Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/04fef8-d2df-4f7a-92b4-7f970a3af9cd/1/u2WA6Bbv2zapPtBxTo-R0pjXT1w.roa
File:                     u2WA6Bbv2zapPtBxTo-R0pjXT1w.roa (raw, json)
Hash identifier:          XT8rfqQsqZLZQJrDOREdj15fUbLq/aRThkIe08I5HIY=
Subject key identifier:   BB:65:80:E8:16:EF:DB:36:A9:3E:D0:71:4E:8F:91:D2:98:D7:4F:5C
Certificate issuer:       /CN=2c96946c501ddf48696da2cf110fdceb286fac98
Certificate serial:       018E2D6B70A4870F217B1E571613B456DAB6
Authority key identifier: 2C:96:94:6C:50:1D:DF:48:69:6D:A2:CF:11:0F:DC:EB:28:6F:AC:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LJaUbFAd30hpbaLPEQ_c6yhvrJg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/04fef8-d2df-4f7a-92b4-7f970a3af9cd/1/u2WA6Bbv2zapPtBxTo-R0pjXT1w.roa
Signing time:             Mon 11 Mar 2024 12:09:59 +0000
ROA not before:           Mon 11 Mar 2024 12:09:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8455
IP address blocks:        85.222.236.0/24 maxlen: 24
                          85.222.237.0/24 maxlen: 24
                          85.222.238.0/24 maxlen: 24
                          85.222.239.0/24 maxlen: 24
                          89.255.200.0/21 maxlen: 24
                          89.255.200.0/24 maxlen: 24
                          89.255.201.0/24 maxlen: 24
                          89.255.202.0/24 maxlen: 24
                          89.255.203.0/24 maxlen: 24
                          89.255.204.0/24 maxlen: 24
                          89.255.205.0/24 maxlen: 24
                          89.255.206.0/24 maxlen: 24
                          89.255.207.0/24 maxlen: 24
                          185.223.86.0/23 maxlen: 24
                          185.234.96.0/22 maxlen: 24
                          185.242.220.0/22 maxlen: 22
                          195.43.158.0/24 maxlen: 24
                          195.137.242.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Wed 01 Jan 2025 05:47:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:2d:6b:70:a4:87:0f:21:7b:1e:57:16:13:b4:56:da:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c96946c501ddf48696da2cf110fdceb286fac98
        Validity
            Not Before: Mar 11 12:09:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bb6580e816efdb36a93ed0714e8f91d298d74f5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:9b:60:97:34:d1:e3:17:f9:0c:56:44:9a:64:
                    69:37:49:0c:2e:40:f7:0a:3f:e5:c4:2a:ff:f9:1c:
                    dd:38:ed:ad:63:71:af:c7:d4:4d:3b:2d:90:d6:1c:
                    0d:6e:b5:ab:df:a5:bd:00:c0:6b:a6:e4:37:71:b2:
                    16:76:ca:48:ed:bb:35:41:a8:f0:2a:99:4c:d4:ce:
                    2b:44:76:29:0e:e7:87:04:28:44:af:91:1d:60:af:
                    2b:42:a5:8e:9d:bd:2d:ce:93:15:b8:6d:56:b6:e0:
                    73:b2:db:dd:e0:b7:4e:7f:5a:34:b0:41:06:21:eb:
                    d9:b7:89:63:fe:6a:80:f1:c7:2f:7c:86:38:9d:19:
                    db:e6:11:2a:13:39:bf:0d:d7:f7:ef:05:d9:ff:72:
                    75:19:be:b7:0d:d7:e8:8d:1d:38:10:81:0c:e8:c2:
                    9c:b4:21:f1:02:09:67:bf:9b:85:55:bc:0c:58:75:
                    7b:6f:a1:c4:c0:9d:3c:79:f0:4a:21:fe:37:91:51:
                    7d:1c:98:f0:7f:ae:5f:df:0b:bf:e9:6a:b7:c1:97:
                    e3:fb:22:d6:e6:38:2b:70:77:28:06:0e:18:a8:30:
                    6e:92:98:ad:37:b7:67:db:0e:18:b6:25:2b:54:42:
                    91:5a:46:d3:1b:d2:c2:21:a2:6c:31:50:29:d8:5a:
