Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/39a5fc-d26e-4d53-91e3-493d774aa1ff/1/RsitxJWhC0BxLHlkBe_rmfyzwpk.roa
File:                     RsitxJWhC0BxLHlkBe_rmfyzwpk.roa (raw, json)
Hash identifier:          5FKzV6e/xZow0SmquCwDB4doEZzaIvh4GtFmSvG3yME=
Subject key identifier:   46:C8:AD:C4:95:A1:0B:40:71:2C:79:64:05:EF:EB:99:FC:B3:C2:99
Certificate issuer:       /CN=3e24c7ecfa37d2487152fb9bbbab50be79de2619
Certificate serial:       0186FBAE45432002747A71128281C2FBA838
Authority key identifier: 3E:24:C7:EC:FA:37:D2:48:71:52:FB:9B:BB:AB:50:BE:79:DE:26:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PiTH7Po30khxUvubu6tQvnneJhk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/39a5fc-d26e-4d53-91e3-493d774aa1ff/1/RsitxJWhC0BxLHlkBe_rmfyzwpk.roa
Signing time:             Sun 19 Mar 2023 21:02:27 +0000
ROA not before:           Sun 19 Mar 2023 21:02:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     134433
IP address blocks:        185.71.229.0/24 maxlen: 24
                          185.71.230.0/24 maxlen: 24
                          185.71.231.0/24 maxlen: 24
                          185.71.228.0/24 maxlen: 24
                          185.125.84.0/24 maxlen: 24
                          185.125.85.0/24 maxlen: 24
                          193.0.180.0/24 maxlen: 24
                          185.125.86.0/24 maxlen: 24
                          193.0.182.0/24 maxlen: 24
                          193.0.183.0/24 maxlen: 24
                          2a05:3343:4::/48 maxlen: 48
                          2a05:3340:140::/42 maxlen: 48
                          2a05:3340::/42 maxlen: 42
                          2a05:3343:5::/48 maxlen: 48
                          2a05:3343:a::/48 maxlen: 48
                          2a05:3340::/29 maxlen: 64
                          2a05:3343:c::/48 maxlen: 48
                          2a05:3343:6::/48 maxlen: 48
                          2a05:3343:b::/48 maxlen: 48
                          2a05:3343:7::/48 maxlen: 48

Validation:               Failed, certificate revoked on Wed 22 Mar 2023 21:44:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:fb:ae:45:43:20:02:74:7a:71:12:82:81:c2:fb:a8:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e24c7ecfa37d2487152fb9bbbab50be79de2619
        Validity
            Not Before: Mar 19 21:02:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=46c8adc495a10b40712c796405efeb99fcb3c299
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:3a:7e:7e:6d:e2:21:51:c7:07:cf:ad:c2:46:
                    d1:c6:a8:68:0c:86:7b:9c:08:ff:cd:aa:ba:bf:a7:
                    09:b5:8a:24:e8:27:8d:6c:e4:56:bd:46:27:25:d2:
                    18:2b:30:fd:52:64:72:ee:69:39:bf:95:6c:c7:5f:
                    a8:ee:5f:12:3c:16:71:f6:3e:fe:6a:9c:98:92:01:
                    c0:97:60:50:2b:60:d3:2a:50:9e:1b:41:ef:ec:d1:
                    6f:f8:11:5e:83:1d:4a:64:50:4b:1a:34:00:da:68:
                    b5:91:a4:e1:ce:db:2c:36:2d:d7:c4:b9:2e:e3:8e:
                    75:cd:18:a2:17:a9:f1:0a:4c:05:1e:bd:7f:20:51:
                    43:c9:39:3e:a9:59:1f:0f:f8:01:1c:8a:4b:83:3c:
                    d7:46:12:7e:a2:9d:b2:97:de:c8:0f:1c:7a:f4:a0:
                    52:c9:72:f4:ae:e4:88:24:84:32:20:dc:92:10:d7:
                    72:4a:89:4a:9f:2d:d1:7b:b7:4d:95:a0:a6:69:08:
                    8f:ed:33:75:80:06:e0:58:0f:0f:ae:01:9e:4c:d4:
                    5b:c2:08:4e:37:24:9f:9a:69:f3:12:02:b8:3d:38:
                    27:af:ec:ce:76:c5:eb:a2:9a:02:8c:f1:4f:e0:49:
                    df:7a:d2:9f:5d:b2:87:9a:df:04:ab:94:62:0d:a7:
                    71:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:C8:AD:C4:95:A1:0B:40:71:2C:79:64:05:EF:EB:99:FC:B3:C2:99
            X509v3 Authority Key Identifier:
                keyid:3E:24:C7:EC:FA:37:D2:48:71:52:FB:9B:BB:AB:50:BE:79:DE:26:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PiTH7Po30khxUvubu6tQvnneJhk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/39a5fc-d26e-4d53-91e3-493d774aa1ff/1/RsitxJWhC0BxLHlkBe_rmfyzwpk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/39a5fc-d26e-4d53-91e3-493d774aa1ff/1/PiTH7Po30khxUvubu6tQvnneJhk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.71.228.0/22
                  185.125.84.0-185.125.86.255
                  193.0.180.0/24
                  193.0.182.0/23
                IPv6:
                  2a05:3340::/29

    Signature Algorithm: sha256WithRSAEncryption
         73:4a:cf:51:e4:f4:74:cf:7d:3c:da:a8:9f:62:b7:05:94:8e:
         42:56:29:87:23:bd:c1:32:61:18:8b:3a:55:4a:c7:55:cd:94:
         f4:c0:2f:46:a7:d4:60:24:98:1d:28:be:e9:65:43:54:92:f5:
         43:ed:ed:e7:de:7a:e3:1b:ce:c0:22:ce:59:aa:7f:c5:05:42:
         e4:48:2a:44:4f:e4:7d:87:64:ef:bb:cc:3b:95:98:fe:fa:e2:
         0a:1b:3f:02:b6:5e:cb:84:8b:65:b1:32:b3:dc:4f:f2:85:40:
         e5:7f:19:76:87:6e:58:0c:b0:f6:6d:ca:ea:5c:bf:a5:73:38:
         25:dd:05:71:c0:2a:7b:90:4e:81:58:cf:06:7c:3f:62:ab:11:
         31:a1:06:95:dc:32:f7:3b:92:eb:53:ad:59:63:b4:95:b5:db:
         76:ca:51:f4:bb:4f:e5:55:9e:74:f0:bc:86:cb:08:61:e4:a4:
         81:a8:15:0c:54:d6:fc:74:f3:7c:7d:51:24:c5:fb:b4:56:14:
         2a:c9:e6:8b:65:02:ed:62:ba:2f:45:c0:11:79:36:d0:3b:48:
         5f:4a:cd:33:d2:db:74:35:ba:69:56:66:1f:c2:74:53:b2:8f:
         c8:aa:1c:65:34:93:46:ee:63:9b:15:24:2b:8a:a5:80:57:da:
         24:4f:fc:80
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAYb7rkVDIAJ0enESgoHC+6g4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlMjRjN2VjZmEzN2QyNDg3MTUyZmI5YmJiYWI1MGJlNzlk
ZTI2MTkwHhcNMjMwMzE5MjEwMjI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmM4YWRjNDk1YTEwYjQwNzEyYzc5NjQwNWVmZWI5OWZjYjNjMjk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArzp+fm3iIVHHB8+twkbRxqhoDIZ7
nAj/zaq6v6cJtYok6CeNbORWvUYnJdIYKzD9UmRy7mk5v5Vsx1+o7l8SPBZx9j7+
apyYkgHAl2BQK2DTKlCeG0Hv7NFv+BFegx1KZFBLGjQA2mi1kaThztssNi3XxLku
4451zRiiF6nxCkwFHr1/IFFDyTk+qVkfD/gBHIpLgzzXRhJ+op2yl97IDxx69KBS
yXL0ruSIJIQyINySENdySolKny3Re7dNlaCmaQiP7TN1gAbgWA8PrgGeTNRbwghO
NySfmmnzEgK4PTgnr+zOdsXropoCjPFP4EnfetKfXbKHmt8Eq5RiDadxoQIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFEbIrcSVoQtAcSx5ZAXv65n8s8KZMB8GA1UdIwQY
MBaAFD4kx+z6N9JIcVL7m7urUL553iYZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGlUSDdQbzMwa2h4VXZ1YnU2dFF2bm5lSmhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8zOWE1ZmMtZDI2ZS00ZDUzLTkxZTMt
NDkzZDc3NGFhMWZmLzEvUnNpdHhKV2hDMEJ4TEhsa0JlX3JtZnl6d3BrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8zOWE1ZmMtZDI2ZS00ZDUzLTkxZTMtNDkzZDc3NGFhMWZm
LzEvUGlUSDdQbzMwa2h4VXZ1YnU2dFF2bm5lSmhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzAmBAIAATAgAwQCuUfkMAwD
BAK5fVQDBAC5fVYDBADBALQDBAHBALYwDQQCAAIwBwMFAyoFM0AwDQYJKoZIhvcN
AQELBQADggEBAHNKz1Hk9HTPfTzaqJ9itwWUjkJWKYcjvcEyYRiLOlVKx1XNlPTA
L0an1GAkmB0ovullQ1SS9UPt7efeeuMbzsAizlmqf8UFQuRIKkRP5H2HZO+7zDuV
mP764gobPwK2XsuEi2WxMrPcT/KFQOV/GXaHblgMsPZtyupcv6VzOCXdBXHAKnuQ
ToFYzwZ8P2KrETGhBpXcMvc7kutTrVljtJW123bKUfS7T+VVnnTwvIbLCGHkpIGo
FQxU1vx083x9USTF+7RWFCrJ5otlAu1iui9FwBF5NtA7SF9KzTPS23Q1umlWZh/C
dFOyj8iqHGU0k0buY5sVJCuKpYBX2iRP/IA=
-----END CERTIFICATE-----