Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/3jyMT0vxvNg1Vyu8x7-ttitAnCg.roa
File:                     3jyMT0vxvNg1Vyu8x7-ttitAnCg.roa (raw, json)
Hash identifier:          goZBXpqkE6QpTezeFFFkBHu52K2Zd0z5Gqbg8JTuxqw=
Subject key identifier:   DE:3C:8C:4F:4B:F1:BC:D8:35:57:2B:BC:C7:BF:AD:B6:2B:40:9C:28
Certificate issuer:       /CN=189d6b55d6a688ee5e3381883bb5af68433276e3
Certificate serial:       018B8525E8DEBB41D9ED07583DA3A71990D4
Authority key identifier: 18:9D:6B:55:D6:A6:88:EE:5E:33:81:88:3B:B5:AF:68:43:32:76:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GJ1rVdamiO5eM4GIO7WvaEMyduM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/3jyMT0vxvNg1Vyu8x7-ttitAnCg.roa
Signing time:             Tue 31 Oct 2023 09:52:16 +0000
ROA not before:           Tue 31 Oct 2023 09:52:16 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     216271
IP address blocks:        185.201.139.0/24 maxlen: 24
                          185.201.136.0/22 maxlen: 22
                          2a12:ec0::/29 maxlen: 29
                          2a12:28c0::/29 maxlen: 29
                          2a0f:e000::/29 maxlen: 29
                          2a13:ba00::/29 maxlen: 29
                          2a12:1900::/29 maxlen: 29
                          2a11:f240::/29 maxlen: 29
                          2a12:6b80::/29 maxlen: 29
                          2a13:dac0::/29 maxlen: 29
                          2a0e:7780::/29 maxlen: 29
                          2a0a:e2c0::/29 maxlen: 29

Validation:               Failed, certificate revoked on Sat 11 Nov 2023 11:49:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:85:25:e8:de:bb:41:d9:ed:07:58:3d:a3:a7:19:90:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=189d6b55d6a688ee5e3381883bb5af68433276e3
        Validity
            Not Before: Oct 31 09:52:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=de3c8c4f4bf1bcd835572bbcc7bfadb62b409c28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:de:97:06:87:ce:ec:8f:ad:6a:61:15:17:5d:
                    42:f9:78:b9:6c:db:08:7c:89:93:76:b2:1c:0f:bc:
                    b1:85:b3:ab:e2:96:56:cb:15:4b:7a:58:35:b8:57:
                    57:16:2f:37:7b:40:cc:ff:24:61:6d:48:3c:7f:50:
                    b6:08:ab:81:c6:f6:74:7a:22:32:ae:8d:e5:4e:a7:
                    34:53:d8:cb:43:45:33:e5:84:b6:fa:38:57:59:7e:
                    ae:11:9a:5f:0c:70:db:19:a6:0e:f2:78:80:10:4b:
                    45:c2:7b:c3:22:88:4e:73:55:ba:0e:f1:f7:23:e5:
                    b8:b8:f2:0f:ab:27:b7:4f:cf:dd:ab:65:1c:bb:78:
                    f9:68:18:8c:13:8f:63:bd:2e:bb:d5:66:c9:43:b9:
                    5d:c2:87:22:ba:b0:ee:36:6f:e2:07:ac:28:ae:8b:
                    ea:68:15:42:ed:40:9f:67:4a:5b:2f:02:dc:2c:37:
                    ab:11:5f:6f:d6:75:10:67:d2:71:67:ed:02:7d:9c:
                    f1:9f:a2:5f:35:52:4d:5f:3a:d8:ae:70:51:31:10:
                    5b:20:02:ba:eb:2c:25:84:7a:42:4d:61:80:a2:a1:
                    2f:07:97:9a:45:29:df:de:22:fb:b4:b3:0f:23:5d:
                    fb:03:22:56:c9:12:15:af:fa:34:60:66:b3:09:50:
                    a6:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:3C:8C:4F:4B:F1:BC:D8:35:57:2B:BC:C7:BF:AD:B6:2B:40:9C:28
            X509v3 Authority Key Identifier:
                keyid:18:9D:6B:55:D6:A6:88:EE:5E:33:81:88:3B:B5:AF:68:43:32:76:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GJ1rVdamiO5eM4GIO7WvaEMyduM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/3jyMT0vxvNg1Vyu8x7-ttitAnCg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/GJ1rVdamiO5eM4GIO7WvaEMyduM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.201.136.0/22
                IPv6:
                  2a0a:e2c0::/29
                  2a0e:7780::/29
                  2a0f:e000::/29
                  2a11:f240::/29
                  2a12:ec0::/29
                  2a12:1900::/29
                  2a12:28c0::/29
                  2a12:6b80::/29
                  2a13:ba00::/29
                  2a13:dac0::/29

    Signature Algorithm: sha256WithRSAEncryption
         3e:a2:24:4f:11:38:50:28:e5:c7:69:0e:cc:6a:df:14:75:c8:
         0f:66:63:ec:00:20:ad:31:9f:69:46:14:a4:26:ba:8b:46:96:
         bd:91:05:82:de:76:5a:15:73:40:d0:32:29:c4:0b:da:0a:8c:
         13:83:41:9a:36:e5:d3:0c:d8:1a:ab:87:c0:24:48:fd:2a:4b:
         84:d3:96:b8:0a:28:08:c5:e3:03:a0:6f:31:df:2f:eb:3a:de:
         42:7f:47:b6:c5:61:65:fc:ad:38:fd:14:e3:2b:8f:e5:c2:b3:
         88:70:53:2a:0c:38:6a:b7:af:b1:01:36:56:e6:9f:7e:62:70:
         db:ab:e4:0b:7e:9f:ef:18:7e:67:b8:8d:9a:d8:c7:f0:03:c8:
         9b:c4:5c:bd:2c:3f:2f:9b:d0:74:dd:18:2d:ca:7f:b5:d8:2e:
         3e:cb:9f:9b:90:8f:ec:7a:bb:e7:b6:a1:b3:bd:bf:b5:4e:e2:
         67:35:7c:da:9d:8f:ae:7d:a7:b5:4b:eb:94:9d:b4:59:fc:11:
         e6:5b:fa:34:66:8d:12:14:8e:84:b8:ba:73:c0:7b:61:5d:96:
         ec:0b:58:5e:a9:db:b4:91:da:d0:55:c2:ce:50:03:f9:3f:5d:
         b9:63:a1:f9:62:71:42:43:bd:b1:95:72:fa:91:8a:55:54:87:
         33:56:44:7b
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAYuFJejeu0HZ7QdYPaOnGZDUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4OWQ2YjU1ZDZhNjg4ZWU1ZTMzODE4ODNiYjVhZjY4NDMz
Mjc2ZTMwHhcNMjMxMDMxMDk1MjE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTNjOGM0ZjRiZjFiY2Q4MzU1NzJiYmNjN2JmYWRiNjJiNDA5YzI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgN6XBofO7I+tamEVF11C+Xi5bNsI
fImTdrIcD7yxhbOr4pZWyxVLelg1uFdXFi83e0DM/yRhbUg8f1C2CKuBxvZ0eiIy
ro3lTqc0U9jLQ0Uz5YS2+jhXWX6uEZpfDHDbGaYO8niAEEtFwnvDIohOc1W6DvH3
I+W4uPIPqye3T8/dq2Ucu3j5aBiME49jvS671WbJQ7ldwociurDuNm/iB6worovq
aBVC7UCfZ0pbLwLcLDerEV9v1nUQZ9JxZ+0CfZzxn6JfNVJNXzrYrnBRMRBbIAK6
6ywlhHpCTWGAoqEvB5eaRSnf3iL7tLMPI137AyJWyRIVr/o0YGazCVCmPwIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFN48jE9L8bzYNVcrvMe/rbYrQJwoMB8GA1UdIwQY
MBaAFBida1XWpojuXjOBiDu1r2hDMnbjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0oxclZkYW1pTzVlTTRHSU83V3ZhRU15ZHVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS83NTdiNTYtN2I1Ny00OGEwLTlhNzUt
YTJhNGM2YTYyMWNkLzEvM2p5TVQwdnh2TmcxVnl1OHg3LXR0aXRBbkNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS83NTdiNTYtN2I1Ny00OGEwLTlhNzUtYTJhNGM2YTYyMWNk
LzEvR0oxclZkYW1pTzVlTTRHSU83V3ZhRU15ZHVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDAMBAIAATAGAwQCucmIMEwE
AgACMEYDBQMqCuLAAwUDKg53gAMFAyoP4AADBQMqEfJAAwUDKhIOwAMFAyoSGQAD
BQMqEijAAwUDKhJrgAMFAyoTugADBQMqE9rAMA0GCSqGSIb3DQEBCwUAA4IBAQA+
oiRPEThQKOXHaQ7Mat8UdcgPZmPsACCtMZ9pRhSkJrqLRpa9kQWC3nZaFXNA0DIp
xAvaCowTg0GaNuXTDNgaq4fAJEj9KkuE05a4CigIxeMDoG8x3y/rOt5Cf0e2xWFl
/K04/RTjK4/lwrOIcFMqDDhqt6+xATZW5p9+YnDbq+QLfp/vGH5nuI2a2MfwA8ib
xFy9LD8vm9B03Rgtyn+12C4+y5+bkI/servntqGzvb+1TuJnNXzanY+ufae1S+uU
nbRZ/BHmW/o0Zo0SFI6EuLpzwHthXZbsC1heqdu0kdrQVcLOUAP5P125Y6H5YnFC
Q72xlXL6kYpVVIczVkR7
-----END CERTIFICATE-----