Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/260b61-a348-4d47-92f6-1e0e8b909e34/1/QTPUXP6ftWGZSGxrHXgvG2toayY.roa
File:                     QTPUXP6ftWGZSGxrHXgvG2toayY.roa (raw, json)
Hash identifier:          EBGWnHpL60JBiQE9AISysyHXU1PvH0L6d4bhrxhFzIM=
Subject key identifier:   41:33:D4:5C:FE:9F:B5:61:99:48:6C:6B:1D:78:2F:1B:6B:68:6B:26
Certificate issuer:       /CN=9e55320077696944b1613c2e8c9c606a1e06eb79
Certificate serial:       01856FA6FB36945BED241C927F8B2CED3115
Authority key identifier: 9E:55:32:00:77:69:69:44:B1:61:3C:2E:8C:9C:60:6A:1E:06:EB:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nlUyAHdpaUSxYTwujJxgah4G63k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/260b61-a348-4d47-92f6-1e0e8b909e34/1/QTPUXP6ftWGZSGxrHXgvG2toayY.roa
Signing time:             Sun 01 Jan 2023 23:24:52 +0000
ROA not before:           Sun 01 Jan 2023 23:24:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     206119
IP address blocks:        5.182.245.0/24 maxlen: 24
                          5.182.246.0/24 maxlen: 24
                          185.195.255.0/24 maxlen: 24
                          185.195.254.0/24 maxlen: 24
                          185.233.247.0/24 maxlen: 24
                          89.200.217.0/24 maxlen: 24
                          185.107.132.0/24 maxlen: 24
                          185.93.53.0/24 maxlen: 24
                          185.93.52.0/24 maxlen: 24
                          185.93.54.0/24 maxlen: 24
                          185.93.55.0/24 maxlen: 24
                          185.195.253.0/24 maxlen: 24
                          2a0a:61c0::/29 maxlen: 29
                          2a05:f740::/29 maxlen: 29
                          2a0c:f700::/29 maxlen: 29

Validation:               Failed, certificate revoked on Mon 24 Apr 2023 06:56:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:a6:fb:36:94:5b:ed:24:1c:92:7f:8b:2c:ed:31:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e55320077696944b1613c2e8c9c606a1e06eb79
        Validity
            Not Before: Jan  1 23:24:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4133d45cfe9fb56199486c6b1d782f1b6b686b26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:64:10:b2:b3:e1:6c:e8:fb:77:eb:33:df:fe:
                    40:6f:55:aa:d1:ae:3b:56:51:b2:c8:7d:db:2d:8b:
                    90:3b:ee:35:fd:d4:a4:56:e9:61:d1:4e:fc:ef:a2:
                    ec:86:0e:e8:ee:6c:1b:c8:ef:1f:3f:3f:1d:e9:7a:
                    d0:c5:91:44:ab:97:36:0c:41:a8:e1:08:e3:37:c0:
                    c0:13:77:a0:b1:19:aa:14:53:5c:04:64:03:ed:54:
                    99:2f:03:32:a4:a9:7b:bf:50:6d:6e:a1:1c:5f:b9:
                    62:40:92:66:5e:b0:ce:90:3a:9b:aa:72:bc:0c:5c:
                    be:e1:f9:5b:d8:2d:79:6c:8f:46:a0:5e:61:c7:ee:
                    74:e5:17:e8:75:56:44:d3:ba:2d:f6:54:d1:5f:76:
                    87:26:e4:bf:02:94:76:3d:f4:24:09:ad:36:05:59:
                    81:98:b8:36:28:fc:be:f9:d2:c4:ef:fa:d1:2d:ae:
                    de:a8:95:c5:49:05:02:b4:3d:84:a0:a8:0f:fc:b4:
                    57:57:0b:6d:d1:ac:91:27:eb:cb:b0:64:2b:ef:69:
                    f1:1f:e5:6d:74:4c:3a:17:4e:28:35:32:c5:1c:9e:
                    5f:eb:30:e1:fd:88:31:ee:2d:23:a9:fa:85:f0:70:
                    d6:68:1a:7f:b3:b7:b7:a0:62:f5:ea:24:fd:a8:61:
                    d4:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:33:D4:5C:FE:9F:B5:61:99:48:6C:6B:1D:78:2F:1B:6B:68:6B:26
            X509v3 Authority Key Identifier:
                keyid:9E:55:32:00:77:69:69:44:B1:61:3C:2E:8C:9C:60:6A:1E:06:EB:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nlUyAHdpaUSxYTwujJxgah4G63k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/260b61-a348-4d47-92f6-1e0e8b909e34/1/QTPUXP6ftWGZSGxrHXgvG2toayY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/260b61-a348-4d47-92f6-1e0e8b909e34/1/nlUyAHdpaUSxYTwujJxgah4G63k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.245.0-5.182.246.255
                  89.200.217.0/24
                  185.93.52.0/22
                  185.107.132.0/24
                  185.195.253.0-185.195.255.255
                  185.233.247.0/24
                IPv6:
                  2a05:f740::/29
                  2a0a:61c0::/29
                  2a0c:f700::/29

    Signature Algorithm: sha256WithRSAEncryption
         12:a1:96:26:6b:89:60:99:95:44:76:5a:a6:23:9d:fc:25:af:
         77:5f:e1:0a:e2:26:c5:75:81:3b:8d:7b:71:51:ba:24:81:5c:
         a2:db:05:a2:0d:c2:54:ac:24:9f:11:1b:ea:0e:2a:e2:dd:8e:
         94:68:d9:76:0a:de:d7:c4:a7:96:4e:03:87:35:f0:2c:1c:82:
         65:c8:b0:6c:44:a5:e2:9d:05:f3:b3:21:20:bb:f9:4e:3b:06:
         58:30:23:ea:32:da:be:e1:6c:16:e4:fd:91:5c:a6:a5:dd:30:
         89:07:aa:ce:e4:13:35:d8:87:29:b7:0c:0a:fa:1a:5d:32:da:
         41:a4:9c:b1:1e:b9:f1:31:23:6f:25:a0:9a:c9:8b:39:8e:ff:
         58:c6:0b:19:53:2d:05:cd:8d:67:39:0a:4d:4d:79:e5:09:32:
         07:7e:97:77:95:60:89:f9:d5:29:ae:88:3c:2a:d0:81:fe:e3:
         9d:47:ae:8d:61:cc:50:29:8d:8d:38:4c:91:78:7f:7e:66:d9:
         ac:70:a8:53:10:81:17:69:40:18:cf:89:7b:be:96:69:21:5a:
         67:08:0b:6a:9e:1a:f6:48:4f:0d:44:01:bf:ce:f9:a2:bd:7f:
         eb:26:c6:33:ce:8d:69:9e:fe:6f:bd:31:df:14:33:ad:42:5d:
         84:0e:d4:f3
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAYVvpvs2lFvtJBySf4ss7TEVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllNTUzMjAwNzc2OTY5NDRiMTYxM2MyZThjOWM2MDZhMWUw
NmViNzkwHhcNMjMwMTAxMjMyNDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTMzZDQ1Y2ZlOWZiNTYxOTk0ODZjNmIxZDc4MmYxYjZiNjg2YjI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkWQQsrPhbOj7d+sz3/5Ab1Wq0a47
VlGyyH3bLYuQO+41/dSkVulh0U7876Lshg7o7mwbyO8fPz8d6XrQxZFEq5c2DEGo
4QjjN8DAE3egsRmqFFNcBGQD7VSZLwMypKl7v1BtbqEcX7liQJJmXrDOkDqbqnK8
DFy+4flb2C15bI9GoF5hx+505RfodVZE07ot9lTRX3aHJuS/ApR2PfQkCa02BVmB
mLg2KPy++dLE7/rRLa7eqJXFSQUCtD2EoKgP/LRXVwtt0ayRJ+vLsGQr72nxH+Vt
dEw6F04oNTLFHJ5f6zDh/Ygx7i0jqfqF8HDWaBp/s7e3oGL16iT9qGHU2wIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFEEz1Fz+n7VhmUhsax14LxtraGsmMB8GA1UdIwQY
MBaAFJ5VMgB3aWlEsWE8LoycYGoeBut5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmxVeUFIZHBhVVN4WVR3dWpKeGdhaDRHNjNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC8yNjBiNjEtYTM0OC00ZDQ3LTkyZjYt
MWUwZThiOTA5ZTM0LzEvUVRQVVhQNmZ0V0daU0d4ckhYZ3ZHMnRvYXlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC8yNjBiNjEtYTM0OC00ZDQ3LTkyZjYtMWUwZThiOTA5ZTM0
LzEvbmxVeUFIZHBhVVN4WVR3dWpKeGdhaDRHNjNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDA5BAIAATAzMAwDBAAFtvUD
BAAFtvYDBABZyNkDBAK5XTQDBAC5a4QwCwMEALnD/QMDArnAAwQAuen3MBsEAgAC
MBUDBQMqBfdAAwUDKgphwAMFAyoM9wAwDQYJKoZIhvcNAQELBQADggEBABKhliZr
iWCZlUR2WqYjnfwlr3df4QriJsV1gTuNe3FRuiSBXKLbBaINwlSsJJ8RG+oOKuLd
jpRo2XYK3tfEp5ZOA4c18CwcgmXIsGxEpeKdBfOzISC7+U47BlgwI+oy2r7hbBbk
/ZFcpqXdMIkHqs7kEzXYhym3DAr6Gl0y2kGknLEeufExI28loJrJizmO/1jGCxlT
LQXNjWc5Ck1NeeUJMgd+l3eVYIn51SmuiDwq0IH+451Hro1hzFApjY04TJF4f35m
2axwqFMQgRdpQBjPiXu+lmkhWmcIC2qeGvZITw1EAb/O+aK9f+smxjPOjWme/m+9
Md8UM61CXYQO1PM=
-----END CERTIFICATE-----