Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/2922cf-1861-419d-9eea-0a79d54965a9/1/LBgrH4CLrXjcpn_5FmjhcMnTfvo.roa
File:                     LBgrH4CLrXjcpn_5FmjhcMnTfvo.roa (raw, json)
Hash identifier:          e/gIG4GlF7AKwjoNs+j6pF1NXR3NFiUDlwSJu4lgshg=
Subject key identifier:   2C:18:2B:1F:80:8B:AD:78:DC:A6:7F:F9:16:68:E1:70:C9:D3:7E:FA
Certificate issuer:       /CN=84184ce919023640bb9256c2d8d1a049fa102520
Certificate serial:       01856FA70321764080CBC6321549C9C547C3
Authority key identifier: 84:18:4C:E9:19:02:36:40:BB:92:56:C2:D8:D1:A0:49:FA:10:25:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hBhM6RkCNkC7klbC2NGgSfoQJSA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/2922cf-1861-419d-9eea-0a79d54965a9/1/LBgrH4CLrXjcpn_5FmjhcMnTfvo.roa
Signing time:             Sun 01 Jan 2023 23:24:54 +0000
ROA not before:           Sun 01 Jan 2023 23:24:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43212
IP address blocks:        185.11.68.0/22 maxlen: 22
                          185.11.68.0/24 maxlen: 24
                          185.11.71.0/24 maxlen: 24
                          185.11.69.0/24 maxlen: 24
                          185.11.70.0/24 maxlen: 24
                          185.83.196.0/22 maxlen: 22
                          185.83.196.0/24 maxlen: 24
                          185.83.197.0/24 maxlen: 24
                          185.83.198.0/24 maxlen: 24
                          185.83.199.0/24 maxlen: 24
                          185.59.112.0/23 maxlen: 23
                          185.59.112.0/24 maxlen: 24
                          185.59.113.0/24 maxlen: 24
                          2a0b:3000::/29 maxlen: 29
                          2a03:9080::/32 maxlen: 32
                          2a06:e080::/29 maxlen: 29
                          2a05:9e40::/29 maxlen: 29

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 02:29:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:a7:03:21:76:40:80:cb:c6:32:15:49:c9:c5:47:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84184ce919023640bb9256c2d8d1a049fa102520
        Validity
            Not Before: Jan  1 23:24:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2c182b1f808bad78dca67ff91668e170c9d37efa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:92:1e:7b:e7:a0:48:b8:99:62:05:f5:05:ea:
                    0d:65:7e:8c:1a:df:ce:da:48:89:02:47:e6:00:fd:
                    15:34:22:8f:9f:f6:e8:82:73:f6:a5:30:71:e9:37:
                    f6:fd:e6:f2:4f:f0:92:1b:18:e2:3f:a9:f8:fa:cb:
                    10:6a:36:1a:d1:3f:c6:8e:d6:0a:6d:b2:7e:2f:ce:
                    d9:57:9d:a5:08:8b:14:53:93:f0:8a:70:c7:f9:d1:
                    00:70:ca:d7:36:57:3b:91:51:fa:ff:e1:c5:68:11:
                    7c:2e:ed:f7:c0:15:aa:4e:65:b2:c2:67:8e:4b:48:
                    b9:78:60:02:94:94:4f:37:a6:39:2b:0d:d1:0e:e8:
                    04:9f:63:26:a4:eb:04:45:82:8c:fa:db:52:7e:83:
                    03:55:46:eb:71:62:75:a7:85:fd:ee:2e:02:47:58:
                    54:3c:4c:22:31:e7:a3:19:63:0c:61:05:10:5a:ef:
                    1d:b7:64:81:4f:96:9e:f4:04:89:fe:8d:6e:82:2c:
                    50:69:cc:46:aa:ec:a7:39:7e:34:92:63:91:60:1b:
                    27:a2:b7:64:ef:72:ae:88:9f:ca:87:3d:bc:9a:9a:
                    2f:07:65:85:88:23:a2:62:fa:6f:19:1c:02:42:11:
                    4e:5c:d4:d6:57:a4:9f:74:62:1b:77:d6:11:34:16:
                    0f:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:18:2B:1F:80:8B:AD:78:DC:A6:7F:F9:16:68:E1:70:C9:D3:7E:FA
