Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/dd7beb-6f78-419b-957d-37a60c335a5d/1/Btrtdq67zdvdR0mNHNsiBQFSD4w.roa
File:                     Btrtdq67zdvdR0mNHNsiBQFSD4w.roa (raw, json)
Hash identifier:          K2Xx+D4R+dxB7fgW6rXoGcl0pEnEjxIkKByc87tsNag=
Subject key identifier:   06:DA:ED:76:AE:BB:CD:DB:DD:47:49:8D:1C:DB:22:05:01:52:0F:8C
Certificate issuer:       /CN=7e45a9a0353a33c6a4f93608f9d25f27c85948b7
Certificate serial:       018CC80240C951C0E9C1D1CE01D832DB58C6
Authority key identifier: 7E:45:A9:A0:35:3A:33:C6:A4:F9:36:08:F9:D2:5F:27:C8:59:48:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fkWpoDU6M8ak-TYI-dJfJ8hZSLc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/dd7beb-6f78-419b-957d-37a60c335a5d/1/Btrtdq67zdvdR0mNHNsiBQFSD4w.roa
Signing time:             Tue 02 Jan 2024 02:30:40 +0000
ROA not before:           Tue 02 Jan 2024 02:30:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43207
IP address blocks:        46.231.8.0/21 maxlen: 24
                          91.209.142.0/24 maxlen: 24
                          185.44.248.0/22 maxlen: 24
                          151.249.64.0/20 maxlen: 24
                          85.95.32.0/19 maxlen: 19
                          209.35.128.0/20 maxlen: 20
                          185.168.144.0/22 maxlen: 22
                          185.113.0.0/22 maxlen: 24
                          91.214.228.0/22 maxlen: 24
                          5.133.172.0/22 maxlen: 24
                          2a01:5640::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 27 Feb 2024 15:20:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:40:c9:51:c0:e9:c1:d1:ce:01:d8:32:db:58:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e45a9a0353a33c6a4f93608f9d25f27c85948b7
        Validity
            Not Before: Jan  2 02:30:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=06daed76aebbcddbdd47498d1cdb220501520f8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:46:41:d7:4e:84:20:cb:c1:2c:1a:1a:49:fc:
                    ca:15:f0:10:16:f8:62:c4:bb:3d:da:05:ff:63:bf:
                    10:3e:51:00:88:56:7d:08:30:33:ec:dd:ee:1b:ff:
                    d8:6f:6b:1e:43:dc:b8:78:5b:e4:6d:fb:ef:02:f6:
                    5b:01:7c:b2:08:84:9f:31:f8:36:c8:f7:7e:3e:15:
                    e3:04:a9:a3:6a:d5:d3:f6:df:8d:13:44:54:aa:7d:
                    6d:39:7c:d6:5f:ba:20:48:94:d7:07:e6:2f:e3:13:
                    d0:10:7c:2c:88:09:2b:89:0f:9b:23:66:aa:19:21:
                    12:3e:4a:87:bf:b2:8c:a2:db:03:8e:44:45:a7:1f:
                    ae:c9:32:5a:59:1e:8d:50:fd:c4:56:ae:4a:75:d2:
                    3b:20:47:56:f1:e0:a3:83:d4:c3:04:e3:b2:b8:2a:
                    d3:ab:c1:c4:00:d5:aa:8b:66:78:81:d2:b9:96:79:
                    e1:3d:0c:df:1a:ed:d8:93:b4:00:0b:63:f6:da:4e:
                    c9:0e:7b:65:17:59:a0:90:76:2b:3a:81:75:7e:37:
                    f4:ff:77:57:dc:31:67:5f:b4:94:0b:d4:02:b0:13:
                    51:60:a1:65:fc:2f:45:b0:3e:e7:85:57:c8:25:85:
                    d8:05:ee:78:a0:31:a5:59:a7:f9:b6:d2:ad:77:43:
                    85:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:DA:ED:76:AE:BB:CD:DB:DD:47:49:8D:1C:DB:22:05:01:52:0F:8C
            X509v3 Authority Key Identifier:
