Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/untvJAnavbnkRet75nqxhZ25Y9s.roa
File:                     untvJAnavbnkRet75nqxhZ25Y9s.roa (raw, json)
Hash identifier:          4M0x/o2GUlpAZKa4BEv8XVrKKee4uo658UL7UDa0+jI=
Subject key identifier:   BA:7B:6F:24:09:DA:BD:B9:E4:45:EB:7B:E6:7A:B1:85:9D:B9:63:DB
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018AE0E55400FE720A17A41BDF6BA52718B6
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/untvJAnavbnkRet75nqxhZ25Y9s.roa
Signing time:             Fri 29 Sep 2023 12:24:00 +0000
ROA not before:           Fri 29 Sep 2023 12:24:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     29030
IP address blocks:        94.156.20.0/22 maxlen: 22
                          87.121.152.0/21 maxlen: 21
                          31.13.200.0/21 maxlen: 21
                          94.156.244.0/24 maxlen: 24
                          87.121.65.0/24 maxlen: 24
                          94.156.197.0/24 maxlen: 24
                          94.156.196.0/24 maxlen: 24
                          94.156.199.0/24 maxlen: 24
                          94.156.195.0/24 maxlen: 24
                          94.156.198.0/24 maxlen: 24
                          94.156.194.0/24 maxlen: 24
                          94.156.208.0/21 maxlen: 21
                          94.156.212.0/22 maxlen: 24
                          87.121.24.0/22 maxlen: 24
                          31.13.242.0/23 maxlen: 23
                          87.121.8.0/21 maxlen: 21

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 06:29:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:e0:e5:54:00:fe:72:0a:17:a4:1b:df:6b:a5:27:18:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Sep 29 12:24:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ba7b6f2409dabdb9e445eb7be67ab1859db963db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:5d:be:76:ca:10:51:4a:16:27:d2:1a:9e:15:
                    7b:a2:d4:b8:2e:ae:75:01:74:a5:cd:0c:fb:c9:46:
                    8a:93:7a:2a:97:f1:0e:83:50:7b:b4:3a:8e:a5:56:
                    1e:91:1b:9b:fa:84:7d:a8:5b:b8:15:58:aa:62:a3:
                    9d:51:bb:85:ed:df:0b:cd:8c:ba:c9:1d:ca:72:6c:
                    0f:00:27:3f:22:85:40:65:99:88:40:1f:b5:5a:d8:
                    34:67:91:fa:3a:77:38:18:f6:11:42:f9:5c:7a:66:
                    1e:0a:bb:58:c1:c1:cf:5c:76:39:6e:85:d3:f2:e5:
                    9c:c6:6f:5f:dc:29:a8:43:10:58:5b:cd:93:93:e6:
                    cd:1b:a1:57:38:22:3d:96:e0:43:b1:3b:a1:8d:78:
                    d0:71:c7:18:88:a6:9d:22:96:99:54:e9:e4:3b:c4:
                    93:8f:f8:28:7b:85:a9:27:86:42:d8:9c:30:ea:c2:
                    2e:bb:7b:4e:96:94:ff:c3:53:ca:3a:73:3e:5f:5b:
                    c8:64:7e:46:2c:7c:fa:5e:ce:1e:88:06:7c:7c:30:
                    3c:65:1f:bd:9a:17:6e:be:70:ec:46:5f:e9:ef:73:
                    94:cb:27:aa:35:ba:9e:36:59:19:ac:f1:8e:b5:49:
                    a6:4d:e7:1f:d4:3e:f3:1e:fd:09:97:3b:ef:65:b8:
                    08:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:7B:6F:24:09:DA:BD:B9:E4:45:EB:7B:E6:7A:B1:85:9D:B9:63:DB
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/untvJAnavbnkRet75nqxhZ25Y9s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.13.200.0/21
                  31.13.242.0/23
                  87.121.8.0/21
                  87.121.24.0/22
                  87.121.65.0/24
                  87.121.152.0/21
                  94.156.20.0/22
                  94.156.194.0-94.156.199.255
                  94.156.208.0/21
                  94.156.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:c9:3d:8d:07:f7:46:d6:53:47:5d:fe:06:c8:b1:dc:71:56:
         4a:0b:9c:2c:60:32:6a:a2:cc:4d:b4:cc:81:13:dc:be:91:aa:
         ce:4f:33:73:a2:24:2b:89:07:15:84:2c:0b:f6:af:a8:80:02:
         b3:fc:e4:ce:c7:53:bc:01:ed:35:43:d5:a5:48:48:34:d1:77:
         75:cb:dc:c5:1d:7c:66:65:72:5e:ad:94:29:c7:ef:f8:cf:dd:
         30:5c:b7:9e:07:1f:e4:b1:e4:5d:19:cc:18:02:ed:09:b6:5d:
         e9:83:44:77:5e:64:e1:f8:1a:73:f2:37:c2:19:8d:d6:b9:b6:
         f4:76:fd:26:95:43:db:9f:24:ae:f9:56:57:18:3d:89:4c:ad:
         a1:7d:61:ca:3e:34:f0:7a:f6:bb:8d:40:5f:64:03:10:0c:7e:
         65:be:d5:07:de:f1:d8:64:31:53:0a:91:e9:ba:45:68:1b:a8:
         42:32:ba:6f:f8:2d:e1:10:67:26:28:e3:58:ef:b8:83:a9:68:
         1d:d7:90:96:d6:f9:37:a2:57:73:f9:8b:c6:6b:66:c9:73:27:
         26:da:37:14:09:f8:d1:c4:39:75:ec:8f:b5:5a:f9:23:cf:61:
         73:e3:4d:75:a3:c3:53:d5:de:ba:1a:21:70:d7:c8:8e:f7:7e:
         21:5f:a5:14
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYrg5VQA/nIKF6Qb32ulJxi2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwOTI5MTIyNDAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTdiNmYyNDA5ZGFiZGI5ZTQ0NWViN2JlNjdhYjE4NTlkYjk2M2RiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyF2+dsoQUUoWJ9IanhV7otS4Lq51
AXSlzQz7yUaKk3oql/EOg1B7tDqOpVYekRub+oR9qFu4FViqYqOdUbuF7d8LzYy6
yR3KcmwPACc/IoVAZZmIQB+1Wtg0Z5H6Onc4GPYRQvlcemYeCrtYwcHPXHY5boXT
8uWcxm9f3CmoQxBYW82Tk+bNG6FXOCI9luBDsTuhjXjQcccYiKadIpaZVOnkO8ST
j/goe4WpJ4ZC2Jww6sIuu3tOlpT/w1PKOnM+X1vIZH5GLHz6Xs4eiAZ8fDA8ZR+9
mhduvnDsRl/p73OUyyeqNbqeNlkZrPGOtUmmTecf1D7zHv0JlzvvZbgIvQIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFLp7byQJ2r255EXre+Z6sYWduWPbMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvdW50dkpBbmF2Ym5rUmV0NzVucXhoWjI1WTlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQDHw3IAwQB
Hw3yAwQDV3kIAwQCV3kYAwQAV3lBAwQDV3mYAwQCXpwUMAwDBAFenMIDBANenMAD
BANenNADBABenPQwDQYJKoZIhvcNAQELBQADggEBABLJPY0H90bWU0dd/gbIsdxx
VkoLnCxgMmqizE20zIET3L6Rqs5PM3OiJCuJBxWELAv2r6iAArP85M7HU7wB7TVD
1aVISDTRd3XL3MUdfGZlcl6tlCnH7/jP3TBct54HH+Sx5F0ZzBgC7Qm2XemDRHde
ZOH4GnPyN8IZjda5tvR2/SaVQ9ufJK75VlcYPYlMraF9Yco+NPB69ruNQF9kAxAM
fmW+1Qfe8dhkMVMKkem6RWgbqEIyum/4LeEQZyYo41jvuIOpaB3XkJbW+TeiV3P5
i8ZrZslzJybaNxQJ+NHEOXXsj7Va+SPPYXPjTXWjw1PV3roaIXDXyI73fiFfpRQ=
-----END CERTIFICATE-----