Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/4c66cc-fa9a-4f58-ad21-7da183eff115/1/6Ud7ZorPCj-Ko6fd5oRoaW9m9Oo.roa
File:                     6Ud7ZorPCj-Ko6fd5oRoaW9m9Oo.roa (raw, json)
Hash identifier:          qysG81AjAwgPXXDimI5NcZdwBidRc8Y5VS24g5v6BwE=
Subject key identifier:   E9:47:7B:66:8A:CF:0A:3F:8A:A3:A7:DD:E6:84:68:69:6F:66:F4:EA
Certificate issuer:       /CN=586936266e980dd203b2cbeb1c9c4570604b911b
Certificate serial:       01891FE531AEFEA2BDA7D21A9DC2DEDD5CDC
Authority key identifier: 58:69:36:26:6E:98:0D:D2:03:B2:CB:EB:1C:9C:45:70:60:4B:91:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WGk2Jm6YDdIDssvrHJxFcGBLkRs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/4c66cc-fa9a-4f58-ad21-7da183eff115/1/6Ud7ZorPCj-Ko6fd5oRoaW9m9Oo.roa
Signing time:             Tue 04 Jul 2023 07:54:21 +0000
ROA not before:           Tue 04 Jul 2023 07:54:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     49628
IP address blocks:        185.46.176.0/22 maxlen: 22
                          193.176.215.0/24 maxlen: 24
                          78.40.106.0/24 maxlen: 24
                          78.40.107.0/24 maxlen: 24
                          193.176.214.0/24 maxlen: 24
                          5.187.9.0/24 maxlen: 24
                          5.187.10.0/24 maxlen: 24
                          5.187.8.0/24 maxlen: 24
                          5.187.8.0/21 maxlen: 21
                          5.187.11.0/24 maxlen: 24
                          5.187.12.0/24 maxlen: 24
                          193.176.212.0/24 maxlen: 24
                          193.176.212.0/22 maxlen: 22
                          78.40.104.0/24 maxlen: 24
                          78.40.104.0/22 maxlen: 22
                          193.176.213.0/24 maxlen: 24
                          78.40.105.0/24 maxlen: 24
                          185.168.224.0/24 maxlen: 24
                          185.168.224.0/22 maxlen: 22
                          185.168.225.0/24 maxlen: 24
                          185.168.226.0/24 maxlen: 24
                          185.168.227.0/24 maxlen: 24
                          37.75.128.0/21 maxlen: 21

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 16:29:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:1f:e5:31:ae:fe:a2:bd:a7:d2:1a:9d:c2:de:dd:5c:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=586936266e980dd203b2cbeb1c9c4570604b911b
        Validity
            Not Before: Jul  4 07:54:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e9477b668acf0a3f8aa3a7dde68468696f66f4ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:b2:50:8e:d4:e9:5e:1c:76:9b:11:2e:f3:2f:
                    c4:62:62:27:e7:20:33:8c:24:8c:45:4e:28:3e:4c:
                    3f:c0:14:a6:15:11:81:3f:81:13:db:8b:6f:0f:e0:
                    fb:e6:93:3c:c9:10:56:52:68:53:d6:44:5d:17:6f:
                    bd:a8:7c:78:b9:45:3d:b7:50:65:a2:78:10:c7:cc:
                    90:c9:3d:70:f5:f0:f8:79:13:95:be:76:95:e2:1f:
                    20:5f:96:18:96:69:4e:f2:3c:2e:89:9f:15:3c:95:
                    7a:c0:50:0b:1e:74:8b:5a:5e:62:66:a2:4d:11:f9:
                    14:eb:d9:f5:91:f4:3b:a1:b8:cd:4d:29:80:de:74:
                    8e:39:fd:5a:98:07:8e:fc:4e:b4:7c:4f:4b:fd:c5:
                    dd:01:9a:74:6d:42:5a:ee:73:7f:fc:6d:ce:e5:25:
                    de:42:e8:b8:46:5f:f3:b0:96:9b:5f:52:20:da:0f:
                    63:1b:7b:a1:6a:39:75:f5:be:8b:1c:c9:36:70:e3:
                    ca:16:16:27:3f:fd:47:50:d0:0d:03:cd:d5:4c:33:
                    29:a0:be:0a:de:f9:74:68:a4:1a:1f:ac:4e:2a:7f:
                    70:b7:4f:38:d5:09:73:00:08:55:32:dd:c3:7f:af:
                    27:fc:42:ab:cf:20:a5:10:81:ea:02:59:7d:d9:20:
                    ac:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:47:7B:66:8A:CF:0A:3F:8A:A3:A7:DD:E6:84:68:69:6F:66:F4:EA
            X509v3 Authority Key Identifier:
                keyid:58:69:36:26:6E:98:0D:D2:03:B2:CB:EB:1C:9C:45:70:60:4B:91:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WGk2Jm6YDdIDssvrHJxFcGBLkRs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/4c66cc-fa9a-4f58-ad21-7da183eff115/1/6Ud7ZorPCj-Ko6fd5oRoaW9m9Oo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/4c66cc-fa9a-4f58-ad21-7da183eff115/1/WGk2Jm6YDdIDssvrHJxFcGBLkRs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.187.8.0/21
                  37.75.128.0/21
                  78.40.104.0/22
                  185.46.176.0/22
                  185.168.224.0/22
                  193.176.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         47:6b:8a:9d:37:7e:a6:34:7b:e5:4a:d4:df:3e:a6:c4:ca:06:
         47:29:36:69:ed:2c:25:6f:08:2b:4e:69:fc:17:b3:93:02:83:
         0e:83:78:b4:9c:f2:2d:8b:b6:49:52:35:65:87:76:9d:a2:99:
         22:95:ab:cf:96:17:9b:f6:38:05:9a:72:b4:cd:99:78:ac:a6:
         a0:a9:e0:94:74:ec:ad:05:a1:ab:7e:78:0b:66:40:39:50:01:
         9b:e5:6a:3f:ac:c9:ec:92:c6:3b:b2:3a:ed:ac:e3:02:d7:3c:
         e5:7e:39:27:5e:27:82:14:93:aa:9f:a6:4c:a4:b8:1b:4c:41:
         08:98:f2:04:52:32:20:35:65:3b:fd:36:e6:ab:4f:96:b8:38:
         5b:45:df:0b:6d:c1:ea:50:4b:54:30:59:c8:c4:d8:a5:76:20:
         33:a6:7e:0f:82:4f:18:8f:de:3d:2c:5a:de:dc:68:a0:47:cc:
         b4:bc:a3:2f:83:17:75:3b:33:6c:e4:f6:19:8b:75:a6:56:78:
         50:89:f0:af:a1:45:0c:ac:22:11:51:e1:45:fa:1b:f1:45:43:
         c5:c6:3f:88:2f:09:eb:7c:e1:04:53:cf:b3:ea:17:db:e5:53:
         53:ec:7c:b5:c5:88:38:7c:7d:0f:ce:ad:50:fd:56:a6:c4:9c:
         ea:7a:cf:b8
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYkf5TGu/qK9p9IancLe3VzcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4NjkzNjI2NmU5ODBkZDIwM2IyY2JlYjFjOWM0NTcwNjA0
YjkxMWIwHhcNMjMwNzA0MDc1NDIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTQ3N2I2NjhhY2YwYTNmOGFhM2E3ZGRlNjg0Njg2OTZmNjZmNGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrJQjtTpXhx2mxEu8y/EYmIn5yAz
jCSMRU4oPkw/wBSmFRGBP4ET24tvD+D75pM8yRBWUmhT1kRdF2+9qHx4uUU9t1Bl
ongQx8yQyT1w9fD4eROVvnaV4h8gX5YYlmlO8jwuiZ8VPJV6wFALHnSLWl5iZqJN
EfkU69n1kfQ7objNTSmA3nSOOf1amAeO/E60fE9L/cXdAZp0bUJa7nN//G3O5SXe
Qui4Rl/zsJabX1Ig2g9jG3uhajl19b6LHMk2cOPKFhYnP/1HUNANA83VTDMpoL4K
3vl0aKQaH6xOKn9wt0841QlzAAhVMt3Df68n/EKrzyClEIHqAll92SCsswIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFOlHe2aKzwo/iqOn3eaEaGlvZvTqMB8GA1UdIwQY
MBaAFFhpNiZumA3SA7LL6xycRXBgS5EbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0drMkptNllEZElEc3N2ckhKeEZjR0JMa1JzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS80YzY2Y2MtZmE5YS00ZjU4LWFkMjEt
N2RhMTgzZWZmMTE1LzEvNlVkN1pvclBDai1LbzZmZDVvUm9hVzltOU9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS80YzY2Y2MtZmE5YS00ZjU4LWFkMjEtN2RhMTgzZWZmMTE1
LzEvV0drMkptNllEZElEc3N2ckhKeEZjR0JMa1JzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQDBbsIAwQD
JUuAAwQCTihoAwQCuS6wAwQCuajgAwQCwbDUMA0GCSqGSIb3DQEBCwUAA4IBAQBH
a4qdN36mNHvlStTfPqbEygZHKTZp7SwlbwgrTmn8F7OTAoMOg3i0nPIti7ZJUjVl
h3adopkilavPlheb9jgFmnK0zZl4rKagqeCUdOytBaGrfngLZkA5UAGb5Wo/rMns
ksY7sjrtrOMC1zzlfjknXieCFJOqn6ZMpLgbTEEImPIEUjIgNWU7/Tbmq0+WuDhb
Rd8LbcHqUEtUMFnIxNildiAzpn4Pgk8Yj949LFre3GigR8y0vKMvgxd1OzNs5PYZ
i3WmVnhQifCvoUUMrCIRUeFF+hvxRUPFxj+ILwnrfOEEU8+z6hfb5VNT7Hy1xYg4
fH0Pzq1Q/VamxJzqes+4
-----END CERTIFICATE-----