Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/3USCAY642u0HJ9Md0UCDss3VMCQ.roa
File:                     3USCAY642u0HJ9Md0UCDss3VMCQ.roa (raw, json)
Hash identifier:          DGUTb6EtdoVBBAnU7gqAmpxskh9ZQIttpkZ7oWHe4wk=
Subject key identifier:   DD:44:82:01:8E:B8:DA:ED:07:27:D3:1D:D1:40:83:B2:CD:D5:30:24
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       01856F66E5A0058242F88061EB792F2B8A13
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/3USCAY642u0HJ9Md0UCDss3VMCQ.roa
Signing time:             Sun 01 Jan 2023 22:14:52 +0000
ROA not before:           Sun 01 Jan 2023 22:14:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     1239
IP address blocks:        193.124.226.0/24 maxlen: 24
                          193.124.224.0/23 maxlen: 23
                          194.87.226.0/24 maxlen: 24
                          194.87.126.0/24 maxlen: 24
                          212.192.208.0/23 maxlen: 24
                          193.124.49.0/24 maxlen: 24
                          194.87.41.0/24 maxlen: 24
                          195.133.22.0/24 maxlen: 24
                          194.135.46.0/24 maxlen: 24
                          212.192.16.0/21 maxlen: 24
                          194.87.61.0/24 maxlen: 24
                          194.87.192.0/22 maxlen: 22

Validation:               Failed, certificate revoked on Mon 16 Jan 2023 10:08:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:66:e5:a0:05:82:42:f8:80:61:eb:79:2f:2b:8a:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  1 22:14:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=dd4482018eb8daed0727d31dd14083b2cdd53024
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:3c:ab:3e:39:de:29:9a:1e:83:0f:c5:c9:66:
                    53:5f:e1:4e:a4:36:3d:35:5c:75:63:c3:83:2b:f7:
                    1b:54:d0:21:77:ee:91:f3:bb:63:18:06:c7:3a:44:
                    df:40:6e:a2:66:e3:7e:6a:74:06:2b:ba:ac:55:68:
                    ad:73:53:98:00:37:bb:0e:ad:8c:3c:f3:9b:33:32:
                    93:5a:e9:3c:e9:47:64:b7:8e:c7:3d:95:57:c5:b4:
                    7b:f2:82:d0:b2:f6:85:51:b4:60:f9:08:8a:d0:9f:
                    ea:f1:18:c6:0d:23:fc:77:47:5f:04:cf:68:d7:e7:
                    42:13:65:a7:15:4a:64:7b:ca:92:1e:d3:57:a8:b0:
                    e6:ab:24:d8:f7:d7:60:b1:69:83:d6:79:b5:5d:c4:
                    bd:a5:05:d0:70:7c:69:9c:01:2f:39:4d:b8:59:a6:
                    00:06:dc:6c:50:cf:cf:38:ef:ce:24:36:84:c2:ca:
                    46:92:47:d4:13:94:e3:d8:f8:74:41:1d:d5:a3:d1:
                    82:d7:7a:e8:28:cb:54:b1:e4:2d:ae:73:5f:e9:ff:
                    fd:66:f9:d8:b8:a5:ef:fa:59:7f:57:3b:1e:b2:ed:
                    4e:f3:d6:13:66:7c:42:83:c3:b2:2c:8f:b4:89:05:
                    b8:77:87:36:02:72:b7:c5:5e:e2:d9:fb:4b:7b:a9:
                    39:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:44:82:01:8E:B8:DA:ED:07:27:D3:1D:D1:40:83:B2:CD:D5:30:24
