Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/1809da-1c6f-44db-aa28-ba4fc234683e/1/_AkeatSnzBpn_QdxWuwkrqrP9n0.roa
File:                     _AkeatSnzBpn_QdxWuwkrqrP9n0.roa (raw, json)
Hash identifier:          HgIteOgF7RpaJpwGfQdV13Q2G60JQLPi+1jZ7OFGmfU=
Subject key identifier:   FC:09:1E:6A:D4:A7:CC:1A:67:FD:07:71:5A:EC:24:AE:AA:CF:F6:7D
Certificate issuer:       /CN=76670236cd0e038684a33194bde7d4b95adc66f7
Certificate serial:       018B2A71142220F11CCF4EBECB80135148B0
Authority key identifier: 76:67:02:36:CD:0E:03:86:84:A3:31:94:BD:E7:D4:B9:5A:DC:66:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dmcCNs0OA4aEozGUvefUuVrcZvc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/1809da-1c6f-44db-aa28-ba4fc234683e/1/_AkeatSnzBpn_QdxWuwkrqrP9n0.roa
Signing time:             Fri 13 Oct 2023 19:08:55 +0000
ROA not before:           Fri 13 Oct 2023 19:08:55 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207713
IP address blocks:        2a05:541:125::/48 maxlen: 48
                          2a05:541:121::/48 maxlen: 48
                          2a05:541:131::/48 maxlen: 48
                          2a05:541:126::/48 maxlen: 48
                          2a05:541:127::/48 maxlen: 48
                          2a05:541:132::/48 maxlen: 48
                          2a05:541:122::/48 maxlen: 48
                          2a05:541:123::/48 maxlen: 48
                          2a05:541:133::/48 maxlen: 48
                          2a05:541:119::/48 maxlen: 48
                          2a05:541:109::/48 maxlen: 48
                          2a05:541:129::/48 maxlen: 48
                          2a05:541:114::/48 maxlen: 48

Validation:               Failed, certificate revoked on Sun 05 Nov 2023 16:57:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:2a:71:14:22:20:f1:1c:cf:4e:be:cb:80:13:51:48:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76670236cd0e038684a33194bde7d4b95adc66f7
        Validity
            Not Before: Oct 13 19:08:55 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=fc091e6ad4a7cc1a67fd07715aec24aeaacff67d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:dd:73:5e:43:48:99:b3:fa:ef:7f:63:a1:b7:
                    94:a3:ef:fc:2f:c7:d8:3a:d4:cb:75:70:66:34:d9:
                    37:7b:17:af:b2:e5:a9:8d:ab:94:d9:b6:53:14:33:
                    8f:4b:08:4b:49:d3:1c:ce:11:71:39:0a:84:83:ff:
                    1c:a2:e6:d9:ce:18:f4:18:c1:5c:23:51:ea:77:d5:
                    70:fe:3b:79:61:e1:5c:82:30:0b:8d:d8:11:3a:f8:
                    0d:23:a7:e5:fb:03:6d:94:bd:5b:39:e5:31:6c:7e:
                    5c:ff:11:4b:71:b2:1c:51:16:df:02:93:f7:41:ad:
                    ea:ba:da:d5:32:86:e1:38:33:7e:23:4e:de:01:89:
                    57:bd:14:35:71:e0:f0:ae:cc:38:17:15:3f:6f:10:
                    e2:6b:e9:b7:77:1e:3c:29:fb:9e:82:20:e7:38:4b:
                    90:66:39:ed:d9:26:74:38:36:59:50:24:b9:b8:8b:
                    96:37:37:91:83:e3:94:36:ea:5c:ff:f3:a7:63:28:
                    45:17:8a:57:b7:4b:cf:c1:d6:ca:11:21:84:2c:1d:
                    62:61:ba:21:14:0a:cb:7b:7f:67:f7:c4:da:b2:f0:
                    27:64:63:28:73:cf:64:e8:96:4f:9d:1e:6e:73:0c:
                    78:db:22:34:c6:4b:26:b8:fa:34:9e:54:04:ab:09:
                    88:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:09:1E:6A:D4:A7:CC:1A:67:FD:07:71:5A:EC:24:AE:AA:CF:F6:7D
            X509v3 Authority Key Identifier:
                keyid:76:67:02:36:CD:0E:03:86:84:A3:31:94:BD:E7:D4:B9:5A:DC:66:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dmcCNs0OA4aEozGUvefUuVrcZvc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/1809da-1c6f-44db-aa28-ba4fc234683e/1/_AkeatSnzBpn_QdxWuwkrqrP9n0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/1809da-1c6f-44db-aa28-ba4fc234683e/1/dmcCNs0OA4aEozGUvefUuVrcZvc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:541:109::/48
                  2a05:541:114::/48
                  2a05:541:119::/48
                  2a05:541:121::-2a05:541:123:ffff:ffff:ffff:ffff:ffff
                  2a05:541:125::-2a05:541:127:ffff:ffff:ffff:ffff:ffff
                  2a05:541:129::/48
                  2a05:541:131::-2a05:541:133:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         4a:d1:09:9e:2d:98:6c:1d:9a:fe:43:58:1b:14:70:4a:bc:5b:
         fe:b6:66:41:0a:0e:c2:82:ec:16:b4:7b:c3:81:c9:f8:97:58:
         3f:67:63:70:94:c1:8a:4c:b7:1f:c2:10:4c:57:e5:3f:86:db:
         47:85:ba:38:10:e7:fa:18:0d:f2:89:ad:02:69:60:b5:91:ca:
         4a:e6:37:45:20:7a:2f:6a:a2:66:41:8d:46:99:f5:88:11:c7:
         f7:e2:85:ac:0f:10:d9:e9:15:37:33:8e:bb:34:55:ea:5f:cd:
         74:3d:a3:33:ea:0a:e3:b0:1d:a8:a3:f3:07:c4:89:af:b7:6e:
         c4:db:b4:27:5f:66:33:41:32:96:49:d9:8a:8e:04:aa:d0:30:
         6b:40:cc:4b:aa:57:d4:2e:89:1d:cb:17:e9:54:f4:16:9b:85:
         fa:61:b8:66:91:8a:22:71:fb:28:ca:0b:30:14:39:ea:47:7b:
         c9:b6:63:50:57:64:12:76:df:09:2d:58:9d:15:58:a9:61:38:
         42:aa:34:51:7b:e4:77:b7:ae:ad:80:80:d3:d7:bc:2a:91:2f:
         10:bb:27:ff:ed:23:df:f7:4c:1e:03:2c:fb:86:f5:9c:ec:f1:
         21:6b:62:af:f0:78:a8:e9:91:11:ba:09:7f:20:4a:52:fa:0f:
         7c:e5:97:a8
-----BEGIN CERTIFICATE-----
MIIFVzCCBD+gAwIBAgISAYsqcRQiIPEcz06+y4ATUUiwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2NjcwMjM2Y2QwZTAzODY4NGEzMzE5NGJkZTdkNGI5NWFk
YzY2ZjcwHhcNMjMxMDEzMTkwODU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzA5MWU2YWQ0YTdjYzFhNjdmZDA3NzE1YWVjMjRhZWFhY2ZmNjdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtd1zXkNImbP6739jobeUo+/8L8fY
OtTLdXBmNNk3exevsuWpjauU2bZTFDOPSwhLSdMczhFxOQqEg/8coubZzhj0GMFc
I1Hqd9Vw/jt5YeFcgjALjdgROvgNI6fl+wNtlL1bOeUxbH5c/xFLcbIcURbfApP3
Qa3qutrVMobhODN+I07eAYlXvRQ1ceDwrsw4FxU/bxDia+m3dx48KfuegiDnOEuQ
Zjnt2SZ0ODZZUCS5uIuWNzeRg+OUNupc//OnYyhFF4pXt0vPwdbKESGELB1iYboh
FArLe39n98TasvAnZGMoc89k6JZPnR5ucwx42yI0xksmuPo0nlQEqwmIoQIDAQAB
o4ICYzCCAl8wHQYDVR0OBBYEFPwJHmrUp8waZ/0HcVrsJK6qz/Z9MB8GA1UdIwQY
MBaAFHZnAjbNDgOGhKMxlL3n1Lla3Gb3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZG1jQ05zME9BNGFFb3pHVXZlZlV1VnJjWnZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi8xODA5ZGEtMWM2Zi00NGRiLWFhMjgt
YmE0ZmMyMzQ2ODNlLzEvX0FrZWF0U256QnBuX1FkeFd1d2tycXJQOW4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi8xODA5ZGEtMWM2Zi00NGRiLWFhMjgtYmE0ZmMyMzQ2ODNl
LzEvZG1jQ05zME9BNGFFb3pHVXZlZlV1VnJjWnZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHkGCCsGAQUFBwEHAQH/BGowaDBmBAIAAjBgAwcAKgUFQQEJ
AwcAKgUFQQEUAwcAKgUFQQEZMBIDBwAqBQVBASEDBwIqBQVBASAwEgMHACoFBUEB
JQMHAyoFBUEBIAMHACoFBUEBKTASAwcAKgUFQQExAwcCKgUFQQEwMA0GCSqGSIb3
DQEBCwUAA4IBAQBK0QmeLZhsHZr+Q1gbFHBKvFv+tmZBCg7CguwWtHvDgcn4l1g/
Z2NwlMGKTLcfwhBMV+U/httHhbo4EOf6GA3yia0CaWC1kcpK5jdFIHovaqJmQY1G
mfWIEcf34oWsDxDZ6RU3M467NFXqX810PaMz6grjsB2oo/MHxImvt27E27QnX2Yz
QTKWSdmKjgSq0DBrQMxLqlfULokdyxfpVPQWm4X6YbhmkYoicfsoygswFDnqR3vJ
tmNQV2QSdt8JLVidFVipYThCqjRRe+R3t66tgIDT17wqkS8Quyf/7SPf90weAyz7
hvWc7PEha2Kv8Hio6ZERugl/IEpS+g985Zeo
-----END CERTIFICATE-----