Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/a6jZed2vmlasAgFenHJn427SjWk.roa
File:                     a6jZed2vmlasAgFenHJn427SjWk.roa (raw, json)
Hash identifier:          QYqKhQT6CVRuItegD1sGyBRCzLKdnpZP0F6FxV9ZYgI=
Subject key identifier:   6B:A8:D9:79:DD:AF:9A:56:AC:02:01:5E:9C:72:67:E3:6E:D2:8D:69
Certificate issuer:       /CN=2b967e772cc7298305a11ffa65dd185f6a58910b
Certificate serial:       0186BCB8EB3827A3D0C942A3199A53C235BB
Authority key identifier: 2B:96:7E:77:2C:C7:29:83:05:A1:1F:FA:65:DD:18:5F:6A:58:91:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/a6jZed2vmlasAgFenHJn427SjWk.roa
Signing time:             Tue 07 Mar 2023 15:38:00 +0000
ROA not before:           Tue 07 Mar 2023 15:38:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     34465
IP address blocks:        185.188.28.0/24 maxlen: 24
                          2a12:8fc6:cd02::/48 maxlen: 48
                          2a12:8fc6:ace2::/48 maxlen: 48
                          2a12:8fc6:cd04::/48 maxlen: 48
                          2a12:8fc6:bab0::/48 maxlen: 48
                          2a12:8fc6:be01::/48 maxlen: 48
                          2a12:8fc6:ee01::/48 maxlen: 48
                          2a12:8fc6:ace1::/48 maxlen: 48
                          2a12:8fc6:cd01::/48 maxlen: 48
                          2a12:8fc6:cae1::/48 maxlen: 48
                          2a12:8fc6:ace3::/48 maxlen: 48
                          2a12:8fc6:dbaa::/48 maxlen: 48
                          2a12:8fc6::/32 maxlen: 32
                          2a12:8fc6:cd00::/48 maxlen: 48
                          2a12:8fc6:faa0::/48 maxlen: 48
                          2a12:8fc6:fae0::/48 maxlen: 48
                          2a12:8fc6:ca00::/48 maxlen: 48
                          2a12:8fc6:aa00::/48 maxlen: 48
                          2a12:8fc6:daa0::/48 maxlen: 48
                          2a12:8fc6:ce00::/48 maxlen: 48
                          2a12:8fc6:caa0::/48 maxlen: 48
                          2a12:8fc6:dae0::/48 maxlen: 48

Validation:               Failed, certificate revoked on Sat 18 Mar 2023 17:10:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:bc:b8:eb:38:27:a3:d0:c9:42:a3:19:9a:53:c2:35:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b967e772cc7298305a11ffa65dd185f6a58910b
        Validity
            Not Before: Mar  7 15:38:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6ba8d979ddaf9a56ac02015e9c7267e36ed28d69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:87:ed:b7:e7:6e:18:4b:50:8f:cb:fe:26:68:
                    08:14:39:da:86:4b:01:d9:d5:cd:96:3f:77:cc:ff:
                    4d:55:7a:36:77:f5:1a:71:4d:c6:a9:4b:7e:7b:fd:
                    70:1a:c9:46:8a:3c:ed:58:e2:1b:7f:e4:1e:78:0c:
                    0f:a0:2e:42:e1:96:d0:92:b6:95:49:6e:50:40:75:
                    e2:9d:16:7e:22:b3:34:7e:15:d6:af:99:94:fc:73:
                    9c:e5:3a:55:e9:d6:06:9b:72:10:24:4a:ab:68:54:
                    6f:22:f0:5a:b0:2e:bb:94:92:20:9c:05:c0:4d:db:
                    ca:68:5a:22:76:a9:38:9a:f7:58:a2:df:8f:bf:2c:
                    a1:da:18:1f:94:5d:e2:5f:78:65:86:b9:f1:e7:9a:
                    68:10:ab:fa:e9:e7:82:ed:29:38:8c:ff:55:99:5c:
                    18:07:b2:b8:c0:dd:4b:ac:a7:dd:65:6d:a7:90:0d:
                    1e:68:30:15:e4:bf:b6:67:c0:91:f0:12:ed:71:9a:
                    5a:d3:7a:2c:3e:af:74:3e:0c:a4:28:25:d5:1a:0d:
                    e6:db:c8:e7:d0:8e:6b:76:16:d7:df:4a:73:67:9e:
                    c5:3f:27:c7:48:18:d3:aa:9f:da:42:5c:98:28:78:
                    d7:c3:ff:9b:ce:f4:f4:09:68:f4:be:db:3c:09:37:
                    24:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:A8:D9:79:DD:AF:9A:56:AC:02:01:5E:9C:72:67:E3:6E:D2:8D:69
            X509v3 Authority Key Identifier:
                keyid:2B:96:7E:77:2C:C7:29:83:05:A1:1F:FA:65:DD:18:5F:6A:58:91:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/a6jZed2vmlasAgFenHJn427SjWk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.188.28.0/24
                IPv6:
                  2a12:8fc6::/32

    Signature Algorithm: sha256WithRSAEncryption
         7a:47:32:68:a6:ca:fe:d0:7d:8d:2e:01:d2:0f:f0:61:db:69:
         44:12:98:30:f1:fb:0f:fe:ed:3c:d3:b9:d0:21:4a:93:01:38:
         6b:ed:c3:35:04:6a:3b:ef:54:c1:56:03:ae:7f:91:76:b8:b4:
         ee:e9:2f:6b:c1:7f:91:14:58:16:80:6d:31:48:b5:66:43:6d:
         29:2d:b9:72:62:19:f8:00:20:b6:9e:d4:a9:d4:b1:dc:65:d2:
         fb:06:1a:87:e4:ac:48:2e:2a:42:e9:e6:a0:e7:14:5e:f6:65:
         ac:08:ee:e0:f6:62:1e:2f:bd:2b:23:d9:75:6b:92:bc:68:3a:
         23:a7:a9:c3:a8:80:18:8b:74:6d:02:03:ea:d8:78:e4:41:d7:
         65:9f:6f:ef:40:77:be:12:21:e7:5d:03:f7:eb:5f:5d:9c:91:
         97:ad:df:4a:ee:5b:77:45:a8:05:9f:6b:25:5b:9e:17:db:85:
         af:93:92:a4:b9:02:36:46:63:04:91:0d:ef:01:8e:0b:b7:a4:
         a4:f0:db:0e:c9:38:fd:f5:1c:f0:c7:3f:74:44:15:21:c9:af:
         0b:34:b3:dc:35:bd:31:05:2f:ee:51:a0:01:c1:aa:73:b8:4f:
         52:84:1a:8b:b1:24:9c:77:16:fb:e1:fb:c6:d1:22:01:fb:2f:
         b2:67:58:0e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYa8uOs4J6PQyUKjGZpTwjW7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiOTY3ZTc3MmNjNzI5ODMwNWExMWZmYTY1ZGQxODVmNmE1
ODkxMGIwHhcNMjMwMzA3MTUzODAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmE4ZDk3OWRkYWY5YTU2YWMwMjAxNWU5YzcyNjdlMzZlZDI4ZDY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAioftt+duGEtQj8v+JmgIFDnahksB
2dXNlj93zP9NVXo2d/UacU3GqUt+e/1wGslGijztWOIbf+QeeAwPoC5C4ZbQkraV
SW5QQHXinRZ+IrM0fhXWr5mU/HOc5TpV6dYGm3IQJEqraFRvIvBasC67lJIgnAXA
TdvKaFoidqk4mvdYot+Pvyyh2hgflF3iX3hlhrnx55poEKv66eeC7Sk4jP9VmVwY
B7K4wN1LrKfdZW2nkA0eaDAV5L+2Z8CR8BLtcZpa03osPq90PgykKCXVGg3m28jn
0I5rdhbX30pzZ57FPyfHSBjTqp/aQlyYKHjXw/+bzvT0CWj0vts8CTckWQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGuo2Xndr5pWrAIBXpxyZ+Nu0o1pMB8GA1UdIwQY
MBaAFCuWfncsxymDBaEf+mXdGF9qWJELMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzVaLWR5ekhLWU1Gb1JfNlpkMFlYMnBZa1FzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS82NjBlNzQtYTNiYy00NDRiLTljNmEt
NThjOTZkNjZmMGExLzEvYTZqWmVkMnZtbGFzQWdGZW5ISm40MjdTaldrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS82NjBlNzQtYTNiYy00NDRiLTljNmEtNThjOTZkNjZmMGEx
LzEvSzVaLWR5ekhLWU1Gb1JfNlpkMFlYMnBZa1FzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAubwcMA0E
AgACMAcDBQAqEo/GMA0GCSqGSIb3DQEBCwUAA4IBAQB6RzJopsr+0H2NLgHSD/Bh
22lEEpgw8fsP/u0807nQIUqTAThr7cM1BGo771TBVgOuf5F2uLTu6S9rwX+RFFgW
gG0xSLVmQ20pLblyYhn4ACC2ntSp1LHcZdL7BhqH5KxILipC6eag5xRe9mWsCO7g
9mIeL70rI9l1a5K8aDojp6nDqIAYi3RtAgPq2HjkQddln2/vQHe+EiHnXQP3619d
nJGXrd9K7lt3RagFn2slW54X24Wvk5KkuQI2RmMEkQ3vAY4Lt6Sk8NsOyTj99Rzw
xz90RBUhya8LNLPcNb0xBS/uUaABwapzuE9ShBqLsSScdxb74fvG0SIB+y+yZ1gO
-----END CERTIFICATE-----