Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/c74a4f-4052-4c9b-a7f8-43aa4cce3f48/1/pCJZW5eZ-bv91-4R09FxUm0Pit8.roa
File:                     pCJZW5eZ-bv91-4R09FxUm0Pit8.roa (raw, json)
Hash identifier:          0J55bJBQgC29T2PTEkQycpDrGNxr7jGyaSBgnY1CDOs=
Subject key identifier:   A4:22:59:5B:97:99:F9:BB:FD:D7:EE:11:D3:D1:71:52:6D:0F:8A:DF
Certificate issuer:       /CN=7ac623efbfc124712162240cba02a4da1d4dcea3
Certificate serial:       01857102D365B1850E36B2579ADF079BA468
Authority key identifier: 7A:C6:23:EF:BF:C1:24:71:21:62:24:0C:BA:02:A4:DA:1D:4D:CE:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/esYj77_BJHEhYiQMugKk2h1NzqM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/c74a4f-4052-4c9b-a7f8-43aa4cce3f48/1/pCJZW5eZ-bv91-4R09FxUm0Pit8.roa
Signing time:             Mon 02 Jan 2023 05:44:48 +0000
ROA not before:           Mon 02 Jan 2023 05:44:48 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     212661
IP address blocks:        212.146.188.0/24 maxlen: 24
                          212.146.190.0/24 maxlen: 24
                          212.146.164.0/22 maxlen: 22
                          212.146.160.0/24 maxlen: 24
                          212.146.160.0/22 maxlen: 22
                          212.146.161.0/24 maxlen: 24
                          212.146.172.0/24 maxlen: 24
                          212.146.175.0/24 maxlen: 24
                          212.146.176.0/22 maxlen: 22
                          212.146.180.0/22 maxlen: 22
                          185.123.148.0/24 maxlen: 24
                          193.3.37.0/24 maxlen: 24
                          2a06:dac0::/44 maxlen: 44
                          2a06:dac0:100::/44 maxlen: 44
                          2a06:dac0:200::/44 maxlen: 44

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 10:30:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:02:d3:65:b1:85:0e:36:b2:57:9a:df:07:9b:a4:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ac623efbfc124712162240cba02a4da1d4dcea3
        Validity
            Not Before: Jan  2 05:44:48 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a422595b9799f9bbfdd7ee11d3d171526d0f8adf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:3c:8b:9a:e5:ad:26:0d:22:7d:1f:37:77:bf:
                    b0:25:f8:8a:3b:25:be:90:c8:ce:af:c4:3f:61:01:
                    7e:89:62:ab:c2:ed:a4:fd:88:6b:45:b7:8d:0b:3a:
                    85:75:20:f9:9e:61:a9:61:f0:bb:58:e1:e1:bc:39:
                    8f:19:0e:8f:05:ce:0a:e1:bb:ad:78:6d:bb:65:5a:
                    29:11:13:c5:ef:eb:f5:ed:a2:14:63:ce:2f:5b:79:
                    c3:98:20:07:f5:ee:3f:ad:19:2a:c0:e0:7c:4d:23:
                    c8:02:81:0b:41:c0:7d:1e:50:2f:64:1e:e6:38:72:
                    99:d7:0a:fa:eb:3c:5e:5c:77:c6:cf:ec:b7:61:6f:
                    91:f9:7f:9f:7b:fc:f8:32:ea:7d:34:1c:e4:b1:e9:
                    5a:66:03:4a:97:2c:92:2c:49:b2:6a:ff:4a:1b:eb:
                    1a:31:67:0c:b4:f8:c2:38:43:31:8f:9a:9d:87:3d:
                    24:f3:dc:c0:e0:39:b6:0a:d2:c7:4d:18:e6:6c:8d:
                    56:92:56:90:9d:ab:8c:f4:c0:a1:e3:74:ae:8d:25:
                    82:11:5a:59:ee:c2:bf:fa:f8:2c:b5:6e:34:fa:0f:
                    c8:95:02:06:02:79:bc:e9:f1:82:ae:a8:53:f3:3d:
                    1f:b5:fe:7f:7c:5e:3f:94:9c:1a:e0:82:0f:b7:5d:
                    4c:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:22:59:5B:97:99:F9:BB:FD:D7:EE:11:D3:D1:71:52:6D:0F:8A:DF
            X509v3 Authority Key Identifier:
                keyid:7A:C6:23:EF:BF:C1:24:71:21:62:24:0C:BA:02:A4:DA:1D:4D:CE:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/esYj77_BJHEhYiQMugKk2h1NzqM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/c74a4f-4052-4c9b-a7f8-43aa4cce3f48/1/pCJZW5eZ-bv91-4R09FxUm0Pit8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/c74a4f-4052-4c9b-a7f8-43aa4cce3f48/1/esYj77_BJHEhYiQMugKk2h1NzqM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.123.148.0/24
                  193.3.37.0/24
                  212.146.160.0/21
                  212.146.172.0/24
                  212.146.175.0-212.146.183.255
                  212.146.188.0/24
                  212.146.190.0/24
                IPv6:
                  2a06:dac0::/44
                  2a06:dac0:100::/44
                  2a06:dac0:200::/44

    Signature Algorithm: sha256WithRSAEncryption
         98:f9:bb:8d:ac:f1:c5:59:70:fc:f9:d5:ce:b0:42:c6:a8:27:
         a8:a3:85:df:2f:05:5a:10:07:0a:e4:7b:fb:6f:bf:97:42:2e:
         88:8d:4a:f4:f4:43:17:75:f5:13:57:2c:06:91:6e:55:10:a2:
         4d:55:29:1d:68:ff:90:1a:3b:13:0c:bb:db:8d:46:2b:8b:a9:
         bd:1f:b3:e3:12:85:e1:19:63:51:f9:6c:63:cc:f6:9c:01:32:
         8a:21:ff:7b:fb:d2:da:3e:d6:88:99:a5:ce:51:a8:05:bd:96:
         dd:16:bf:83:4f:0b:5a:40:d5:44:eb:17:f4:c8:36:b5:60:4b:
         fe:b4:10:cb:9a:cb:52:4e:1b:cc:dd:ca:1c:31:12:c1:35:fb:
         ee:92:ff:1e:d2:1e:e4:05:52:b1:b9:bc:85:9f:3d:22:7b:2e:
         89:c5:e7:71:f1:6e:3c:71:ef:00:56:8f:62:77:c0:20:53:d7:
         06:b2:a7:46:37:cd:a4:22:16:4e:b9:48:93:56:56:2b:41:a0:
         1e:24:0b:0a:ee:df:f9:f1:0b:12:8b:f5:05:c9:12:81:a9:9d:
         53:14:af:cd:92:8f:bb:98:21:cc:2c:f6:bd:f0:b6:ff:ed:95:
         ab:24:ef:16:e3:8c:86:f9:b4:9f:09:cd:e6:e6:e1:fa:70:15:
         fe:6d:17:26
-----BEGIN CERTIFICATE-----
MIIFTDCCBDSgAwIBAgISAYVxAtNlsYUONrJXmt8Hm6RoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhYzYyM2VmYmZjMTI0NzEyMTYyMjQwY2JhMDJhNGRhMWQ0
ZGNlYTMwHhcNMjMwMTAyMDU0NDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDIyNTk1Yjk3OTlmOWJiZmRkN2VlMTFkM2QxNzE1MjZkMGY4YWRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwTyLmuWtJg0ifR83d7+wJfiKOyW+
kMjOr8Q/YQF+iWKrwu2k/YhrRbeNCzqFdSD5nmGpYfC7WOHhvDmPGQ6PBc4K4but
eG27ZVopERPF7+v17aIUY84vW3nDmCAH9e4/rRkqwOB8TSPIAoELQcB9HlAvZB7m
OHKZ1wr66zxeXHfGz+y3YW+R+X+fe/z4Mup9NBzkselaZgNKlyySLEmyav9KG+sa
MWcMtPjCOEMxj5qdhz0k89zA4Dm2CtLHTRjmbI1WklaQnauM9MCh43SujSWCEVpZ
7sK/+vgstW40+g/IlQIGAnm86fGCrqhT8z0ftf5/fF4/lJwa4IIPt11MIwIDAQAB
o4ICWDCCAlQwHQYDVR0OBBYEFKQiWVuXmfm7/dfuEdPRcVJtD4rfMB8GA1UdIwQY
MBaAFHrGI++/wSRxIWIkDLoCpNodTc6jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXNZajc3X0JKSEVoWWlRTXVnS2syaDFOenFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9jNzRhNGYtNDA1Mi00YzliLWE3Zjgt
NDNhYTRjY2UzZjQ4LzEvcENKWlc1ZVotYnY5MS00UjA5RnhVbTBQaXQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9jNzRhNGYtNDA1Mi00YzliLWE3ZjgtNDNhYTRjY2UzZjQ4
LzEvZXNZajc3X0JKSEVoWWlRTXVnS2syaDFOenFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG4GCCsGAQUFBwEHAQH/BF8wXTA4BAIAATAyAwQAuXuUAwQA
wQMlAwQD1JKgAwQA1JKsMAwDBADUkq8DBAPUkrADBADUkrwDBADUkr4wIQQCAAIw
GwMHBCoG2sAAAAMHBCoG2sABAAMHBCoG2sACADANBgkqhkiG9w0BAQsFAAOCAQEA
mPm7jazxxVlw/PnVzrBCxqgnqKOF3y8FWhAHCuR7+2+/l0IuiI1K9PRDF3X1E1cs
BpFuVRCiTVUpHWj/kBo7Ewy7241GK4upvR+z4xKF4RljUflsY8z2nAEyiiH/e/vS
2j7WiJmlzlGoBb2W3Ra/g08LWkDVROsX9Mg2tWBL/rQQy5rLUk4bzN3KHDESwTX7
7pL/HtIe5AVSsbm8hZ89InsuicXncfFuPHHvAFaPYnfAIFPXBrKnRjfNpCIWTrlI
k1ZWK0GgHiQLCu7f+fELEov1BckSgamdUxSvzZKPu5ghzCz2vfC2/+2VqyTvFuOM
hvm0nwnN5ubh+nAV/m0XJg==
-----END CERTIFICATE-----