                    ce:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:65:80:E8:16:EF:DB:36:A9:3E:D0:71:4E:8F:91:D2:98:D7:4F:5C
            X509v3 Authority Key Identifier:
                keyid:2C:96:94:6C:50:1D:DF:48:69:6D:A2:CF:11:0F:DC:EB:28:6F:AC:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LJaUbFAd30hpbaLPEQ_c6yhvrJg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/04fef8-d2df-4f7a-92b4-7f970a3af9cd/1/u2WA6Bbv2zapPtBxTo-R0pjXT1w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/04fef8-d2df-4f7a-92b4-7f970a3af9cd/1/LJaUbFAd30hpbaLPEQ_c6yhvrJg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.222.236.0/22
                  89.255.200.0/21
                  185.223.86.0/23
                  185.234.96.0/22
                  185.242.220.0/22
                  195.43.158.0/24
                  195.137.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:69:1f:c9:ab:75:7a:70:f7:42:b6:1c:d5:4c:6a:e1:1c:0e:
         78:0f:42:6a:c8:b3:1c:44:af:d4:1c:8f:07:cd:05:8e:7c:2c:
         c8:65:42:7a:e3:82:48:55:1b:56:00:19:d6:60:0c:b1:87:33:
         6a:e8:55:3c:4a:8e:b5:29:2b:ad:d6:ab:29:4d:1b:f2:0f:f1:
         3a:66:f2:a1:a9:f2:bd:a6:b6:00:c8:0f:7f:92:20:9f:a5:bd:
         61:32:09:15:ba:18:f4:c4:38:3d:00:60:2d:7f:c8:f8:7f:31:
         f9:08:ec:d3:0f:67:bb:df:0b:ef:96:e9:a3:3c:cc:bc:f7:f2:
         85:6c:23:d0:6b:72:58:a8:2b:07:5f:9e:13:90:12:f8:fa:dd:
         9d:3f:1a:57:91:ea:f5:51:3d:58:56:2e:f9:bf:2e:c0:0d:ce:
         9f:50:b1:59:68:69:ac:2d:c6:e7:f5:a7:1a:e6:b6:c6:61:f4:
         d7:96:9c:ac:bd:da:27:e3:ac:a8:a2:66:c7:54:02:2d:d5:3a:
         0b:ca:81:d8:30:44:fa:3f:04:cd:2c:25:4d:6b:d0:78:84:1e:
         56:45:68:db:3d:c0:d7:f4:8f:af:64:83:fd:bd:9a:28:fa:32:
         0b:d6:28:0d:69:a0:fe:49:f0:8f:3f:7e:8e:fc:cb:0c:20:0b:
         af:83:7d:09
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAY4ta3Ckhw8hex5XFhO0Vtq2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjOTY5NDZjNTAxZGRmNDg2OTZkYTJjZjExMGZkY2ViMjg2
ZmFjOTgwHhcNMjQwMzExMTIwOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjY1ODBlODE2ZWZkYjM2YTkzZWQwNzE0ZThmOTFkMjk4ZDc0ZjVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvZtglzTR4xf5DFZEmmRpN0kMLkD3
Cj/lxCr/+RzdOO2tY3Gvx9RNOy2Q1hwNbrWr36W9AMBrpuQ3cbIWdspI7bs1Qajw
KplM1M4rRHYpDueHBChEr5EdYK8rQqWOnb0tzpMVuG1WtuBzstvd4LdOf1o0sEEG
IevZt4lj/mqA8ccvfIY4nRnb5hEqEzm/Ddf37wXZ/3J1Gb63DdfojR04EIEM6MKc
tCHxAglnv5uFVbwMWHV7b6HEwJ08efBKIf43kVF9HJjwf65f3wu/6Wq3wZfj+yLW
5jgrcHcoBg4YqDBukpitN7dn2w4YtiUrVEKRWkbTG9LCIaJsMVAp2FrOKwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFLtlgOgW79s2qT7QcU6PkdKY109cMB8GA1UdIwQY
MBaAFCyWlGxQHd9IaW2izxEP3Osob6yYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEphVWJGQWQzMGhwYmFMUEVRX2M2eWh2ckpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi8wNGZlZjgtZDJkZi00ZjdhLTkyYjQt
N2Y5NzBhM2FmOWNkLzEvdTJXQTZCYnYyemFwUHRCeFRvLVIwcGpYVDF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi8wNGZlZjgtZDJkZi00ZjdhLTkyYjQtN2Y5NzBhM2FmOWNk
LzEvTEphVWJGQWQzMGhwYmFMUEVRX2M2eWh2ckpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQCVd7sAwQD
Wf/IAwQBud9WAwQCuepgAwQCufLcAwQAwyueAwQAw4nyMA0GCSqGSIb3DQEBCwUA
A4IBAQCfaR/Jq3V6cPdCthzVTGrhHA54D0JqyLMcRK/UHI8HzQWOfCzIZUJ644JI
VRtWABnWYAyxhzNq6FU8So61KSut1qspTRvyD/E6ZvKhqfK9prYAyA9/kiCfpb1h
MgkVuhj0xDg9AGAtf8j4fzH5COzTD2e73wvvlumjPMy89/KFbCPQa3JYqCsHX54T
kBL4+t2dPxpXker1UT1YVi75vy7ADc6fULFZaGmsLcbn9aca5rbGYfTXlpysvdon
46yoombHVAIt1ToLyoHYMET6PwTNLCVNa9B4hB5WRWjbPcDX9I+vZIP9vZoo+jIL
1igNaaD+SfCPP36O/MsMIAuvg30J
-----END CERTIFICATE-----