Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/02445c-81f9-47b3-9385-34f7d5131367/1/ZWIQC6ee1Tel07ixWcvcIoyfsw0.roa
File:                     ZWIQC6ee1Tel07ixWcvcIoyfsw0.roa (raw, json)
Hash identifier:          y1NvgdWmFdXzxTKOCeXlzIOjk3XbWwEy7BMiPEvKCQc=
Subject key identifier:   65:62:10:0B:A7:9E:D5:37:A5:D3:B8:B1:59:CB:DC:22:8C:9F:B3:0D
Certificate issuer:       /CN=07887ceb1cbd1029ef8a76df77f1152bb473b643
Certificate serial:       01856E41DDEA852A152B296E1E0C49DE9D46
Authority key identifier: 07:88:7C:EB:1C:BD:10:29:EF:8A:76:DF:77:F1:15:2B:B4:73:B6:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B4h86xy9ECnvinbfd_EVK7RztkM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/02445c-81f9-47b3-9385-34f7d5131367/1/ZWIQC6ee1Tel07ixWcvcIoyfsw0.roa
Signing time:             Sun 01 Jan 2023 16:54:48 +0000
ROA not before:           Sun 01 Jan 2023 16:54:48 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     21409
IP address blocks:        213.246.32.0/19 maxlen: 32
                          213.246.33.0/24 maxlen: 32
                          213.246.35.0/24 maxlen: 32
                          213.246.36.0/22 maxlen: 32
                          213.246.42.0/24 maxlen: 32
                          213.246.51.0/24 maxlen: 32
                          213.246.49.0/24 maxlen: 32
                          213.246.55.0/24 maxlen: 32
                          213.246.52.0/23 maxlen: 32
                          213.246.56.0/22 maxlen: 32
                          213.246.61.0/24 maxlen: 32
                          213.246.62.0/23 maxlen: 32
                          213.246.60.0/24 maxlen: 32
                          78.24.128.0/21 maxlen: 32
                          94.125.160.0/21 maxlen: 32
                          80.93.80.0/20 maxlen: 32
                          178.170.0.0/17 maxlen: 32
                          185.246.84.0/22 maxlen: 22
                          109.238.0.0/20 maxlen: 32
                          109.238.15.0/24 maxlen: 32
                          2a00:c70::/32 maxlen: 128

Validation:               Failed, certificate revoked on Fri 07 Apr 2023 14:23:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:41:dd:ea:85:2a:15:2b:29:6e:1e:0c:49:de:9d:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07887ceb1cbd1029ef8a76df77f1152bb473b643
        Validity
            Not Before: Jan  1 16:54:48 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6562100ba79ed537a5d3b8b159cbdc228c9fb30d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:0c:e8:de:40:17:d9:dc:95:90:82:02:34:1b:
                    27:37:cf:19:b6:f0:2a:5b:19:0a:53:0a:b5:bc:27:
                    50:15:2d:48:59:f6:f5:c7:51:fd:57:95:cb:72:76:
                    05:47:a4:46:1f:fe:ba:b1:d9:3d:80:67:7e:55:8a:
                    5e:c3:ce:63:d5:ef:2b:df:7a:3f:af:c7:23:07:72:
                    6a:3e:f1:86:c1:82:69:b1:30:91:2c:c0:85:b3:8a:
                    91:87:c3:40:62:09:44:5c:15:3d:09:29:fd:72:bf:
                    3f:10:47:a4:50:bc:3d:a2:51:a3:31:51:05:bc:37:
                    4d:19:07:41:3d:d6:73:c3:e9:fd:71:47:0a:2d:e0:
                    04:2a:ef:67:4a:38:07:b7:79:8a:f1:ac:7c:9a:03:
                    65:90:a1:17:44:55:5f:13:86:d1:18:28:8c:65:d8:
                    08:41:19:76:b3:82:00:eb:f9:af:26:b9:1f:23:36:
                    2c:79:7e:5f:86:25:a7:fc:b8:3b:a4:fa:52:db:20:
                    6d:62:b2:d8:ea:0a:16:c8:f4:0d:ca:b9:ae:38:4c:
                    9b:47:e6:57:79:99:65:bc:51:6f:af:9c:5a:19:83:
                    ab:98:32:a7:28:d0:87:86:91:8a:4f:19:90:9a:72:
                    9c:0c:ea:81:b2:aa:40:14:40:50:33:b2:20:3e:0c:
                    27:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:62:10:0B:A7:9E:D5:37:A5:D3:B8:B1:59:CB:DC:22:8C:9F:B3:0D
            X509v3 Authority Key Identifier:
                keyid:07:88:7C:EB:1C:BD:10:29:EF:8A:76:DF:77:F1:15:2B:B4:73:B6:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B4h86xy9ECnvinbfd_EVK7RztkM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/02445c-81f9-47b3-9385-34f7d5131367/1/ZWIQC6ee1Tel07ixWcvcIoyfsw0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/02445c-81f9-47b3-9385-34f7d5131367/1/B4h86xy9ECnvinbfd_EVK7RztkM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.24.128.0/21
                  80.93.80.0/20
                  94.125.160.0/21
                  109.238.0.0/20
                  178.170.0.0/17
                  185.246.84.0/22
                  213.246.32.0/19
                IPv6:
                  2a00:c70::/32

    Signature Algorithm: sha256WithRSAEncryption
         9a:d0:56:63:1b:dd:4b:e5:9c:36:94:1d:75:0e:0f:bd:47:f4:
         6e:dc:ea:ae:5b:2f:ed:02:29:c6:8f:88:ef:28:c6:20:47:fa:
         2c:92:c4:d4:cb:9b:0e:82:9a:dd:1d:df:44:07:9a:f2:32:01:
         9e:32:7d:48:3c:4c:72:80:45:4e:c4:8d:17:f1:ef:5e:31:9f:
         92:9a:3a:94:9d:5a:74:aa:42:b5:9e:a5:87:33:d3:63:02:78:
         66:59:d2:aa:a4:70:60:99:88:54:e8:aa:e6:b1:04:f6:89:6f:
         8e:a3:2b:49:a3:e7:2f:97:9a:24:b4:c2:62:dc:4b:d2:63:f1:
         3c:4c:3d:5d:43:f7:05:c6:ca:ab:ef:45:a9:dc:6c:3a:b0:23:
         4d:05:d0:fe:d3:d1:67:a5:52:69:13:cf:4a:6f:85:d3:3d:ed:
         39:dc:c3:53:48:14:ed:fe:d9:00:06:5f:98:59:7c:a1:8e:d8:
         a9:cd:34:86:8b:1e:00:52:45:b4:1b:df:d4:6d:25:7b:4f:ce:
         67:bf:91:e8:12:0e:a6:89:d7:61:93:4c:3c:72:cb:cf:e3:86:
         b0:6b:3d:57:18:4b:a0:6a:c4:2a:97:fc:93:d9:a3:21:b1:f3:
         7a:e5:82:12:61:39:fc:46:bf:01:cf:47:3b:77:e2:cb:05:c0:
         29:2a:9c:5f
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAYVuQd3qhSoVKyluHgxJ3p1GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3ODg3Y2ViMWNiZDEwMjllZjhhNzZkZjc3ZjExNTJiYjQ3
M2I2NDMwHhcNMjMwMTAxMTY1NDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTYyMTAwYmE3OWVkNTM3YTVkM2I4YjE1OWNiZGMyMjhjOWZiMzBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAogzo3kAX2dyVkIICNBsnN88ZtvAq
WxkKUwq1vCdQFS1IWfb1x1H9V5XLcnYFR6RGH/66sdk9gGd+VYpew85j1e8r33o/
r8cjB3JqPvGGwYJpsTCRLMCFs4qRh8NAYglEXBU9CSn9cr8/EEekULw9olGjMVEF
vDdNGQdBPdZzw+n9cUcKLeAEKu9nSjgHt3mK8ax8mgNlkKEXRFVfE4bRGCiMZdgI
QRl2s4IA6/mvJrkfIzYseX5fhiWn/Lg7pPpS2yBtYrLY6goWyPQNyrmuOEybR+ZX
eZllvFFvr5xaGYOrmDKnKNCHhpGKTxmQmnKcDOqBsqpAFEBQM7IgPgwnhwIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFGViEAunntU3pdO4sVnL3CKMn7MNMB8GA1UdIwQY
MBaAFAeIfOscvRAp74p233fxFSu0c7ZDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjRoODZ4eTlFQ252aW5iZmRfRVZLN1J6dGtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC8wMjQ0NWMtODFmOS00N2IzLTkzODUt
MzRmN2Q1MTMxMzY3LzEvWldJUUM2ZWUxVGVsMDdpeFdjdmNJb3lmc3cwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC8wMjQ0NWMtODFmOS00N2IzLTkzODUtMzRmN2Q1MTMxMzY3
LzEvQjRoODZ4eTlFQ252aW5iZmRfRVZLN1J6dGtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQDThiAAwQE
UF1QAwQDXn2gAwQEbe4AAwQHsqoAAwQCufZUAwQF1fYgMA0EAgACMAcDBQAqAAxw
MA0GCSqGSIb3DQEBCwUAA4IBAQCa0FZjG91L5Zw2lB11Dg+9R/Ru3OquWy/tAinG
j4jvKMYgR/osksTUy5sOgprdHd9EB5ryMgGeMn1IPExygEVOxI0X8e9eMZ+SmjqU
nVp0qkK1nqWHM9NjAnhmWdKqpHBgmYhU6KrmsQT2iW+OoytJo+cvl5oktMJi3EvS
Y/E8TD1dQ/cFxsqr70Wp3Gw6sCNNBdD+09FnpVJpE89Kb4XTPe053MNTSBTt/tkA
Bl+YWXyhjtipzTSGix4AUkW0G9/UbSV7T85nv5HoEg6middhk0w8csvP44awaz1X
GEugasQql/yT2aMhsfN65YISYTn8Rr8Bz0c7d+LLBcApKpxf
-----END CERTIFICATE-----