Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/66b74c-81c1-410e-957d-a8d65dccb96b/1/SSbJ2xh9L2EC_yMiAsw-yX917W0.roa
File:                     SSbJ2xh9L2EC_yMiAsw-yX917W0.roa (raw, json)
Hash identifier:          RUEAASwHnw9TURP6XMmZRbdx11EkG+2jNODiBSiNSKQ=
Subject key identifier:   49:26:C9:DB:18:7D:2F:61:02:FF:23:22:02:CC:3E:C9:7F:75:ED:6D
Certificate issuer:       /CN=72e4baf99ab840129133285fe9ad7b83fd130c39
Certificate serial:       01856CE612FAA1A6B18FA02861FA91E07A1E
Authority key identifier: 72:E4:BA:F9:9A:B8:40:12:91:33:28:5F:E9:AD:7B:83:FD:13:0C:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cuS6-Zq4QBKRMyhf6a17g_0TDDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/66b74c-81c1-410e-957d-a8d65dccb96b/1/SSbJ2xh9L2EC_yMiAsw-yX917W0.roa
Signing time:             Sun 01 Jan 2023 10:34:55 +0000
ROA not before:           Sun 01 Jan 2023 10:34:55 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     44307
IP address blocks:        45.93.76.0/22 maxlen: 24
                          45.86.252.0/22 maxlen: 24
                          45.142.148.0/22 maxlen: 24
                          45.135.20.0/22 maxlen: 24
                          45.95.60.0/22 maxlen: 24
                          45.148.180.0/22 maxlen: 24
                          45.84.180.0/22 maxlen: 24
                          45.87.71.0/24 maxlen: 24
                          45.138.60.0/22 maxlen: 24
                          45.15.76.0/22 maxlen: 24
                          45.129.112.0/22 maxlen: 24
                          45.81.216.0/22 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 14:30:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:e6:12:fa:a1:a6:b1:8f:a0:28:61:fa:91:e0:7a:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72e4baf99ab840129133285fe9ad7b83fd130c39
        Validity
            Not Before: Jan  1 10:34:55 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4926c9db187d2f6102ff232202cc3ec97f75ed6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:e1:87:b4:d1:b6:9a:65:5c:a1:d7:8d:6c:ea:
                    2b:0d:2f:9f:a7:bc:25:8a:60:c7:be:ef:7a:e3:fe:
                    f3:24:9b:94:23:22:3a:69:4b:d3:00:fd:d5:18:b1:
                    d6:c8:e5:40:19:71:50:49:d2:5e:31:18:9e:76:7f:
                    5b:0e:4f:07:71:30:da:6a:49:5e:d9:6b:39:7a:c1:
                    ba:af:57:4b:f3:4e:3c:3f:50:3d:e9:41:2f:f1:49:
                    eb:dd:08:7f:dd:c1:9c:ee:f5:a5:89:37:a4:31:f0:
                    5f:e9:60:fb:95:bd:8b:8a:b9:2c:c1:b7:4f:ab:30:
                    9e:a9:87:e5:f4:ba:4f:ab:72:39:ac:46:52:e9:c1:
                    59:8e:26:a3:86:2c:d5:72:72:32:53:a8:71:c1:ae:
                    2e:86:60:9c:8f:8e:09:00:7d:d1:37:80:00:dd:03:
                    15:17:94:1c:6f:c4:ed:53:3d:3f:7c:92:66:2f:e4:
                    5e:8e:f7:9d:68:84:a8:7b:ef:33:52:c0:cd:98:9e:
                    45:fa:37:a7:f4:7a:1c:17:dc:9a:19:c4:f4:ee:1d:
                    e5:17:6d:17:40:1e:b1:c2:ac:d1:f6:b3:51:d5:98:
                    1d:1a:f9:76:57:ea:4a:76:95:4b:b6:59:24:dd:38:
                    e3:d9:ff:b8:e3:fc:d3:b8:7c:00:94:2d:3d:2a:66:
                    e2:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:26:C9:DB:18:7D:2F:61:02:FF:23:22:02:CC:3E:C9:7F:75:ED:6D
            X509v3 Authority Key Identifier:
                keyid:72:E4:BA:F9:9A:B8:40:12:91:33:28:5F:E9:AD:7B:83:FD:13:0C:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cuS6-Zq4QBKRMyhf6a17g_0TDDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/66b74c-81c1-410e-957d-a8d65dccb96b/1/SSbJ2xh9L2EC_yMiAsw-yX917W0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/66b74c-81c1-410e-957d-a8d65dccb96b/1/cuS6-Zq4QBKRMyhf6a17g_0TDDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.15.76.0/22
                  45.81.216.0/22
                  45.84.180.0/22
                  45.86.252.0/22
                  45.87.71.0/24
                  45.93.76.0/22
                  45.95.60.0/22
                  45.129.112.0/22
                  45.135.20.0/22
                  45.138.60.0/22
                  45.142.148.0/22
                  45.148.180.0/22

    Signature Algorithm: sha256WithRSAEncryption
         09:01:9d:47:e5:a0:cb:20:4a:7b:f0:fd:7a:4a:7d:e8:90:cd:
         ec:80:6d:48:a6:71:ec:77:a9:6e:3d:8d:e8:01:f7:14:4f:13:
         08:77:ee:27:03:07:6b:06:c2:07:68:5c:5d:8f:31:d3:80:f4:
         5b:5b:68:3b:25:cf:a8:be:8a:7d:a2:7d:b9:55:77:48:46:e6:
         3b:5a:1f:fa:b5:b4:6c:70:f9:34:a9:9b:80:50:ae:fe:4b:8b:
         ea:c0:82:62:b5:72:f7:93:43:69:ae:c8:e6:50:62:d8:de:9c:
         4e:f7:9b:83:fc:d7:74:a7:0d:9f:ae:47:ac:e9:1c:3b:8c:e7:
         1a:2b:62:d9:2d:24:ee:0a:e6:03:9a:f6:d2:9e:b5:4a:80:07:
         e0:4d:0e:86:da:0b:e6:22:cd:66:c9:70:d7:80:b0:f5:af:25:
         ce:da:88:26:97:bd:c1:c3:bf:64:8f:3e:ac:2b:96:80:26:0f:
         87:12:af:e2:5f:ee:45:51:6d:61:25:aa:00:9a:0e:31:23:89:
         b5:62:0c:2e:c4:12:ce:1e:49:cc:b7:31:b8:2f:5e:f5:d2:84:
         b5:0c:cd:f7:af:23:6e:fc:20:f4:52:55:31:5e:9b:ed:53:c1:
         cc:79:9f:38:01:be:17:7e:d0:5e:a6:e4:a6:b7:1b:96:ac:92:
         d2:d9:85:89
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYVs5hL6oaaxj6AoYfqR4HoeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyZTRiYWY5OWFiODQwMTI5MTMzMjg1ZmU5YWQ3YjgzZmQx
MzBjMzkwHhcNMjMwMTAxMTAzNDU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTI2YzlkYjE4N2QyZjYxMDJmZjIzMjIwMmNjM2VjOTdmNzVlZDZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyeGHtNG2mmVcodeNbOorDS+fp7wl
imDHvu964/7zJJuUIyI6aUvTAP3VGLHWyOVAGXFQSdJeMRiedn9bDk8HcTDaakle
2Ws5esG6r1dL8048P1A96UEv8Unr3Qh/3cGc7vWliTekMfBf6WD7lb2LirkswbdP
qzCeqYfl9LpPq3I5rEZS6cFZjiajhizVcnIyU6hxwa4uhmCcj44JAH3RN4AA3QMV
F5Qcb8TtUz0/fJJmL+RejvedaISoe+8zUsDNmJ5F+jen9HocF9yaGcT07h3lF20X
QB6xwqzR9rNR1ZgdGvl2V+pKdpVLtlkk3Tjj2f+44/zTuHwAlC09KmbiZwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFEkmydsYfS9hAv8jIgLMPsl/de1tMB8GA1UdIwQY
MBaAFHLkuvmauEASkTMoX+mte4P9Eww5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3VTNi1acTRRQktSTXloZjZhMTdnXzBURERrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi82NmI3NGMtODFjMS00MTBlLTk1N2Qt
YThkNjVkY2NiOTZiLzEvU1NiSjJ4aDlMMkVDX3lNaUFzdy15WDkxN1cwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi82NmI3NGMtODFjMS00MTBlLTk1N2QtYThkNjVkY2NiOTZi
LzEvY3VTNi1acTRRQktSTXloZjZhMTdnXzBURERrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQCLQ9MAwQC
LVHYAwQCLVS0AwQCLVb8AwQALVdHAwQCLV1MAwQCLV88AwQCLYFwAwQCLYcUAwQC
LYo8AwQCLY6UAwQCLZS0MA0GCSqGSIb3DQEBCwUAA4IBAQAJAZ1H5aDLIEp78P16
Sn3okM3sgG1IpnHsd6luPY3oAfcUTxMId+4nAwdrBsIHaFxdjzHTgPRbW2g7Jc+o
vop9on25VXdIRuY7Wh/6tbRscPk0qZuAUK7+S4vqwIJitXL3k0NprsjmUGLY3pxO
95uD/Nd0pw2frkes6Rw7jOcaK2LZLSTuCuYDmvbSnrVKgAfgTQ6G2gvmIs1myXDX
gLD1ryXO2ogml73Bw79kjz6sK5aAJg+HEq/iX+5FUW1hJaoAmg4xI4m1YgwuxBLO
HknMtzG4L1710oS1DM33ryNu/CD0UlUxXpvtU8HMeZ84Ab4XftBepuSmtxuWrJLS
2YWJ
-----END CERTIFICATE-----