Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/132ba8-7676-49f6-afcc-7d0423bda74c/1/igJq3S7lJqZGEoquIY560Pa03Ds.roa
File:                     igJq3S7lJqZGEoquIY560Pa03Ds.roa (raw, json)
Hash identifier:          K8bOWZzw6ll0H2BES+ELPvk0WqYlbEw1ehsMnDQebPU=
Subject key identifier:   8A:02:6A:DD:2E:E5:26:A6:46:12:8A:AE:21:8E:7A:D0:F6:B4:DC:3B
Certificate issuer:       /CN=b4d7ed14b8d51a20baec7b660f08a80cdcf817bf
Certificate serial:       01857395EC75BB3AB06551A23E1661B3673D
Authority key identifier: B4:D7:ED:14:B8:D5:1A:20:BA:EC:7B:66:0F:08:A8:0C:DC:F8:17:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tNftFLjVGiC67HtmDwioDNz4F78.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/132ba8-7676-49f6-afcc-7d0423bda74c/1/igJq3S7lJqZGEoquIY560Pa03Ds.roa
Signing time:             Mon 02 Jan 2023 17:44:43 +0000
ROA not before:           Mon 02 Jan 2023 17:44:43 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     28785
IP address blocks:        213.222.192.0/21 maxlen: 21
                          213.222.192.0/22 maxlen: 22
                          213.222.196.0/24 maxlen: 24
                          213.222.196.0/23 maxlen: 23
                          213.222.201.0/24 maxlen: 24
                          213.222.204.0/24 maxlen: 24
                          213.222.200.0/21 maxlen: 21
                          213.222.205.0/24 maxlen: 24
                          213.222.206.0/24 maxlen: 24
                          213.222.210.0/24 maxlen: 24
                          213.222.211.0/24 maxlen: 24
                          213.222.212.0/24 maxlen: 24
                          213.222.207.0/24 maxlen: 24
                          213.222.208.0/24 maxlen: 24
                          213.222.208.0/21 maxlen: 24
                          213.222.216.0/24 maxlen: 24
                          213.222.217.0/24 maxlen: 24
                          2a03:7580::/40 maxlen: 40
                          2a03:7580::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 00:29:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:73:95:ec:75:bb:3a:b0:65:51:a2:3e:16:61:b3:67:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4d7ed14b8d51a20baec7b660f08a80cdcf817bf
        Validity
            Not Before: Jan  2 17:44:43 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8a026add2ee526a646128aae218e7ad0f6b4dc3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:f1:20:ac:6b:b5:4d:06:f9:ea:6e:f2:b5:de:
                    2c:9e:d3:b8:58:33:ce:3d:66:47:d2:54:c2:26:4c:
                    dc:50:d1:3e:3a:f3:00:51:89:d0:2d:18:71:e4:86:
                    4d:aa:04:6f:53:da:d4:4e:95:3f:a2:95:84:83:f3:
                    1b:eb:bb:51:6e:67:02:a6:7d:e7:ef:1a:1f:c8:33:
                    4a:40:b3:e1:dc:49:6c:88:15:33:13:5a:7f:ec:33:
                    1a:42:32:4b:ae:30:f0:48:e8:d1:19:2c:a1:c2:0d:
                    8f:f9:e4:48:3f:74:5e:aa:37:3b:cc:a6:0b:06:04:
                    cc:d4:37:02:70:1f:b9:31:04:a7:44:a4:8e:51:ce:
                    82:a7:6c:32:ec:61:82:9b:5e:65:84:7c:97:2e:0f:
                    d2:ae:97:02:1d:5c:71:45:72:63:8a:d8:56:ae:fb:
                    dc:8e:4a:66:e3:3f:82:ce:12:d6:e0:89:d7:e4:16:
                    ff:b2:bd:7e:a5:62:2f:b3:de:a2:22:ff:47:ff:41:
                    82:3f:d2:88:ac:37:66:8e:73:64:89:57:6d:da:fe:
                    5b:a0:b7:e6:0d:10:f1:32:db:9f:4f:0a:e8:ca:98:
                    f8:fa:15:e9:1f:6a:d7:75:10:97:ce:4b:d8:7e:e9:
                    e6:5e:34:1b:ec:04:c9:f0:8f:65:83:87:ed:d7:db:
                    fc:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:02:6A:DD:2E:E5:26:A6:46:12:8A:AE:21:8E:7A:D0:F6:B4:DC:3B
            X509v3 Authority Key Identifier:
                keyid:B4:D7:ED:14:B8:D5:1A:20:BA:EC:7B:66:0F:08:A8:0C:DC:F8:17:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tNftFLjVGiC67HtmDwioDNz4F78.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/132ba8-7676-49f6-afcc-7d0423bda74c/1/igJq3S7lJqZGEoquIY560Pa03Ds.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/132ba8-7676-49f6-afcc-7d0423bda74c/1/tNftFLjVGiC67HtmDwioDNz4F78.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.222.192.0-213.222.217.255
                IPv6:
                  2a03:7580::/32

    Signature Algorithm: sha256WithRSAEncryption
         48:2d:d1:25:8b:45:41:80:6a:32:5a:a7:aa:6a:30:ea:ef:e1:
         4f:d2:59:98:6b:73:3a:ac:70:dd:21:30:1d:bb:b2:45:9a:c5:
         31:4c:f2:f3:d5:ef:7d:42:81:28:8f:54:96:ec:4f:38:ab:21:
         35:10:6e:56:70:50:29:1d:a7:ea:99:ec:e2:8c:da:8c:e4:57:
         e5:e4:fb:0b:11:00:9d:c1:c6:54:49:b0:79:4b:dd:f5:2f:b4:
         95:2c:72:d1:fd:a2:07:eb:b1:7a:4b:8c:fe:93:6b:ad:79:45:
         48:b6:7e:fd:c3:30:38:12:4f:56:d8:a6:89:9b:b7:4e:2e:61:
         75:40:97:47:b1:4e:75:02:92:44:77:81:e3:48:a1:dc:0e:5f:
         e8:36:3a:94:53:be:bd:5d:26:eb:d0:bc:a6:62:70:71:e0:15:
         85:60:33:da:77:78:bc:6d:e3:e7:96:99:82:a9:20:d8:19:53:
         a2:bb:c2:9d:cc:ce:5a:f2:15:8d:fb:6c:79:d5:0b:16:9b:4c:
         c9:0c:99:bd:63:0f:e0:60:50:97:c7:9e:ff:07:c0:72:d4:07:
         b3:07:b5:4e:80:14:f6:15:f7:65:53:92:42:b5:8f:32:13:1f:
         36:72:18:ff:3d:14:bb:fd:56:38:41:13:b9:82:e1:25:07:8e:
         62:78:c1:3a
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYVzlex1uzqwZVGiPhZhs2c9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0ZDdlZDE0YjhkNTFhMjBiYWVjN2I2NjBmMDhhODBjZGNm
ODE3YmYwHhcNMjMwMTAyMTc0NDQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTAyNmFkZDJlZTUyNmE2NDYxMjhhYWUyMThlN2FkMGY2YjRkYzNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApfEgrGu1TQb56m7ytd4sntO4WDPO
PWZH0lTCJkzcUNE+OvMAUYnQLRhx5IZNqgRvU9rUTpU/opWEg/Mb67tRbmcCpn3n
7xofyDNKQLPh3ElsiBUzE1p/7DMaQjJLrjDwSOjRGSyhwg2P+eRIP3Reqjc7zKYL
BgTM1DcCcB+5MQSnRKSOUc6Cp2wy7GGCm15lhHyXLg/SrpcCHVxxRXJjithWrvvc
jkpm4z+CzhLW4InX5Bb/sr1+pWIvs96iIv9H/0GCP9KIrDdmjnNkiVdt2v5boLfm
DRDxMtufTwroypj4+hXpH2rXdRCXzkvYfunmXjQb7ATJ8I9lg4ft19v8EwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFIoCat0u5SamRhKKriGOetD2tNw7MB8GA1UdIwQY
MBaAFLTX7RS41Roguux7Zg8IqAzc+Be/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdE5mdEZMalZHaUM2N0h0bUR3aW9ETno0Rjc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi8xMzJiYTgtNzY3Ni00OWY2LWFmY2Mt
N2QwNDIzYmRhNzRjLzEvaWdKcTNTN2xKcVpHRW9xdUlZNTYwUGEwM0RzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi8xMzJiYTgtNzY3Ni00OWY2LWFmY2MtN2QwNDIzYmRhNzRj
LzEvdE5mdEZMalZHaUM2N0h0bUR3aW9ETno0Rjc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTAUBAIAATAOMAwDBAbV3sAD
BAHV3tgwDQQCAAIwBwMFACoDdYAwDQYJKoZIhvcNAQELBQADggEBAEgt0SWLRUGA
ajJap6pqMOrv4U/SWZhrczqscN0hMB27skWaxTFM8vPV731CgSiPVJbsTzirITUQ
blZwUCkdp+qZ7OKM2ozkV+Xk+wsRAJ3BxlRJsHlL3fUvtJUsctH9ogfrsXpLjP6T
a615RUi2fv3DMDgST1bYpombt04uYXVAl0exTnUCkkR3geNIodwOX+g2OpRTvr1d
JuvQvKZicHHgFYVgM9p3eLxt4+eWmYKpINgZU6K7wp3MzlryFY37bHnVCxabTMkM
mb1jD+BgUJfHnv8HwHLUB7MHtU6AFPYV92VTkkK1jzITHzZyGP89FLv9VjhBE7mC
4SUHjmJ4wTo=
-----END CERTIFICATE-----