Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/7a542d-719e-46d0-a5cc-061dd681332c/1/XqOIjXWIX42YRtxWJF_GTSVQztY.roa
File:                     XqOIjXWIX42YRtxWJF_GTSVQztY.roa (raw, json)
Hash identifier:          xYVr+Af7ZiVJhbQNJjJ9QQk8eL4ZVdG3LlloPJBzKYI=
Subject key identifier:   5E:A3:88:8D:75:88:5F:8D:98:46:DC:56:24:5F:C6:4D:25:50:CE:D6
Certificate issuer:       /CN=36af041d12c4adb66f8c16113c9a6147d02388d9
Certificate serial:       01856FC274B368DA22A17096E08F6B407B2A
Authority key identifier: 36:AF:04:1D:12:C4:AD:B6:6F:8C:16:11:3C:9A:61:47:D0:23:88:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nq8EHRLErbZvjBYRPJphR9AjiNk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/7a542d-719e-46d0-a5cc-061dd681332c/1/XqOIjXWIX42YRtxWJF_GTSVQztY.roa
Signing time:             Sun 01 Jan 2023 23:54:52 +0000
ROA not before:           Sun 01 Jan 2023 23:54:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     198203
IP address blocks:        81.4.108.0/22 maxlen: 24
                          81.4.124.0/22 maxlen: 24
                          81.4.120.0/22 maxlen: 24
                          185.34.219.0/24 maxlen: 24
                          185.34.218.0/24 maxlen: 24
                          185.34.216.0/24 maxlen: 24
                          91.229.232.0/24 maxlen: 24
                          81.4.104.0/22 maxlen: 24
                          81.4.100.0/22 maxlen: 24
                          185.56.60.0/22 maxlen: 24
                          185.56.61.0/24 maxlen: 24
                          176.56.224.0/20 maxlen: 24
                          2a00:d880::/32 maxlen: 48
                          2a00:d880:4::/48 maxlen: 48
                          2a02:50e0::/32 maxlen: 48

Validation:               Failed, certificate revoked on Thu 03 Aug 2023 09:53:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:c2:74:b3:68:da:22:a1:70:96:e0:8f:6b:40:7b:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36af041d12c4adb66f8c16113c9a6147d02388d9
        Validity
            Not Before: Jan  1 23:54:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5ea3888d75885f8d9846dc56245fc64d2550ced6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:f7:10:6e:07:96:13:f2:ff:a8:5d:7f:2f:4d:
                    f6:93:20:d9:7a:c3:7f:8a:44:cf:4b:27:bc:87:20:
                    4f:d4:e6:bb:9d:7e:5f:da:8c:f4:81:95:f5:4e:0c:
                    2d:f5:3f:dd:ed:1a:96:22:e1:24:25:e8:79:16:6b:
                    0e:ed:82:d3:7c:83:db:c8:9a:e4:f3:8b:fd:c3:0a:
                    65:a7:70:4d:7c:39:f2:04:49:ca:e4:4b:c3:dd:75:
                    74:09:99:84:a2:9a:bf:c7:e4:f9:37:d0:b8:dd:bc:
                    02:99:0e:c7:85:8a:67:29:62:3a:db:f2:73:ff:dd:
                    77:81:e3:02:39:9b:f5:8a:86:44:03:f5:ff:69:9c:
                    1a:4f:70:4d:ac:6b:a7:4b:18:b7:e4:2e:56:23:98:
                    09:f1:e6:3d:7b:d8:05:83:ef:cd:5f:bd:a9:3e:06:
                    df:d6:3b:18:8c:f1:8e:3c:3f:07:81:b3:eb:df:f4:
                    fd:20:56:b4:61:ca:7c:86:02:c5:0f:85:8f:95:e6:
                    25:2d:a4:cf:5c:98:3c:36:f6:a7:7e:11:49:43:4b:
                    6c:0d:0f:1e:a4:68:04:f8:c3:d0:c4:50:8b:37:e1:
                    93:86:65:d6:be:39:f5:44:59:47:13:67:f5:10:ab:
                    8f:9b:22:ff:d8:4f:99:48:5d:c6:8d:58:92:16:a8:
                    4d:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:A3:88:8D:75:88:5F:8D:98:46:DC:56:24:5F:C6:4D:25:50:CE:D6
            X509v3 Authority Key Identifier:
                keyid:36:AF:04:1D:12:C4:AD:B6:6F:8C:16:11:3C:9A:61:47:D0:23:88:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nq8EHRLErbZvjBYRPJphR9AjiNk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/7a542d-719e-46d0-a5cc-061dd681332c/1/XqOIjXWIX42YRtxWJF_GTSVQztY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/7a542d-719e-46d0-a5cc-061dd681332c/1/Nq8EHRLErbZvjBYRPJphR9AjiNk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.4.100.0-81.4.111.255
                  81.4.120.0/21
                  91.229.232.0/24
                  176.56.224.0/20
                  185.34.216.0/24
                  185.34.218.0/23
                  185.56.60.0/22
                IPv6:
                  2a00:d880::/32
                  2a02:50e0::/32

    Signature Algorithm: sha256WithRSAEncryption
         9d:ad:d5:f3:37:23:3a:97:2e:3c:1e:5f:12:87:a0:de:8e:37:
         4b:22:30:bc:98:fc:fa:18:0c:fa:6d:f6:af:ce:de:8f:db:9d:
         97:bc:22:d8:27:55:5e:e0:ca:94:bd:2c:60:64:6e:c5:b7:d7:
         15:61:5b:ae:b8:fd:4f:bc:5a:6f:0f:2d:ea:3d:f8:c0:7f:f4:
         d7:2e:98:fe:06:4b:24:a5:6c:a8:6a:cb:14:cb:39:77:01:be:
         c8:f0:94:1c:ba:0a:00:20:13:7c:00:27:e2:d8:4f:1e:d4:38:
         02:93:3d:60:c9:48:47:e4:da:cc:36:7f:c7:90:62:f9:9e:1b:
         b6:57:23:d7:6a:31:bd:4b:8d:ec:2f:6e:d6:dc:d6:72:03:c9:
         72:a5:75:50:f3:15:4a:c3:2f:04:7a:0c:29:1b:63:b4:a1:e5:
         1e:7f:35:d3:2f:fe:6d:d0:30:bb:79:dd:83:97:41:f3:5b:77:
         c1:13:76:26:d7:9b:fb:ab:1d:a4:c7:91:9d:81:81:a1:87:82:
         25:8d:9b:bf:28:70:72:35:d2:50:b6:a1:bc:59:65:42:38:2e:
         2d:f5:98:1f:b5:0f:7a:cd:6d:08:42:39:ad:b1:c6:2a:48:03:
         3a:5c:50:50:7b:8a:da:ba:ad:48:41:22:09:d8:d0:50:c8:f1:
         ec:13:7f:67
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYVvwnSzaNoioXCW4I9rQHsqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YWYwNDFkMTJjNGFkYjY2ZjhjMTYxMTNjOWE2MTQ3ZDAy
Mzg4ZDkwHhcNMjMwMTAxMjM1NDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWEzODg4ZDc1ODg1ZjhkOTg0NmRjNTYyNDVmYzY0ZDI1NTBjZWQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqfcQbgeWE/L/qF1/L032kyDZesN/
ikTPSye8hyBP1Oa7nX5f2oz0gZX1Tgwt9T/d7RqWIuEkJeh5FmsO7YLTfIPbyJrk
84v9wwplp3BNfDnyBEnK5EvD3XV0CZmEopq/x+T5N9C43bwCmQ7HhYpnKWI62/Jz
/913geMCOZv1ioZEA/X/aZwaT3BNrGunSxi35C5WI5gJ8eY9e9gFg+/NX72pPgbf
1jsYjPGOPD8HgbPr3/T9IFa0Ycp8hgLFD4WPleYlLaTPXJg8NvanfhFJQ0tsDQ8e
pGgE+MPQxFCLN+GThmXWvjn1RFlHE2f1EKuPmyL/2E+ZSF3GjViSFqhNuQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFF6jiI11iF+NmEbcViRfxk0lUM7WMB8GA1UdIwQY
MBaAFDavBB0SxK22b4wWETyaYUfQI4jZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnE4RUhSTEVyYlp2akJZUlBKcGhSOUFqaU5rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC83YTU0MmQtNzE5ZS00NmQwLWE1Y2Mt
MDYxZGQ2ODEzMzJjLzEvWHFPSWpYV0lYNDJZUnR4V0pGX0dUU1ZRenRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC83YTU0MmQtNzE5ZS00NmQwLWE1Y2MtMDYxZGQ2ODEzMzJj
LzEvTnE4RUhSTEVyYlp2akJZUlBKcGhSOUFqaU5rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDA4BAIAATAyMAwDBAJRBGQD
BARRBGADBANRBHgDBABb5egDBASwOOADBAC5ItgDBAG5ItoDBAK5ODwwFAQCAAIw
DgMFACoA2IADBQAqAlDgMA0GCSqGSIb3DQEBCwUAA4IBAQCdrdXzNyM6ly48Hl8S
h6DejjdLIjC8mPz6GAz6bfavzt6P252XvCLYJ1Ve4MqUvSxgZG7Ft9cVYVuuuP1P
vFpvDy3qPfjAf/TXLpj+BkskpWyoassUyzl3Ab7I8JQcugoAIBN8ACfi2E8e1DgC
kz1gyUhH5NrMNn/HkGL5nhu2VyPXajG9S43sL27W3NZyA8lypXVQ8xVKwy8Eegwp
G2O0oeUefzXTL/5t0DC7ed2Dl0HzW3fBE3Ym15v7qx2kx5GdgYGhh4IljZu/KHBy
NdJQtqG8WWVCOC4t9ZgftQ96zW0IQjmtscYqSAM6XFBQe4rauq1IQSIJ2NBQyPHs
E39n
-----END CERTIFICATE-----