Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/6de7a0-4073-4272-bf44-07a1d65548ba/1/L-rc0R0-D2DqpanI7yknzH14nQE.roa
File:                     L-rc0R0-D2DqpanI7yknzH14nQE.roa (raw, json)
Hash identifier:          nYRzStIZ1Say05LlK8ZXSjTNnlydH23NECAs6BL/hU8=
Subject key identifier:   2F:EA:DC:D1:1D:3E:0F:60:EA:A5:A9:C8:EF:29:27:CC:7D:78:9D:01
Certificate issuer:       /CN=74aebc154a56c83025cbd8641a9ac315cb551c06
Certificate serial:       01856D4ACDA784F92B62DB7BD17FE17EECD0
Authority key identifier: 74:AE:BC:15:4A:56:C8:30:25:CB:D8:64:1A:9A:C3:15:CB:55:1C:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dK68FUpWyDAly9hkGprDFctVHAY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/6de7a0-4073-4272-bf44-07a1d65548ba/1/L-rc0R0-D2DqpanI7yknzH14nQE.roa
Signing time:             Sun 01 Jan 2023 12:24:56 +0000
ROA not before:           Sun 01 Jan 2023 12:24:56 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     9009
IP address blocks:        45.15.21.0/24 maxlen: 24
                          194.53.136.0/24 maxlen: 24
                          194.53.137.0/24 maxlen: 24
                          194.53.138.0/24 maxlen: 24
                          194.53.139.0/24 maxlen: 24
                          2a0e:1d80:117::/64 maxlen: 64
                          2a0e:1d80:12::/48 maxlen: 48
                          2a0e:1d80:10::/48 maxlen: 48
                          2a0e:1d80:6::/48 maxlen: 48
                          2a0e:1d80:11::/48 maxlen: 48
                          2a0e:1d80:14::/48 maxlen: 48
                          2a0e:1d80:15::/48 maxlen: 48
                          2a0e:1d80:8::/48 maxlen: 48
                          2a0e:1d80:13::/48 maxlen: 48
                          2a0e:1d80:9::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 20:29:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:4a:cd:a7:84:f9:2b:62:db:7b:d1:7f:e1:7e:ec:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=74aebc154a56c83025cbd8641a9ac315cb551c06
        Validity
            Not Before: Jan  1 12:24:56 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2feadcd11d3e0f60eaa5a9c8ef2927cc7d789d01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:44:1b:3f:b6:80:2f:ea:67:ab:ee:b1:6c:bd:
                    bb:ab:c3:45:1b:6d:05:47:27:de:00:86:e4:bf:f3:
                    dc:86:69:2c:03:7a:2f:57:48:ec:46:06:05:25:86:
                    35:cb:a1:ca:93:26:87:8d:5a:43:c9:16:9c:d4:16:
                    1a:0d:5b:85:e8:3a:1c:90:fa:0b:76:81:55:d8:69:
                    b6:69:8e:9b:3a:5e:cc:5e:d9:94:6f:d0:7d:db:d6:
                    ce:2d:fd:06:ad:7d:72:54:1e:54:29:4f:4f:21:90:
                    18:cc:ce:5a:a1:d6:f0:0a:c4:47:20:d4:fa:ab:bb:
                    f2:4a:70:a5:5e:5e:10:90:09:c6:a9:b1:4b:8c:d5:
                    6b:ef:c1:c0:8f:6f:99:de:e0:ee:25:4c:39:20:c3:
                    9d:a6:9e:75:c2:d0:44:d9:86:0f:95:6c:b2:2d:6b:
                    f3:43:4c:dc:69:bd:ba:42:8d:2f:34:f4:43:a3:46:
                    24:a0:27:46:f9:10:e3:5f:39:87:db:f9:52:e5:d0:
                    a9:71:62:14:cd:3f:c9:f7:18:38:fe:56:6a:6c:87:
                    c0:be:a2:aa:a1:26:79:4d:3e:fa:3a:8a:ed:a6:79:
                    2e:26:74:1b:81:96:db:35:7c:cc:e6:c8:1c:c6:17:
                    bb:3a:3d:46:e7:0d:73:fc:e5:f8:10:53:bb:5d:1e:
                    23:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:EA:DC:D1:1D:3E:0F:60:EA:A5:A9:C8:EF:29:27:CC:7D:78:9D:01
