Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/YP7xLJDEpNmI6FALwuq3OvaE-b0.roa
File:                     YP7xLJDEpNmI6FALwuq3OvaE-b0.roa (raw, json)
Hash identifier:          m15MfnreuTfO92eFQu/NsX16JZ598cOhI7oARpcoya0=
Subject key identifier:   60:FE:F1:2C:90:C4:A4:D9:88:E8:50:0B:C2:EA:B7:3A:F6:84:F9:BD
Certificate issuer:       /CN=2b967e772cc7298305a11ffa65dd185f6a58910b
Certificate serial:       0186093A2B162385D97F8DE1145AEC427474
Authority key identifier: 2B:96:7E:77:2C:C7:29:83:05:A1:1F:FA:65:DD:18:5F:6A:58:91:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/YP7xLJDEpNmI6FALwuq3OvaE-b0.roa
Signing time:             Tue 31 Jan 2023 19:07:32 +0000
ROA not before:           Tue 31 Jan 2023 19:07:32 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     34465
IP address blocks:        2a12:8fc6:ace2::/48 maxlen: 48
                          2a12:8fc6:cd02::/48 maxlen: 48
                          2a12:8fc6:cd04::/48 maxlen: 48
                          2a12:8fc6:bab0::/48 maxlen: 48
                          2a12:8fc6:cae1::/48 maxlen: 48
                          2a12:8fc6:cd01::/48 maxlen: 48
                          2a12:8fc6:ace1::/48 maxlen: 48
                          2a12:8fc6:ee01::/48 maxlen: 48
                          2a12:8fc6:be01::/48 maxlen: 48
                          2a12:8fc6:ace3::/48 maxlen: 48
                          2a12:8fc6:dbaa::/48 maxlen: 48
                          2a12:8fc6::/32 maxlen: 32
                          2a12:8fc6:fae0::/48 maxlen: 48
                          2a12:8fc6:dae0::/48 maxlen: 48
                          2a12:8fc6:daa0::/48 maxlen: 48
                          2a12:8fc6:aa00::/48 maxlen: 48
                          2a12:8fc6:ca00::/48 maxlen: 48
                          2a12:8fc6:faa0::/48 maxlen: 48
                          2a12:8fc6:cd00::/48 maxlen: 48
                          2a12:8fc6:ce00::/48 maxlen: 48
                          2a12:8fc6:caa0::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 07 Mar 2023 15:38:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:09:3a:2b:16:23:85:d9:7f:8d:e1:14:5a:ec:42:74:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b967e772cc7298305a11ffa65dd185f6a58910b
        Validity
            Not Before: Jan 31 19:07:32 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=60fef12c90c4a4d988e8500bc2eab73af684f9bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:d4:3e:6c:36:45:a8:62:33:17:dc:70:41:44:
                    40:24:8b:49:f8:ac:93:25:4f:41:e4:35:0b:23:f2:
                    e2:a0:cb:2b:a9:c2:93:aa:f1:7c:9e:fa:c4:c7:83:
                    7d:4f:42:1d:ea:c2:6f:64:e2:52:ef:8c:41:57:54:
                    80:97:07:3c:ab:a6:08:ba:c4:53:b6:91:28:2e:f5:
                    0d:26:33:18:35:de:99:26:89:3f:b9:83:f9:b7:64:
                    93:e1:4c:5d:14:56:1a:7b:62:7d:99:ab:60:44:48:
                    34:be:a0:18:40:67:0b:d7:b8:bb:59:74:ea:d8:4e:
                    49:40:16:b7:e5:3c:4f:80:36:1c:95:32:1b:e9:9d:
                    5d:f2:49:30:2d:d8:26:e3:76:d5:c3:b8:c9:8d:a8:
                    06:9b:77:c8:62:cc:fa:9e:18:c7:54:5a:fb:b5:f0:
                    5a:46:2b:60:71:92:12:79:4c:73:b0:7b:e6:76:5b:
                    06:97:da:45:1c:79:e8:4a:85:cb:a3:bd:57:38:43:
                    56:65:b3:5c:92:e2:2d:60:92:e8:22:e6:7c:c4:db:
                    7b:d9:a1:39:8f:f9:e0:31:c6:dd:61:52:fc:14:06:
                    03:f2:d0:30:80:ec:dd:43:26:92:6a:4c:48:6e:1d:
                    51:6c:66:fa:4b:ff:69:24:b2:3e:ab:fc:16:b1:5c:
                    ff:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:FE:F1:2C:90:C4:A4:D9:88:E8:50:0B:C2:EA:B7:3A:F6:84:F9:BD
            X509v3 Authority Key Identifier:
                keyid:2B:96:7E:77:2C:C7:29:83:05:A1:1F:FA:65:DD:18:5F:6A:58:91:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/YP7xLJDEpNmI6FALwuq3OvaE-b0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:8fc6::/32

    Signature Algorithm: sha256WithRSAEncryption
         88:55:d4:7e:f1:f8:6d:b9:f0:0b:b2:af:7c:f8:e5:8c:69:a4:
         63:46:07:e6:d4:7f:96:f4:63:78:ce:43:30:9f:6f:58:96:27:
         e7:c4:1d:33:b1:ee:32:0c:16:05:dd:32:a7:05:1b:44:5d:00:
         f6:da:b5:32:60:52:52:4c:49:bb:27:52:54:73:83:13:4e:30:
         50:1b:12:e3:1a:3d:51:b2:db:81:e1:23:80:7a:b9:53:82:10:
         1c:90:e0:0d:81:ec:02:48:a8:a2:c9:1b:c3:f9:d3:4d:85:5a:
         22:f3:28:01:87:c7:8b:ee:1b:5c:10:ab:49:b6:2b:4d:5d:83:
         7e:5f:5b:11:82:5a:e4:4b:7a:97:0a:c4:1c:a1:07:a0:a2:21:
         75:3d:41:c1:dc:85:bc:99:51:60:24:2c:5f:ac:2c:31:87:9e:
         25:95:ca:51:79:ae:45:e9:84:7c:b6:e2:d6:32:fe:c8:4d:d0:
         9a:fe:a6:e4:f9:fb:13:ff:d2:d6:73:cf:1f:c9:25:40:a6:99:
         68:c8:c2:b2:15:33:09:23:2e:db:ba:e6:25:18:19:7e:18:5a:
         cf:e3:ae:b7:92:3c:ae:54:3f:92:eb:06:f0:bc:49:d8:1c:ef:
         ab:e4:77:9a:82:26:57:6c:6c:51:04:71:10:b7:83:5d:ff:cb:
         10:94:d1:41
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYYJOisWI4XZf43hFFrsQnR0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiOTY3ZTc3MmNjNzI5ODMwNWExMWZmYTY1ZGQxODVmNmE1
ODkxMGIwHhcNMjMwMTMxMTkwNzMyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGZlZjEyYzkwYzRhNGQ5ODhlODUwMGJjMmVhYjczYWY2ODRmOWJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzNQ+bDZFqGIzF9xwQURAJItJ+KyT
JU9B5DULI/LioMsrqcKTqvF8nvrEx4N9T0Id6sJvZOJS74xBV1SAlwc8q6YIusRT
tpEoLvUNJjMYNd6ZJok/uYP5t2ST4UxdFFYae2J9matgREg0vqAYQGcL17i7WXTq
2E5JQBa35TxPgDYclTIb6Z1d8kkwLdgm43bVw7jJjagGm3fIYsz6nhjHVFr7tfBa
RitgcZISeUxzsHvmdlsGl9pFHHnoSoXLo71XOENWZbNckuItYJLoIuZ8xNt72aE5
j/ngMcbdYVL8FAYD8tAwgOzdQyaSakxIbh1RbGb6S/9pJLI+q/wWsVz/RwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGD+8SyQxKTZiOhQC8Lqtzr2hPm9MB8GA1UdIwQY
MBaAFCuWfncsxymDBaEf+mXdGF9qWJELMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzVaLWR5ekhLWU1Gb1JfNlpkMFlYMnBZa1FzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS82NjBlNzQtYTNiYy00NDRiLTljNmEt
NThjOTZkNjZmMGExLzEvWVA3eExKREVwTm1JNkZBTHd1cTNPdmFFLWIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS82NjBlNzQtYTNiYy00NDRiLTljNmEtNThjOTZkNjZmMGEx
LzEvSzVaLWR5ekhLWU1Gb1JfNlpkMFlYMnBZa1FzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhKPxjAN
BgkqhkiG9w0BAQsFAAOCAQEAiFXUfvH4bbnwC7KvfPjljGmkY0YH5tR/lvRjeM5D
MJ9vWJYn58QdM7HuMgwWBd0ypwUbRF0A9tq1MmBSUkxJuydSVHODE04wUBsS4xo9
UbLbgeEjgHq5U4IQHJDgDYHsAkiooskbw/nTTYVaIvMoAYfHi+4bXBCrSbYrTV2D
fl9bEYJa5Et6lwrEHKEHoKIhdT1BwdyFvJlRYCQsX6wsMYeeJZXKUXmuRemEfLbi
1jL+yE3Qmv6m5Pn7E//S1nPPH8klQKaZaMjCshUzCSMu27rmJRgZfhhaz+Out5I8
rlQ/kusG8LxJ2Bzvq+R3moImV2xsUQRxELeDXf/LEJTRQQ==
-----END CERTIFICATE-----