Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/ad3696-f36f-4df0-b2de-c1e9362b1a51/1/k55lDxrHVs7cLU6Ijyr2nFVjrV0.roa
File:                     k55lDxrHVs7cLU6Ijyr2nFVjrV0.roa (raw, json)
Hash identifier:          VBGu/bLXlzLuJyZB0fNrmpEPHrft3r3ENCWoyAGJtQo=
Subject key identifier:   93:9E:65:0F:1A:C7:56:CE:DC:2D:4E:88:8F:2A:F6:9C:55:63:AD:5D
Certificate issuer:       /CN=5af4de6e73c8e053cb640b74d2b912abd90b0580
Certificate serial:       01856EB8DA7ADC1353A05A05F99F96259A09
Authority key identifier: 5A:F4:DE:6E:73:C8:E0:53:CB:64:0B:74:D2:B9:12:AB:D9:0B:05:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WvTebnPI4FPLZAt00rkSq9kLBYA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/ad3696-f36f-4df0-b2de-c1e9362b1a51/1/k55lDxrHVs7cLU6Ijyr2nFVjrV0.roa
Signing time:             Sun 01 Jan 2023 19:04:46 +0000
ROA not before:           Sun 01 Jan 2023 19:04:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     12440
IP address blocks:        82.214.240.0/21 maxlen: 24
                          128.65.64.0/19 maxlen: 24
                          82.214.192.0/18 maxlen: 24
                          82.214.210.0/24 maxlen: 24
                          82.214.220.0/24 maxlen: 24
                          82.214.223.0/24 maxlen: 24
                          82.214.232.0/24 maxlen: 24
                          185.117.52.0/22 maxlen: 24
                          82.214.234.0/24 maxlen: 24
                          82.214.239.0/24 maxlen: 24
                          62.128.160.0/19 maxlen: 24
                          62.128.168.0/21 maxlen: 24
                          195.238.32.0/19 maxlen: 24
                          195.238.44.0/24 maxlen: 24
                          195.238.45.0/24 maxlen: 24
                          62.128.186.0/24 maxlen: 24
                          62.128.188.0/24 maxlen: 24
                          62.128.191.0/24 maxlen: 24
                          2a0a:1240::/32 maxlen: 40
                          2a0a:1241::/32 maxlen: 40

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 02:29:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:b8:da:7a:dc:13:53:a0:5a:05:f9:9f:96:25:9a:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5af4de6e73c8e053cb640b74d2b912abd90b0580
        Validity
            Not Before: Jan  1 19:04:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=939e650f1ac756cedc2d4e888f2af69c5563ad5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:ac:29:86:06:fb:d4:74:47:a4:b2:5c:d0:87:
                    4f:84:6e:ef:4c:ac:0e:16:2f:04:0e:21:1c:1c:15:
                    33:e9:f5:4e:eb:f7:b3:0b:f9:d9:b0:c4:24:b4:24:
                    52:53:de:55:8e:2d:ef:2b:02:84:75:5b:59:e8:c1:
                    e3:5c:34:84:25:d4:33:6f:d3:8e:74:ee:40:da:3a:
                    43:f4:5a:6e:14:fd:80:22:fd:2f:7e:1b:f7:8b:d1:
                    f7:35:af:23:27:0c:e5:89:35:0b:6c:22:bc:4f:be:
                    5d:79:39:e9:ce:d9:2a:a3:e1:24:ad:b9:42:7d:ec:
                    6c:94:e4:3c:9f:6b:44:6c:32:a7:bb:a4:4b:fa:f0:
                    b7:df:ab:ce:c2:de:6a:1c:ec:7b:ee:9a:e9:8e:a9:
                    83:5a:5a:d7:90:27:c9:f5:1f:3d:32:80:3d:8a:c3:
                    2f:74:d7:73:eb:2b:d6:45:50:06:23:29:b8:f4:4d:
                    73:9f:d2:55:5e:47:ed:f2:3c:38:66:d6:14:d7:6b:
                    69:31:e1:89:3f:76:75:c9:af:d6:cf:9b:8d:3c:fe:
                    e9:1f:32:19:5e:2c:ca:d9:dd:fa:87:fa:70:cf:0a:
                    a2:96:5a:03:1d:5a:29:62:54:33:52:0d:dc:af:db:
                    2d:80:f8:06:6d:1b:8a:96:61:ae:53:1a:46:ce:af:
                    ac:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:9E:65:0F:1A:C7:56:CE:DC:2D:4E:88:8F:2A:F6:9C:55:63:AD:5D
            X509v3 Authority Key Identifier:
                keyid:5A:F4:DE:6E:73:C8:E0:53:CB:64:0B:74:D2:B9:12:AB:D9:0B:05:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WvTebnPI4FPLZAt00rkSq9kLBYA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/ad3696-f36f-4df0-b2de-c1e9362b1a51/1/k55lDxrHVs7cLU6Ijyr2nFVjrV0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/ad3696-f36f-4df0-b2de-c1e9362b1a51/1/WvTebnPI4FPLZAt00rkSq9kLBYA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.128.160.0/19
                  82.214.192.0/18
                  128.65.64.0/19
                  185.117.52.0/22
                  195.238.32.0/19
                IPv6:
                  2a0a:1240::/31

    Signature Algorithm: sha256WithRSAEncryption
         06:cf:18:c4:27:82:90:17:82:49:15:6e:ed:25:26:27:7d:77:
         8f:7d:dd:1d:81:3c:94:b6:f8:de:0f:83:7e:34:b3:cd:41:6c:
         66:19:a7:8b:df:10:2f:58:e0:06:e8:02:54:99:c4:48:c0:bd:
         06:8d:bb:dd:41:20:81:15:0b:8f:60:d4:69:51:88:34:13:7c:
         84:e8:60:fb:92:e5:16:61:76:28:66:3e:2a:b1:e8:50:8c:43:
         45:69:25:b4:3e:fc:df:1e:96:e2:ca:9d:91:e5:39:31:62:fc:
         af:38:f1:03:c1:bb:6c:16:e6:8e:a4:81:8d:57:f1:3b:c0:3e:
         d9:c6:56:1f:6c:7e:7d:cb:7f:d9:04:a3:ce:9f:5c:7c:17:53:
         5a:69:4e:6d:66:27:4e:ff:89:a6:dc:6a:46:0c:fd:24:ec:73:
         19:06:f3:1d:d9:42:54:71:ad:f0:31:17:ae:88:a3:f9:96:93:
         02:50:90:b1:30:8d:b5:a6:29:b4:a0:f5:ce:84:00:2e:db:e6:
         bf:b0:7e:af:d5:9f:81:e8:c1:25:57:ba:9f:b8:b7:7a:3d:17:
         65:f8:2e:f8:a5:04:c8:33:34:95:90:24:bb:a3:ac:52:36:61:
         c4:5f:f4:9d:ea:70:15:64:e2:54:e5:33:a1:bd:5a:93:05:ad:
         74:74:cc:e4
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYVuuNp63BNToFoF+Z+WJZoJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhZjRkZTZlNzNjOGUwNTNjYjY0MGI3NGQyYjkxMmFiZDkw
YjA1ODAwHhcNMjMwMTAxMTkwNDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzllNjUwZjFhYzc1NmNlZGMyZDRlODg4ZjJhZjY5YzU1NjNhZDVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmawphgb71HRHpLJc0IdPhG7vTKwO
Fi8EDiEcHBUz6fVO6/ezC/nZsMQktCRSU95Vji3vKwKEdVtZ6MHjXDSEJdQzb9OO
dO5A2jpD9FpuFP2AIv0vfhv3i9H3Na8jJwzliTULbCK8T75deTnpztkqo+EkrblC
fexslOQ8n2tEbDKnu6RL+vC336vOwt5qHOx77prpjqmDWlrXkCfJ9R89MoA9isMv
dNdz6yvWRVAGIym49E1zn9JVXkft8jw4ZtYU12tpMeGJP3Z1ya/Wz5uNPP7pHzIZ
XizK2d36h/pwzwqilloDHVopYlQzUg3cr9stgPgGbRuKlmGuUxpGzq+s1wIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFJOeZQ8ax1bO3C1OiI8q9pxVY61dMB8GA1UdIwQY
MBaAFFr03m5zyOBTy2QLdNK5EqvZCwWAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3ZUZWJuUEk0RlBMWkF0MDBya1NxOWtMQllBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi9hZDM2OTYtZjM2Zi00ZGYwLWIyZGUt
YzFlOTM2MmIxYTUxLzEvazU1bER4ckhWczdjTFU2SWp5cjJuRlZqclYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi9hZDM2OTYtZjM2Zi00ZGYwLWIyZGUtYzFlOTM2MmIxYTUx
LzEvV3ZUZWJuUEk0RlBMWkF0MDBya1NxOWtMQllBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQFPoCgAwQG
UtbAAwQFgEFAAwQCuXU0AwQFw+4gMA0EAgACMAcDBQEqChJAMA0GCSqGSIb3DQEB
CwUAA4IBAQAGzxjEJ4KQF4JJFW7tJSYnfXePfd0dgTyUtvjeD4N+NLPNQWxmGaeL
3xAvWOAG6AJUmcRIwL0GjbvdQSCBFQuPYNRpUYg0E3yE6GD7kuUWYXYoZj4qsehQ
jENFaSW0PvzfHpbiyp2R5TkxYvyvOPEDwbtsFuaOpIGNV/E7wD7ZxlYfbH59y3/Z
BKPOn1x8F1NaaU5tZidO/4mm3GpGDP0k7HMZBvMd2UJUca3wMReuiKP5lpMCUJCx
MI21pim0oPXOhAAu2+a/sH6v1Z+B6MElV7qfuLd6PRdl+C74pQTIMzSVkCS7o6xS
NmHEX/Sd6nAVZOJU5TOhvVqTBa10dMzk
-----END CERTIFICATE-----