Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/pXEWKp7gjOVfbKtvMmGbl_HcoTo.roa
File:                     pXEWKp7gjOVfbKtvMmGbl_HcoTo.roa (raw, json)
Hash identifier:          LhYVIvMQGcfzyuQbnQ70+zDsgPixziRHmRu6hAopfVM=
Subject key identifier:   A5:71:16:2A:9E:E0:8C:E5:5F:6C:AB:6F:32:61:9B:97:F1:DC:A1:3A
Certificate issuer:       /CN=4456c14cd8724f9a909627b94e006cf69d12307b
Certificate serial:       0188AF8935A76811813D7A796F004DB85D35
Authority key identifier: 44:56:C1:4C:D8:72:4F:9A:90:96:27:B9:4E:00:6C:F6:9D:12:30:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/pXEWKp7gjOVfbKtvMmGbl_HcoTo.roa
Signing time:             Mon 12 Jun 2023 12:16:24 +0000
ROA not before:           Mon 12 Jun 2023 12:16:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     44654
IP address blocks:        185.36.124.0/22 maxlen: 24
                          185.36.124.0/24 maxlen: 24
                          185.36.124.0/23 maxlen: 23
                          185.36.125.0/24 maxlen: 24
                          109.205.8.0/21 maxlen: 24
                          37.252.215.0/24 maxlen: 24
                          37.252.211.0/24 maxlen: 24
                          37.252.210.0/23 maxlen: 23
                          37.252.210.0/24 maxlen: 24
                          37.252.209.0/24 maxlen: 24
                          37.252.208.0/24 maxlen: 24
                          37.252.208.0/23 maxlen: 23
                          37.252.213.0/24 maxlen: 24
                          37.252.212.0/24 maxlen: 24
                          37.252.212.0/23 maxlen: 23
                          93.93.96.0/21 maxlen: 24
                          2a02:d8:8::/48 maxlen: 48
                          2a02:d8:9::/48 maxlen: 48
                          2a02:d8:a::/48 maxlen: 48
                          2a02:d8::/32 maxlen: 48

Validation:               Failed, certificate revoked on Wed 13 Sep 2023 09:39:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:af:89:35:a7:68:11:81:3d:7a:79:6f:00:4d:b8:5d:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4456c14cd8724f9a909627b94e006cf69d12307b
        Validity
            Not Before: Jun 12 12:16:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a571162a9ee08ce55f6cab6f32619b97f1dca13a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:2c:a0:5f:33:07:cf:b9:24:3b:dc:62:e9:f3:
                    db:47:f7:d7:92:4d:b2:e5:6a:33:cb:7d:0e:92:ec:
                    96:7f:9b:3e:aa:f0:53:6d:de:10:8d:a8:6c:1f:71:
                    97:b4:a8:e8:0b:20:99:c5:bc:53:c2:66:2f:2c:bc:
                    f7:03:65:8a:82:57:b8:9e:64:6e:ee:8c:cb:8d:b1:
                    07:3e:4a:5d:78:2b:f9:f5:b0:88:e0:2d:22:ee:04:
                    6e:a8:4a:33:8d:76:43:db:62:a7:0b:4c:a0:0f:76:
                    24:aa:01:0d:34:a6:26:3e:78:83:dc:59:4b:6c:79:
                    6a:97:29:3b:32:cd:53:99:ee:66:48:ce:c2:9e:58:
                    9a:f0:01:cf:da:3f:c4:b7:f9:b2:d4:81:82:2c:9d:
                    fd:2b:91:06:fa:4e:4e:b6:48:dc:f0:a5:cf:39:f5:
                    20:e1:f0:a3:de:b3:34:a1:7e:59:8a:8a:5f:a1:97:
                    81:49:11:60:72:1b:5f:de:ae:db:4a:2f:ac:99:ce:
                    fc:fc:83:60:d1:b8:35:64:41:94:f6:30:4b:b3:14:
                    04:e9:80:72:a0:49:a6:28:08:9a:22:b9:55:32:21:
                    32:94:7d:ef:3a:6c:ab:c5:9a:6a:e7:d9:e4:fa:de:
                    dd:d6:a4:d6:88:43:91:42:76:c7:58:d0:89:02:cd:
                    eb:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:71:16:2A:9E:E0:8C:E5:5F:6C:AB:6F:32:61:9B:97:F1:DC:A1:3A
            X509v3 Authority Key Identifier:
                keyid:44:56:C1:4C:D8:72:4F:9A:90:96:27:B9:4E:00:6C:F6:9D:12:30:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/pXEWKp7gjOVfbKtvMmGbl_HcoTo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.252.208.0-37.252.213.255
                  37.252.215.0/24
                  93.93.96.0/21
                  109.205.8.0/21
                  185.36.124.0/22
                IPv6:
                  2a02:d8::/32

    Signature Algorithm: sha256WithRSAEncryption
         14:18:e6:af:37:90:d9:f6:64:da:d4:81:67:ac:ad:41:d1:38:
         0e:3e:9f:54:02:55:c0:b9:71:50:21:43:df:4d:1d:ca:56:71:
         fb:a6:53:1d:ef:5b:05:08:27:ab:c7:83:bd:78:05:21:bd:7d:
         a3:63:fb:c8:5f:c0:73:00:c1:0c:03:71:ce:ab:9a:db:14:48:
         46:e7:64:ae:6e:e3:be:cb:d6:ad:6b:5e:6d:2b:e9:09:69:2e:
         75:d5:29:61:4e:96:78:28:17:50:67:5b:f8:c2:2a:e6:3f:6c:
         a7:c6:41:fa:ed:dd:44:bc:ef:b9:d0:4a:f1:cc:0b:f1:6f:b3:
         05:df:a3:30:bd:ef:cc:7e:de:31:da:06:0e:b0:a7:c7:f1:80:
         2f:4e:86:d4:9a:a3:f9:e8:d1:24:3f:58:ba:33:66:bf:1f:1f:
         2b:ce:96:32:ce:18:98:52:ba:fd:d8:99:5c:7f:1c:b6:98:9d:
         48:10:a8:56:9a:1b:38:1d:f8:fc:b1:25:19:6b:d2:ad:c9:2f:
         57:2a:62:c0:f4:5b:79:09:cd:06:f9:41:43:79:ea:37:84:1c:
         a4:cf:37:6d:a1:12:cc:b5:49:b1:05:7b:42:a4:29:a6:ec:40:
         1b:9c:d5:7e:9f:98:52:85:54:f4:f0:e5:5c:84:7d:d7:16:8a:
         8f:96:60:a3
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgISAYiviTWnaBGBPXp5bwBNuF01MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTZjMTRjZDg3MjRmOWE5MDk2MjdiOTRlMDA2Y2Y2OWQx
MjMwN2IwHhcNMjMwNjEyMTIxNjI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTcxMTYyYTllZTA4Y2U1NWY2Y2FiNmYzMjYxOWI5N2YxZGNhMTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3iygXzMHz7kkO9xi6fPbR/fXkk2y
5Wozy30OkuyWf5s+qvBTbd4QjahsH3GXtKjoCyCZxbxTwmYvLLz3A2WKgle4nmRu
7ozLjbEHPkpdeCv59bCI4C0i7gRuqEozjXZD22KnC0ygD3YkqgENNKYmPniD3FlL
bHlqlyk7Ms1Tme5mSM7Cnlia8AHP2j/Et/my1IGCLJ39K5EG+k5Otkjc8KXPOfUg
4fCj3rM0oX5ZiopfoZeBSRFgchtf3q7bSi+smc78/INg0bg1ZEGU9jBLsxQE6YBy
oEmmKAiaIrlVMiEylH3vOmyrxZpq59nk+t7d1qTWiEORQnbHWNCJAs3r+wIDAQAB
o4ICODCCAjQwHQYDVR0OBBYEFKVxFiqe4IzlX2yrbzJhm5fx3KE6MB8GA1UdIwQY
MBaAFERWwUzYck+akJYnuU4AbPadEjB7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZiQlROaHlUNXFRbGllNVRnQnM5cDBTTUhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS81ZWNmYzItZGE3MC00MzMzLThmOTYt
NWI4NzgyNWMwN2VlLzEvcFhFV0twN2dqT1ZmYkt0dk1tR2JsX0hjb1RvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS81ZWNmYzItZGE3MC00MzMzLThmOTYtNWI4NzgyNWMwN2Vl
LzEvUkZiQlROaHlUNXFRbGllNVRnQnM5cDBTTUhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME4GCCsGAQUFBwEHAQH/BD8wPTAsBAIAATAmMAwDBAQl/NAD
BAEl/NQDBAAl/NcDBANdXWADBANtzQgDBAK5JHwwDQQCAAIwBwMFACoCANgwDQYJ
KoZIhvcNAQELBQADggEBABQY5q83kNn2ZNrUgWesrUHROA4+n1QCVcC5cVAhQ99N
HcpWcfumUx3vWwUIJ6vHg714BSG9faNj+8hfwHMAwQwDcc6rmtsUSEbnZK5u477L
1q1rXm0r6QlpLnXVKWFOlngoF1BnW/jCKuY/bKfGQfrt3US877nQSvHMC/FvswXf
ozC978x+3jHaBg6wp8fxgC9OhtSao/no0SQ/WLozZr8fHyvOljLOGJhSuv3YmVx/
HLaYnUgQqFaaGzgd+PyxJRlr0q3JL1cqYsD0W3kJzQb5QUN56jeEHKTPN22hEsy1
SbEFe0KkKabsQBuc1X6fmFKFVPTw5VyEfdcWio+WYKM=
-----END CERTIFICATE-----