Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/0e7ed3-48cb-4afe-8d15-dffe17f3db54/1/GgND5rCYnW-etweUtqpfWFtubbA.roa
File:                     GgND5rCYnW-etweUtqpfWFtubbA.roa (raw, json)
Hash identifier:          saM/1PdOeiObVTZ5pTMlDfU7skb7mb7fGckjh/PMq5A=
Subject key identifier:   1A:03:43:E6:B0:98:9D:6F:9E:B7:07:94:B6:AA:5F:58:5B:6E:6D:B0
Certificate issuer:       /CN=9812e491aaa655b6324dbcc0cff00a8d63191076
Certificate serial:       01874B23DDF6BF8F33CCC4813CAF7E708B55
Authority key identifier: 98:12:E4:91:AA:A6:55:B6:32:4D:BC:C0:CF:F0:0A:8D:63:19:10:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mBLkkaqmVbYyTbzAz_AKjWMZEHY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/0e7ed3-48cb-4afe-8d15-dffe17f3db54/1/GgND5rCYnW-etweUtqpfWFtubbA.roa
Signing time:             Tue 04 Apr 2023 07:20:54 +0000
ROA not before:           Tue 04 Apr 2023 07:20:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     29286
IP address blocks:        37.72.192.0/19 maxlen: 19
                          37.72.240.0/24 maxlen: 24
                          213.151.176.0/21 maxlen: 21
                          37.72.243.0/24 maxlen: 24
                          37.72.242.0/24 maxlen: 24
                          37.72.244.0/22 maxlen: 22
                          37.72.248.0/24 maxlen: 24
                          37.72.252.0/22 maxlen: 22
                          213.151.184.0/22 maxlen: 22
                          37.72.250.0/23 maxlen: 23
                          37.72.249.0/24 maxlen: 24
                          81.20.208.0/20 maxlen: 20

Validation:               Failed, certificate revoked on Thu 29 Jun 2023 09:52:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:4b:23:dd:f6:bf:8f:33:cc:c4:81:3c:af:7e:70:8b:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9812e491aaa655b6324dbcc0cff00a8d63191076
        Validity
            Not Before: Apr  4 07:20:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1a0343e6b0989d6f9eb70794b6aa5f585b6e6db0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:a0:aa:5e:ff:63:b2:a9:68:f9:3e:cd:64:59:
                    aa:26:9d:85:bd:06:bc:7e:20:52:b2:28:36:ae:85:
                    15:44:2b:7b:a4:86:72:88:38:fa:c2:16:cf:89:aa:
                    d8:70:76:4f:6a:0d:1b:74:54:34:f1:2a:58:48:99:
                    08:fc:00:b4:8d:ac:f7:ee:10:5d:12:df:5f:44:6c:
                    20:83:38:cf:59:c8:8e:e1:39:07:b7:51:35:43:9a:
                    2e:21:25:7e:fd:cc:cc:70:c9:71:1a:9c:d4:7d:2e:
                    3e:75:53:c8:63:36:c1:ad:0e:a4:80:46:a8:58:17:
                    ac:9e:4d:73:79:27:08:f5:d9:f2:be:a4:dc:31:7c:
                    99:dd:bf:6d:94:46:1e:a3:30:22:ae:ab:c2:fa:43:
                    ef:b9:b1:ba:ac:f6:ac:df:b2:c7:25:9e:8d:c0:fb:
                    e6:ab:c7:8e:d0:ab:81:93:31:dd:88:88:39:a4:43:
                    ea:92:dd:0f:d0:20:69:b3:c3:f4:e5:05:43:10:0b:
                    c1:88:d5:df:89:86:41:52:c0:21:56:c5:94:8e:c4:
                    07:32:50:00:6b:e2:54:64:04:0f:98:23:97:57:ca:
                    28:da:72:32:08:8f:5c:89:e8:df:cb:72:a8:4e:57:
                    f5:df:51:89:90:ab:71:e3:92:54:83:f3:79:6a:2f:
                    26:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:03:43:E6:B0:98:9D:6F:9E:B7:07:94:B6:AA:5F:58:5B:6E:6D:B0
            X509v3 Authority Key Identifier:
                keyid:98:12:E4:91:AA:A6:55:B6:32:4D:BC:C0:CF:F0:0A:8D:63:19:10:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mBLkkaqmVbYyTbzAz_AKjWMZEHY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/0e7ed3-48cb-4afe-8d15-dffe17f3db54/1/GgND5rCYnW-etweUtqpfWFtubbA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/0e7ed3-48cb-4afe-8d15-dffe17f3db54/1/mBLkkaqmVbYyTbzAz_AKjWMZEHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.72.192.0/19
                  37.72.240.0/24
                  37.72.242.0-37.72.255.255
                  81.20.208.0/20
                  213.151.176.0-213.151.187.255

    Signature Algorithm: sha256WithRSAEncryption
         05:0b:da:57:4f:89:1d:b6:53:c7:66:0d:ca:a4:3b:82:4c:42:
         38:ee:df:f4:5f:96:f4:2e:8f:fd:33:4e:f4:2f:d1:ed:c9:49:
         6e:c3:1f:6d:eb:37:0a:5b:01:6b:a9:eb:b7:a8:fb:75:fe:8a:
         b5:ea:94:6e:0d:a3:a6:10:0e:72:b0:1e:2f:1a:a9:a0:fc:c7:
         27:83:9b:c7:44:41:f1:aa:ec:be:20:02:91:41:0a:cd:87:4f:
         09:3f:53:16:00:15:48:88:35:44:01:92:07:ac:91:f0:69:75:
         d4:70:71:26:a8:2c:c0:82:8b:1c:04:4e:cf:ae:bc:25:a4:68:
         e7:42:f6:66:9e:6a:c0:05:ef:2a:b9:ca:50:25:d2:57:ee:63:
         c3:68:28:8a:ee:52:10:1d:34:77:22:2e:98:0b:74:5d:98:cf:
         e4:da:a0:12:7b:30:a3:a0:76:81:9d:e8:32:b7:23:9d:64:e9:
         ad:2a:e8:cd:0f:c4:80:c5:98:b9:3d:fc:3f:34:c9:47:e0:77:
         92:f3:2b:50:ce:85:28:8a:b2:b5:78:e2:5d:b8:3f:f8:9e:1e:
         d6:9f:e8:d2:81:16:3a:e1:35:cd:2c:ff:38:c1:24:b3:26:4b:
         ca:a3:52:a3:c6:d3:02:60:c3:00:bf:3b:98:04:de:4d:ab:7e:
         47:81:07:0c
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYdLI932v48zzMSBPK9+cItVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MTJlNDkxYWFhNjU1YjYzMjRkYmNjMGNmZjAwYThkNjMx
OTEwNzYwHhcNMjMwNDA0MDcyMDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTAzNDNlNmIwOTg5ZDZmOWViNzA3OTRiNmFhNWY1ODViNmU2ZGIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlKCqXv9jsqlo+T7NZFmqJp2FvQa8
fiBSsig2roUVRCt7pIZyiDj6whbPiarYcHZPag0bdFQ08SpYSJkI/AC0jaz37hBd
Et9fRGwggzjPWciO4TkHt1E1Q5ouISV+/czMcMlxGpzUfS4+dVPIYzbBrQ6kgEao
WBesnk1zeScI9dnyvqTcMXyZ3b9tlEYeozAirqvC+kPvubG6rPas37LHJZ6NwPvm
q8eO0KuBkzHdiIg5pEPqkt0P0CBps8P05QVDEAvBiNXfiYZBUsAhVsWUjsQHMlAA
a+JUZAQPmCOXV8oo2nIyCI9ciejfy3KoTlf131GJkKtx45JUg/N5ai8mwwIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFBoDQ+awmJ1vnrcHlLaqX1hbbm2wMB8GA1UdIwQY
MBaAFJgS5JGqplW2Mk28wM/wCo1jGRB2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUJMa2thcW1WYll5VGJ6QXpfQUtqV01aRUhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni8wZTdlZDMtNDhjYi00YWZlLThkMTUt
ZGZmZTE3ZjNkYjU0LzEvR2dORDVyQ1luVy1ldHdlVXRxcGZXRnR1YmJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni8wZTdlZDMtNDhjYi00YWZlLThkMTUtZGZmZTE3ZjNkYjU0
LzEvbUJMa2thcW1WYll5VGJ6QXpfQUtqV01aRUhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAzBAIAATAtAwQFJUjAAwQA
JUjwMAsDBAElSPIDAwAlSAMEBFEU0DAMAwQE1ZewAwQC1Ze4MA0GCSqGSIb3DQEB
CwUAA4IBAQAFC9pXT4kdtlPHZg3KpDuCTEI47t/0X5b0Lo/9M070L9HtyUluwx9t
6zcKWwFrqeu3qPt1/oq16pRuDaOmEA5ysB4vGqmg/Mcng5vHREHxquy+IAKRQQrN
h08JP1MWABVIiDVEAZIHrJHwaXXUcHEmqCzAgoscBE7PrrwlpGjnQvZmnmrABe8q
ucpQJdJX7mPDaCiK7lIQHTR3Ii6YC3RdmM/k2qASezCjoHaBnegytyOdZOmtKujN
D8SAxZi5Pfw/NMlH4HeS8ytQzoUoirK1eOJduD/4nh7Wn+jSgRY64TXNLP84wSSz
JkvKo1KjxtMCYMMAvzuYBN5Nq35HgQcM
-----END CERTIFICATE-----