Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/e25a3c-def6-4228-a10b-c45e949e9cd6/1/VH2YMN7QbcnT1trh7VOhUp9Pins.roa
File:                     VH2YMN7QbcnT1trh7VOhUp9Pins.roa (raw, json)
Hash identifier:          LSGL6guR0Ssk9wTCopl7djlJj4lBocbB8tSJB2K747k=
Subject key identifier:   54:7D:98:30:DE:D0:6D:C9:D3:D6:DA:E1:ED:53:A1:52:9F:4F:8A:7B
Certificate issuer:       /CN=29c170d98b5e35d7d51537671c6040a5151884bc
Certificate serial:       018CC8015C4F5004AD4F6C9A671D9D7619F0
Authority key identifier: 29:C1:70:D9:8B:5E:35:D7:D5:15:37:67:1C:60:40:A5:15:18:84:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KcFw2YteNdfVFTdnHGBApRUYhLw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/e25a3c-def6-4228-a10b-c45e949e9cd6/1/VH2YMN7QbcnT1trh7VOhUp9Pins.roa
Signing time:             Tue 02 Jan 2024 02:29:41 +0000
ROA not before:           Tue 02 Jan 2024 02:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12859
IP address blocks:        193.168.157.0/24 maxlen: 24
                          193.168.158.0/24 maxlen: 24
                          193.168.156.0/22 maxlen: 22
                          193.168.156.0/24 maxlen: 24
                          193.168.159.0/24 maxlen: 24
                          212.72.226.0/24 maxlen: 24
                          212.72.225.0/24 maxlen: 24
                          212.72.224.0/24 maxlen: 24
                          212.72.224.0/21 maxlen: 21
                          212.72.227.0/24 maxlen: 24
                          212.72.230.0/24 maxlen: 24
                          212.72.231.0/24 maxlen: 24
                          212.72.228.0/24 maxlen: 24
                          212.72.229.0/24 maxlen: 24
                          2a02:968::/32 maxlen: 48

Validation:               Failed, certificate revoked on Fri 16 Aug 2024 13:16:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:5c:4f:50:04:ad:4f:6c:9a:67:1d:9d:76:19:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29c170d98b5e35d7d51537671c6040a5151884bc
        Validity
            Not Before: Jan  2 02:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=547d9830ded06dc9d3d6dae1ed53a1529f4f8a7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:f0:0c:3c:be:fb:0b:0c:9b:4b:51:ec:e3:b8:
                    1e:33:af:4f:2c:43:6c:77:6c:84:e9:1f:1d:15:2e:
                    3f:a9:3b:9b:f9:b3:44:c1:4a:7a:8e:83:ab:a8:63:
                    37:b1:96:fd:3e:7f:ec:03:dd:a9:38:eb:d5:73:e2:
                    f4:16:50:61:fe:b9:87:b9:80:82:81:ac:3f:02:94:
                    ac:25:20:72:52:13:74:c5:c4:d9:7f:18:30:86:91:
                    e6:f0:26:1e:aa:1c:a1:e4:b6:0f:31:99:92:dd:3a:
                    8a:19:9c:cc:75:6b:b9:c3:66:b9:a5:5b:57:08:23:
                    66:f3:74:ed:78:0c:d6:18:62:70:4b:02:60:43:b7:
                    09:10:c1:3f:43:42:f8:7c:62:a6:e9:fa:c1:a4:3a:
                    03:fc:ef:ca:39:90:f5:b4:92:ff:8c:1d:c6:13:d0:
                    05:ea:0d:17:8a:17:ae:1b:ed:38:cd:83:21:03:7c:
                    0c:b8:8e:95:d7:ab:ed:12:17:29:93:72:61:77:43:
                    de:ad:c0:ff:40:e2:24:f8:37:4b:8e:ed:f9:de:44:
                    4c:85:f0:95:54:b2:7f:69:62:45:87:dc:c9:f6:60:
                    49:ff:1f:b0:f2:04:d1:82:fb:bc:c8:ac:f7:a3:cd:
                    e8:32:c8:62:f6:2c:8f:41:7f:95:63:cd:4a:e6:27:
                    90:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:7D:98:30:DE:D0:6D:C9:D3:D6:DA:E1:ED:53:A1:52:9F:4F:8A:7B
            X509v3 Authority Key Identifier:
                keyid:29:C1:70:D9:8B:5E:35:D7:D5:15:37:67:1C:60:40:A5:15:18:84:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KcFw2YteNdfVFTdnHGBApRUYhLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/e25a3c-def6-4228-a10b-c45e949e9cd6/1/VH2YMN7QbcnT1trh7VOhUp9Pins.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/e25a3c-def6-4228-a10b-c45e949e9cd6/1/KcFw2YteNdfVFTdnHGBApRUYhLw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.168.156.0/22
                  212.72.224.0/21
                IPv6:
                  2a02:968::/32

    Signature Algorithm: sha256WithRSAEncryption
         65:8a:37:51:96:5a:ef:67:c9:5b:d1:b5:c3:7f:e2:17:d8:ff:
         a1:b0:25:2b:22:89:64:1d:6f:52:6b:70:43:3c:57:b1:4e:61:
         e6:8c:59:58:2e:2c:34:51:ef:7f:08:08:f3:8f:7f:4c:fb:e7:
         1b:36:a4:06:14:88:32:05:55:c1:58:df:14:cb:b1:53:d8:cb:
         0e:c2:f5:dd:8a:ed:42:3b:77:2c:b2:4c:52:0e:9a:c7:fa:8a:
         10:5a:e4:60:3a:73:92:63:d4:af:c0:e0:cc:44:51:b6:7b:d7:
         dd:79:0e:e4:9e:d9:63:08:21:3b:7c:63:35:52:17:94:69:c1:
         23:38:ff:93:66:47:5b:64:bf:fd:90:48:25:27:78:bd:7d:65:
         23:63:05:e8:e9:08:cd:ff:3e:da:9c:08:f0:41:89:b0:32:d1:
         6f:21:9c:19:10:2c:04:d7:ca:d0:3d:7d:85:db:08:1e:88:f5:
         54:d5:b7:89:cd:ac:6b:53:db:77:b6:9d:c6:2a:76:d0:8d:9c:
         52:fb:c5:da:1b:36:d7:e8:e8:6c:9a:e7:3f:56:2d:a5:32:a4:
         cc:46:ef:30:02:e9:55:94:17:d1:37:d3:fa:c5:ba:4f:ef:6a:
         06:98:c8:80:6d:7e:c9:8e:d1:bc:09:9b:29:a3:3a:04:dd:c5:
         70:59:02:6f
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzIAVxPUAStT2yaZx2ddhnwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5YzE3MGQ5OGI1ZTM1ZDdkNTE1Mzc2NzFjNjA0MGE1MTUx
ODg0YmMwHhcNMjQwMTAyMDIyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDdkOTgzMGRlZDA2ZGM5ZDNkNmRhZTFlZDUzYTE1MjlmNGY4YTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjfAMPL77CwybS1Hs47geM69PLENs
d2yE6R8dFS4/qTub+bNEwUp6joOrqGM3sZb9Pn/sA92pOOvVc+L0FlBh/rmHuYCC
gaw/ApSsJSByUhN0xcTZfxgwhpHm8CYeqhyh5LYPMZmS3TqKGZzMdWu5w2a5pVtX
CCNm83TteAzWGGJwSwJgQ7cJEME/Q0L4fGKm6frBpDoD/O/KOZD1tJL/jB3GE9AF
6g0XiheuG+04zYMhA3wMuI6V16vtEhcpk3Jhd0PercD/QOIk+DdLju353kRMhfCV
VLJ/aWJFh9zJ9mBJ/x+w8gTRgvu8yKz3o83oMshi9iyPQX+VY81K5ieQVwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFFR9mDDe0G3J09ba4e1ToVKfT4p7MB8GA1UdIwQY
MBaAFCnBcNmLXjXX1RU3ZxxgQKUVGIS8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2NGdzJZdGVOZGZWRlRkbkhHQkFwUlVZaEx3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi9lMjVhM2MtZGVmNi00MjI4LWExMGIt
YzQ1ZTk0OWU5Y2Q2LzEvVkgyWU1ON1FiY25UMXRyaDdWT2hVcDlQaW5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi9lMjVhM2MtZGVmNi00MjI4LWExMGItYzQ1ZTk0OWU5Y2Q2
LzEvS2NGdzJZdGVOZGZWRlRkbkhHQkFwUlVZaEx3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCwaicAwQD
1EjgMA0EAgACMAcDBQAqAgloMA0GCSqGSIb3DQEBCwUAA4IBAQBlijdRllrvZ8lb
0bXDf+IX2P+hsCUrIolkHW9Sa3BDPFexTmHmjFlYLiw0Ue9/CAjzj39M++cbNqQG
FIgyBVXBWN8Uy7FT2MsOwvXdiu1CO3csskxSDprH+ooQWuRgOnOSY9SvwODMRFG2
e9fdeQ7kntljCCE7fGM1UheUacEjOP+TZkdbZL/9kEglJ3i9fWUjYwXo6QjN/z7a
nAjwQYmwMtFvIZwZECwE18rQPX2F2wgeiPVU1beJzaxrU9t3tp3GKnbQjZxS+8Xa
GzbX6Ohsmuc/Vi2lMqTMRu8wAulVlBfRN9P6xbpP72oGmMiAbX7JjtG8CZspozoE
3cVwWQJv
-----END CERTIFICATE-----