Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/1d2ef8-a86e-446f-8c35-b833bd9e0b3a/1/_GNkEl-RN87CgN9DbpIHokHJ7UI.roa
File:                     _GNkEl-RN87CgN9DbpIHokHJ7UI.roa (raw, json)
Hash identifier:          X+8q2c1QIHTfc9wA8SJB9FQfnMBawyVpQQRAH+9rx0g=
Subject key identifier:   FC:63:64:12:5F:91:37:CE:C2:80:DF:43:6E:92:07:A2:41:C9:ED:42
Certificate issuer:       /CN=0d69e3ee55dd862674d458661ba34908b0617fa1
Certificate serial:       018B6FEA6C4D0F9EF1BAA49DE8EEFC0800B4
Authority key identifier: 0D:69:E3:EE:55:DD:86:26:74:D4:58:66:1B:A3:49:08:B0:61:7F:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DWnj7lXdhiZ01FhmG6NJCLBhf6E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/1d2ef8-a86e-446f-8c35-b833bd9e0b3a/1/_GNkEl-RN87CgN9DbpIHokHJ7UI.roa
Signing time:             Fri 27 Oct 2023 06:55:15 +0000
ROA not before:           Fri 27 Oct 2023 06:55:15 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     60294
IP address blocks:        94.31.96.0/20 maxlen: 20
                          185.22.44.0/24 maxlen: 24
                          185.22.44.0/22 maxlen: 22
                          185.22.45.0/24 maxlen: 24
                          94.31.64.0/18 maxlen: 18
                          94.31.80.0/20 maxlen: 20
                          185.7.196.0/22 maxlen: 22
                          185.113.120.0/22 maxlen: 22
                          185.22.140.0/22 maxlen: 22
                          185.158.40.0/22 maxlen: 22
                          46.245.216.0/21 maxlen: 21
                          2a00:61e0::/32 maxlen: 32
                          2a03:fc0::/32 maxlen: 32
                          2a00:6020::/32 maxlen: 32

Validation:               Failed, certificate revoked on Fri 24 Nov 2023 08:46:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:6f:ea:6c:4d:0f:9e:f1:ba:a4:9d:e8:ee:fc:08:00:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d69e3ee55dd862674d458661ba34908b0617fa1
        Validity
            Not Before: Oct 27 06:55:15 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=fc6364125f9137cec280df436e9207a241c9ed42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:c1:9a:41:39:be:56:e9:ee:b1:ea:4f:4c:68:
                    23:08:c3:4c:0e:69:f7:ff:77:59:68:8d:82:85:cf:
                    56:cc:5b:b6:79:40:15:04:b2:82:09:96:e2:e8:7d:
                    24:72:28:a5:11:2c:a0:7c:0d:b6:a0:5a:d7:69:54:
                    7d:a3:25:a7:ff:c4:62:12:de:14:1d:87:86:e6:8e:
                    32:23:12:9c:5f:af:7c:4c:a8:48:10:89:43:ab:93:
                    5d:7a:6f:50:07:39:90:38:9a:ee:20:5d:50:c6:e3:
                    b2:c7:af:1a:82:8d:f5:ad:b5:11:96:bf:5d:8a:ea:
                    52:84:c2:ea:0b:f5:63:70:cc:95:d7:0a:87:56:50:
                    0c:a3:c2:8c:fa:e7:fd:fd:23:c3:32:e4:1e:1b:06:
                    da:b3:a6:a9:8c:5d:90:8e:57:18:c0:3c:49:60:9a:
                    c2:fe:c0:9e:0e:63:9f:41:f8:57:fc:b4:30:c1:ec:
                    5b:29:c8:e8:4f:42:26:a8:ae:0a:b1:06:dd:ff:08:
                    d6:4d:eb:03:20:40:8b:2a:f6:53:5f:4e:41:8f:fb:
                    10:fd:64:aa:75:b3:9e:22:8a:a4:f4:d8:3d:fe:cf:
                    fd:ee:8e:4a:c1:ec:23:f8:45:ca:cd:e3:aa:01:3d:
                    af:15:e4:9e:29:e3:42:0a:c9:c4:93:f2:f6:b9:18:
                    29:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:63:64:12:5F:91:37:CE:C2:80:DF:43:6E:92:07:A2:41:C9:ED:42
            X509v3 Authority Key Identifier:
                keyid:0D:69:E3:EE:55:DD:86:26:74:D4:58:66:1B:A3:49:08:B0:61:7F:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DWnj7lXdhiZ01FhmG6NJCLBhf6E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/1d2ef8-a86e-446f-8c35-b833bd9e0b3a/1/_GNkEl-RN87CgN9DbpIHokHJ7UI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/1d2ef8-a86e-446f-8c35-b833bd9e0b3a/1/DWnj7lXdhiZ01FhmG6NJCLBhf6E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.245.216.0/21
                  94.31.64.0/18
                  185.7.196.0/22
                  185.22.44.0/22
                  185.22.140.0/22
                  185.113.120.0/22
                  185.158.40.0/22
                IPv6:
                  2a00:6020::/32
                  2a00:61e0::/32
                  2a03:fc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         8b:33:e0:61:dc:33:ed:d7:51:c6:14:68:2e:80:f5:8a:20:2f:
         af:17:43:ad:4c:a2:93:ed:77:ad:53:9f:1a:9a:c5:07:22:e5:
         4d:9b:ac:08:e7:76:cf:a3:b0:d2:ce:8d:2d:34:f6:a6:45:72:
         9b:40:92:c9:a1:6e:f9:b6:b3:35:f9:47:59:ff:34:1e:95:ab:
         72:17:24:22:bd:54:57:b2:c6:d1:8c:43:da:bf:68:05:1a:8a:
         bd:e1:54:d3:4c:0f:a7:fb:36:56:34:21:0f:31:b7:32:6b:dc:
         f3:a0:86:dd:e8:50:d2:26:79:ca:3f:dc:88:e7:0d:4e:00:18:
         2b:32:5e:8e:7a:98:07:98:6e:6b:86:23:57:ae:e1:5b:18:c5:
         71:69:7d:9b:03:23:8d:1c:48:d1:97:4b:11:26:1e:d6:a6:aa:
         50:25:01:bc:fe:f7:11:1e:94:bd:18:d0:7a:6f:6f:58:76:9d:
         f0:cd:83:2f:d6:9a:7e:01:81:90:d4:84:88:8d:c3:8a:7e:79:
         31:dc:0f:7f:cc:dc:30:de:f2:08:c7:b8:9e:50:b5:cd:13:dc:
         d7:1a:4f:64:ce:6a:c7:21:41:1b:11:de:b8:7b:9b:04:4f:2a:
         18:79:ee:77:ca:b4:b6:b2:28:53:ca:0a:39:70:74:aa:a6:a5:
         13:6e:4b:4c
-----BEGIN CERTIFICATE-----
MIIFPjCCBCagAwIBAgISAYtv6mxND57xuqSd6O78CAC0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNjllM2VlNTVkZDg2MjY3NGQ0NTg2NjFiYTM0OTA4YjA2
MTdmYTEwHhcNMjMxMDI3MDY1NTE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzYzNjQxMjVmOTEzN2NlYzI4MGRmNDM2ZTkyMDdhMjQxYzllZDQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh8GaQTm+VunusepPTGgjCMNMDmn3
/3dZaI2Chc9WzFu2eUAVBLKCCZbi6H0kciilESygfA22oFrXaVR9oyWn/8RiEt4U
HYeG5o4yIxKcX698TKhIEIlDq5Ndem9QBzmQOJruIF1QxuOyx68ago31rbURlr9d
iupShMLqC/VjcMyV1wqHVlAMo8KM+uf9/SPDMuQeGwbas6apjF2QjlcYwDxJYJrC
/sCeDmOfQfhX/LQwwexbKcjoT0ImqK4KsQbd/wjWTesDIECLKvZTX05Bj/sQ/WSq
dbOeIoqk9Ng9/s/97o5Kwewj+EXKzeOqAT2vFeSeKeNCCsnEk/L2uRgpsQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFPxjZBJfkTfOwoDfQ26SB6JBye1CMB8GA1UdIwQY
MBaAFA1p4+5V3YYmdNRYZhujSQiwYX+hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFduajdsWGRoaVowMUZobUc2TkpDTEJoZjZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi8xZDJlZjgtYTg2ZS00NDZmLThjMzUt
YjgzM2JkOWUwYjNhLzEvX0dOa0VsLVJOODdDZ045RGJwSUhva0hKN1VJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi8xZDJlZjgtYTg2ZS00NDZmLThjMzUtYjgzM2JkOWUwYjNh
LzEvRFduajdsWGRoaVowMUZobUc2TkpDTEJoZjZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGAGCCsGAQUFBwEHAQH/BFEwTzAwBAIAATAqAwQDLvXYAwQG
Xh9AAwQCuQfEAwQCuRYsAwQCuRaMAwQCuXF4AwQCuZ4oMBsEAgACMBUDBQAqAGAg
AwUAKgBh4AMFACoDD8AwDQYJKoZIhvcNAQELBQADggEBAIsz4GHcM+3XUcYUaC6A
9YogL68XQ61MopPtd61TnxqaxQci5U2brAjnds+jsNLOjS009qZFcptAksmhbvm2
szX5R1n/NB6Vq3IXJCK9VFeyxtGMQ9q/aAUair3hVNNMD6f7NlY0IQ8xtzJr3POg
ht3oUNImeco/3IjnDU4AGCsyXo56mAeYbmuGI1eu4VsYxXFpfZsDI40cSNGXSxEm
HtamqlAlAbz+9xEelL0Y0Hpvb1h2nfDNgy/Wmn4BgZDUhIiNw4p+eTHcD3/M3DDe
8gjHuJ5Qtc0T3NcaT2TOaschQRsR3rh7mwRPKhh57nfKtLayKFPKCjlwdKqmpRNu
S0w=
-----END CERTIFICATE-----