Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/2215f7-887a-4bd5-bf97-ffb709f7668c/1/A60g_Rth0mJb1iLh7tv6nwhCeIg.roa
File:                     A60g_Rth0mJb1iLh7tv6nwhCeIg.roa (raw, json)
Hash identifier:          8Q94oaQK1lDImmXz66p0fWu17ZJuWFjagKzZZRcHMdo=
Subject key identifier:   03:AD:20:FD:1B:61:D2:62:5B:D6:22:E1:EE:DB:FA:9F:08:42:78:88
Certificate issuer:       /CN=4c87389ef41f18c1fcc82754349ea7096980b1e3
Certificate serial:       01856FC26502AB2EE50DB9B01A2F72AEE408
Authority key identifier: 4C:87:38:9E:F4:1F:18:C1:FC:C8:27:54:34:9E:A7:09:69:80:B1:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TIc4nvQfGMH8yCdUNJ6nCWmAseM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/2215f7-887a-4bd5-bf97-ffb709f7668c/1/A60g_Rth0mJb1iLh7tv6nwhCeIg.roa
Signing time:             Sun 01 Jan 2023 23:54:48 +0000
ROA not before:           Sun 01 Jan 2023 23:54:48 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     57822
IP address blocks:        185.54.246.0/24 maxlen: 24
                          185.54.245.0/24 maxlen: 24
                          185.54.247.0/24 maxlen: 24
                          94.247.109.0/24 maxlen: 24
                          94.247.108.0/24 maxlen: 24
                          94.247.107.0/24 maxlen: 24
                          94.247.106.0/24 maxlen: 24
                          2a02:47a0:201::/48 maxlen: 48
                          2a02:47a0:4::/48 maxlen: 48
                          2a02:47a0:202::/48 maxlen: 48
                          2a02:47a0:203::/48 maxlen: 48
                          2a02:47a0:3::/48 maxlen: 48

Validation:               Failed, certificate revoked on Fri 29 Sep 2023 05:25:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:c2:65:02:ab:2e:e5:0d:b9:b0:1a:2f:72:ae:e4:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c87389ef41f18c1fcc82754349ea7096980b1e3
        Validity
            Not Before: Jan  1 23:54:48 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=03ad20fd1b61d2625bd622e1eedbfa9f08427888
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:3d:09:1e:bd:be:66:34:e6:df:42:56:00:45:
                    0c:4b:2a:fe:37:12:0a:2b:df:56:ca:ae:a4:57:0c:
                    7f:08:d8:9d:b2:5c:3e:00:82:c5:c5:ed:69:e9:0c:
                    6e:47:f2:a1:c1:00:7e:fc:86:8f:d4:c1:27:77:cd:
                    c8:53:fb:09:b4:bd:d2:cf:3e:cf:ca:d5:a2:10:dc:
                    f8:08:ad:e2:53:ee:1d:f4:eb:9b:a8:34:67:2f:ec:
                    f0:24:8c:84:1e:05:01:31:73:b0:6c:cd:b9:d3:81:
                    10:b5:61:f3:5c:fb:68:8b:05:02:24:39:16:21:aa:
                    f7:18:58:23:c0:9a:9b:af:b6:7b:a1:10:fd:37:87:
                    8e:d4:05:23:b8:2f:39:b2:82:98:6b:58:c4:43:43:
                    dd:ca:2a:71:87:ce:5e:1a:f8:69:a4:b4:bd:5a:9f:
                    08:2e:d4:89:d4:5a:38:eb:81:d0:b5:ff:59:ff:c1:
                    fb:92:06:c0:2d:3e:50:06:e9:e7:ec:f0:7e:c4:ee:
                    ce:bd:d2:8f:9f:bb:76:9c:2e:ce:3e:23:de:c4:b2:
                    30:b4:ca:3a:2d:86:68:59:ce:73:d7:9c:0c:df:50:
                    57:d5:df:12:2e:f4:01:47:3f:a4:36:02:e4:df:94:
                    61:00:0c:0c:f5:3f:77:52:b5:8c:40:ab:35:66:ce:
                    98:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:AD:20:FD:1B:61:D2:62:5B:D6:22:E1:EE:DB:FA:9F:08:42:78:88
            X509v3 Authority Key Identifier:
                keyid:4C:87:38:9E:F4:1F:18:C1:FC:C8:27:54:34:9E:A7:09:69:80:B1:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TIc4nvQfGMH8yCdUNJ6nCWmAseM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/2215f7-887a-4bd5-bf97-ffb709f7668c/1/A60g_Rth0mJb1iLh7tv6nwhCeIg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/2215f7-887a-4bd5-bf97-ffb709f7668c/1/TIc4nvQfGMH8yCdUNJ6nCWmAseM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.247.106.0-94.247.109.255
                  185.54.245.0-185.54.247.255
                IPv6:
                  2a02:47a0:3::-2a02:47a0:4:ffff:ffff:ffff:ffff:ffff
                  2a02:47a0:201::-2a02:47a0:203:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         63:b9:88:d0:68:af:55:73:67:7a:12:98:1c:55:9e:72:f1:51:
         28:11:cf:b0:0c:64:d3:d2:c8:ca:70:28:5e:14:93:8a:fe:b6:
         d4:5f:ee:11:f9:8f:2e:0c:21:64:fa:68:97:48:81:92:34:fa:
         2e:2c:c8:72:50:7a:de:9e:6c:f0:17:6f:0e:bf:90:15:95:6e:
         ea:e6:23:9d:4b:82:b1:05:be:01:2f:21:a1:11:87:92:59:04:
         03:21:70:7a:32:d9:e6:f7:61:13:71:8b:d9:cc:23:bf:49:b7:
         9a:1b:3a:b6:19:55:39:18:50:18:2a:1e:f1:67:63:3a:72:f0:
         2a:46:5e:7e:a1:e0:f8:b2:ea:cc:a4:d4:d9:5d:08:6c:4d:ad:
         50:49:9a:2d:93:d6:3a:c8:da:e0:f8:01:b4:35:69:d2:b8:7a:
         1b:4c:89:4d:c5:0a:14:5e:d4:16:e4:8b:f0:c0:a3:d7:2c:cc:
         2f:a7:f4:43:7b:3d:35:0e:05:87:d5:0f:5f:0d:2f:40:5d:0f:
         72:96:ed:0a:f9:ad:4f:79:52:a5:55:62:7e:34:f7:35:06:91:
         c0:71:f6:7e:a1:36:e9:7f:ff:12:ee:33:71:2e:7a:ee:4e:65:
         31:63:d2:6c:a8:86:cb:b5:4a:fc:46:a2:12:73:09:2b:27:46:
         69:45:1e:cd
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAYVvwmUCqy7lDbmwGi9yruQIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjODczODllZjQxZjE4YzFmY2M4Mjc1NDM0OWVhNzA5Njk4
MGIxZTMwHhcNMjMwMTAxMjM1NDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2FkMjBmZDFiNjFkMjYyNWJkNjIyZTFlZWRiZmE5ZjA4NDI3ODg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArj0JHr2+ZjTm30JWAEUMSyr+NxIK
K99Wyq6kVwx/CNidslw+AILFxe1p6QxuR/KhwQB+/IaP1MEnd83IU/sJtL3Szz7P
ytWiENz4CK3iU+4d9OubqDRnL+zwJIyEHgUBMXOwbM2504EQtWHzXPtoiwUCJDkW
Iar3GFgjwJqbr7Z7oRD9N4eO1AUjuC85soKYa1jEQ0Pdyipxh85eGvhppLS9Wp8I
LtSJ1Fo464HQtf9Z/8H7kgbALT5QBunn7PB+xO7OvdKPn7t2nC7OPiPexLIwtMo6
LYZoWc5z15wM31BX1d8SLvQBRz+kNgLk35RhAAwM9T93UrWMQKs1Zs6YfwIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFAOtIP0bYdJiW9Yi4e7b+p8IQniIMB8GA1UdIwQY
MBaAFEyHOJ70HxjB/MgnVDSepwlpgLHjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEljNG52UWZHTUg4eUNkVU5KNm5DV21Bc2VNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC8yMjE1ZjctODg3YS00YmQ1LWJmOTct
ZmZiNzA5Zjc2NjhjLzEvQTYwZ19SdGgwbUpiMWlMaDd0djZud2hDZUlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC8yMjE1ZjctODg3YS00YmQ1LWJmOTctZmZiNzA5Zjc2Njhj
LzEvVEljNG52UWZHTUg4eUNkVU5KNm5DV21Bc2VNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDAiBAIAATAcMAwDBAFe92oD
BAFe92wwDAMEALk29QMEA7k28DAuBAIAAjAoMBIDBwAqAkegAAMDBwAqAkegAAQw
EgMHACoCR6ACAQMHAioCR6ACADANBgkqhkiG9w0BAQsFAAOCAQEAY7mI0GivVXNn
ehKYHFWecvFRKBHPsAxk09LIynAoXhSTiv621F/uEfmPLgwhZPpol0iBkjT6LizI
clB63p5s8BdvDr+QFZVu6uYjnUuCsQW+AS8hoRGHklkEAyFwejLZ5vdhE3GL2cwj
v0m3mhs6thlVORhQGCoe8WdjOnLwKkZefqHg+LLqzKTU2V0IbE2tUEmaLZPWOsja
4PgBtDVp0rh6G0yJTcUKFF7UFuSL8MCj1yzML6f0Q3s9NQ4Fh9UPXw0vQF0Pcpbt
CvmtT3lSpVVifjT3NQaRwHH2fqE26X//Eu4zcS567k5lMWPSbKiGy7VK/EaiEnMJ
KydGaUUezQ==
-----END CERTIFICATE-----