Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/MPGBo0qDGLmtDlTivblOW5lo4fs.roa
File:                     MPGBo0qDGLmtDlTivblOW5lo4fs.roa (raw, json)
Hash identifier:          vqAa+Z8E6FmhfU15pZ5koD3zOEJ9IZSq24Pqr8ekNlc=
Subject key identifier:   30:F1:81:A3:4A:83:18:B9:AD:0E:54:E2:BD:B9:4E:5B:99:68:E1:FB
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       0188DEED59F9CF63C13475512F1E80A2C06A
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/MPGBo0qDGLmtDlTivblOW5lo4fs.roa
Signing time:             Wed 21 Jun 2023 17:07:56 +0000
ROA not before:           Wed 21 Jun 2023 17:07:56 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     3280
IP address blocks:        78.108.217.0/24 maxlen: 24
                          2a0b:b86:4::/48 maxlen: 48
                          2a0b:b86:f::/48 maxlen: 48
                          2a0b:b86:e::/48 maxlen: 48
                          2a0b:b86:9::/48 maxlen: 48
                          2a0b:b86::/48 maxlen: 48
                          2a0b:b86:b::/48 maxlen: 48
                          2a0b:b86:a::/48 maxlen: 48
                          2a0b:b86:5::/48 maxlen: 48
                          2a0b:b86:c::/48 maxlen: 48
                          2a0b:b86:6::/48 maxlen: 48
                          2a0b:b86:1::/48 maxlen: 48
                          2a0b:b86:f8::/48 maxlen: 48
                          2a0b:b86:8::/48 maxlen: 48
                          2a0b:b86:3::/48 maxlen: 48
                          2a0b:b86:2::/48 maxlen: 48
                          2a0b:b86:d::/48 maxlen: 48

Validation:               Failed, certificate revoked on Thu 22 Jun 2023 06:59:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:de:ed:59:f9:cf:63:c1:34:75:51:2f:1e:80:a2:c0:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jun 21 17:07:56 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=30f181a34a8318b9ad0e54e2bdb94e5b9968e1fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:5a:d4:1f:e4:c8:c6:02:b9:91:a6:79:2a:46:
                    55:ad:c2:de:5e:22:df:d2:6c:15:04:89:fd:9e:7a:
                    7f:d8:43:69:e1:ea:8b:8e:cc:a4:6f:95:49:46:aa:
                    7b:5e:ba:57:19:f5:4b:5e:b1:5e:80:fe:31:5d:4e:
                    90:ad:8d:91:23:b7:78:d9:8c:a4:43:c4:f4:dc:98:
                    f5:33:fe:bc:9b:ca:d8:09:66:43:d9:22:8d:fc:30:
                    0f:00:ab:22:1f:18:77:c8:57:cf:0d:a7:0f:c8:52:
                    f8:42:7d:6f:3a:65:40:a0:e5:5d:a3:ec:ab:a3:57:
                    7e:bf:91:89:03:5d:e2:40:6a:5c:1a:f4:ef:a8:6b:
                    d2:c4:40:19:8a:77:d8:1a:66:35:91:3c:9a:ac:66:
                    fd:6f:32:a1:14:47:a1:be:d2:93:9c:88:1d:c0:3c:
                    21:75:36:50:9a:0a:5e:60:48:01:9b:ea:f9:b6:73:
                    c6:ac:7b:a3:2a:47:8d:c3:92:28:c4:e4:06:c5:e4:
                    c5:36:7e:1d:23:e3:2a:b4:84:f3:06:cb:e6:6e:99:
                    f7:23:21:f7:75:15:7c:e0:2b:4f:2c:55:87:1a:ae:
                    d1:c1:fc:c0:72:46:e7:26:44:ca:2b:1a:88:7a:fc:
                    ec:a2:48:ba:55:fb:cc:3d:fa:e3:2c:e4:0f:0d:13:
                    e4:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:F1:81:A3:4A:83:18:B9:AD:0E:54:E2:BD:B9:4E:5B:99:68:E1:FB
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/MPGBo0qDGLmtDlTivblOW5lo4fs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.108.217.0/24
                IPv6:
                  2a0b:b86::-2a0b:b86:6:ffff:ffff:ffff:ffff:ffff
                  2a0b:b86:8::/45
                  2a0b:b86:f8::/48

    Signature Algorithm: sha256WithRSAEncryption
         96:5c:be:72:60:7f:1d:69:e8:77:d8:9f:33:47:09:63:08:02:
         14:a7:89:e4:6c:67:cb:23:1a:ee:ad:ea:48:e9:71:f8:02:46:
         35:49:d6:18:5b:c9:a9:e5:2f:c2:82:dc:5e:10:56:91:15:42:
         af:7e:69:74:6e:d1:90:49:ab:1f:77:5a:b1:66:22:c5:dc:59:
         d2:42:c7:b4:c3:d2:24:cf:4c:3b:ab:83:56:08:b8:bc:37:90:
         df:78:7b:74:2a:00:c0:99:ba:ee:a6:31:bc:8f:c5:30:67:f4:
         b9:03:af:d2:42:ba:53:99:ab:04:83:02:7c:de:c3:fe:d7:fd:
         4b:96:c5:9a:6c:a9:ae:ad:bc:0c:b7:f7:6b:98:35:91:44:cb:
         da:dd:57:d6:70:a7:ce:fc:04:9d:98:d3:ff:66:47:d5:44:8d:
         2b:40:bd:82:72:7f:fe:20:ff:4e:bc:23:1f:8c:45:1f:58:fa:
         e7:37:ac:d6:b1:c1:7b:c9:5e:f9:cd:54:4b:d1:76:4c:69:56:
         df:31:f6:ae:7e:3a:2c:e2:af:7c:55:5b:51:3b:e2:b9:eb:85:
         a8:10:f6:af:42:c4:4d:5a:36:32:ca:37:97:7d:b3:e5:31:29:
         54:47:5e:cb:12:12:c4:ee:8d:a8:9a:ea:84:ca:28:03:0c:56:
         f8:18:7e:3d
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYje7Vn5z2PBNHVRLx6AosBqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjMwNjIxMTcwNzU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGYxODFhMzRhODMxOGI5YWQwZTU0ZTJiZGI5NGU1Yjk5NjhlMWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAilrUH+TIxgK5kaZ5KkZVrcLeXiLf
0mwVBIn9nnp/2ENp4eqLjsykb5VJRqp7XrpXGfVLXrFegP4xXU6QrY2RI7d42Yyk
Q8T03Jj1M/68m8rYCWZD2SKN/DAPAKsiHxh3yFfPDacPyFL4Qn1vOmVAoOVdo+yr
o1d+v5GJA13iQGpcGvTvqGvSxEAZinfYGmY1kTyarGb9bzKhFEehvtKTnIgdwDwh
dTZQmgpeYEgBm+r5tnPGrHujKkeNw5IoxOQGxeTFNn4dI+MqtITzBsvmbpn3IyH3
dRV84CtPLFWHGq7RwfzAckbnJkTKKxqIevzsoki6VfvMPfrjLOQPDRPkjwIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFDDxgaNKgxi5rQ5U4r25TluZaOH7MB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvTVBHQm8wcURHTG10RGxUaXZibE9XNWxvNGZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjAMBAIAATAGAwQATmzZMCoE
AgACMCQwEAMFASoLC4YDBwAqCwuGAAYDBwMqCwuGAAgDBwAqCwuGAPgwDQYJKoZI
hvcNAQELBQADggEBAJZcvnJgfx1p6HfYnzNHCWMIAhSnieRsZ8sjGu6t6kjpcfgC
RjVJ1hhbyanlL8KC3F4QVpEVQq9+aXRu0ZBJqx93WrFmIsXcWdJCx7TD0iTPTDur
g1YIuLw3kN94e3QqAMCZuu6mMbyPxTBn9LkDr9JCulOZqwSDAnzew/7X/UuWxZps
qa6tvAy392uYNZFEy9rdV9Zwp878BJ2Y0/9mR9VEjStAvYJyf/4g/068Ix+MRR9Y
+uc3rNaxwXvJXvnNVEvRdkxpVt8x9q5+Oizir3xVW1E74rnrhagQ9q9CxE1aNjLK
N5d9s+UxKVRHXssSEsTujaia6oTKKAMMVvgYfj0=
-----END CERTIFICATE-----