Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/d1faa9-b5a3-4d49-868a-7c7bf27175c5/1/23UP3ENheUZDsxGi2HT5DLiZemU.roa
File:                     23UP3ENheUZDsxGi2HT5DLiZemU.roa (raw, json)
Hash identifier:          2BP6mtQTF94hO540OHOi02zWMglDdQkOBKxlmvxwLoc=
Subject key identifier:   DB:75:0F:DC:43:61:79:46:43:B3:11:A2:D8:74:F9:0C:B8:99:7A:65
Certificate issuer:       /CN=ac9e2efcdc213ac5b1b0879d922a178b850f451f
Certificate serial:       018E331394D2B8669985E340DD56A07FA35A
Authority key identifier: AC:9E:2E:FC:DC:21:3A:C5:B1:B0:87:9D:92:2A:17:8B:85:0F:45:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rJ4u_NwhOsWxsIedkioXi4UPRR8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/d1faa9-b5a3-4d49-868a-7c7bf27175c5/1/23UP3ENheUZDsxGi2HT5DLiZemU.roa
Signing time:             Tue 12 Mar 2024 14:31:45 +0000
ROA not before:           Tue 12 Mar 2024 14:31:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29104
IP address blocks:        37.35.0.0/21 maxlen: 21
                          37.35.6.0/24 maxlen: 24
                          185.116.132.0/22 maxlen: 22
                          185.116.134.0/24 maxlen: 24
                          192.54.144.0/24 maxlen: 24
                          192.93.158.0/24 maxlen: 24
                          192.93.159.0/24 maxlen: 24
                          192.93.160.0/24 maxlen: 24
                          192.93.161.0/24 maxlen: 24
                          192.93.166.0/23 maxlen: 23
                          193.56.125.0/24 maxlen: 24
                          193.56.130.0/23 maxlen: 23
                          193.56.130.0/24 maxlen: 24
                          193.56.131.0/24 maxlen: 24
                          2a00:4f40::/32 maxlen: 32
Validation:               Failed, certificate revoked on Tue 12 Mar 2024 14:34:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:33:13:94:d2:b8:66:99:85:e3:40:dd:56:a0:7f:a3:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac9e2efcdc213ac5b1b0879d922a178b850f451f
        Validity
            Not Before: Mar 12 14:31:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=db750fdc4361794643b311a2d874f90cb8997a65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:5f:59:65:4b:32:9e:a6:54:18:bb:0b:58:0c:
                    bd:11:7e:d5:28:ae:49:a0:d0:e4:c3:5f:f7:90:f5:
                    f3:e9:09:61:e2:a7:e1:01:c5:bf:55:46:22:cf:63:
                    1f:b7:96:8a:90:37:34:ae:28:92:9c:02:ec:01:91:
                    8d:a9:d0:45:b7:0c:b0:5e:dd:fd:55:d8:a3:27:aa:
                    ce:a5:5b:af:76:e2:55:0f:aa:61:54:22:ba:c3:76:
                    81:a5:21:08:6a:c4:12:b0:38:9d:bf:9d:79:a2:f7:
                    28:d1:55:f3:5c:d1:16:8e:8a:42:8b:3b:87:0e:05:
                    cf:e9:4d:76:4d:72:7d:4b:aa:a2:96:6d:6f:10:93:
                    70:24:57:5f:63:18:a2:0a:63:d5:9f:3a:d4:b9:19:
                    d3:31:92:16:ac:22:7b:a5:d3:8f:16:e0:30:34:8d:
                    6d:59:d0:f8:aa:2b:ca:80:89:dc:0d:7f:c9:03:26:
                    8d:cb:65:f9:fd:2c:ff:c3:93:b1:fa:74:db:73:41:
                    19:5c:ea:a8:f6:fe:33:ac:56:03:aa:a3:b7:b9:e6:
                    7a:1e:a3:a5:63:47:e5:09:fa:ca:57:d6:d0:dd:74:
                    e2:9e:e0:2d:75:c9:1a:4b:e5:d4:95:65:73:eb:0c:
                    63:3f:80:df:ba:e5:3d:c1:87:f6:1f:51:9e:49:18:
                    33:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:75:0F:DC:43:61:79:46:43:B3:11:A2:D8:74:F9:0C:B8:99:7A:65
            X509v3 Authority Key Identifier:
                keyid:AC:9E:2E:FC:DC:21:3A:C5:B1:B0:87:9D:92:2A:17:8B:85:0F:45:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rJ4u_NwhOsWxsIedkioXi4UPRR8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/d1faa9-b5a3-4d49-868a-7c7bf27175c5/1/23UP3ENheUZDsxGi2HT5DLiZemU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/d1faa9-b5a3-4d49-868a-7c7bf27175c5/1/rJ4u_NwhOsWxsIedkioXi4UPRR8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.35.0.0/21
                  185.116.132.0/22
                  192.54.144.0/24
                  192.93.158.0-192.93.161.255
                  192.93.166.0/23
                  193.56.125.0/24
                  193.56.130.0/23
                IPv6:
                  2a00:4f40::/32

    Signature Algorithm: sha256WithRSAEncryption
         58:c5:c1:6b:02:41:07:db:1e:6b:65:9b:2e:8b:46:ed:06:11:
         68:76:44:bd:48:b1:3c:21:50:02:3e:65:67:d5:b1:1f:64:0a:
         52:8a:9c:4e:01:2b:6c:c3:41:d7:85:ae:46:80:18:2b:f9:7b:
         e8:8f:49:4a:bb:77:4c:b9:49:80:b8:64:cd:fc:45:ce:29:ca:
         1c:6c:1a:84:bf:60:33:73:45:95:1c:66:c6:93:cf:3f:c0:93:
         36:73:35:55:d3:79:a9:36:d2:ed:c8:26:f4:84:e3:d8:03:37:
         e8:88:26:27:fe:4c:61:7e:65:e3:82:39:cc:f4:0c:6a:c1:38:
         c8:41:13:3e:f5:93:1e:1b:3d:40:e0:2a:c3:96:66:27:68:14:
         75:8e:ac:f9:5d:52:9f:b2:79:a8:d8:1a:5c:51:d0:71:c7:b4:
         d8:e8:42:2d:99:58:ea:20:65:aa:60:8e:73:c8:e4:5a:38:40:
         90:6a:ae:85:fb:a3:a5:c5:7a:9d:92:bc:97:64:12:1a:1b:a4:
         2d:bd:67:1e:7f:13:0a:f5:91:7a:7e:32:49:4c:1f:c9:12:1e:
         3c:fc:28:9e:fa:9e:db:b7:a8:70:df:66:9a:67:9c:84:70:0f:
         73:8e:57:1d:57:2c:7e:7e:db:c3:a2:72:a1:21:2e:1e:5a:9d:
         76:ae:69:b9
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgISAY4zE5TSuGaZheNA3Vagf6NaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjOWUyZWZjZGMyMTNhYzViMWIwODc5ZDkyMmExNzhiODUw
ZjQ1MWYwHhcNMjQwMzEyMTQzMTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjc1MGZkYzQzNjE3OTQ2NDNiMzExYTJkODc0ZjkwY2I4OTk3YTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3F9ZZUsynqZUGLsLWAy9EX7VKK5J
oNDkw1/3kPXz6Qlh4qfhAcW/VUYiz2Mft5aKkDc0riiSnALsAZGNqdBFtwywXt39
VdijJ6rOpVuvduJVD6phVCK6w3aBpSEIasQSsDidv515ovco0VXzXNEWjopCizuH
DgXP6U12TXJ9S6qilm1vEJNwJFdfYxiiCmPVnzrUuRnTMZIWrCJ7pdOPFuAwNI1t
WdD4qivKgIncDX/JAyaNy2X5/Sz/w5Ox+nTbc0EZXOqo9v4zrFYDqqO3ueZ6HqOl
Y0flCfrKV9bQ3XTinuAtdckaS+XUlWVz6wxjP4DfuuU9wYf2H1GeSRgzgQIDAQAB
o4ICRDCCAkAwHQYDVR0OBBYEFNt1D9xDYXlGQ7MRoth0+Qy4mXplMB8GA1UdIwQY
MBaAFKyeLvzcITrFsbCHnZIqF4uFD0UfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcko0dV9Od2hPc1d4c0llZGtpb1hpNFVQUlI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC9kMWZhYTktYjVhMy00ZDQ5LTg2OGEt
N2M3YmYyNzE3NWM1LzEvMjNVUDNFTmhlVVpEc3hHaTJIVDVETGlaZW1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC9kMWZhYTktYjVhMy00ZDQ5LTg2OGEtN2M3YmYyNzE3NWM1
LzEvcko0dV9Od2hPc1d4c0llZGtpb1hpNFVQUlI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFoGCCsGAQUFBwEHAQH/BEswSTA4BAIAATAyAwQDJSMAAwQC
uXSEAwQAwDaQMAwDBAHAXZ4DBAHAXaADBAHAXaYDBADBOH0DBAHBOIIwDQQCAAIw
BwMFACoAT0AwDQYJKoZIhvcNAQELBQADggEBAFjFwWsCQQfbHmtlmy6LRu0GEWh2
RL1IsTwhUAI+ZWfVsR9kClKKnE4BK2zDQdeFrkaAGCv5e+iPSUq7d0y5SYC4ZM38
Rc4pyhxsGoS/YDNzRZUcZsaTzz/AkzZzNVXTeak20u3IJvSE49gDN+iIJif+TGF+
ZeOCOcz0DGrBOMhBEz71kx4bPUDgKsOWZidoFHWOrPldUp+yeajYGlxR0HHHtNjo
Qi2ZWOogZapgjnPI5Fo4QJBqroX7o6XFep2SvJdkEhobpC29Zx5/Ewr1kXp+MklM
H8kSHjz8KJ76ntu3qHDfZppnnIRwD3OOVx1XLH5+28OicqEhLh5anXauabk=
-----END CERTIFICATE-----