            X509v3 Authority Key Identifier:
                keyid:84:18:4C:E9:19:02:36:40:BB:92:56:C2:D8:D1:A0:49:FA:10:25:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hBhM6RkCNkC7klbC2NGgSfoQJSA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/2922cf-1861-419d-9eea-0a79d54965a9/1/LBgrH4CLrXjcpn_5FmjhcMnTfvo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/2922cf-1861-419d-9eea-0a79d54965a9/1/hBhM6RkCNkC7klbC2NGgSfoQJSA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.11.68.0/22
                  185.59.112.0/23
                  185.83.196.0/22
                IPv6:
                  2a03:9080::/32
                  2a05:9e40::/29
                  2a06:e080::/29
                  2a0b:3000::/29

    Signature Algorithm: sha256WithRSAEncryption
         2f:b5:4f:a2:84:80:97:23:29:00:38:cb:90:3b:e9:41:54:f4:
         bc:ae:7d:d0:49:1e:c0:58:e6:d1:38:8c:0a:10:5a:ce:dd:ee:
         fe:0c:4f:bc:3e:64:76:52:53:25:4e:08:22:c5:26:29:dc:45:
         65:bc:78:58:bb:c1:c1:39:d1:93:91:01:8b:a4:69:3b:17:5d:
         c7:ab:70:84:72:31:1f:da:63:3b:0d:81:76:63:1e:e4:34:06:
         4f:87:d4:c0:6a:96:6c:8f:e4:f6:09:d4:37:7c:c8:68:4f:4d:
         96:63:3e:37:ee:fe:c4:1b:f7:78:dd:0e:1b:aa:08:f2:b5:4e:
         62:d9:d6:d5:4b:cd:26:c9:b0:17:72:51:93:23:5a:ac:12:d4:
         6e:b3:40:99:a7:8d:42:0d:e6:53:f0:85:45:43:3e:c0:d4:1e:
         86:3e:72:50:04:58:7b:29:68:c2:b8:bb:9b:e0:dd:97:65:0b:
         d9:7a:87:16:af:22:b8:98:e3:a1:34:95:ef:aa:21:da:be:7f:
         f4:5e:44:cb:16:7c:97:75:e6:12:70:e2:90:46:d4:87:b9:68:
         44:41:3f:5d:15:5e:1c:d7:1e:81:22:06:a2:11:8a:19:fb:20:
         65:ff:bd:f8:19:76:70:28:f5:6b:7a:84:01:12:62:3e:f7:d0:
         ca:fc:a2:67
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYVvpwMhdkCAy8YyFUnJxUfDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0MTg0Y2U5MTkwMjM2NDBiYjkyNTZjMmQ4ZDFhMDQ5ZmEx
MDI1MjAwHhcNMjMwMTAxMjMyNDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzE4MmIxZjgwOGJhZDc4ZGNhNjdmZjkxNjY4ZTE3MGM5ZDM3ZWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn5Iee+egSLiZYgX1BeoNZX6MGt/O
2kiJAkfmAP0VNCKPn/bognP2pTBx6Tf2/ebyT/CSGxjiP6n4+ssQajYa0T/GjtYK
bbJ+L87ZV52lCIsUU5PwinDH+dEAcMrXNlc7kVH6/+HFaBF8Lu33wBWqTmWywmeO
S0i5eGAClJRPN6Y5Kw3RDugEn2MmpOsERYKM+ttSfoMDVUbrcWJ1p4X97i4CR1hU
PEwiMeejGWMMYQUQWu8dt2SBT5ae9ASJ/o1ugixQacxGquynOX40kmORYBsnordk
73KuiJ/Khz28mpovB2WFiCOiYvpvGRwCQhFOXNTWV6SfdGIbd9YRNBYP3wIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFCwYKx+Ai6143KZ/+RZo4XDJ0376MB8GA1UdIwQY
MBaAFIQYTOkZAjZAu5JWwtjRoEn6ECUgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEJoTTZSa0NOa0M3a2xiQzJOR2dTZm9RSlNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC8yOTIyY2YtMTg2MS00MTlkLTllZWEt
MGE3OWQ1NDk2NWE5LzEvTEJnckg0Q0xyWGpjcG5fNUZtamhjTW5UZnZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC8yOTIyY2YtMTg2MS00MTlkLTllZWEtMGE3OWQ1NDk2NWE5
LzEvaEJoTTZSa0NOa0M3a2xiQzJOR2dTZm9RSlNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjAYBAIAATASAwQCuQtEAwQB
uTtwAwQCuVPEMCIEAgACMBwDBQAqA5CAAwUDKgWeQAMFAyoG4IADBQMqCzAAMA0G
CSqGSIb3DQEBCwUAA4IBAQAvtU+ihICXIykAOMuQO+lBVPS8rn3QSR7AWObROIwK
EFrO3e7+DE+8PmR2UlMlTggixSYp3EVlvHhYu8HBOdGTkQGLpGk7F13Hq3CEcjEf
2mM7DYF2Yx7kNAZPh9TAapZsj+T2CdQ3fMhoT02WYz437v7EG/d43Q4bqgjytU5i
2dbVS80mybAXclGTI1qsEtRus0CZp41CDeZT8IVFQz7A1B6GPnJQBFh7KWjCuLub
4N2XZQvZeocWryK4mOOhNJXvqiHavn/0XkTLFnyXdeYScOKQRtSHuWhEQT9dFV4c
1x6BIgaiEYoZ+yBl/734GXZwKPVreoQBEmI+99DK/KJn
-----END CERTIFICATE-----