Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/452c2b-f2cf-4a92-a1cd-f0198c6c2474/1/9L_k5y5f5hm4Fk3VV5hvI5twNlQ.roa
File:                     9L_k5y5f5hm4Fk3VV5hvI5twNlQ.roa (raw, json)
Hash identifier:          m8GmNJ/ub/H1MkSvUztlBREkGJT1nRwi+BwUrZoyW38=
Subject key identifier:   F4:BF:E4:E7:2E:5F:E6:19:B8:16:4D:D5:57:98:6F:23:9B:70:36:54
Certificate issuer:       /CN=6696aea6bab79c48f5ddee4a46bf4ab64d863160
Certificate serial:       018D133B5DE337B71368D86E558A65207D5F
Authority key identifier: 66:96:AE:A6:BA:B7:9C:48:F5:DD:EE:4A:46:BF:4A:B6:4D:86:31:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zpauprq3nEj13e5KRr9Ktk2GMWA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/452c2b-f2cf-4a92-a1cd-f0198c6c2474/1/9L_k5y5f5hm4Fk3VV5hvI5twNlQ.roa
Signing time:             Tue 16 Jan 2024 17:04:34 +0000
ROA not before:           Tue 16 Jan 2024 17:04:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39122
IP address blocks:        46.22.128.0/20 maxlen: 20
                          78.153.192.0/19 maxlen: 24
                          81.17.240.0/20 maxlen: 24
                          91.197.234.0/23 maxlen: 23
                          176.52.222.0/23 maxlen: 23
                          185.2.64.0/22 maxlen: 22
                          185.97.236.0/22 maxlen: 22
                          185.152.72.0/22 maxlen: 22
                          185.206.192.0/22 maxlen: 22
                          185.209.164.0/22 maxlen: 22
                          194.36.58.0/23 maxlen: 23
                          194.36.64.0/23 maxlen: 23
                          200.69.8.0/21 maxlen: 21
                          2a01:a8::/32 maxlen: 32

Validation:               Failed, certificate revoked on Thu 18 Jan 2024 19:06:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:13:3b:5d:e3:37:b7:13:68:d8:6e:55:8a:65:20:7d:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6696aea6bab79c48f5ddee4a46bf4ab64d863160
        Validity
            Not Before: Jan 16 17:04:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f4bfe4e72e5fe619b8164dd557986f239b703654
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:5a:9e:04:11:c4:10:d4:bb:86:96:4e:79:46:
                    70:61:25:9f:1b:4e:75:0b:16:57:3b:08:7e:72:23:
                    6c:c9:78:d3:13:8e:0c:38:ec:ca:bd:3c:9e:10:70:
                    98:b9:e3:1f:2d:b9:ad:c8:37:60:48:aa:93:a3:de:
                    43:82:ca:00:3c:a0:14:db:eb:af:ac:38:ec:9f:9c:
                    28:11:e3:17:5e:a0:88:8a:10:11:f4:f9:92:b0:0c:
                    68:3c:c7:f6:d4:9c:3d:dd:20:ec:8a:9c:43:90:81:
                    48:92:8e:3c:ce:df:41:9e:76:d0:bf:7e:de:ce:fc:
                    1e:94:3f:83:12:4b:b7:0d:04:2a:1e:79:fd:e8:53:
                    9e:7b:5a:c4:62:d6:b9:a0:68:a9:08:ff:20:df:ae:
                    10:ba:17:e5:95:53:66:15:48:d4:df:85:59:f0:c1:
                    a5:94:be:ce:b7:41:2d:36:12:f8:6c:b5:97:ab:aa:
                    de:52:12:40:a3:e8:a4:15:bb:19:f2:8f:4c:c5:06:
                    6c:26:dd:38:7f:8d:69:3b:6b:36:a6:95:71:3e:fe:
                    89:3c:e6:d4:73:3c:41:98:01:68:f6:30:88:11:51:
                    bb:22:aa:25:2e:9a:58:43:a4:ad:a5:35:64:47:b1:
                    18:0a:a3:56:cd:6b:a0:d8:38:7c:b3:d5:47:21:84:
                    c3:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:BF:E4:E7:2E:5F:E6:19:B8:16:4D:D5:57:98:6F:23:9B:70:36:54
            X509v3 Authority Key Identifier:
                keyid:66:96:AE:A6:BA:B7:9C:48:F5:DD:EE:4A:46:BF:4A:B6:4D:86:31:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zpauprq3nEj13e5KRr9Ktk2GMWA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/452c2b-f2cf-4a92-a1cd-f0198c6c2474/1/9L_k5y5f5hm4Fk3VV5hvI5twNlQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/452c2b-f2cf-4a92-a1cd-f0198c6c2474/1/Zpauprq3nEj13e5KRr9Ktk2GMWA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.22.128.0/20
                  78.153.192.0/19
                  81.17.240.0/20
                  91.197.234.0/23
                  176.52.222.0/23
                  185.2.64.0/22
                  185.97.236.0/22
                  185.152.72.0/22
                  185.206.192.0/22
                  185.209.164.0/22
                  194.36.58.0/23
                  194.36.64.0/23
                  200.69.8.0/21
                IPv6:
                  2a01:a8::/32

    Signature Algorithm: sha256WithRSAEncryption
         16:d2:8c:27:35:8d:68:db:d6:28:ef:57:04:63:23:a6:ce:fa:
         ec:2f:64:a7:68:e6:f4:fe:f1:14:bc:db:05:29:17:e1:74:5c:
         49:48:a0:9f:c1:9c:d3:ce:55:a6:9b:0f:1d:dc:34:52:52:63:
         90:93:af:26:2f:4f:7d:dc:08:9a:38:09:b2:43:b5:04:da:9c:
         34:be:f9:0c:60:29:32:88:f7:d5:f6:d4:b3:37:4c:bd:c5:c5:
         f3:9c:1d:d4:30:8e:e4:c7:65:32:ac:a7:1f:73:e0:67:52:bd:
         39:19:57:08:51:85:49:e5:17:7a:d3:a9:3a:1c:af:84:6d:74:
         37:af:ec:c5:d9:30:e7:c9:cb:9a:91:86:15:c4:76:8c:e3:96:
         5e:88:dd:3c:a6:a7:d9:c7:12:25:96:25:c6:99:d7:33:00:30:
         5f:2a:71:ef:68:88:44:ec:47:b7:87:dd:5b:3f:55:b4:0a:c0:
         33:c9:82:0e:e6:0e:6c:90:38:4b:9d:52:88:71:9f:de:2d:ac:
         aa:a8:4e:4c:a7:8e:98:d3:f0:7c:5a:9f:a1:a7:eb:27:e0:2a:
         ea:76:30:37:77:71:a7:ee:31:26:fa:b9:96:15:64:7f:ee:5b:
         7e:f9:6f:06:f9:50:d6:06:d7:5a:3e:ab:7c:ae:23:0f:6f:7c:
         80:ed:6e:6e
-----BEGIN CERTIFICATE-----
MIIFVDCCBDygAwIBAgISAY0TO13jN7cTaNhuVYplIH1fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2OTZhZWE2YmFiNzljNDhmNWRkZWU0YTQ2YmY0YWI2NGQ4
NjMxNjAwHhcNMjQwMTE2MTcwNDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGJmZTRlNzJlNWZlNjE5YjgxNjRkZDU1Nzk4NmYyMzliNzAzNjU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjFqeBBHEENS7hpZOeUZwYSWfG051
CxZXOwh+ciNsyXjTE44MOOzKvTyeEHCYueMfLbmtyDdgSKqTo95DgsoAPKAU2+uv
rDjsn5woEeMXXqCIihAR9PmSsAxoPMf21Jw93SDsipxDkIFIko48zt9BnnbQv37e
zvwelD+DEku3DQQqHnn96FOee1rEYta5oGipCP8g364QuhfllVNmFUjU34VZ8MGl
lL7Ot0EtNhL4bLWXq6reUhJAo+ikFbsZ8o9MxQZsJt04f41pO2s2ppVxPv6JPObU
czxBmAFo9jCIEVG7IqolLppYQ6StpTVkR7EYCqNWzWug2Dh8s9VHIYTDqQIDAQAB
o4ICYDCCAlwwHQYDVR0OBBYEFPS/5OcuX+YZuBZN1VeYbyObcDZUMB8GA1UdIwQY
MBaAFGaWrqa6t5xI9d3uSka/SrZNhjFgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnBhdXBycTNuRWoxM2U1S1JyOUt0azJHTVdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My80NTJjMmItZjJjZi00YTkyLWExY2Qt
ZjAxOThjNmMyNDc0LzEvOUxfazV5NWY1aG00RmszVlY1aHZJNXR3TmxRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My80NTJjMmItZjJjZi00YTkyLWExY2QtZjAxOThjNmMyNDc0
LzEvWnBhdXBycTNuRWoxM2U1S1JyOUt0azJHTVdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHYGCCsGAQUFBwEHAQH/BGcwZTBUBAIAATBOAwQELhaAAwQF
TpnAAwQEURHwAwQBW8XqAwQBsDTeAwQCuQJAAwQCuWHsAwQCuZhIAwQCuc7AAwQC
udGkAwQBwiQ6AwQBwiRAAwQDyEUIMA0EAgACMAcDBQAqAQCoMA0GCSqGSIb3DQEB
CwUAA4IBAQAW0ownNY1o29Yo71cEYyOmzvrsL2SnaOb0/vEUvNsFKRfhdFxJSKCf
wZzTzlWmmw8d3DRSUmOQk68mL0993AiaOAmyQ7UE2pw0vvkMYCkyiPfV9tSzN0y9
xcXznB3UMI7kx2UyrKcfc+BnUr05GVcIUYVJ5Rd606k6HK+EbXQ3r+zF2TDnycua
kYYVxHaM45ZeiN08pqfZxxIlliXGmdczADBfKnHvaIhE7Ee3h91bP1W0CsAzyYIO
5g5skDhLnVKIcZ/eLayqqE5Mp46Y0/B8Wp+hp+sn4CrqdjA3d3Gn7jEm+rmWFWR/
7lt++W8G+VDWBtdaPqt8riMPb3yA7W5u
-----END CERTIFICATE-----