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/3USCAY642u0HJ9Md0UCDss3VMCQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.49.0/24
                  193.124.224.0-193.124.226.255
                  194.87.41.0/24
                  194.87.61.0/24
                  194.87.126.0/24
                  194.87.192.0/22
                  194.87.226.0/24
                  194.135.46.0/24
                  195.133.22.0/24
                  212.192.16.0/21
                  212.192.208.0/23

    Signature Algorithm: sha256WithRSAEncryption
         19:2b:6a:01:59:dd:c4:25:a2:1c:33:9f:2f:91:1a:17:dc:83:
         8e:90:cd:18:2e:4b:8f:8f:23:03:47:b2:c7:f0:40:aa:19:0f:
         15:e2:89:ea:49:e6:dc:94:78:89:aa:6a:4f:84:83:e6:8a:61:
         c5:49:ff:e9:a5:75:32:62:63:9e:cc:b9:14:2a:4a:6e:15:50:
         a5:c6:68:18:ba:05:e1:9b:8a:1e:70:6a:e2:99:6a:6c:13:ff:
         76:d4:11:dd:92:00:28:27:aa:1e:1d:24:3d:38:3e:fd:69:11:
         60:cf:b3:33:c9:c2:2f:b7:e9:4e:f2:cd:6b:ca:4f:ee:51:f9:
         30:0e:a8:93:e2:dd:d5:0e:b7:c8:72:03:b9:6a:b1:f1:68:a4:
         a3:8e:db:e4:fb:76:cd:c7:50:b8:b0:ab:c6:d9:a5:aa:8d:8d:
         25:1c:1b:8e:0f:31:81:5c:81:3c:b9:53:70:23:63:a9:9f:eb:
         3d:3e:fc:60:0a:58:04:7c:d0:a8:9e:14:62:df:1e:d6:a1:b6:
         b5:95:d8:64:b7:5a:0d:d1:e8:70:dd:7d:aa:b1:9f:09:2f:2a:
         4d:27:7d:bd:3f:ec:c7:bf:5b:d8:e8:5d:c3:28:2a:e8:44:42:
         3a:a1:ef:2c:c9:a7:99:90:00:9a:c9:fd:54:60:34:91:60:9d:
         d2:0e:65:e4
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYVvZuWgBYJC+IBh63kvK4oTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwMTAxMjIxNDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDQ0ODIwMThlYjhkYWVkMDcyN2QzMWRkMTQwODNiMmNkZDUzMDI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqjyrPjneKZoegw/FyWZTX+FOpDY9
NVx1Y8ODK/cbVNAhd+6R87tjGAbHOkTfQG6iZuN+anQGK7qsVWitc1OYADe7Dq2M
PPObMzKTWuk86Udkt47HPZVXxbR78oLQsvaFUbRg+QiK0J/q8RjGDSP8d0dfBM9o
1+dCE2WnFUpke8qSHtNXqLDmqyTY99dgsWmD1nm1XcS9pQXQcHxpnAEvOU24WaYA
BtxsUM/POO/OJDaEwspGkkfUE5Tj2Ph0QR3Vo9GC13roKMtUseQtrnNf6f/9ZvnY
uKXv+ll/Vzsesu1O89YTZnxCg8OyLI+0iQW4d4c2AnK3xV7i2ftLe6k54QIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFN1EggGOuNrtByfTHdFAg7LN1TAkMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvM1VTQ0FZNjQydTBISjlNZDBVQ0RzczNWTUNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQAwXwxMAwD
BAXBfOADBADBfOIDBADCVykDBADCVz0DBADCV34DBALCV8ADBADCV+IDBADChy4D
BADDhRYDBAPUwBADBAHUwNAwDQYJKoZIhvcNAQELBQADggEBABkragFZ3cQlohwz
ny+RGhfcg46QzRguS4+PIwNHssfwQKoZDxXiiepJ5tyUeImqak+Eg+aKYcVJ/+ml
dTJiY57MuRQqSm4VUKXGaBi6BeGbih5wauKZamwT/3bUEd2SACgnqh4dJD04Pv1p
EWDPszPJwi+36U7yzWvKT+5R+TAOqJPi3dUOt8hyA7lqsfFopKOO2+T7ds3HULiw
q8bZpaqNjSUcG44PMYFcgTy5U3AjY6mf6z0+/GAKWAR80KieFGLfHtahtrWV2GS3
Wg3R6HDdfaqxnwkvKk0nfb0/7Me/W9joXcMoKuhEQjqh7yzJp5mQAJrJ/VRgNJFg
ndIOZeQ=
-----END CERTIFICATE-----