Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/0y3Y3_n95CvN0WGtyrdjyfdYZ2A.roa
File:                     0y3Y3_n95CvN0WGtyrdjyfdYZ2A.roa (raw, json)
Hash identifier:          Za380t9JLBwK0aLo+Vj4ff/MxiK20R/xNsoDCGJjb0k=
Subject key identifier:   D3:2D:D8:DF:F9:FD:E4:2B:CD:D1:61:AD:CA:B7:63:C9:F7:58:67:60
Certificate issuer:       /CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Certificate serial:       018DA311B0293B858A10F7199D06662F87F5
Authority key identifier: 1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/0y3Y3_n95CvN0WGtyrdjyfdYZ2A.roa
Signing time:             Tue 13 Feb 2024 15:24:21 +0000
ROA not before:           Tue 13 Feb 2024 15:24:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206509
IP address blocks:        62.164.128.0/18 maxlen: 18
                          62.164.144.0/21 maxlen: 21
                          62.164.192.0/21 maxlen: 21
                          86.54.0.0/16 maxlen: 16
                          193.108.169.0/24 maxlen: 24
                          194.62.44.0/22 maxlen: 22
                          194.164.97.0/24 maxlen: 24
                          194.164.114.0/24 maxlen: 24
                          194.164.181.0/24 maxlen: 24
                          195.26.224.0/19 maxlen: 19
                          195.200.0.0/19 maxlen: 19
                          213.254.171.0/24 maxlen: 24
                          213.254.178.0/24 maxlen: 24
                          213.254.185.0/24 maxlen: 24
                          217.154.0.0/16 maxlen: 16

Validation:               Failed, certificate revoked on Tue 20 Feb 2024 10:06:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:a3:11:b0:29:3b:85:8a:10:f7:19:9d:06:66:2f:87:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
        Validity
            Not Before: Feb 13 15:24:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d32dd8dff9fde42bcdd161adcab763c9f7586760
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:87:51:81:b8:e3:f7:6a:91:d6:23:a8:c7:5a:
                    a8:95:5a:76:f3:68:f7:80:8a:04:a2:67:b4:49:5f:
                    2f:60:fb:02:77:dd:87:2b:67:d4:5f:fc:0e:cc:74:
                    d3:53:9d:a0:e9:50:aa:82:fc:f6:86:54:a0:81:21:
                    4b:73:37:76:cd:a6:06:04:ef:12:7a:95:c4:14:15:
                    b4:49:5f:7b:cd:27:87:48:23:9a:c8:aa:c6:de:52:
                    2a:f2:00:b4:27:06:db:50:42:15:53:b4:07:9f:5d:
                    e5:17:0d:04:f6:9e:bb:fa:18:3b:b5:9f:13:7d:a6:
                    24:15:02:14:a5:fa:df:fc:3f:78:64:c4:00:c6:4a:
                    48:f2:f9:76:f8:d4:69:c9:11:09:38:0b:98:7a:66:
                    f6:2d:8d:8e:94:6d:3c:e3:3c:fd:61:b3:da:3c:36:
                    71:ab:b7:5c:50:ba:2c:de:f2:f7:1f:e5:f9:83:fd:
                    ec:ba:a0:ff:5a:50:4f:ec:d6:4d:c4:68:8c:a6:9f:
                    ea:f0:e0:62:cc:35:b6:62:a3:42:6c:ac:dd:a8:c6:
                    c9:4d:2e:97:3b:79:b7:87:bc:ab:8d:ca:69:fa:aa:
                    26:95:92:73:4c:8b:ed:e4:8c:05:7f:f1:63:f3:66:
                    6a:5d:f1:8f:c8:f5:ec:de:2d:cb:d1:4c:83:0a:08:
                    97:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:2D:D8:DF:F9:FD:E4:2B:CD:D1:61:AD:CA:B7:63:C9:F7:58:67:60
            X509v3 Authority Key Identifier:
                keyid:1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/0y3Y3_n95CvN0WGtyrdjyfdYZ2A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/HQH03_1vumbN-MN0ybDwR1UnBd0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.164.128.0-62.164.199.255
                  86.54.0.0/16
                  193.108.169.0/24
                  194.62.44.0/22
                  194.164.97.0/24
                  194.164.114.0/24
                  194.164.181.0/24
                  195.26.224.0/19
                  195.200.0.0/19
                  213.254.171.0/24
                  213.254.178.0/24
                  213.254.185.0/24
                  217.154.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         57:8a:8e:9c:58:57:b6:71:52:f7:db:94:35:2b:cb:34:1f:c0:
         8d:03:dc:6c:14:b4:0b:4d:1d:cf:57:fc:f5:d6:5c:3e:9e:53:
         68:01:b8:5f:54:48:a7:0c:7c:53:a4:81:40:9b:18:c5:3d:31:
         4d:54:93:5d:99:83:58:4e:5a:db:89:fb:db:a6:fa:9b:61:b6:
         c5:9b:6a:ee:e9:8b:d4:5f:8a:ee:76:a4:89:57:28:2b:74:28:
         81:ea:a5:4c:6e:b9:c3:e2:22:d2:c1:0f:d3:e4:ac:65:a9:0a:
         e9:bc:c7:df:40:73:88:ca:0e:28:9a:70:9f:a0:95:7a:4d:69:
         72:6d:66:82:c2:91:a8:08:64:7d:10:11:76:f1:c6:fe:cc:b7:
         47:b4:e0:04:5c:d5:43:0a:87:e3:42:54:29:e3:21:54:02:52:
         3a:69:29:f3:09:6b:eb:d9:27:36:6f:f0:41:fa:91:63:17:fb:
         66:af:3d:d0:99:c5:41:0a:4d:e0:57:3c:7e:1c:3b:91:d1:b6:
         87:37:2f:f0:7a:3a:61:63:fe:bd:1b:62:34:70:bb:46:32:23:
         fa:a3:7c:6c:9d:df:69:6b:c0:a3:93:19:ff:c4:eb:f8:3c:e0:
         ed:fa:6a:72:de:a8:e7:9e:a8:c2:6f:e6:09:6c:c9:0f:6c:5b:
         46:db:1a:22
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAY2jEbApO4WKEPcZnQZmL4f1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMDFmNGRmZmQ2ZmJhNjZjZGY4YzM3NGM5YjBmMDQ3NTUy
NzA1ZGQwHhcNMjQwMjEzMTUyNDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzJkZDhkZmY5ZmRlNDJiY2RkMTYxYWRjYWI3NjNjOWY3NTg2NzYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5YdRgbjj92qR1iOox1qolVp282j3
gIoEome0SV8vYPsCd92HK2fUX/wOzHTTU52g6VCqgvz2hlSggSFLczd2zaYGBO8S
epXEFBW0SV97zSeHSCOayKrG3lIq8gC0JwbbUEIVU7QHn13lFw0E9p67+hg7tZ8T
faYkFQIUpfrf/D94ZMQAxkpI8vl2+NRpyREJOAuYemb2LY2OlG084zz9YbPaPDZx
q7dcULos3vL3H+X5g/3suqD/WlBP7NZNxGiMpp/q8OBizDW2YqNCbKzdqMbJTS6X
O3m3h7yrjcpp+qomlZJzTIvt5IwFf/Fj82ZqXfGPyPXs3i3L0UyDCgiXjwIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFNMt2N/5/eQrzdFhrcq3Y8n3WGdgMB8GA1UdIwQY
MBaAFB0B9N/9b7pmzfjDdMmw8EdVJwXdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUt
ZmU0YTAyY2FlZjdmLzEvMHkzWTNfbjk1Q3ZOMFdHdHlyZGp5ZmRZWjJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUtZmU0YTAyY2FlZjdm
LzEvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBaBAIAATBUMAwDBAc+pIAD
BAM+pMADAwBWNgMEAMFsqQMEAsI+LAMEAMKkYQMEAMKkcgMEAMKktQMEBcMa4AME
BcPIAAMEANX+qwMEANX+sgMEANX+uQMDANmaMA0GCSqGSIb3DQEBCwUAA4IBAQBX
io6cWFe2cVL325Q1K8s0H8CNA9xsFLQLTR3PV/z11lw+nlNoAbhfVEinDHxTpIFA
mxjFPTFNVJNdmYNYTlrbifvbpvqbYbbFm2ru6YvUX4rudqSJVygrdCiB6qVMbrnD
4iLSwQ/T5KxlqQrpvMffQHOIyg4omnCfoJV6TWlybWaCwpGoCGR9EBF28cb+zLdH
tOAEXNVDCofjQlQp4yFUAlI6aSnzCWvr2Sc2b/BB+pFjF/tmrz3QmcVBCk3gVzx+
HDuR0baHNy/wejphY/69G2I0cLtGMiP6o3xsnd9pa8Cjkxn/xOv4PODt+mpy3qjn
nqjCb+YJbMkPbFtG2xoi
-----END CERTIFICATE-----