb 2024 10:41:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209706
IP address blocks:        62.112.12.0/23 maxlen: 24
                          86.105.104.0/22 maxlen: 24
                          89.36.32.0/22 maxlen: 24
                          89.36.236.0/22 maxlen: 24
                          89.37.188.0/22 maxlen: 24
                          89.37.216.0/23 maxlen: 24
                          91.232.136.0/22 maxlen: 24
                          93.113.184.0/21 maxlen: 24
                          94.190.248.0/22 maxlen: 24
                          185.77.250.0/23 maxlen: 24
                          185.172.20.0/22 maxlen: 22
                          188.211.252.0/22 maxlen: 24
                          188.212.104.0/22 maxlen: 22
                          188.240.40.0/23 maxlen: 24

Validation:               Failed, certificate revoked on Sun 18 Feb 2024 19:42:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:88:4f:4a:47:bb:6b:69:ce:02:15:d2:91:e6:b6:7f:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
        Validity
            Not Before: Feb  8 10:41:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=263e9e5285bac56f9a37749ccd0dcc659d2e083e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:69:68:10:2c:84:f9:0a:00:f6:27:bc:b2:35:
                    22:dc:a0:88:3f:c4:28:54:dd:4c:c9:b7:4c:85:c4:
                    e3:c7:3a:ae:3b:1b:db:00:c1:07:c2:47:b8:1c:93:
                    2b:58:f4:3e:72:af:59:22:12:6b:31:b3:13:55:9c:
                    69:2e:06:a1:93:4c:48:c9:99:e1:94:7f:a0:6e:27:
                    77:04:f0:88:80:55:30:e8:ba:cc:b8:8c:cd:d7:ee:
                    50:95:e6:30:1d:73:7c:8c:0b:c0:0d:b8:0e:53:ba:
                    af:e1:c3:01:74:0a:b6:cd:fc:a0:23:fc:4e:12:2a:
                    43:eb:3f:2e:c3:7f:2a:47:f6:fe:e7:eb:bc:5b:44:
                    01:ce:b5:ce:2f:68:e3:1c:52:b2:10:f6:43:7b:be:
                    bb:8e:b7:6f:63:51:dd:d8:87:1d:9f:f8:03:1e:9d:
                    56:21:4a:9e:b3:29:87:a0:6f:09:d1:79:46:b2:32:
                    84:40:8e:87:d5:a7:71:16:58:28:ff:b8:e8:37:53:
                    2b:01:81:39:a1:37:09:34:ab:d2:04:c7:e4:50:4b:
                    10:9d:3b:9d:48:6d:f2:cb:c3:66:2d:65:3e:3b:13:
                    86:8f:e6:20:6a:4c:ee:7b:27:c6:ae:ab:10:5f:c9:
                    65:91:bc:52:52:ea:23:44:09:5b:7e:30:eb:0b:d9:
                    5a:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:3E:9E:52:85:BA:C5:6F:9A:37:74:9C:CD:0D:CC:65:9D:2E:08:3E
            X509v3 Authority Key Identifier:
                keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/Jj6eUoW6xW-aN3SczQ3MZZ0uCD4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.112.12.0/23
                  86.105.104.0/22
                  89.36.32.0/22
