Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/mHT_VnWLG7HRAGcr4kTUuTbGlSI.roa
File:                     mHT_VnWLG7HRAGcr4kTUuTbGlSI.roa (raw, json)
Hash identifier:          8mgD7wNqR/QFdMIVPjgkOchZyb51FVf852PlIGZfRIA=
Subject key identifier:   98:74:FF:56:75:8B:1B:B1:D1:00:67:2B:E2:44:D4:B9:36:C6:95:22
Certificate issuer:       /CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
Certificate serial:       018CC3B67A7C1D8EC1015EAD220DDA6FC1BA
Authority key identifier: C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/mHT_VnWLG7HRAGcr4kTUuTbGlSI.roa
Signing time:             Mon 01 Jan 2024 06:29:25 +0000
ROA not before:           Mon 01 Jan 2024 06:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212271
IP address blocks:        2a05:4140::/29 maxlen: 48
                          2a05:4143::/32 maxlen: 48
                          2a05:4140:32::/48 maxlen: 48
                          2a11:e102::/32 maxlen: 32
                          2a05:4140:30::/48 maxlen: 48
                          2a05:4140:190::/48 maxlen: 48
                          2a05:4140:10::/48 maxlen: 48
                          2a05:4140:34::/48 maxlen: 48
                          2a05:4144::/32 maxlen: 32
                          2a05:4140:5::/48 maxlen: 48
                          2a05:4140:8::/48 maxlen: 48
                          2a05:4140:3::/48 maxlen: 48
                          2a05:4140:187::/48 maxlen: 48
                          2a05:4140:100::/40 maxlen: 48
                          2a05:4140:400::/40 maxlen: 48
                          2a05:4140:300::/40 maxlen: 40
                          2a05:4140:36::/48 maxlen: 48
                          2a05:4140:16::/48 maxlen: 48
                          2a05:4140:31::/48 maxlen: 48
                          2a05:4140:4::/48 maxlen: 48
                          2a05:4140:15::/48 maxlen: 48
                          2a05:4140:35::/48 maxlen: 64
                          2a05:4140:33::/48 maxlen: 48
                          2a05:4140:29::/48 maxlen: 48
                          2a05:4140:9::/48 maxlen: 48

Validation:               Failed, certificate revoked on Sun 07 Jan 2024 01:28:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:7a:7c:1d:8e:c1:01:5e:ad:22:0d:da:6f:c1:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
        Validity
            Not Before: Jan  1 06:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9874ff56758b1bb1d100672be244d4b936c69522
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:92:84:7b:3b:77:ab:14:ba:f0:e6:93:4f:48:
                    86:8d:51:2c:a7:0d:2a:4f:30:91:ba:49:b9:d0:7c:
                    94:bd:09:6b:27:4c:a9:87:d0:9e:e2:93:97:e5:d2:
                    06:37:32:8f:2e:16:25:c1:ec:32:01:22:fa:c4:10:
                    d6:03:fb:2b:10:15:4f:ca:b7:c3:64:df:29:38:d0:
                    7c:1e:50:9a:8b:d1:3a:4b:e8:82:f9:67:bb:7d:48:
                    32:2a:8d:37:90:90:f8:e5:23:7f:cf:b0:45:f1:88:
                    c5:c2:d5:c2:89:89:aa:48:9e:b8:2e:71:42:f1:ed:
                    d8:36:07:ca:8e:0a:1e:93:9e:0d:eb:97:a0:10:ba:
                    d6:72:d1:e8:cf:58:8d:88:74:66:b1:3d:92:ce:ac:
                    9f:37:62:22:d3:61:44:91:ee:97:96:0b:60:56:54:
                    06:39:8d:dc:95:be:ab:25:cb:a6:a6:00:08:6c:3d:
                    a5:42:7f:7b:5e:53:04:52:c6:85:f2:c6:eb:07:bf:
                    62:59:77:ff:20:eb:ad:2e:ab:a5:d5:39:e3:cd:bb:
                    c1:6c:70:91:70:1a:4a:aa:46:f5:9e:71:70:a3:86:
                    fc:88:f0:ba:1d:ea:9d:52:8d:51:1c:16:f5:a6:88:
                    4e:aa:51:f4:ba:6d:4e:cc:a9:b9:0e:3b:be:84:2e:
                    22:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:74:FF:56:75:8B:1B:B1:D1:00:67:2B:E2:44:D4:B9:36:C6:95:22
            X509v3 Authority Key Identifier:
                keyid:C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/mHT_VnWLG7HRAGcr4kTUuTbGlSI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:4140::/29
                  2a11:e102::/32

    Signature Algorithm: sha256WithRSAEncryption
         7d:a8:2a:72:07:52:b4:f7:c7:8e:3a:98:81:39:60:84:a6:11:
         2f:f9:6a:33:a8:a8:59:b3:2c:8c:5d:02:8c:80:ce:c6:ab:43:
         96:97:4a:96:3c:ae:41:b2:97:f9:4e:fa:04:7a:6c:83:5b:6d:
         2c:50:46:51:82:a3:e9:5f:7d:47:be:96:a8:f5:30:40:6c:7a:
         c8:04:85:b0:3d:7d:1a:84:4c:5e:09:e5:1a:31:1b:1f:46:1c:
         36:d6:c3:ef:2c:3d:0e:da:4e:49:5d:9d:da:60:b1:0d:93:5d:
         3a:b3:0d:7a:ac:7f:7b:b0:2f:f4:a3:87:ff:be:a4:3c:8a:bf:
         4b:4c:85:5b:e8:99:56:24:e8:f9:6c:d1:2d:80:0a:47:dc:c4:
         ab:e5:30:07:a3:d2:ea:ce:4d:24:72:cb:45:de:4d:03:f3:47:
         8f:a4:d9:89:ab:55:7b:94:76:f8:de:35:95:f4:0b:df:51:06:
         57:a7:b1:8e:38:b5:53:21:28:9d:b8:64:1e:b1:31:be:9e:bf:
         c8:22:c4:ac:f0:8f:be:93:1a:1d:e3:4a:e0:8b:3e:d3:1c:c0:
         b5:61:29:ed:90:d5:08:4f:7c:10:6a:db:a5:7e:0b:3a:d6:c2:
         f7:7f:ab:a7:eb:b5:be:ed:36:7a:03:26:7f:b6:55:0e:5b:5b:
         7f:3e:a7:df
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzDtnp8HY7BAV6tIg3ab8G6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NGM2MGFkZWIwY2Q1NzY4Y2Y3NTZmNTYyYjFiNWNjNWI5
YzE4MGEwHhcNMjQwMTAxMDYyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODc0ZmY1Njc1OGIxYmIxZDEwMDY3MmJlMjQ0ZDRiOTM2YzY5NTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjpKEezt3qxS68OaTT0iGjVEspw0q
TzCRukm50HyUvQlrJ0yph9Ce4pOX5dIGNzKPLhYlwewyASL6xBDWA/srEBVPyrfD
ZN8pONB8HlCai9E6S+iC+We7fUgyKo03kJD45SN/z7BF8YjFwtXCiYmqSJ64LnFC
8e3YNgfKjgoek54N65egELrWctHoz1iNiHRmsT2SzqyfN2Ii02FEke6XlgtgVlQG
OY3clb6rJcumpgAIbD2lQn97XlMEUsaF8sbrB79iWXf/IOutLqul1TnjzbvBbHCR
cBpKqkb1nnFwo4b8iPC6HeqdUo1RHBb1pohOqlH0um1OzKm5Dju+hC4i0QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFJh0/1Z1ixux0QBnK+JE1Lk2xpUiMB8GA1UdIwQY
MBaAFMdMYK3rDNV2jPdW9WKxtcxbnBgKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMt
ODg1ZTg0ZTc1MTJlLzEvbUhUX1ZuV0xHN0hSQUdjcjRrVFV1VGJHbFNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMtODg1ZTg0ZTc1MTJl
LzEveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKgVBQAMF
ACoR4QIwDQYJKoZIhvcNAQELBQADggEBAH2oKnIHUrT3x446mIE5YISmES/5ajOo
qFmzLIxdAoyAzsarQ5aXSpY8rkGyl/lO+gR6bINbbSxQRlGCo+lffUe+lqj1MEBs
esgEhbA9fRqETF4J5RoxGx9GHDbWw+8sPQ7aTkldndpgsQ2TXTqzDXqsf3uwL/Sj
h/++pDyKv0tMhVvomVYk6Pls0S2ACkfcxKvlMAej0urOTSRyy0XeTQPzR4+k2Ymr
VXuUdvjeNZX0C99RBlensY44tVMhKJ24ZB6xMb6ev8gixKzwj76TGh3jSuCLPtMc
wLVhKe2Q1QhPfBBq26V+CzrWwvd/q6frtb7tNnoDJn+2VQ5bW38+p98=
-----END CERTIFICATE-----