Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/ae3042-ca98-4dda-95a6-3b8fbfff5342/1/Lm-Gs6PAXCWcZRmcbw9v-YCKvXA.roa
File:                     Lm-Gs6PAXCWcZRmcbw9v-YCKvXA.roa (raw, json)
Hash identifier:          KkNLbQwYzGaWIWMCg8jKrSZ/xlq46b73CibPeD6gO4U=
Subject key identifier:   2E:6F:86:B3:A3:C0:5C:25:9C:65:19:9C:6F:0F:6F:F9:80:8A:BD:70
Certificate issuer:       /CN=83023b39705b345a86eff3f14ef6b1e4db45939e
Certificate serial:       018572C391C97450FEC0888055681C30B337
Authority key identifier: 83:02:3B:39:70:5B:34:5A:86:EF:F3:F1:4E:F6:B1:E4:DB:45:93:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gwI7OXBbNFqG7_PxTvax5NtFk54.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/ae3042-ca98-4dda-95a6-3b8fbfff5342/1/Lm-Gs6PAXCWcZRmcbw9v-YCKvXA.roa
Signing time:             Mon 02 Jan 2023 13:54:57 +0000
ROA not before:           Mon 02 Jan 2023 13:54:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     60503
IP address blocks:        185.30.165.0/24 maxlen: 24
                          185.30.164.0/22 maxlen: 22
                          185.30.164.0/24 maxlen: 24
                          185.30.166.0/24 maxlen: 24
                          185.30.167.0/24 maxlen: 24
                          93.158.236.0/22 maxlen: 22
                          93.158.236.0/24 maxlen: 24
                          93.158.238.0/24 maxlen: 24
                          93.158.237.0/24 maxlen: 24
                          93.158.239.0/24 maxlen: 24
                          2a00:aee3::/32 maxlen: 32
                          2a00:aee7::/32 maxlen: 32
                          2a00:aee0::/32 maxlen: 32
                          2a00:aee6::/32 maxlen: 32
                          2a00:aee5::/32 maxlen: 32
                          2a00:aee1::/32 maxlen: 32
                          2a00:aee4::/32 maxlen: 32
                          2a00:aee2::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 00:31:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:c3:91:c9:74:50:fe:c0:88:80:55:68:1c:30:b3:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=83023b39705b345a86eff3f14ef6b1e4db45939e
        Validity
            Not Before: Jan  2 13:54:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2e6f86b3a3c05c259c65199c6f0f6ff9808abd70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:61:07:67:24:ce:35:a7:dd:db:be:c0:f9:d9:
                    46:58:6a:32:9e:96:ef:ae:ed:a1:bb:59:ab:77:bc:
                    88:80:8a:9b:18:91:a9:fc:23:60:f9:34:dd:f3:7f:
                    20:cd:4e:be:97:05:ab:14:ff:21:74:4b:89:5f:e7:
                    ab:f8:a9:9f:14:52:7e:ca:3c:84:4a:fd:c0:99:ef:
                    47:32:34:64:37:c7:9d:53:50:08:d6:4d:10:40:7b:
                    0b:32:1d:a8:3c:95:c3:eb:6e:eb:46:02:cf:f1:d7:
                    a9:26:d2:cd:26:4b:e4:b4:4b:d8:14:82:b7:0b:d6:
                    5a:a2:88:f1:87:ac:d7:7a:f3:4f:a3:44:20:53:e1:
                    a4:98:da:f7:b1:80:b0:b1:42:f7:a8:8e:54:2f:b5:
                    62:ba:b0:02:49:b6:d3:d1:91:17:ed:bc:58:f1:4c:
                    35:91:4a:ab:af:2c:59:2b:c6:e2:64:3a:f3:9c:e3:
                    f2:cd:30:9a:f0:85:d7:12:43:40:aa:8e:5e:a2:fe:
                    1d:7c:f0:50:fa:9a:b4:72:36:73:4c:d6:c9:9e:e5:
                    9a:cd:4e:8f:3a:20:af:b1:bb:ca:f2:d2:d5:bb:92:
                    ba:0a:bd:66:d9:3b:e4:d2:f3:1d:f7:f9:52:39:55:
                    bd:4e:d8:4c:89:1a:3e:48:50:6e:f5:35:a0:32:4d:
                    41:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:6F:86:B3:A3:C0:5C:25:9C:65:19:9C:6F:0F:6F:F9:80:8A:BD:70
            X509v3 Authority Key Identifier:
                keyid:83:02:3B:39:70:5B:34:5A:86:EF:F3:F1:4E:F6:B1:E4:DB:45:93:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gwI7OXBbNFqG7_PxTvax5NtFk54.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ae3042-ca98-4dda-95a6-3b8fbfff5342/1/Lm-Gs6PAXCWcZRmcbw9v-YCKvXA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ae3042-ca98-4dda-95a6-3b8fbfff5342/1/gwI7OXBbNFqG7_PxTvax5NtFk54.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.158.236.0/22
                  185.30.164.0/22
                IPv6:
                  2a00:aee0::/29

    Signature Algorithm: sha256WithRSAEncryption
         22:2c:bd:79:64:96:81:5b:1c:a2:45:71:24:06:00:ae:5d:3e:
         c4:3d:9a:d3:4f:00:fa:34:bd:3a:03:b7:17:f9:e3:3f:51:7b:
         c3:e7:91:a4:30:cc:8b:4a:91:07:f0:b9:72:f9:4c:af:cf:86:
         63:a0:a3:73:17:3c:58:67:a8:ad:c2:c8:87:5c:ef:d7:39:36:
         17:61:de:8f:cc:01:28:f7:6c:1f:c8:f2:44:9e:f2:d5:11:5d:
         53:dc:55:80:7f:91:0a:74:1a:a9:7d:c6:bf:33:d2:83:96:36:
         84:dc:f1:7e:17:c9:b1:88:e0:0f:36:d9:87:39:f1:8e:94:bc:
         48:79:89:9c:b1:04:69:d4:6d:e3:67:aa:d3:d8:91:e9:74:39:
         1d:b2:52:0d:9e:1f:54:1a:7c:f9:48:c2:ca:ed:aa:c6:5b:91:
         6d:56:6d:8f:36:a2:90:d2:10:71:e4:4a:ea:14:5c:ae:4f:ba:
         03:77:37:42:56:4d:55:cd:24:57:d6:dd:3d:89:fb:c8:11:1a:
         fa:8a:bf:38:24:b3:92:02:e9:bf:8d:07:ca:c2:a3:df:28:35:
         21:0d:b7:dc:6a:7b:44:c4:23:ee:13:2e:02:dc:02:be:0e:85:
         ce:b4:02:7a:65:ee:ed:b4:c3:48:b4:b1:cb:51:01:80:49:9f:
         52:a4:cd:f9
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVyw5HJdFD+wIiAVWgcMLM3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzMDIzYjM5NzA1YjM0NWE4NmVmZjNmMTRlZjZiMWU0ZGI0
NTkzOWUwHhcNMjMwMTAyMTM1NDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTZmODZiM2EzYzA1YzI1OWM2NTE5OWM2ZjBmNmZmOTgwOGFiZDcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzWEHZyTONafd277A+dlGWGoynpbv
ru2hu1mrd7yIgIqbGJGp/CNg+TTd838gzU6+lwWrFP8hdEuJX+er+KmfFFJ+yjyE
Sv3Ame9HMjRkN8edU1AI1k0QQHsLMh2oPJXD627rRgLP8depJtLNJkvktEvYFIK3
C9Zaoojxh6zXevNPo0QgU+GkmNr3sYCwsUL3qI5UL7ViurACSbbT0ZEX7bxY8Uw1
kUqrryxZK8biZDrznOPyzTCa8IXXEkNAqo5eov4dfPBQ+pq0cjZzTNbJnuWazU6P
OiCvsbvK8tLVu5K6Cr1m2Tvk0vMd9/lSOVW9TthMiRo+SFBu9TWgMk1BRQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFC5vhrOjwFwlnGUZnG8Pb/mAir1wMB8GA1UdIwQY
MBaAFIMCOzlwWzRahu/z8U72seTbRZOeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3dJN09YQmJORnFHN19QeFR2YXg1TnRGazU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9hZTMwNDItY2E5OC00ZGRhLTk1YTYt
M2I4ZmJmZmY1MzQyLzEvTG0tR3M2UEFYQ1djWlJtY2J3OXYtWUNLdlhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9hZTMwNDItY2E5OC00ZGRhLTk1YTYtM2I4ZmJmZmY1MzQy
LzEvZ3dJN09YQmJORnFHN19QeFR2YXg1TnRGazU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCXZ7sAwQC
uR6kMA0EAgACMAcDBQMqAK7gMA0GCSqGSIb3DQEBCwUAA4IBAQAiLL15ZJaBWxyi
RXEkBgCuXT7EPZrTTwD6NL06A7cX+eM/UXvD55GkMMyLSpEH8Lly+Uyvz4ZjoKNz
FzxYZ6itwsiHXO/XOTYXYd6PzAEo92wfyPJEnvLVEV1T3FWAf5EKdBqpfca/M9KD
ljaE3PF+F8mxiOAPNtmHOfGOlLxIeYmcsQRp1G3jZ6rT2JHpdDkdslINnh9UGnz5
SMLK7arGW5FtVm2PNqKQ0hBx5ErqFFyuT7oDdzdCVk1VzSRX1t09ifvIERr6ir84
JLOSAum/jQfKwqPfKDUhDbfcantExCPuEy4C3AK+DoXOtAJ6Ze7ttMNItLHLUQGA
SZ9SpM35
-----END CERTIFICATE-----