Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/d5da0c-9cf3-4f8b-a562-cb11bc5b2f1b/1/g5qnFi_XQyPfoMcx10cmtsDqKec.roa
File:                     g5qnFi_XQyPfoMcx10cmtsDqKec.roa (raw, json)
Hash identifier:          o3JTj9jsur4LyvJhISxJFZW8lFv5hfeCom0JPM07IuE=
Subject key identifier:   83:9A:A7:16:2F:D7:43:23:DF:A0:C7:31:D7:47:26:B6:C0:EA:29:E7
Certificate issuer:       /CN=b32c9c26df7ccd8ad38d89bd5d49380b93b1e009
Certificate serial:       018DD08D0EFE1FB51F48EA5AF9686CFD15EB
Authority key identifier: B3:2C:9C:26:DF:7C:CD:8A:D3:8D:89:BD:5D:49:38:0B:93:B1:E0:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/syycJt98zYrTjYm9XUk4C5Ox4Ak.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/d5da0c-9cf3-4f8b-a562-cb11bc5b2f1b/1/g5qnFi_XQyPfoMcx10cmtsDqKec.roa
Signing time:             Thu 22 Feb 2024 11:22:01 +0000
ROA not before:           Thu 22 Feb 2024 11:22:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6698
IP address blocks:        45.11.57.0/24 maxlen: 24
                          45.12.0.0/24 maxlen: 24
                          45.12.1.0/24 maxlen: 24
                          45.12.3.0/24 maxlen: 24
                          91.208.115.0/24 maxlen: 24
                          176.97.112.0/23 maxlen: 24
                          176.97.114.0/24 maxlen: 24
                          176.119.31.0/24 maxlen: 24
                          185.254.199.0/24 maxlen: 24
                          194.42.204.0/24 maxlen: 24
                          195.66.210.0/24 maxlen: 24
                          195.128.248.0/23 maxlen: 24
                          2a09:2dc2::/32 maxlen: 32

Validation:               Failed, certificate revoked on Fri 12 Apr 2024 09:37:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d0:8d:0e:fe:1f:b5:1f:48:ea:5a:f9:68:6c:fd:15:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b32c9c26df7ccd8ad38d89bd5d49380b93b1e009
        Validity
            Not Before: Feb 22 11:22:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=839aa7162fd74323dfa0c731d74726b6c0ea29e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:b2:68:0c:6d:31:f5:85:06:28:61:13:82:94:
                    cd:85:29:06:cf:b8:fb:2e:a1:92:61:09:6e:0c:12:
                    3e:83:70:7a:9b:c9:6d:fb:99:07:99:6f:c6:e4:db:
                    58:28:87:84:1b:ef:13:d8:f5:e6:17:70:ef:1a:7a:
                    2a:39:e1:1b:91:7b:73:40:48:cf:69:97:98:77:4b:
                    4e:7b:7c:74:7a:bc:b2:53:27:1e:07:48:d1:b0:90:
                    c6:c6:93:21:0e:be:f1:24:8e:29:4a:ec:5b:21:57:
                    a5:a5:44:4d:a0:1a:bf:0c:d8:4b:49:83:8a:89:ac:
                    97:68:48:14:53:64:f8:7a:55:5c:77:53:a5:40:d2:
                    6b:4c:35:9b:2b:ac:fb:a1:27:fa:3c:ed:f9:17:25:
                    b4:69:79:e2:5f:87:7a:a0:4b:e1:fd:18:44:c0:ac:
                    cb:8f:54:2e:85:f2:c4:7d:e8:51:88:26:c0:60:8b:
                    4e:c6:4c:79:9b:54:f4:3f:c1:b1:18:ae:26:d1:6a:
                    fa:b1:58:87:8a:7a:d1:4c:09:88:5c:79:d2:6a:18:
                    56:4e:30:01:a8:7d:09:d9:9e:4b:3c:ce:b5:89:09:
                    89:55:f2:ca:18:ec:bf:5e:4f:9e:72:ca:ea:d3:de:
                    88:bc:d1:2b:24:b9:2e:fc:56:f4:4b:5b:4f:50:63:
                    22:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:9A:A7:16:2F:D7:43:23:DF:A0:C7:31:D7:47:26:B6:C0:EA:29:E7
            X509v3 Authority Key Identifier:
                keyid:B3:2C:9C:26:DF:7C:CD:8A:D3:8D:89:BD:5D:49:38:0B:93:B1:E0:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/syycJt98zYrTjYm9XUk4C5Ox4Ak.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/d5da0c-9cf3-4f8b-a562-cb11bc5b2f1b/1/g5qnFi_XQyPfoMcx10cmtsDqKec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/d5da0c-9cf3-4f8b-a562-cb11bc5b2f1b/1/syycJt98zYrTjYm9XUk4C5Ox4Ak.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.57.0/24
                  45.12.0.0/23
                  45.12.3.0/24
                  91.208.115.0/24
                  176.97.112.0-176.97.114.255
                  176.119.31.0/24
                  185.254.199.0/24
                  194.42.204.0/24
                  195.66.210.0/24
                  195.128.248.0/23
                IPv6:
                  2a09:2dc2::/32

    Signature Algorithm: sha256WithRSAEncryption
         3d:3e:b1:7d:ce:70:5c:ee:dd:76:c0:76:9b:cc:a5:29:41:d8:
         01:36:cc:c0:ef:7b:cc:45:05:50:60:69:1b:21:1e:f4:c2:3b:
         50:c7:d6:a6:d6:a8:4f:3d:e3:a7:67:87:c5:a4:d5:3e:b3:fd:
         71:36:e8:28:c0:71:91:81:ee:34:19:6e:b4:61:f7:0a:01:a4:
         26:7c:7c:c5:92:e4:5b:2c:1a:66:e0:41:9d:b8:bd:95:db:99:
         1b:74:f2:df:91:93:ec:dd:12:c4:de:44:d2:a4:23:84:b6:f4:
         ea:cb:7f:9b:7b:fb:0d:a6:c8:e6:6b:6e:53:c1:1b:7f:81:b8:
         85:c2:45:59:10:f7:4a:3b:ec:5b:04:d3:ba:78:65:bd:f7:3c:
         cf:69:c6:7c:3b:48:32:a6:ac:1c:c3:fd:f9:dc:8f:a7:24:ec:
         80:dd:8e:67:71:4e:48:a3:de:9a:df:2a:6f:d1:0d:41:18:e6:
         3d:38:fe:24:d6:8a:53:73:e5:04:53:30:66:16:6a:26:d6:c9:
         ab:07:6c:8b:6c:ff:67:a4:f8:1f:9e:d5:d3:d5:0b:11:a5:ff:
         6e:ab:f7:7d:b7:74:d9:25:c6:42:69:df:51:f5:5d:37:c4:47:
         53:a6:2e:67:ba:b7:34:fb:5c:f1:85:7b:be:0a:31:5c:05:c6:
         6a:80:f9:8e
-----BEGIN CERTIFICATE-----
MIIFSjCCBDKgAwIBAgISAY3QjQ7+H7UfSOpa+Whs/RXrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzMmM5YzI2ZGY3Y2NkOGFkMzhkODliZDVkNDkzODBiOTNi
MWUwMDkwHhcNMjQwMjIyMTEyMjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzlhYTcxNjJmZDc0MzIzZGZhMGM3MzFkNzQ3MjZiNmMwZWEyOWU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqrJoDG0x9YUGKGETgpTNhSkGz7j7
LqGSYQluDBI+g3B6m8lt+5kHmW/G5NtYKIeEG+8T2PXmF3DvGnoqOeEbkXtzQEjP
aZeYd0tOe3x0eryyUyceB0jRsJDGxpMhDr7xJI4pSuxbIVelpURNoBq/DNhLSYOK
iayXaEgUU2T4elVcd1OlQNJrTDWbK6z7oSf6PO35FyW0aXniX4d6oEvh/RhEwKzL
j1QuhfLEfehRiCbAYItOxkx5m1T0P8GxGK4m0Wr6sViHinrRTAmIXHnSahhWTjAB
qH0J2Z5LPM61iQmJVfLKGOy/Xk+ecsrq096IvNErJLku/Fb0S1tPUGMipQIDAQAB
o4ICVjCCAlIwHQYDVR0OBBYEFIOapxYv10Mj36DHMddHJrbA6innMB8GA1UdIwQY
MBaAFLMsnCbffM2K042JvV1JOAuTseAJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3l5Y0p0OTh6WXJUalltOVhVazRDNU94NEFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC9kNWRhMGMtOWNmMy00ZjhiLWE1NjIt
Y2IxMWJjNWIyZjFiLzEvZzVxbkZpX1hReVBmb01jeDEwY210c0RxS2VjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC9kNWRhMGMtOWNmMy00ZjhiLWE1NjItY2IxMWJjNWIyZjFi
LzEvc3l5Y0p0OTh6WXJUalltOVhVazRDNU94NEFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGwGCCsGAQUFBwEHAQH/BF0wWzBKBAIAATBEAwQALQs5AwQB
LQwAAwQALQwDAwQAW9BzMAwDBASwYXADBACwYXIDBACwdx8DBAC5/scDBADCKswD
BADDQtIDBAHDgPgwDQQCAAIwBwMFACoJLcIwDQYJKoZIhvcNAQELBQADggEBAD0+
sX3OcFzu3XbAdpvMpSlB2AE2zMDve8xFBVBgaRshHvTCO1DH1qbWqE8946dnh8Wk
1T6z/XE26CjAcZGB7jQZbrRh9woBpCZ8fMWS5FssGmbgQZ24vZXbmRt08t+Rk+zd
EsTeRNKkI4S29OrLf5t7+w2myOZrblPBG3+BuIXCRVkQ90o77FsE07p4Zb33PM9p
xnw7SDKmrBzD/fncj6ck7IDdjmdxTkij3prfKm/RDUEY5j04/iTWilNz5QRTMGYW
aibWyasHbIts/2ek+B+e1dPVCxGl/26r9323dNklxkJp31H1XTfER1OmLme6tzT7
XPGFe74KMVwFxmqA+Y4=
-----END CERTIFICATE-----