Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/6f895b-7977-445d-b72c-8b5ef41d8c25/1/XNfd_r-DmfHZ7gaHatTZ-gSWZEw.roa
File:                     XNfd_r-DmfHZ7gaHatTZ-gSWZEw.roa (raw, json)
Hash identifier:          ED7xcx6JyHcIpU2z/kOOpV7xDHV+zaAyiOzSrD25xKA=
Subject key identifier:   5C:D7:DD:FE:BF:83:99:F1:D9:EE:06:87:6A:D4:D9:FA:04:96:64:4C
Certificate issuer:       /CN=2236b2b8afa6036d2c8e8317736faaa72d80c4f2
Certificate serial:       018AE1AFA808D6DA7C00011523AC00D7468C
Authority key identifier: 22:36:B2:B8:AF:A6:03:6D:2C:8E:83:17:73:6F:AA:A7:2D:80:C4:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IjayuK-mA20sjoMXc2-qpy2AxPI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/6f895b-7977-445d-b72c-8b5ef41d8c25/1/XNfd_r-DmfHZ7gaHatTZ-gSWZEw.roa
Signing time:             Fri 29 Sep 2023 16:04:59 +0000
ROA not before:           Fri 29 Sep 2023 16:04:59 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     29067
IP address blocks:        193.29.220.0/24 maxlen: 24
                          185.159.140.0/24 maxlen: 24
                          185.159.141.0/24 maxlen: 24
                          195.47.253.0/24 maxlen: 24
                          109.70.104.0/22 maxlen: 24
                          109.70.111.0/24 maxlen: 24
                          109.70.108.0/24 maxlen: 24
                          109.70.109.0/24 maxlen: 24
                          2001:4130:50f1::/48 maxlen: 48
                          2001:4130:141::/48 maxlen: 48
                          2001:4130::/32 maxlen: 48
                          2001:67c:258::/48 maxlen: 48
                          2001:4130:20::/48 maxlen: 48
                          2001:4130:b0::/48 maxlen: 48
                          2001:4130:ce::/48 maxlen: 48
                          2001:4130:cd::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 08:32:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:e1:af:a8:08:d6:da:7c:00:01:15:23:ac:00:d7:46:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2236b2b8afa6036d2c8e8317736faaa72d80c4f2
        Validity
            Not Before: Sep 29 16:04:59 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5cd7ddfebf8399f1d9ee06876ad4d9fa0496644c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:93:f7:0f:e0:c0:d4:3a:b4:d6:d8:e8:d0:26:
                    0d:49:f0:0d:6c:e9:8f:79:38:c7:ad:26:fd:c6:d8:
                    ae:55:47:86:bf:9c:77:c6:9f:e1:77:8f:4b:a0:2f:
                    d6:0e:d1:de:b6:5c:fe:2b:0c:71:14:ae:5d:56:05:
                    46:81:73:79:eb:9c:87:b3:92:05:62:2e:d3:9e:5d:
                    99:a9:69:1c:8d:30:5e:a0:1c:42:45:36:0d:0f:53:
                    fa:57:19:4e:f0:a2:b3:b6:af:9a:7f:e1:e9:b9:48:
                    8c:9d:f5:83:79:85:fe:dc:5c:22:d5:08:53:a9:a9:
                    5c:59:57:95:54:8d:51:e9:ec:3d:85:af:be:6c:6a:
                    b8:7f:be:e9:bb:06:7d:9e:70:99:6f:e9:b5:a5:65:
                    6e:9f:71:33:5f:2b:b2:98:53:27:51:8e:e1:4f:1c:
                    ad:86:79:9a:18:61:cb:22:5a:99:80:53:c8:64:07:
                    33:fc:92:b5:90:61:ad:97:fc:33:d0:27:8e:25:98:
                    82:25:aa:8a:d5:6a:77:66:15:b4:1b:da:2b:41:76:
                    67:cb:d8:1f:fc:1e:0c:8a:d3:d3:54:be:45:08:16:
                    02:b3:8d:61:9e:e3:c9:1d:da:c3:30:e9:10:e4:d1:
                    cb:c9:b6:4d:67:33:2f:b3:94:68:85:6e:33:d4:5d:
                    e0:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:D7:DD:FE:BF:83:99:F1:D9:EE:06:87:6A:D4:D9:FA:04:96:64:4C
