Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/670d1b-5129-4146-be5b-78c04bcedad3/1/wXk5T1tOHGRlD2QMNfZG70AezNM.roa
File:                     wXk5T1tOHGRlD2QMNfZG70AezNM.roa (raw, json)
Hash identifier:          ldwtpM7GJqwaJI0M/fuzF1tvCss3NJaIUtsizk7iwj8=
Subject key identifier:   C1:79:39:4F:5B:4E:1C:64:65:0F:64:0C:35:F6:46:EF:40:1E:CC:D3
Certificate issuer:       /CN=c05074877f78dbf49bd37a215491e69a0f8b6e43
Certificate serial:       0185707063434F087E259246A24A2131C22D
Authority key identifier: C0:50:74:87:7F:78:DB:F4:9B:D3:7A:21:54:91:E6:9A:0F:8B:6E:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wFB0h3942_Sb03ohVJHmmg-LbkM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/670d1b-5129-4146-be5b-78c04bcedad3/1/wXk5T1tOHGRlD2QMNfZG70AezNM.roa
Signing time:             Mon 02 Jan 2023 03:04:51 +0000
ROA not before:           Mon 02 Jan 2023 03:04:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     49183
IP address blocks:        46.173.173.0/24 maxlen: 24
                          46.173.175.0/24 maxlen: 24
                          94.231.179.0/24 maxlen: 24
                          94.231.178.0/24 maxlen: 24
                          94.231.177.0/24 maxlen: 24
                          94.231.176.0/24 maxlen: 24
                          94.231.180.0/24 maxlen: 24
                          94.231.186.0/24 maxlen: 24
                          94.231.185.0/24 maxlen: 24
                          94.231.183.0/24 maxlen: 24
                          94.231.182.0/24 maxlen: 24
                          94.231.181.0/24 maxlen: 24
                          94.231.187.0/24 maxlen: 24
                          46.173.160.0/22 maxlen: 22
                          46.173.164.0/22 maxlen: 22
                          94.231.191.0/24 maxlen: 24
                          94.231.190.0/24 maxlen: 24
                          94.231.189.0/24 maxlen: 24
                          94.231.188.0/24 maxlen: 24
                          46.173.172.0/24 maxlen: 24
                          46.173.168.0/22 maxlen: 22
                          2001:678:d94::/48 maxlen: 48

Validation:               Failed, certificate revoked on Wed 08 Nov 2023 09:13:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:70:63:43:4f:08:7e:25:92:46:a2:4a:21:31:c2:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c05074877f78dbf49bd37a215491e69a0f8b6e43
        Validity
            Not Before: Jan  2 03:04:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c179394f5b4e1c64650f640c35f646ef401eccd3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:b3:04:69:93:86:68:3f:94:ee:49:4d:28:d1:
                    aa:f7:6a:85:4e:22:de:d6:48:11:da:52:3b:58:02:
                    9f:60:1a:71:96:c0:42:29:c2:ca:04:89:47:ea:a1:
                    df:6a:4a:56:27:a5:46:3e:a3:06:cd:12:f9:d5:72:
                    72:cc:cb:65:b4:61:fc:b5:27:97:fd:35:dd:c7:07:
                    23:45:2a:8a:a8:38:0c:91:1e:86:c0:5c:79:87:64:
                    d1:a3:eb:bd:57:73:9c:eb:1e:57:cb:4e:74:0f:a7:
                    b9:94:b1:3b:8a:38:7e:37:64:77:c5:c1:01:67:bf:
                    46:b8:f3:ad:74:18:a2:b1:8c:3b:5c:71:5c:92:a9:
                    4d:75:a2:31:6a:47:c9:ed:99:82:75:ca:bf:e2:3b:
                    93:36:cb:3f:67:c9:ce:0d:83:ea:bb:57:0b:4b:1f:
                    8e:0c:cd:4a:d7:bd:e7:7e:4c:16:1e:b9:c6:04:77:
                    b8:5a:c7:b4:d3:83:d1:65:88:e8:cd:8d:bb:92:8b:
                    32:ea:d9:11:ce:d6:76:9d:fb:34:2f:7a:cb:1d:96:
                    e4:29:d6:04:1b:a5:9a:de:15:56:b2:74:36:bd:cd:
                    44:40:1e:d1:46:08:a9:22:15:54:33:02:e0:8a:71:
                    e8:13:08:3b:55:5b:a5:c2:10:1e:a7:e6:1f:6f:4c:
                    60:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:79:39:4F:5B:4E:1C:64:65:0F:64:0C:35:F6:46:EF:40:1E:CC:D3
            X509v3 Authority Key Identifier:
                keyid:C0:50:74:87:7F:78:DB:F4:9B:D3:7A:21:54:91:E6:9A:0F:8B:6E:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wFB0h3942_Sb03ohVJHmmg-LbkM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/670d1b-5129-4146-be5b-78c04bcedad3/1/wXk5T1tOHGRlD2QMNfZG70AezNM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/670d1b-5129-4146-be5b-78c04bcedad3/1/wFB0h3942_Sb03ohVJHmmg-LbkM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.173.160.0-46.173.173.255
                  46.173.175.0/24
                  94.231.176.0/21
                  94.231.185.0-94.231.191.255
                IPv6:
                  2001:678:d94::/48

    Signature Algorithm: sha256WithRSAEncryption
         61:b4:e9:20:bc:97:ae:6f:08:e0:5c:59:1a:78:0f:91:15:8c:
         2a:f8:86:bb:89:eb:4d:0f:a3:e3:a4:05:ec:17:6d:80:c6:63:
         ff:c3:56:da:95:10:28:97:ad:30:d4:38:d8:71:3f:cc:a0:c3:
         a5:6c:6d:09:55:f5:6d:91:49:a3:70:cc:25:ce:23:b7:e1:a8:
         c9:2f:f8:5d:b8:e3:62:a9:8a:c4:70:60:80:a1:06:6e:65:0a:
         bc:9f:81:d3:b8:d6:1a:dd:cb:86:f4:a1:5e:8c:5d:81:3f:db:
         49:75:70:ec:89:88:f0:94:43:6b:7f:27:74:59:b0:7c:9d:dd:
         64:8a:9b:41:69:42:57:84:13:ac:1b:f3:55:6d:fb:d6:f6:3d:
         68:99:e3:aa:1a:87:dd:2c:5e:fb:35:27:98:8d:67:c9:8d:4b:
         ca:d7:c4:88:fb:c8:40:d2:60:32:e7:31:74:e2:1c:7c:a4:ea:
         bd:b3:42:59:31:8c:18:e4:cc:12:47:59:6f:4e:04:4e:dd:f9:
         8d:ae:5a:7a:c0:da:6f:6f:d2:26:b5:4a:1f:38:5a:b4:f4:4e:
         1a:ce:c2:65:16:7f:00:cc:c9:b0:7a:f9:4e:32:24:2e:d1:fe:
         f5:15:46:70:87:79:82:5c:b9:01:d1:42:be:97:fc:b9:3c:c8:
         8e:76:f3:78
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAYVwcGNDTwh+JZJGokohMcItMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwNTA3NDg3N2Y3OGRiZjQ5YmQzN2EyMTU0OTFlNjlhMGY4
YjZlNDMwHhcNMjMwMTAyMDMwNDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTc5Mzk0ZjViNGUxYzY0NjUwZjY0MGMzNWY2NDZlZjQwMWVjY2QzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtLMEaZOGaD+U7klNKNGq92qFTiLe
1kgR2lI7WAKfYBpxlsBCKcLKBIlH6qHfakpWJ6VGPqMGzRL51XJyzMtltGH8tSeX
/TXdxwcjRSqKqDgMkR6GwFx5h2TRo+u9V3Oc6x5Xy050D6e5lLE7ijh+N2R3xcEB
Z79GuPOtdBiisYw7XHFckqlNdaIxakfJ7ZmCdcq/4juTNss/Z8nODYPqu1cLSx+O
DM1K173nfkwWHrnGBHe4Wse004PRZYjozY27kosy6tkRztZ2nfs0L3rLHZbkKdYE
G6Wa3hVWsnQ2vc1EQB7RRgipIhVUMwLginHoEwg7VVulwhAep+Yfb0xgkQIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFMF5OU9bThxkZQ9kDDX2Ru9AHszTMB8GA1UdIwQY
MBaAFMBQdId/eNv0m9N6IVSR5poPi25DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0ZCMGgzOTQyX1NiMDNvaFZKSG1tZy1MYmtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS82NzBkMWItNTEyOS00MTQ2LWJlNWIt
NzhjMDRiY2VkYWQzLzEvd1hrNVQxdE9IR1JsRDJRTU5mWkc3MEFlek5NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS82NzBkMWItNTEyOS00MTQ2LWJlNWItNzhjMDRiY2VkYWQz
LzEvd0ZCMGgzOTQyX1NiMDNvaFZKSG1tZy1MYmtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAuBAIAATAoMAwDBAUuraAD
BAEurawDBAAura8DBANe57AwDAMEAF7nuQMEBl7ngDAPBAIAAjAJAwcAIAEGeA2U
MA0GCSqGSIb3DQEBCwUAA4IBAQBhtOkgvJeubwjgXFkaeA+RFYwq+Ia7ietND6Pj
pAXsF22AxmP/w1balRAol60w1DjYcT/MoMOlbG0JVfVtkUmjcMwlziO34ajJL/hd
uONiqYrEcGCAoQZuZQq8n4HTuNYa3cuG9KFejF2BP9tJdXDsiYjwlENrfyd0WbB8
nd1kiptBaUJXhBOsG/NVbfvW9j1omeOqGofdLF77NSeYjWfJjUvK18SI+8hA0mAy
5zF04hx8pOq9s0JZMYwY5MwSR1lvTgRO3fmNrlp6wNpvb9ImtUofOFq09E4azsJl
Fn8AzMmwevlOMiQu0f71FUZwh3mCXLkB0UK+l/y5PMiOdvN4
-----END CERTIFICATE-----