Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/262a4b-c701-48dc-9ae5-346368827e68/1/KTPzdqKNeEVCBx_VRq6wCeG-GwA.roa
File:                     KTPzdqKNeEVCBx_VRq6wCeG-GwA.roa (raw, json)
Hash identifier:          gfxVDEVNREnwlYWB6z8kA0XaYwZcFx7pdqeEMKI9oU8=
Subject key identifier:   29:33:F3:76:A2:8D:78:45:42:07:1F:D5:46:AE:B0:09:E1:BE:1B:00
Certificate issuer:       /CN=622ecc6cc5903aea0db61200f4ccd4f824cdd54f
Certificate serial:       018ADB7AB7E30FB222D058B7526E65D41CCB
Authority key identifier: 62:2E:CC:6C:C5:90:3A:EA:0D:B6:12:00:F4:CC:D4:F8:24:CD:D5:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yi7MbMWQOuoNthIA9MzU-CTN1U8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/262a4b-c701-48dc-9ae5-346368827e68/1/KTPzdqKNeEVCBx_VRq6wCeG-GwA.roa
Signing time:             Thu 28 Sep 2023 11:09:27 +0000
ROA not before:           Thu 28 Sep 2023 11:09:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     137502
IP address blocks:        213.248.219.0/24 maxlen: 24
                          213.248.218.0/24 maxlen: 24
                          213.248.217.0/24 maxlen: 24
                          213.248.216.0/24 maxlen: 24
                          213.248.223.0/24 maxlen: 24
                          213.248.222.0/24 maxlen: 24
                          213.248.221.0/24 maxlen: 24
                          213.248.220.0/24 maxlen: 24
                          213.248.254.0/24 maxlen: 24
                          213.248.255.0/24 maxlen: 24
                          2a01:618:405::/48 maxlen: 48
                          2a01:618:400::/48 maxlen: 48
                          2a01:618:403::/48 maxlen: 48
                          2a01:618:404::/48 maxlen: 48
                          2a01:618:407::/48 maxlen: 48
                          2a01:618:402::/48 maxlen: 48
                          2a01:618:406::/48 maxlen: 48
                          2a01:618:401::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 14:34:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:db:7a:b7:e3:0f:b2:22:d0:58:b7:52:6e:65:d4:1c:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=622ecc6cc5903aea0db61200f4ccd4f824cdd54f
        Validity
            Not Before: Sep 28 11:09:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2933f376a28d784542071fd546aeb009e1be1b00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:89:f2:42:b4:7d:4c:24:a9:c8:ef:6b:7f:dd:
                    c7:c7:b5:45:a1:12:fd:f8:45:06:6b:0c:e9:df:96:
                    5c:ed:72:80:82:52:cd:95:ae:ac:e6:bf:da:08:6f:
                    4b:1f:42:cc:cc:08:65:7e:e5:ee:e0:16:44:b4:48:
                    33:d9:60:ba:f2:d1:c8:3d:8b:ab:6d:89:e6:e5:85:
                    5e:7b:1a:77:c2:bc:26:a6:bd:96:f9:da:1e:e8:20:
                    0b:57:d6:e4:2a:6e:bc:e6:bc:f9:63:95:ac:6f:10:
                    cd:78:a5:b3:5f:3d:70:e3:da:25:ff:4f:dc:5a:71:
                    56:a4:e2:d1:04:4e:1b:5a:1a:01:3a:b6:99:8f:03:
                    a1:08:1d:29:ac:03:10:a5:0d:d4:50:04:92:d5:18:
                    af:4e:bd:c4:af:70:b1:a3:37:90:9e:69:70:bf:be:
                    4a:e4:ba:b8:8d:13:45:b1:23:c2:16:3d:fb:29:a5:
                    ab:b9:66:dd:0a:0f:93:b7:e4:d4:06:36:e4:9e:4c:
                    b5:77:d6:b4:f5:56:d0:57:1c:57:76:ac:59:46:55:
                    79:2f:15:6b:9d:e9:3a:db:75:ca:d5:d2:a9:40:38:
                    76:50:65:c9:d5:e1:76:23:1d:97:e2:c6:60:37:20:
                    f8:25:d8:50:43:66:8a:c4:c3:38:5d:78:95:c2:fb:
                    0d:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:33:F3:76:A2:8D:78:45:42:07:1F:D5:46:AE:B0:09:E1:BE:1B:00
            X509v3 Authority Key Identifier:
                keyid:62:2E:CC:6C:C5:90:3A:EA:0D:B6:12:00:F4:CC:D4:F8:24:CD:D5:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yi7MbMWQOuoNthIA9MzU-CTN1U8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/262a4b-c701-48dc-9ae5-346368827e68/1/KTPzdqKNeEVCBx_VRq6wCeG-GwA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/262a4b-c701-48dc-9ae5-346368827e68/1/Yi7MbMWQOuoNthIA9MzU-CTN1U8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.248.216.0/21
                  213.248.254.0/23
                IPv6:
                  2a01:618:400::/45

    Signature Algorithm: sha256WithRSAEncryption
         a6:38:e5:dd:eb:17:84:99:28:4f:f4:67:1a:20:fc:81:8b:62:
         5c:57:d9:03:5e:18:d5:7b:52:df:3a:b4:b7:ee:d2:7e:f7:9c:
         d1:02:b8:b5:93:da:29:b8:5a:e0:b9:b7:71:e5:b9:ca:36:de:
         cb:83:7c:cc:a3:90:b6:4d:fb:f4:ee:50:da:ff:ee:40:00:69:
         e8:66:98:72:48:e9:fb:04:6f:8a:e6:91:f2:94:54:9d:af:51:
         5b:b3:a7:f8:32:f6:7a:10:3a:c1:51:fa:12:37:5f:cb:3b:8d:
         33:02:c8:87:25:d1:2d:86:41:e7:de:83:3c:66:29:5a:2f:b3:
         ce:c0:98:69:06:19:10:8a:84:0b:9e:fb:d7:80:01:f4:3b:e2:
         ef:e4:31:61:32:90:c1:1a:26:da:7e:7a:fb:20:c1:b6:49:df:
         cd:82:e9:35:ed:da:5e:55:1d:68:5a:60:85:72:e4:1f:9a:52:
         17:2e:35:34:c6:24:3d:65:40:e2:c0:45:8e:39:db:8b:21:20:
         11:f7:46:09:17:21:41:39:e7:ca:fb:60:ed:62:f2:26:e9:c4:
         26:7d:35:9e:b0:ca:32:2e:2c:7a:06:3d:58:75:ba:b9:b5:aa:
         02:7b:36:74:47:75:6a:ec:45:ea:bc:aa:2d:a6:0c:45:dc:7a:
         6c:e4:69:7d
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYrberfjD7Ii0Fi3Um5l1BzLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMmVjYzZjYzU5MDNhZWEwZGI2MTIwMGY0Y2NkNGY4MjRj
ZGQ1NGYwHhcNMjMwOTI4MTEwOTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTMzZjM3NmEyOGQ3ODQ1NDIwNzFmZDU0NmFlYjAwOWUxYmUxYjAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqYnyQrR9TCSpyO9rf93Hx7VFoRL9
+EUGawzp35Zc7XKAglLNla6s5r/aCG9LH0LMzAhlfuXu4BZEtEgz2WC68tHIPYur
bYnm5YVeexp3wrwmpr2W+doe6CALV9bkKm685rz5Y5WsbxDNeKWzXz1w49ol/0/c
WnFWpOLRBE4bWhoBOraZjwOhCB0prAMQpQ3UUASS1RivTr3Er3CxozeQnmlwv75K
5Lq4jRNFsSPCFj37KaWruWbdCg+Tt+TUBjbknky1d9a09VbQVxxXdqxZRlV5LxVr
nek623XK1dKpQDh2UGXJ1eF2Ix2X4sZgNyD4JdhQQ2aKxMM4XXiVwvsNZwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFCkz83aijXhFQgcf1UausAnhvhsAMB8GA1UdIwQY
MBaAFGIuzGzFkDrqDbYSAPTM1PgkzdVPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWk3TWJNV1FPdW9OdGhJQTlNelUtQ1ROMVU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy8yNjJhNGItYzcwMS00OGRjLTlhZTUt
MzQ2MzY4ODI3ZTY4LzEvS1RQemRxS05lRVZDQnhfVlJxNndDZUctR3dBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy8yNjJhNGItYzcwMS00OGRjLTlhZTUtMzQ2MzY4ODI3ZTY4
LzEvWWk3TWJNV1FPdW9OdGhJQTlNelUtQ1ROMVU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQD1fjYAwQB
1fj+MA8EAgACMAkDBwMqAQYYBAAwDQYJKoZIhvcNAQELBQADggEBAKY45d3rF4SZ
KE/0Zxog/IGLYlxX2QNeGNV7Ut86tLfu0n73nNECuLWT2im4WuC5t3Hluco23suD
fMyjkLZN+/TuUNr/7kAAaehmmHJI6fsEb4rmkfKUVJ2vUVuzp/gy9noQOsFR+hI3
X8s7jTMCyIcl0S2GQefegzxmKVovs87AmGkGGRCKhAue+9eAAfQ74u/kMWEykMEa
Jtp+evsgwbZJ382C6TXt2l5VHWhaYIVy5B+aUhcuNTTGJD1lQOLARY4524shIBH3
RgkXIUE558r7YO1i8ibpxCZ9NZ6wyjIuLHoGPVh1urm1qgJ7NnRHdWrsReq8qi2m
DEXcemzkaX0=
-----END CERTIFICATE-----