Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/7bc3ab-d9b6-4ae4-bcd1-ce57150695a9/1/YmycdIWiFu_p-Vw68c7AIAIjf4U.roa
File:                     YmycdIWiFu_p-Vw68c7AIAIjf4U.roa (raw, json)
Hash identifier:          TSD0dShO9gYkH8/HBFTRzIs5zgJ5bFjuNJlNCCPW9/A=
Subject key identifier:   62:6C:9C:74:85:A2:16:EF:E9:F9:5C:3A:F1:CE:C0:20:02:23:7F:85
Certificate issuer:       /CN=ec4fb061a9426e4fb2885d822867572a1b58a4c0
Certificate serial:       01870132020392BF6EAAEDEB8E043E6AFD53
Authority key identifier: EC:4F:B0:61:A9:42:6E:4F:B2:88:5D:82:28:67:57:2A:1B:58:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7E-wYalCbk-yiF2CKGdXKhtYpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/7bc3ab-d9b6-4ae4-bcd1-ce57150695a9/1/YmycdIWiFu_p-Vw68c7AIAIjf4U.roa
Signing time:             Mon 20 Mar 2023 22:44:27 +0000
ROA not before:           Mon 20 Mar 2023 22:44:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     62068
IP address blocks:        91.230.49.0/24 maxlen: 24
                          185.244.36.0/22 maxlen: 24
                          45.87.40.0/22 maxlen: 24
                          185.224.128.0/22 maxlen: 24
                          5.182.208.0/22 maxlen: 24
                          45.14.224.0/22 maxlen: 24
                          2a0d:2400::/29 maxlen: 39
                          2a0e:2000::/29 maxlen: 29
                          2a0d:2780::/29 maxlen: 32
                          2a0e:16c0::/29 maxlen: 29
                          2a0e:1740::/29 maxlen: 29
                          2a12:a8c0::/29 maxlen: 29

Validation:               Failed, certificate revoked on Wed 13 Dec 2023 21:38:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:01:32:02:03:92:bf:6e:aa:ed:eb:8e:04:3e:6a:fd:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec4fb061a9426e4fb2885d822867572a1b58a4c0
        Validity
            Not Before: Mar 20 22:44:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=626c9c7485a216efe9f95c3af1cec02002237f85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:1f:2f:97:d9:dd:f8:c1:37:3d:44:7d:03:06:
                    eb:44:f6:a9:4a:de:34:de:4c:0a:49:60:7c:2b:c9:
                    e0:b1:95:33:de:c8:7d:e1:32:5d:2c:37:25:94:64:
                    9f:3b:25:58:30:a2:ec:1f:c9:1a:8d:64:40:f1:63:
                    ab:07:2d:82:fa:48:52:5b:04:d1:a5:89:9c:1a:c8:
                    32:5d:65:9e:e6:e1:b8:58:7a:0d:fd:22:58:cc:6f:
                    72:2d:73:5a:f2:88:8a:b6:46:1a:7e:bb:3c:0d:e4:
                    f1:8d:c9:c7:04:5a:d3:da:38:e6:a6:d6:20:ba:e7:
                    e9:96:c9:c2:8e:68:76:c3:6e:db:98:d0:05:46:80:
                    2b:73:08:3f:b2:61:6b:83:10:06:e4:e7:96:ee:50:
                    9e:71:cd:0a:6b:c9:94:e0:8f:43:d2:15:bd:ab:bc:
                    b9:86:88:62:37:dd:c1:71:a5:12:27:0c:50:bf:2c:
                    9a:07:21:8e:ff:4f:39:a9:d0:1b:85:14:3d:4b:d9:
                    3e:35:81:8e:44:7b:15:dd:c4:71:5e:08:33:5f:f8:
                    04:92:73:5d:d0:f3:cb:7d:e2:98:b6:c1:92:8d:39:
                    b1:3e:fe:9d:b3:6f:86:5a:74:04:46:fb:93:1c:28:
                    cb:88:16:05:3c:28:b6:80:cb:83:4e:bc:82:3b:f5:
                    42:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:6C:9C:74:85:A2:16:EF:E9:F9:5C:3A:F1:CE:C0:20:02:23:7F:85
            X509v3 Authority Key Identifier:
                keyid:EC:4F:B0:61:A9:42:6E:4F:B2:88:5D:82:28:67:57:2A:1B:58:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7E-wYalCbk-yiF2CKGdXKhtYpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/7bc3ab-d9b6-4ae4-bcd1-ce57150695a9/1/YmycdIWiFu_p-Vw68c7AIAIjf4U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/7bc3ab-d9b6-4ae4-bcd1-ce57150695a9/1/7E-wYalCbk-yiF2CKGdXKhtYpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.208.0/22
                  45.14.224.0/22
                  45.87.40.0/22
                  91.230.49.0/24
                  185.224.128.0/22
                  185.244.36.0/22
                IPv6:
                  2a0d:2400::/29
                  2a0d:2780::/29
                  2a0e:16c0::/29
                  2a0e:1740::/29
                  2a0e:2000::/29
                  2a12:a8c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         8a:8d:6e:fd:76:fe:a1:20:c7:0e:d2:dd:d6:0c:c2:e6:93:0c:
         ca:ae:ee:e8:ab:f1:4e:3a:3e:c8:a5:c6:1c:60:a7:b5:0b:6b:
         9c:c0:d8:a0:f1:d5:62:80:b2:a1:7a:ba:0c:b0:bf:09:b5:6f:
         b6:89:ae:4c:ff:1b:66:cc:5c:0e:88:dd:5d:41:d5:aa:92:94:
         f2:a5:10:ad:96:2e:00:4e:6b:a1:c0:f3:4e:39:5d:79:27:64:
         d8:81:79:5d:27:39:a9:59:54:d5:57:7f:8a:58:30:c6:ef:30:
         cf:4e:94:c7:2d:80:95:a6:76:3f:c4:27:9b:1b:f2:42:36:ee:
         db:5e:25:da:a3:c3:53:f1:8f:e2:d8:27:69:1c:41:35:8c:e3:
         08:0f:1c:4e:e5:c1:ae:7a:24:a9:10:a2:71:f1:d7:91:11:9f:
         62:4f:8e:a6:75:03:26:9e:36:c1:54:b4:8f:ae:0e:43:dc:88:
         f7:e5:6b:64:ab:9a:69:1d:e2:66:53:f9:d6:8f:85:20:1c:08:
         63:20:b0:91:56:43:81:18:3d:57:45:79:9e:8a:02:28:e2:19:
         a1:c6:bf:3e:c9:8c:c8:f0:5b:f1:73:76:4f:f7:47:b0:29:1a:
         b9:be:63:51:25:d4:b4:11:96:d2:d9:fa:2d:a2:b8:95:fe:36:
         46:34:ed:66
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAYcBMgIDkr9uqu3rjgQ+av1TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjNGZiMDYxYTk0MjZlNGZiMjg4NWQ4MjI4Njc1NzJhMWI1
OGE0YzAwHhcNMjMwMzIwMjI0NDI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjZjOWM3NDg1YTIxNmVmZTlmOTVjM2FmMWNlYzAyMDAyMjM3Zjg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAox8vl9nd+ME3PUR9AwbrRPapSt40
3kwKSWB8K8ngsZUz3sh94TJdLDcllGSfOyVYMKLsH8kajWRA8WOrBy2C+khSWwTR
pYmcGsgyXWWe5uG4WHoN/SJYzG9yLXNa8oiKtkYafrs8DeTxjcnHBFrT2jjmptYg
uufplsnCjmh2w27bmNAFRoArcwg/smFrgxAG5OeW7lCecc0Ka8mU4I9D0hW9q7y5
hohiN93BcaUSJwxQvyyaByGO/085qdAbhRQ9S9k+NYGORHsV3cRxXggzX/gEknNd
0PPLfeKYtsGSjTmxPv6ds2+GWnQERvuTHCjLiBYFPCi2gMuDTryCO/VChwIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFGJsnHSFohbv6flcOvHOwCACI3+FMB8GA1UdIwQY
MBaAFOxPsGGpQm5PsohdgihnVyobWKTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0Utd1lhbENiay15aUYyQ0tHZFhLaHRZcE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi83YmMzYWItZDliNi00YWU0LWJjZDEt
Y2U1NzE1MDY5NWE5LzEvWW15Y2RJV2lGdV9wLVZ3NjhjN0FJQUlqZjRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi83YmMzYWItZDliNi00YWU0LWJjZDEtY2U1NzE1MDY5NWE5
LzEvN0Utd1lhbENiay15aUYyQ0tHZFhLaHRZcE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjAqBAIAATAkAwQCBbbQAwQC
LQ7gAwQCLVcoAwQAW+YxAwQCueCAAwQCufQkMDAEAgACMCoDBQMqDSQAAwUDKg0n
gAMFAyoOFsADBQMqDhdAAwUDKg4gAAMFAyoSqMAwDQYJKoZIhvcNAQELBQADggEB
AIqNbv12/qEgxw7S3dYMwuaTDMqu7uir8U46Psilxhxgp7ULa5zA2KDx1WKAsqF6
ugywvwm1b7aJrkz/G2bMXA6I3V1B1aqSlPKlEK2WLgBOa6HA8045XXknZNiBeV0n
OalZVNVXf4pYMMbvMM9OlMctgJWmdj/EJ5sb8kI27tteJdqjw1Pxj+LYJ2kcQTWM
4wgPHE7lwa56JKkQonHx15ERn2JPjqZ1AyaeNsFUtI+uDkPciPfla2Srmmkd4mZT
+daPhSAcCGMgsJFWQ4EYPVdFeZ6KAijiGaHGvz7JjMjwW/Fzdk/3R7ApGrm+Y1El
1LQRltLZ+i2iuJX+NkY07WY=
-----END CERTIFICATE-----