                  89.36.236.0/22
                  89.37.188.0/22
                  89.37.216.0/23
                  91.232.136.0/22
                  93.113.184.0/21
                  94.190.248.0/22
                  185.77.250.0/23
                  185.172.20.0/22
                  188.211.252.0/22
                  188.212.104.0/22
                  188.240.40.0/23

    Signature Algorithm: sha256WithRSAEncryption
         89:1f:04:c8:80:a4:a5:21:c0:89:de:7a:f0:91:64:3e:e3:6e:
         55:6b:f2:43:00:d3:a1:c0:62:de:9e:70:69:72:e8:f9:05:1f:
         9e:dd:7c:27:2b:16:2c:0f:35:e7:a1:51:7c:17:f1:f5:84:cd:
         d5:a7:0d:43:b8:24:9b:46:ae:ba:26:c8:22:b9:a7:5c:e8:44:
         77:e7:2c:f8:cf:de:43:bf:75:eb:85:bc:56:df:2c:1d:95:c0:
         49:c2:78:90:26:e8:28:a3:9b:19:a9:44:64:50:ae:85:c8:c0:
         b7:18:c3:16:37:14:9d:2f:47:68:16:24:47:aa:98:f7:3d:ac:
         26:7d:96:c7:64:6e:7f:fe:48:ad:2f:bb:af:9d:ae:4b:1c:0d:
         bf:b0:66:89:f1:38:aa:57:50:b2:f6:85:49:b5:b6:5c:8e:d9:
         f3:78:c8:84:c1:0b:b8:a3:a7:ff:03:79:99:03:5e:21:28:dd:
         e0:4e:97:e2:47:1b:e2:af:1f:28:91:d5:cc:bb:fd:4d:d5:86:
         b7:95:11:fc:cb:e2:ff:3f:dc:40:0f:92:32:ec:88:56:d0:8c:
         4a:21:6b:67:b8:cb:9e:7d:88:37:9a:13:1e:4c:e1:06:7c:cf:
         a0:f3:b3:88:f2:bf:d5:ba:c3:b8:c6:85:66:69:68:ab:8e:b4:
         84:e4:c6:fd
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAY2IT0pHu2tpzgIV0pHmtn/+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjQwMjA4MTA0MTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjNlOWU1Mjg1YmFjNTZmOWEzNzc0OWNjZDBkY2M2NTlkMmUwODNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl2loECyE+QoA9ie8sjUi3KCIP8Qo
VN1MybdMhcTjxzquOxvbAMEHwke4HJMrWPQ+cq9ZIhJrMbMTVZxpLgahk0xIyZnh
lH+gbid3BPCIgFUw6LrMuIzN1+5QleYwHXN8jAvADbgOU7qv4cMBdAq2zfygI/xO
EipD6z8uw38qR/b+5+u8W0QBzrXOL2jjHFKyEPZDe767jrdvY1Hd2Icdn/gDHp1W
IUqesymHoG8J0XlGsjKEQI6H1adxFlgo/7joN1MrAYE5oTcJNKvSBMfkUEsQnTud
SG3yy8NmLWU+OxOGj+YgakzueyfGrqsQX8llkbxSUuojRAlbfjDrC9lamwIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFCY+nlKFusVvmjd0nM0NzGWdLgg+MB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvSmo2ZVVvVzZ4Vy1hTjNTY3pRM01aWjB1Q0Q0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBaBAIAATBUAwQBPnAMAwQC
VmloAwQCWSQgAwQCWSTsAwQCWSW8AwQBWSXYAwQCW+iIAwQDXXG4AwQCXr74AwQB
uU36AwQCuawUAwQCvNP8AwQCvNRoAwQBvPAoMA0GCSqGSIb3DQEBCwUAA4IBAQCJ
HwTIgKSlIcCJ3nrwkWQ+425Va/JDANOhwGLennBpcuj5BR+e3XwnKxYsDzXnoVF8
F/H1hM3Vpw1DuCSbRq66Jsgiuadc6ER35yz4z95Dv3XrhbxW3ywdlcBJwniQJugo
o5sZqURkUK6FyMC3GMMWNxSdL0doFiRHqpj3PawmfZbHZG5//kitL7uvna5LHA2/
sGaJ8TiqV1Cy9oVJtbZcjtnzeMiEwQu4o6f/A3mZA14hKN3gTpfiRxvirx8okdXM
u/1N1Ya3lRH8y+L/P9xAD5Iy7IhW0IxKIWtnuMuefYg3mhMeTOEGfM+g87OI8r/V
usO4xoVmaWirjrSE5Mb9
-----END CERTIFICATE-----