Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/39a5fc-d26e-4d53-91e3-493d774aa1ff/1/gGhIiYe_jIDE9dumiiAQpRO5I4k.roa
File:                     gGhIiYe_jIDE9dumiiAQpRO5I4k.roa (raw, json)
Hash identifier:          xL+qC22gQeZ+8oyOWqk0sX1+RJN0chCNMQ/hpe7t8HY=
Subject key identifier:   80:68:48:89:87:BF:8C:80:C4:F5:DB:A6:8A:20:10:A5:13:B9:23:89
Certificate issuer:       /CN=3e24c7ecfa37d2487152fb9bbbab50be79de2619
Certificate serial:       01870B48188F4C4519433A187EF102565F36
Authority key identifier: 3E:24:C7:EC:FA:37:D2:48:71:52:FB:9B:BB:AB:50:BE:79:DE:26:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PiTH7Po30khxUvubu6tQvnneJhk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/39a5fc-d26e-4d53-91e3-493d774aa1ff/1/gGhIiYe_jIDE9dumiiAQpRO5I4k.roa
Signing time:             Wed 22 Mar 2023 21:44:46 +0000
ROA not before:           Wed 22 Mar 2023 21:44:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     134433
IP address blocks:        185.71.229.0/24 maxlen: 24
                          185.71.230.0/24 maxlen: 24
                          185.71.231.0/24 maxlen: 24
                          185.71.228.0/24 maxlen: 24
                          185.125.84.0/24 maxlen: 24
                          185.125.85.0/24 maxlen: 24
                          193.0.180.0/24 maxlen: 24
                          185.125.86.0/24 maxlen: 24
                          185.125.87.0/24 maxlen: 24
                          193.0.182.0/24 maxlen: 24
                          193.0.183.0/24 maxlen: 24
                          2a05:3343:4::/48 maxlen: 48
                          2a05:3340:140::/42 maxlen: 48
                          2a05:3340::/42 maxlen: 42
                          2a05:3343:5::/48 maxlen: 48
                          2a05:3343:a::/48 maxlen: 48
                          2a05:3340::/29 maxlen: 64
                          2a05:3343:c::/48 maxlen: 48
                          2a05:3343:6::/48 maxlen: 48
                          2a05:3343:b::/48 maxlen: 48
                          2a05:3343:7::/48 maxlen: 48

Validation:               Failed, certificate revoked on Fri 31 Mar 2023 03:25:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:0b:48:18:8f:4c:45:19:43:3a:18:7e:f1:02:56:5f:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e24c7ecfa37d2487152fb9bbbab50be79de2619
        Validity
            Not Before: Mar 22 21:44:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8068488987bf8c80c4f5dba68a2010a513b92389
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:fb:79:e5:38:12:c4:78:27:cd:d5:f5:db:51:
                    47:0c:fa:73:14:4b:42:bd:17:6b:2e:da:0d:e2:64:
                    0c:7a:35:6e:de:5b:16:19:f7:c6:49:de:95:c3:df:
                    49:0a:43:34:f9:4d:5f:00:c2:bf:03:d2:bd:0d:be:
                    7c:5e:43:18:47:91:fc:c9:d2:28:88:c5:d4:af:2c:
                    82:df:17:b4:92:8f:e7:b4:a8:b3:31:dc:3f:34:b9:
                    34:d6:11:14:97:7a:90:f0:63:a7:cc:67:bf:d2:ee:
                    99:6d:a5:a0:3b:c3:b4:22:7e:4e:d2:98:c8:43:7a:
                    29:3d:71:37:6b:a3:65:b2:d2:d9:28:74:9b:88:f6:
                    86:3d:6d:e9:78:f7:d1:99:2a:03:e9:01:59:c1:29:
                    fe:44:09:3e:ff:3e:44:52:d1:4d:c0:37:75:a7:ab:
                    43:97:33:6d:41:d5:5e:e1:82:2b:11:54:a2:e9:7d:
                    00:80:33:ef:3c:47:ef:81:19:d0:9e:86:81:ef:5a:
                    48:cd:48:83:e8:b0:3c:d8:82:83:bc:b5:ca:34:c9:
                    52:ca:75:5f:48:68:0d:80:a0:b8:c6:f5:cd:17:c0:
                    96:ab:80:3d:cd:9b:14:d5:ab:7d:04:0a:48:29:f5:
                    8d:bd:02:f6:50:2f:c2:95:97:a1:ae:6e:b3:ba:ef:
                    d0:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:68:48:89:87:BF:8C:80:C4:F5:DB:A6:8A:20:10:A5:13:B9:23:89
            X509v3 Authority Key Identifier:
                keyid:3E:24:C7:EC:FA:37:D2:48:71:52:FB:9B:BB:AB:50:BE:79:DE:26:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PiTH7Po30khxUvubu6tQvnneJhk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/39a5fc-d26e-4d53-91e3-493d774aa1ff/1/gGhIiYe_jIDE9dumiiAQpRO5I4k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/39a5fc-d26e-4d53-91e3-493d774aa1ff/1/PiTH7Po30khxUvubu6tQvnneJhk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.71.228.0/22
                  185.125.84.0/22
                  193.0.180.0/24
                  193.0.182.0/23
                IPv6:
                  2a05:3340::/29

    Signature Algorithm: sha256WithRSAEncryption
         ad:9f:21:d2:2b:26:59:b7:14:2a:08:21:3a:44:d9:6e:f8:ef:
         2d:b9:d2:a4:27:85:ec:74:d1:78:48:7c:b2:70:b7:72:7b:73:
         d3:03:e9:67:1d:e8:a2:68:eb:0c:ab:a9:a0:c1:28:ec:c5:11:
         ad:17:01:e0:b3:dc:30:04:58:48:9d:d3:1c:99:72:66:cb:79:
         22:37:46:fa:1d:85:d3:b6:f1:4a:17:30:60:c6:33:49:45:bd:
         5c:dc:50:ea:9e:e4:1f:1e:1f:06:ac:96:84:27:36:7e:16:bd:
         f5:83:5c:4b:18:3e:8a:a1:6f:04:84:fa:ae:5f:56:5c:13:d5:
         a3:b4:4f:4a:c4:9b:b2:6a:36:c8:e6:ff:a0:dc:e9:64:8a:94:
         5a:c7:10:75:bf:f6:17:cd:82:22:80:75:d8:d3:13:54:15:8a:
         74:ca:c9:a1:a5:76:64:f6:45:bc:5a:cd:10:70:60:6e:93:e3:
         d6:a1:8b:4a:8c:3e:46:75:0d:9c:b8:ed:1b:ff:2b:77:b4:d4:
         44:7e:9a:17:a4:bf:fc:54:5d:87:20:68:81:45:d1:59:84:0d:
         aa:2b:2d:f0:0c:1e:f2:65:99:29:16:db:06:35:ff:94:a3:fd:
         d1:42:99:64:5f:5b:33:d7:7f:a5:8f:63:8a:b6:de:ff:be:12:
         44:06:50:3c
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYcLSBiPTEUZQzoYfvECVl82MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlMjRjN2VjZmEzN2QyNDg3MTUyZmI5YmJiYWI1MGJlNzlk
ZTI2MTkwHhcNMjMwMzIyMjE0NDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDY4NDg4OTg3YmY4YzgwYzRmNWRiYTY4YTIwMTBhNTEzYjkyMzg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkft55TgSxHgnzdX121FHDPpzFEtC
vRdrLtoN4mQMejVu3lsWGffGSd6Vw99JCkM0+U1fAMK/A9K9Db58XkMYR5H8ydIo
iMXUryyC3xe0ko/ntKizMdw/NLk01hEUl3qQ8GOnzGe/0u6ZbaWgO8O0In5O0pjI
Q3opPXE3a6NlstLZKHSbiPaGPW3pePfRmSoD6QFZwSn+RAk+/z5EUtFNwDd1p6tD
lzNtQdVe4YIrEVSi6X0AgDPvPEfvgRnQnoaB71pIzUiD6LA82IKDvLXKNMlSynVf
SGgNgKC4xvXNF8CWq4A9zZsU1at9BApIKfWNvQL2UC/ClZehrm6zuu/QbQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFIBoSImHv4yAxPXbpoogEKUTuSOJMB8GA1UdIwQY
MBaAFD4kx+z6N9JIcVL7m7urUL553iYZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGlUSDdQbzMwa2h4VXZ1YnU2dFF2bm5lSmhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8zOWE1ZmMtZDI2ZS00ZDUzLTkxZTMt
NDkzZDc3NGFhMWZmLzEvZ0doSWlZZV9qSURFOWR1bWlpQVFwUk81STRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8zOWE1ZmMtZDI2ZS00ZDUzLTkxZTMtNDkzZDc3NGFhMWZm
LzEvUGlUSDdQbzMwa2h4VXZ1YnU2dFF2bm5lSmhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQCuUfkAwQC
uX1UAwQAwQC0AwQBwQC2MA0EAgACMAcDBQMqBTNAMA0GCSqGSIb3DQEBCwUAA4IB
AQCtnyHSKyZZtxQqCCE6RNlu+O8tudKkJ4XsdNF4SHyycLdye3PTA+lnHeiiaOsM
q6mgwSjsxRGtFwHgs9wwBFhIndMcmXJmy3kiN0b6HYXTtvFKFzBgxjNJRb1c3FDq
nuQfHh8GrJaEJzZ+Fr31g1xLGD6KoW8EhPquX1ZcE9WjtE9KxJuyajbI5v+g3Olk
ipRaxxB1v/YXzYIigHXY0xNUFYp0ysmhpXZk9kW8Ws0QcGBuk+PWoYtKjD5GdQ2c
uO0b/yt3tNREfpoXpL/8VF2HIGiBRdFZhA2qKy3wDB7yZZkpFtsGNf+Uo/3RQplk
X1sz13+lj2OKtt7/vhJEBlA8
-----END CERTIFICATE-----