Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/6f895b-7977-445d-b72c-8b5ef41d8c25/1/Vg3qCJ0Kzn-XaXztv8YD4PAA3Tc.roa
File:                     Vg3qCJ0Kzn-XaXztv8YD4PAA3Tc.roa (raw, json)
Hash identifier:          7Vx4xeyeQm09BIIU5hNPngtKiUgrbtg2C5kVqAHzixg=
Subject key identifier:   56:0D:EA:08:9D:0A:CE:7F:97:69:7C:ED:BF:C6:03:E0:F0:00:DD:37
Certificate issuer:       /CN=2236b2b8afa6036d2c8e8317736faaa72d80c4f2
Certificate serial:       018571B0C774690D056A6B249FF1381C9480
Authority key identifier: 22:36:B2:B8:AF:A6:03:6D:2C:8E:83:17:73:6F:AA:A7:2D:80:C4:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IjayuK-mA20sjoMXc2-qpy2AxPI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/6f895b-7977-445d-b72c-8b5ef41d8c25/1/Vg3qCJ0Kzn-XaXztv8YD4PAA3Tc.roa
Signing time:             Mon 02 Jan 2023 08:54:48 +0000
ROA not before:           Mon 02 Jan 2023 08:54:48 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     29067
IP address blocks:        193.29.220.0/24 maxlen: 24
                          185.159.140.0/24 maxlen: 24
                          195.47.253.0/24 maxlen: 24
                          109.70.104.0/22 maxlen: 24
                          109.70.111.0/24 maxlen: 24
                          109.70.108.0/24 maxlen: 24
                          109.70.109.0/24 maxlen: 24
                          2001:4130:50f1::/48 maxlen: 48
                          2001:4130::/32 maxlen: 48
                          2001:67c:258::/48 maxlen: 48
                          2001:4130:20::/48 maxlen: 48
                          2001:4130:b0::/48 maxlen: 48
                          2001:4130:ce::/48 maxlen: 48
                          2001:4130:cd::/48 maxlen: 48

Validation:               Failed, certificate revoked on Fri 29 Sep 2023 16:04:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:b0:c7:74:69:0d:05:6a:6b:24:9f:f1:38:1c:94:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2236b2b8afa6036d2c8e8317736faaa72d80c4f2
        Validity
            Not Before: Jan  2 08:54:48 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=560dea089d0ace7f97697cedbfc603e0f000dd37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:5d:d5:c7:a8:0e:07:55:12:39:7c:19:41:fb:
                    33:f3:e6:f6:b1:bd:fb:e4:6a:e8:88:6e:ad:e4:83:
                    22:15:18:9b:9b:53:c3:a6:fd:0d:71:8f:21:49:15:
                    97:03:e0:a4:6b:9c:2c:19:f4:fa:69:6e:6d:2b:bc:
                    fe:7b:f7:65:67:44:9e:8a:d7:85:a2:83:f8:86:c4:
                    f8:4f:f1:11:12:8e:1d:4e:f8:82:04:db:c4:c8:6b:
                    d8:35:b3:29:5f:a0:4e:57:9e:34:b5:df:64:2f:c8:
                    8a:8a:0e:61:34:26:89:47:42:b4:26:c4:e2:ec:41:
                    af:c5:82:30:68:43:3d:cd:e6:f1:c4:a3:da:91:7d:
                    f0:18:ce:61:28:5c:27:17:43:03:02:46:5e:f3:d6:
                    96:88:f5:c1:9d:06:75:6b:a6:bf:92:57:e5:5a:e4:
                    7c:cb:de:67:29:ae:42:17:25:5c:75:2e:f4:89:fe:
                    d0:e3:ee:fa:77:8d:b6:e6:72:62:58:c5:e3:50:18:
                    40:bf:7e:93:af:75:15:91:1f:49:9b:8e:0e:50:09:
                    09:8e:6b:79:fd:53:d6:21:d4:74:ab:6f:cd:13:dd:
                    1a:15:3c:fc:84:a6:0a:c9:39:27:f5:c8:b7:13:a5:
                    cb:67:67:5d:c0:4a:d5:7c:22:36:11:b2:36:25:96:
                    9b:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:0D:EA:08:9D:0A:CE:7F:97:69:7C:ED:BF:C6:03:E0:F0:00:DD:37
            X509v3 Authority Key Identifier:
                keyid:22:36:B2:B8:AF:A6:03:6D:2C:8E:83:17:73:6F:AA:A7:2D:80:C4:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IjayuK-mA20sjoMXc2-qpy2AxPI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/6f895b-7977-445d-b72c-8b5ef41d8c25/1/Vg3qCJ0Kzn-XaXztv8YD4PAA3Tc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/6f895b-7977-445d-b72c-8b5ef41d8c25/1/IjayuK-mA20sjoMXc2-qpy2AxPI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.70.104.0-109.70.109.255
                  109.70.111.0/24
                  185.159.140.0/24
                  193.29.220.0/24
                  195.47.253.0/24
                IPv6:
                  2001:67c:258::/48
                  2001:4130::/32

    Signature Algorithm: sha256WithRSAEncryption
         1d:eb:d6:8f:a7:00:96:4f:0c:2c:4e:53:f0:e4:1d:35:f4:7e:
         7f:70:f7:04:e5:4a:b2:40:12:b3:e5:80:e7:b4:20:9e:a1:bb:
         ce:35:97:40:00:d1:ef:29:61:52:ac:c0:47:80:cf:35:8d:c9:
         17:2e:db:aa:02:38:7f:2f:61:b5:a6:1b:c7:b3:a8:86:8e:e5:
         1d:2b:68:e0:35:ec:72:4e:a4:64:df:b9:79:f8:12:02:bf:2e:
         26:ac:a0:5c:7d:15:10:11:1f:c4:78:5e:00:80:9d:9f:f4:d7:
         f5:05:23:29:b2:88:25:2d:d9:d6:82:6b:de:20:a0:97:95:19:
         ce:79:12:02:f3:f1:0f:1b:d6:80:43:33:88:31:e6:44:f9:c0:
         93:a3:a1:b6:52:44:b1:88:2a:3e:ee:6a:5b:b4:96:97:fa:e0:
         e8:63:d2:ef:4b:9d:7d:8e:12:de:9c:0a:5d:5a:25:e2:c4:49:
         bd:49:3a:93:dc:44:50:e1:35:3a:66:b8:c0:a2:a5:6a:1f:01:
         bb:38:10:9d:2b:22:0f:13:a8:a8:15:54:a5:f4:e7:67:c1:95:
         71:ed:40:33:65:0b:06:d4:b6:a5:3d:e8:66:77:0f:6c:e7:44:
         ca:4e:a7:8c:6b:f6:4c:c4:99:a0:a1:14:56:e4:ee:38:df:12:
         f2:89:c7:4e
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYVxsMd0aQ0Famskn/E4HJSAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyMzZiMmI4YWZhNjAzNmQyYzhlODMxNzczNmZhYWE3MmQ4
MGM0ZjIwHhcNMjMwMTAyMDg1NDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjBkZWEwODlkMGFjZTdmOTc2OTdjZWRiZmM2MDNlMGYwMDBkZDM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk13Vx6gOB1USOXwZQfsz8+b2sb37
5GroiG6t5IMiFRibm1PDpv0NcY8hSRWXA+Cka5wsGfT6aW5tK7z+e/dlZ0SeiteF
ooP4hsT4T/EREo4dTviCBNvEyGvYNbMpX6BOV540td9kL8iKig5hNCaJR0K0JsTi
7EGvxYIwaEM9zebxxKPakX3wGM5hKFwnF0MDAkZe89aWiPXBnQZ1a6a/klflWuR8
y95nKa5CFyVcdS70if7Q4+76d4225nJiWMXjUBhAv36Tr3UVkR9Jm44OUAkJjmt5
/VPWIdR0q2/NE90aFTz8hKYKyTkn9ci3E6XLZ2ddwErVfCI2EbI2JZabBwIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFFYN6gidCs5/l2l87b/GA+DwAN03MB8GA1UdIwQY
MBaAFCI2srivpgNtLI6DF3NvqqctgMTyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWpheXVLLW1BMjBzam9NWGMyLXFweTJBeFBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82Zjg5NWItNzk3Ny00NDVkLWI3MmMt
OGI1ZWY0MWQ4YzI1LzEvVmczcUNKMEt6bi1YYVh6dHY4WUQ0UEFBM1RjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82Zjg5NWItNzk3Ny00NDVkLWI3MmMtOGI1ZWY0MWQ4YzI1
LzEvSWpheXVLLW1BMjBzam9NWGMyLXFweTJBeFBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjAsBAIAATAmMAwDBANtRmgD
BAFtRmwDBABtRm8DBAC5n4wDBADBHdwDBADDL/0wFgQCAAIwEAMHACABBnwCWAMF
ACABQTAwDQYJKoZIhvcNAQELBQADggEBAB3r1o+nAJZPDCxOU/DkHTX0fn9w9wTl
SrJAErPlgOe0IJ6hu841l0AA0e8pYVKswEeAzzWNyRcu26oCOH8vYbWmG8ezqIaO
5R0raOA17HJOpGTfuXn4EgK/LiasoFx9FRARH8R4XgCAnZ/01/UFIymyiCUt2daC
a94goJeVGc55EgLz8Q8b1oBDM4gx5kT5wJOjobZSRLGIKj7ualu0lpf64Ohj0u9L
nX2OEt6cCl1aJeLESb1JOpPcRFDhNTpmuMCipWofAbs4EJ0rIg8TqKgVVKX052fB
lXHtQDNlCwbUtqU96GZ3D2znRMpOp4xr9kzEmaChFFbk7jjfEvKJx04=
-----END CERTIFICATE-----