            X509v3 Authority Key Identifier:
                keyid:22:36:B2:B8:AF:A6:03:6D:2C:8E:83:17:73:6F:AA:A7:2D:80:C4:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IjayuK-mA20sjoMXc2-qpy2AxPI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/6f895b-7977-445d-b72c-8b5ef41d8c25/1/XNfd_r-DmfHZ7gaHatTZ-gSWZEw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/6f895b-7977-445d-b72c-8b5ef41d8c25/1/IjayuK-mA20sjoMXc2-qpy2AxPI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.70.104.0-109.70.109.255
                  109.70.111.0/24
                  185.159.140.0/23
                  193.29.220.0/24
                  195.47.253.0/24
                IPv6:
                  2001:67c:258::/48
                  2001:4130::/32

    Signature Algorithm: sha256WithRSAEncryption
         76:ab:06:ca:72:14:19:c0:f3:de:49:29:b6:02:ef:b7:9b:85:
         b6:c9:d4:20:c0:67:1a:4f:e1:2d:8a:81:9d:2e:50:dd:98:02:
         4e:5b:98:5f:e8:63:ca:7c:91:01:be:df:f2:c9:f7:80:93:15:
         6c:c4:ad:37:f8:1d:65:5e:69:d5:12:6e:51:8c:d2:ca:27:c0:
         5f:a3:90:8c:a8:1d:09:10:ca:a0:07:10:f6:53:d3:82:53:12:
         c7:78:da:44:10:f8:b1:87:0f:ad:b6:6f:b0:a3:b1:b6:a3:73:
         86:21:56:9c:d3:ee:f2:f6:02:89:69:d5:41:ac:40:2f:28:7d:
         7d:2e:ea:f5:31:5f:7d:c3:fe:b8:e6:5a:50:20:a7:23:57:d3:
         ab:ce:8b:c4:b3:2d:e1:b9:63:6a:70:cb:b8:c5:44:4f:63:b7:
         bc:7e:f6:89:ef:a9:4f:7a:b7:c5:63:0b:08:cf:9c:7e:f6:16:
         5d:14:6f:8c:fa:58:5e:11:be:42:2b:43:4d:38:58:f4:b4:17:
         62:3a:b0:1f:df:b0:5c:2b:d5:a4:10:6d:0f:37:c7:b2:f7:6a:
         73:a2:78:65:34:a3:b2:1d:8c:2c:d6:67:4d:6f:ab:07:d6:61:
         4c:b2:ff:64:9f:b4:f7:d3:13:02:24:0c:75:2b:ac:d8:9c:e4:
         fb:54:79:89
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYrhr6gI1tp8AAEVI6wA10aMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyMzZiMmI4YWZhNjAzNmQyYzhlODMxNzczNmZhYWE3MmQ4
MGM0ZjIwHhcNMjMwOTI5MTYwNDU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2Q3ZGRmZWJmODM5OWYxZDllZTA2ODc2YWQ0ZDlmYTA0OTY2NDRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApJP3D+DA1Dq01tjo0CYNSfANbOmP
eTjHrSb9xtiuVUeGv5x3xp/hd49LoC/WDtHetlz+KwxxFK5dVgVGgXN565yHs5IF
Yi7Tnl2ZqWkcjTBeoBxCRTYND1P6VxlO8KKztq+af+HpuUiMnfWDeYX+3Fwi1QhT
qalcWVeVVI1R6ew9ha++bGq4f77puwZ9nnCZb+m1pWVun3EzXyuymFMnUY7hTxyt
hnmaGGHLIlqZgFPIZAcz/JK1kGGtl/wz0CeOJZiCJaqK1Wp3ZhW0G9orQXZny9gf
/B4MitPTVL5FCBYCs41hnuPJHdrDMOkQ5NHLybZNZzMvs5RohW4z1F3gawIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFFzX3f6/g5nx2e4Gh2rU2foElmRMMB8GA1UdIwQY
MBaAFCI2srivpgNtLI6DF3NvqqctgMTyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWpheXVLLW1BMjBzam9NWGMyLXFweTJBeFBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82Zjg5NWItNzk3Ny00NDVkLWI3MmMt
OGI1ZWY0MWQ4YzI1LzEvWE5mZF9yLURtZkhaN2dhSGF0VFotZ1NXWkV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82Zjg5NWItNzk3Ny00NDVkLWI3MmMtOGI1ZWY0MWQ4YzI1
LzEvSWpheXVLLW1BMjBzam9NWGMyLXFweTJBeFBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjAsBAIAATAmMAwDBANtRmgD
BAFtRmwDBABtRm8DBAG5n4wDBADBHdwDBADDL/0wFgQCAAIwEAMHACABBnwCWAMF
ACABQTAwDQYJKoZIhvcNAQELBQADggEBAHarBspyFBnA895JKbYC77ebhbbJ1CDA
ZxpP4S2KgZ0uUN2YAk5bmF/oY8p8kQG+3/LJ94CTFWzErTf4HWVeadUSblGM0son
wF+jkIyoHQkQyqAHEPZT04JTEsd42kQQ+LGHD622b7Cjsbajc4YhVpzT7vL2Aolp
1UGsQC8ofX0u6vUxX33D/rjmWlAgpyNX06vOi8SzLeG5Y2pwy7jFRE9jt7x+9onv
qU96t8VjCwjPnH72Fl0Ub4z6WF4RvkIrQ004WPS0F2I6sB/fsFwr1aQQbQ83x7L3
anOieGU0o7IdjCzWZ01vqwfWYUyy/2SftPfTEwIkDHUrrNic5PtUeYk=
-----END CERTIFICATE-----