Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/452c2b-f2cf-4a92-a1cd-f0198c6c2474/1/ShnFS82e0GRdTv2Hs0A5sNjhOM0.roa
File:                     ShnFS82e0GRdTv2Hs0A5sNjhOM0.roa (raw, json)
Hash identifier:          utCPETeQxJ7OlnHlqVWhb63KG6b+yur51aejhGt51uo=
Subject key identifier:   4A:19:C5:4B:CD:9E:D0:64:5D:4E:FD:87:B3:40:39:B0:D8:E1:38:CD
Certificate issuer:       /CN=6696aea6bab79c48f5ddee4a46bf4ab64d863160
Certificate serial:       01856DD3EDE167D3856A3211844249EB7B80
Authority key identifier: 66:96:AE:A6:BA:B7:9C:48:F5:DD:EE:4A:46:BF:4A:B6:4D:86:31:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zpauprq3nEj13e5KRr9Ktk2GMWA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/452c2b-f2cf-4a92-a1cd-f0198c6c2474/1/ShnFS82e0GRdTv2Hs0A5sNjhOM0.roa
Signing time:             Sun 01 Jan 2023 14:54:43 +0000
ROA not before:           Sun 01 Jan 2023 14:54:43 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     39122
IP address blocks:        185.97.236.0/22 maxlen: 22
                          81.17.240.0/20 maxlen: 24
                          194.36.58.0/23 maxlen: 23
                          91.197.234.0/23 maxlen: 23
                          194.36.64.0/23 maxlen: 23
                          176.52.222.0/23 maxlen: 23
                          185.152.72.0/22 maxlen: 22
                          185.209.164.0/22 maxlen: 22
                          200.69.8.0/21 maxlen: 21
                          185.206.192.0/22 maxlen: 22
                          78.153.192.0/19 maxlen: 24
                          185.2.64.0/22 maxlen: 22
                          46.22.128.0/20 maxlen: 20
                          2a01:a8::/32 maxlen: 32
                          2a01:ac::/32 maxlen: 32

Validation:               Failed, certificate revoked on Fri 01 Dec 2023 10:58:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:d3:ed:e1:67:d3:85:6a:32:11:84:42:49:eb:7b:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6696aea6bab79c48f5ddee4a46bf4ab64d863160
        Validity
            Not Before: Jan  1 14:54:43 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4a19c54bcd9ed0645d4efd87b34039b0d8e138cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:37:d5:8c:d0:d8:45:0b:cf:fb:55:01:a6:b3:
                    c4:03:3b:4a:96:9e:2c:1b:5e:fa:25:91:38:58:be:
                    ce:c3:6d:6a:6b:ff:13:9a:ac:2b:dc:08:9a:e5:75:
                    dd:eb:13:3e:17:97:89:d4:6b:85:f3:a4:94:12:d9:
                    84:5a:9f:6d:c6:17:9d:a5:70:e4:41:ba:3d:61:71:
                    21:e2:f5:67:fe:a8:0a:45:f4:76:ad:b1:95:c0:4b:
                    aa:c3:7c:3e:1a:1b:74:8c:e4:ae:91:18:44:54:07:
                    ab:b6:92:d7:15:3a:29:46:97:bd:f0:90:f0:83:47:
                    14:dc:00:e7:61:b8:c4:f1:69:cb:f5:a9:a9:d5:32:
                    46:21:0f:fa:88:0d:43:ab:48:99:a9:f6:3a:a5:3f:
                    b0:bb:36:5c:de:3d:73:29:72:3e:7b:c3:ae:2b:19:
                    ef:0a:46:94:1c:e4:cc:49:f5:94:04:48:03:41:ab:
                    e2:dc:42:1e:1d:11:2d:f0:2c:0a:0b:81:a6:d1:93:
                    a4:eb:28:94:fb:c5:2e:c0:86:69:56:9e:d4:2e:cb:
                    c0:f4:23:a9:48:b1:07:26:a2:6f:d3:54:32:7d:c6:
                    05:9e:bf:28:2a:82:41:8d:b9:d9:06:68:85:8d:f6:
                    f1:e0:22:de:b3:c4:bc:9b:3b:da:30:62:16:94:ad:
                    a0:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:19:C5:4B:CD:9E:D0:64:5D:4E:FD:87:B3:40:39:B0:D8:E1:38:CD
            X509v3 Authority Key Identifier:
                keyid:66:96:AE:A6:BA:B7:9C:48:F5:DD:EE:4A:46:BF:4A:B6:4D:86:31:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zpauprq3nEj13e5KRr9Ktk2GMWA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/452c2b-f2cf-4a92-a1cd-f0198c6c2474/1/ShnFS82e0GRdTv2Hs0A5sNjhOM0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/452c2b-f2cf-4a92-a1cd-f0198c6c2474/1/Zpauprq3nEj13e5KRr9Ktk2GMWA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.22.128.0/20
                  78.153.192.0/19
                  81.17.240.0/20
                  91.197.234.0/23
                  176.52.222.0/23
                  185.2.64.0/22
                  185.97.236.0/22
                  185.152.72.0/22
                  185.206.192.0/22
                  185.209.164.0/22
                  194.36.58.0/23
                  194.36.64.0/23
                  200.69.8.0/21
                IPv6:
                  2a01:a8::/32
                  2a01:ac::/32

    Signature Algorithm: sha256WithRSAEncryption
         22:fd:8f:f6:dc:18:84:8f:7c:5c:7e:3f:ab:42:a7:5f:81:cf:
         47:24:89:dd:fc:bc:3f:9b:f6:52:ef:f9:f5:dc:63:d7:3d:ae:
         e3:47:ed:33:03:8a:29:6f:56:07:9f:2b:8b:26:ae:4b:db:59:
         b8:b3:a7:0b:43:a5:3c:d8:23:c1:2d:2a:e0:ba:ea:97:29:27:
         81:a6:f5:30:f1:ab:d2:9e:23:db:07:37:2d:16:e5:c6:c5:05:
         75:1f:39:67:c0:8b:01:41:7a:29:f2:c8:98:52:da:ff:39:2c:
         c3:11:de:d5:0a:14:9f:fe:ba:c7:e9:6f:5b:67:be:ac:0f:76:
         b6:a0:04:c4:61:e3:01:dd:1a:da:d2:e4:14:3d:1f:30:c1:71:
         7b:5a:18:51:ae:77:74:1d:f9:5a:85:4e:32:89:c2:ba:86:64:
         21:cb:f7:05:49:69:dc:28:a6:84:45:5e:66:25:0a:f3:de:f1:
         f0:9f:98:b9:e2:41:68:5b:dc:dc:e2:b7:5d:cf:2d:f1:c0:ea:
         09:96:1a:b1:a8:d4:99:f4:d9:20:e2:78:03:37:31:ef:b5:df:
         66:37:e3:82:55:e5:14:84:9d:19:92:38:c1:bc:92:c6:d6:73:
         b9:ec:0e:f9:d8:b4:af:7a:06:c2:db:53:07:07:75:82:23:22:
         35:54:86:a6
-----BEGIN CERTIFICATE-----
MIIFWzCCBEOgAwIBAgISAYVt0+3hZ9OFajIRhEJJ63uAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2OTZhZWE2YmFiNzljNDhmNWRkZWU0YTQ2YmY0YWI2NGQ4
NjMxNjAwHhcNMjMwMTAxMTQ1NDQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTE5YzU0YmNkOWVkMDY0NWQ0ZWZkODdiMzQwMzliMGQ4ZTEzOGNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkjfVjNDYRQvP+1UBprPEAztKlp4s
G176JZE4WL7Ow21qa/8Tmqwr3Aia5XXd6xM+F5eJ1GuF86SUEtmEWp9txhedpXDk
Qbo9YXEh4vVn/qgKRfR2rbGVwEuqw3w+Ght0jOSukRhEVAertpLXFTopRpe98JDw
g0cU3ADnYbjE8WnL9amp1TJGIQ/6iA1Dq0iZqfY6pT+wuzZc3j1zKXI+e8OuKxnv
CkaUHOTMSfWUBEgDQavi3EIeHREt8CwKC4Gm0ZOk6yiU+8UuwIZpVp7ULsvA9COp
SLEHJqJv01QyfcYFnr8oKoJBjbnZBmiFjfbx4CLes8S8mzvaMGIWlK2gBQIDAQAB
o4ICZzCCAmMwHQYDVR0OBBYEFEoZxUvNntBkXU79h7NAObDY4TjNMB8GA1UdIwQY
MBaAFGaWrqa6t5xI9d3uSka/SrZNhjFgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnBhdXBycTNuRWoxM2U1S1JyOUt0azJHTVdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My80NTJjMmItZjJjZi00YTkyLWExY2Qt
ZjAxOThjNmMyNDc0LzEvU2huRlM4MmUwR1JkVHYySHMwQTVzTmpoT00wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My80NTJjMmItZjJjZi00YTkyLWExY2QtZjAxOThjNmMyNDc0
LzEvWnBhdXBycTNuRWoxM2U1S1JyOUt0azJHTVdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH0GCCsGAQUFBwEHAQH/BG4wbDBUBAIAATBOAwQELhaAAwQF
TpnAAwQEURHwAwQBW8XqAwQBsDTeAwQCuQJAAwQCuWHsAwQCuZhIAwQCuc7AAwQC
udGkAwQBwiQ6AwQBwiRAAwQDyEUIMBQEAgACMA4DBQAqAQCoAwUAKgEArDANBgkq
hkiG9w0BAQsFAAOCAQEAIv2P9twYhI98XH4/q0KnX4HPRySJ3fy8P5v2Uu/59dxj
1z2u40ftMwOKKW9WB58riyauS9tZuLOnC0OlPNgjwS0q4Lrqlykngab1MPGr0p4j
2wc3LRblxsUFdR85Z8CLAUF6KfLImFLa/zkswxHe1QoUn/66x+lvW2e+rA92tqAE
xGHjAd0a2tLkFD0fMMFxe1oYUa53dB35WoVOMonCuoZkIcv3BUlp3CimhEVeZiUK
897x8J+YueJBaFvc3OK3Xc8t8cDqCZYasajUmfTZIOJ4Azcx77XfZjfjglXlFISd
GZI4wbySxtZzuewO+di0r3oGwttTBwd1giMiNVSGpg==
-----END CERTIFICATE-----