            X509v3 Authority Key Identifier:
                keyid:74:AE:BC:15:4A:56:C8:30:25:CB:D8:64:1A:9A:C3:15:CB:55:1C:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dK68FUpWyDAly9hkGprDFctVHAY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/6de7a0-4073-4272-bf44-07a1d65548ba/1/L-rc0R0-D2DqpanI7yknzH14nQE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/6de7a0-4073-4272-bf44-07a1d65548ba/1/dK68FUpWyDAly9hkGprDFctVHAY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.15.21.0/24
                  194.53.136.0/22
                IPv6:
                  2a0e:1d80:6::/48
                  2a0e:1d80:8::/47
                  2a0e:1d80:10::-2a0e:1d80:15:ffff:ffff:ffff:ffff:ffff
                  2a0e:1d80:117::/64

    Signature Algorithm: sha256WithRSAEncryption
         6a:c5:d5:16:9a:a5:92:4a:40:7f:e1:9a:e2:c6:4f:09:56:8b:
         bb:39:42:5d:86:19:24:52:56:7f:79:82:28:a7:ef:50:37:5c:
         d5:ea:fb:eb:3c:62:c8:16:83:72:46:7e:ca:75:ec:18:fb:bc:
         1a:4c:2c:9b:76:68:46:fb:23:b2:25:90:0d:c8:4b:10:06:0c:
         b1:40:81:cb:97:39:d2:e3:b5:c0:b6:87:95:14:af:82:99:5f:
         ba:45:b0:8b:19:6a:87:15:33:99:aa:d9:9c:ab:1c:b0:c6:7f:
         30:17:7e:f9:c6:84:f9:64:4e:16:35:c2:f4:9f:00:0d:cf:fb:
         1f:fd:0a:44:b6:7e:d4:d2:aa:70:f3:1f:3e:08:ee:08:e6:10:
         81:32:6e:01:b4:de:9b:b6:41:91:66:93:1e:03:1f:b3:62:66:
         75:a2:a4:b2:08:ad:22:66:f3:11:ca:53:79:58:fe:f0:b0:62:
         a7:91:0f:21:de:3f:e9:1d:5c:92:21:5a:56:6d:62:fa:de:3a:
         d4:48:f4:82:0e:a4:93:6e:79:38:93:b7:49:75:5f:dd:e4:e2:
         ad:a0:84:fa:e0:55:14:6b:e0:64:2a:41:8c:75:29:09:f7:2c:
         5a:87:17:91:58:b0:3f:79:fc:cc:b9:f1:07:d0:39:37:59:1a:
         eb:fd:a0:42
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAYVtSs2nhPkrYtt70X/hfuzQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0YWViYzE1NGE1NmM4MzAyNWNiZDg2NDFhOWFjMzE1Y2I1
NTFjMDYwHhcNMjMwMTAxMTIyNDU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmVhZGNkMTFkM2UwZjYwZWFhNWE5YzhlZjI5MjdjYzdkNzg5ZDAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhUQbP7aAL+pnq+6xbL27q8NFG20F
RyfeAIbkv/PchmksA3ovV0jsRgYFJYY1y6HKkyaHjVpDyRac1BYaDVuF6DockPoL
doFV2Gm2aY6bOl7MXtmUb9B929bOLf0GrX1yVB5UKU9PIZAYzM5aodbwCsRHINT6
q7vySnClXl4QkAnGqbFLjNVr78HAj2+Z3uDuJUw5IMOdpp51wtBE2YYPlWyyLWvz
Q0zcab26Qo0vNPRDo0YkoCdG+RDjXzmH2/lS5dCpcWIUzT/J9xg4/lZqbIfAvqKq
oSZ5TT76OortpnkuJnQbgZbbNXzM5sgcxhe7Oj1G5w1z/OX4EFO7XR4juwIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFC/q3NEdPg9g6qWpyO8pJ8x9eJ0BMB8GA1UdIwQY
MBaAFHSuvBVKVsgwJcvYZBqawxXLVRwGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEs2OEZVcFd5REFseTloa0dwckRGY3RWSEFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy82ZGU3YTAtNDA3My00MjcyLWJmNDQt
MDdhMWQ2NTU0OGJhLzEvTC1yYzBSMC1EMkRxcGFuSTd5a256SDE0blFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy82ZGU3YTAtNDA3My00MjcyLWJmNDQtMDdhMWQ2NTU0OGJh
LzEvZEs2OEZVcFd5REFseTloa0dwckRGY3RWSEFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTASBAIAATAMAwQALQ8VAwQC
wjWIMDcEAgACMDEDBwAqDh2AAAYDBwEqDh2AAAgwEgMHBCoOHYAAEAMHASoOHYAA
FAMJACoOHYABFwAAMA0GCSqGSIb3DQEBCwUAA4IBAQBqxdUWmqWSSkB/4Zrixk8J
Vou7OUJdhhkkUlZ/eYIop+9QN1zV6vvrPGLIFoNyRn7KdewY+7waTCybdmhG+yOy
JZANyEsQBgyxQIHLlznS47XAtoeVFK+CmV+6RbCLGWqHFTOZqtmcqxywxn8wF375
xoT5ZE4WNcL0nwANz/sf/QpEtn7U0qpw8x8+CO4I5hCBMm4BtN6btkGRZpMeAx+z
YmZ1oqSyCK0iZvMRylN5WP7wsGKnkQ8h3j/pHVySIVpWbWL63jrUSPSCDqSTbnk4
k7dJdV/d5OKtoIT64FUUa+BkKkGMdSkJ9yxahxeRWLA/efzMufEH0Dk3WRrr/aBC
-----END CERTIFICATE-----