                keyid:7E:45:A9:A0:35:3A:33:C6:A4:F9:36:08:F9:D2:5F:27:C8:59:48:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fkWpoDU6M8ak-TYI-dJfJ8hZSLc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/dd7beb-6f78-419b-957d-37a60c335a5d/1/Btrtdq67zdvdR0mNHNsiBQFSD4w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/dd7beb-6f78-419b-957d-37a60c335a5d/1/fkWpoDU6M8ak-TYI-dJfJ8hZSLc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.133.172.0/22
                  46.231.8.0/21
                  85.95.32.0/19
                  91.209.142.0/24
                  91.214.228.0/22
                  151.249.64.0/20
                  185.44.248.0/22
                  185.113.0.0/22
                  185.168.144.0/22
                  209.35.128.0/20
                IPv6:
                  2a01:5640::/32

    Signature Algorithm: sha256WithRSAEncryption
         9d:1c:4a:03:70:22:c5:ef:f1:00:bc:9d:09:2b:cb:f0:a0:64:
         51:b9:9d:e9:f9:83:62:a1:6d:2c:f1:6e:42:30:f2:7e:fb:d5:
         7d:32:68:16:3e:33:60:67:e2:3d:dc:b6:35:8c:92:05:e3:13:
         37:11:ac:87:50:3e:9e:dd:1f:a4:a9:90:1f:c5:7e:93:a2:12:
         c8:24:9a:5d:e3:59:bd:3e:69:da:4b:f8:9d:f7:99:53:c2:0d:
         a2:3f:c6:3c:10:47:e1:55:c4:ec:44:61:2e:5b:5b:9c:8e:86:
         91:b2:9f:90:c3:48:e6:a0:7f:03:33:5d:5b:0d:d1:9d:67:24:
         06:a0:3b:81:3b:07:e0:3d:88:c0:d3:28:b3:d7:40:3f:10:12:
         d2:d6:ad:bd:19:6d:63:f7:c5:52:d6:6d:03:f4:c5:a9:4f:bb:
         5b:ff:25:90:a8:23:b9:76:6f:8e:78:9d:19:33:9a:ba:30:99:
         e0:12:03:ff:b4:b6:32:85:da:fa:77:9c:09:d0:a2:c4:17:47:
         83:72:d9:81:ff:ef:b3:82:95:6b:db:db:c1:59:19:05:94:89:
         42:a7:9d:7a:2c:d7:7e:2f:b9:16:5f:e9:f0:31:ff:58:ea:87:
         20:a4:a6:19:33:47:22:b8:49:18:15:59:1e:41:c6:aa:31:1c:
         66:cf:7f:0b
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgISAYzIAkDJUcDpwdHOAdgy21jGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlNDVhOWEwMzUzYTMzYzZhNGY5MzYwOGY5ZDI1ZjI3Yzg1
OTQ4YjcwHhcNMjQwMTAyMDIzMDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmRhZWQ3NmFlYmJjZGRiZGQ0NzQ5OGQxY2RiMjIwNTAxNTIwZjhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqEZB106EIMvBLBoaSfzKFfAQFvhi
xLs92gX/Y78QPlEAiFZ9CDAz7N3uG//Yb2seQ9y4eFvkbfvvAvZbAXyyCISfMfg2
yPd+PhXjBKmjatXT9t+NE0RUqn1tOXzWX7ogSJTXB+Yv4xPQEHwsiAkriQ+bI2aq
GSESPkqHv7KMotsDjkRFpx+uyTJaWR6NUP3EVq5KddI7IEdW8eCjg9TDBOOyuCrT
q8HEANWqi2Z4gdK5lnnhPQzfGu3Yk7QAC2P22k7JDntlF1mgkHYrOoF1fjf0/3dX
3DFnX7SUC9QCsBNRYKFl/C9FsD7nhVfIJYXYBe54oDGlWaf5ttKtd0OFXwIDAQAB
o4ICTjCCAkowHQYDVR0OBBYEFAba7Xauu83b3UdJjRzbIgUBUg+MMB8GA1UdIwQY
MBaAFH5FqaA1OjPGpPk2CPnSXyfIWUi3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmtXcG9EVTZNOGFrLVRZSS1kSmZKOGhaU0xjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9kZDdiZWItNmY3OC00MTliLTk1N2Qt
MzdhNjBjMzM1YTVkLzEvQnRydGRxNjd6ZHZkUjBtTkhOc2lCUUZTRDR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9kZDdiZWItNmY3OC00MTliLTk1N2QtMzdhNjBjMzM1YTVk
LzEvZmtXcG9EVTZNOGFrLVRZSS1kSmZKOGhaU0xjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGQGCCsGAQUFBwEHAQH/BFUwUzBCBAIAATA8AwQCBYWsAwQD
LucIAwQFVV8gAwQAW9GOAwQCW9bkAwQEl/lAAwQCuSz4AwQCuXEAAwQCuaiQAwQE
0SOAMA0EAgACMAcDBQAqAVZAMA0GCSqGSIb3DQEBCwUAA4IBAQCdHEoDcCLF7/EA
vJ0JK8vwoGRRuZ3p+YNioW0s8W5CMPJ++9V9MmgWPjNgZ+I93LY1jJIF4xM3EayH
UD6e3R+kqZAfxX6TohLIJJpd41m9PmnaS/id95lTwg2iP8Y8EEfhVcTsRGEuW1uc
joaRsp+Qw0jmoH8DM11bDdGdZyQGoDuBOwfgPYjA0yiz10A/EBLS1q29GW1j98VS
1m0D9MWpT7tb/yWQqCO5dm+OeJ0ZM5q6MJngEgP/tLYyhdr6d5wJ0KLEF0eDctmB
/++zgpVr29vBWRkFlIlCp516LNd+L7kWX+nwMf9Y6ocgpKYZM0ciuEkYFVkeQcaq
MRxmz38L
-----END CERTIFICATE-----