Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/5fbcbb-00fa-4ad7-a801-43600171b8bd/1/MsnsdaBKDDRsKDCyz9CbUoLwyFI.roa
File:                     MsnsdaBKDDRsKDCyz9CbUoLwyFI.roa (raw, json)
Hash identifier:          I+krZsE/P3ANTFQCNC8pw3/xhal80/wigM35JGbWDGo=
Subject key identifier:   32:C9:EC:75:A0:4A:0C:34:6C:28:30:B2:CF:D0:9B:52:82:F0:C8:52
Certificate issuer:       /CN=969d46361b6af720fb9836acec965b0f52f4b09c
Certificate serial:       018BAE462FE2F4B12807FD2D1C0EC880CC60
Authority key identifier: 96:9D:46:36:1B:6A:F7:20:FB:98:36:AC:EC:96:5B:0F:52:F4:B0:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lp1GNhtq9yD7mDas7JZbD1L0sJw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/5fbcbb-00fa-4ad7-a801-43600171b8bd/1/MsnsdaBKDDRsKDCyz9CbUoLwyFI.roa
Signing time:             Wed 08 Nov 2023 09:31:57 +0000
ROA not before:           Wed 08 Nov 2023 09:31:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     29690
IP address blocks:        212.70.36.0/24 maxlen: 24
                          212.70.32.0/24 maxlen: 24
                          212.70.32.0/19 maxlen: 19
                          212.70.34.0/24 maxlen: 24
                          212.70.40.0/24 maxlen: 24
                          212.70.50.0/24 maxlen: 24
                          212.70.51.0/24 maxlen: 24
                          212.70.45.0/24 maxlen: 24
                          212.70.49.0/24 maxlen: 24
                          212.70.47.0/24 maxlen: 24
                          212.70.48.0/24 maxlen: 24
                          212.70.53.0/24 maxlen: 24
                          212.70.54.0/24 maxlen: 24
                          83.101.128.0/24 maxlen: 24
                          83.101.128.0/19 maxlen: 19
                          83.101.129.0/24 maxlen: 24
                          83.101.139.0/24 maxlen: 24
                          83.101.138.0/24 maxlen: 24
                          83.101.141.0/24 maxlen: 24
                          83.101.140.0/24 maxlen: 24
                          83.101.143.0/24 maxlen: 24
                          83.101.149.0/24 maxlen: 24
                          83.101.150.0/24 maxlen: 24
                          83.101.151.0/24 maxlen: 24
                          83.101.155.0/24 maxlen: 24
                          83.101.156.0/24 maxlen: 24
                          83.101.154.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 22 Nov 2023 04:54:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:ae:46:2f:e2:f4:b1:28:07:fd:2d:1c:0e:c8:80:cc:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=969d46361b6af720fb9836acec965b0f52f4b09c
        Validity
            Not Before: Nov  8 09:31:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=32c9ec75a04a0c346c2830b2cfd09b5282f0c852
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:e7:4e:e8:5d:7c:ca:dc:cc:41:a4:94:2d:fd:
                    5a:07:c2:55:cc:ae:0b:8a:cf:44:77:ac:09:a4:84:
                    59:39:37:71:36:69:3d:02:93:2d:aa:61:8a:22:63:
                    7d:1c:dd:c5:c2:e3:8f:6a:3a:c6:f6:ff:42:65:fc:
                    f9:1f:36:3f:a3:f4:c2:90:84:52:2f:36:37:ab:4d:
                    82:05:cb:f0:eb:7a:04:ee:a7:32:76:ed:8a:ac:ff:
                    09:9c:e9:17:9a:6d:cc:62:8a:53:fa:38:55:c5:d2:
                    1f:92:83:09:bf:e1:37:66:30:f1:33:5e:f5:eb:54:
                    ff:74:4e:51:98:15:e7:c4:4f:9f:bf:2c:e3:92:2b:
                    28:5a:b2:49:92:c3:14:01:ac:95:23:5a:94:59:ec:
                    0d:8f:72:e5:05:ce:f7:a5:34:ac:c4:27:8b:68:af:
                    90:4b:61:a5:fd:a7:a2:9e:41:53:fa:09:b9:da:27:
                    eb:fc:66:d9:91:fb:cc:5b:82:97:b9:ff:65:9e:32:
                    15:b6:96:a0:f3:97:9e:18:f1:da:73:d3:3a:13:c7:
                    15:d7:c3:8e:cf:62:ed:80:97:0f:61:1e:6a:22:b8:
                    d8:e0:5f:e8:7d:0f:b8:5b:55:c3:fb:26:52:b8:6d:
                    8a:18:20:06:c6:46:84:42:26:1f:8c:98:8d:be:6d:
                    31:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:C9:EC:75:A0:4A:0C:34:6C:28:30:B2:CF:D0:9B:52:82:F0:C8:52
            X509v3 Authority Key Identifier:
                keyid:96:9D:46:36:1B:6A:F7:20:FB:98:36:AC:EC:96:5B:0F:52:F4:B0:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lp1GNhtq9yD7mDas7JZbD1L0sJw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/5fbcbb-00fa-4ad7-a801-43600171b8bd/1/MsnsdaBKDDRsKDCyz9CbUoLwyFI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/5fbcbb-00fa-4ad7-a801-43600171b8bd/1/lp1GNhtq9yD7mDas7JZbD1L0sJw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.101.128.0/19
                  212.70.32.0/19

    Signature Algorithm: sha256WithRSAEncryption
         a0:78:3f:37:ea:61:10:a6:38:bc:81:3b:29:e4:3c:29:ab:8c:
         09:81:8b:ef:e9:98:c2:d6:0b:e9:c0:e4:5b:ac:ba:4b:58:8c:
         3a:14:e3:b0:4a:bb:ec:ff:73:43:1d:df:c4:6c:34:08:54:81:
         1b:aa:43:37:ee:a4:77:51:bb:9d:96:c3:cb:1e:76:4b:c0:48:
         46:51:54:f1:f1:14:da:0d:8b:7a:a9:cd:39:d5:6d:34:9c:b5:
         89:97:86:08:58:4f:fc:7e:b2:0e:4e:5a:b7:bd:b3:1d:4b:e6:
         c1:2f:93:36:0a:60:f0:6d:94:d3:e6:92:50:c3:91:a4:6c:57:
         9a:72:ca:86:c2:c7:47:b3:4d:fa:dd:97:32:57:6a:4d:d9:34:
         72:b3:b7:27:b4:ff:19:7a:53:ea:d4:df:d6:68:a1:18:d7:00:
         82:bf:71:09:54:b0:26:0b:bf:e6:20:9c:14:eb:4d:57:56:e5:
         89:8c:4f:4b:13:8d:31:a0:64:ff:1c:7d:e3:0a:d8:45:0b:a9:
         95:20:0c:a6:2e:be:d0:28:b8:7a:5d:48:d5:c6:7d:26:c3:c6:
         3e:76:fa:bb:65:cb:6b:2d:71:b9:2a:b4:0d:3f:a9:ee:56:b3:
         b4:1a:59:c7:32:55:45:b6:b2:bf:3f:88:99:7e:9a:6f:17:a7:
         e7:90:dd:16
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYuuRi/i9LEoB/0tHA7IgMxgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2OWQ0NjM2MWI2YWY3MjBmYjk4MzZhY2VjOTY1YjBmNTJm
NGIwOWMwHhcNMjMxMTA4MDkzMTU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMmM5ZWM3NWEwNGEwYzM0NmMyODMwYjJjZmQwOWI1MjgyZjBjODUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0OdO6F18ytzMQaSULf1aB8JVzK4L
is9Ed6wJpIRZOTdxNmk9ApMtqmGKImN9HN3FwuOPajrG9v9CZfz5HzY/o/TCkIRS
LzY3q02CBcvw63oE7qcydu2KrP8JnOkXmm3MYopT+jhVxdIfkoMJv+E3ZjDxM171
61T/dE5RmBXnxE+fvyzjkisoWrJJksMUAayVI1qUWewNj3LlBc73pTSsxCeLaK+Q
S2Gl/aeinkFT+gm52ifr/GbZkfvMW4KXuf9lnjIVtpag85eeGPHac9M6E8cV18OO
z2LtgJcPYR5qIrjY4F/ofQ+4W1XD+yZSuG2KGCAGxkaEQiYfjJiNvm0xGwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDLJ7HWgSgw0bCgwss/Qm1KC8MhSMB8GA1UdIwQY
MBaAFJadRjYbavcg+5g2rOyWWw9S9LCcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHAxR05odHE5eUQ3bURhczdKWmJEMUwwc0p3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi81ZmJjYmItMDBmYS00YWQ3LWE4MDEt
NDM2MDAxNzFiOGJkLzEvTXNuc2RhQktERFJzS0RDeXo5Q2JVb0x3eUZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi81ZmJjYmItMDBmYS00YWQ3LWE4MDEtNDM2MDAxNzFiOGJk
LzEvbHAxR05odHE5eUQ3bURhczdKWmJEMUwwc0p3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQFU2WAAwQF
1EYgMA0GCSqGSIb3DQEBCwUAA4IBAQCgeD836mEQpji8gTsp5Dwpq4wJgYvv6ZjC
1gvpwORbrLpLWIw6FOOwSrvs/3NDHd/EbDQIVIEbqkM37qR3UbudlsPLHnZLwEhG
UVTx8RTaDYt6qc051W00nLWJl4YIWE/8frIOTlq3vbMdS+bBL5M2CmDwbZTT5pJQ
w5GkbFeacsqGwsdHs0363ZcyV2pN2TRys7cntP8ZelPq1N/WaKEY1wCCv3EJVLAm
C7/mIJwU601XVuWJjE9LE40xoGT/HH3jCthFC6mVIAymLr7QKLh6XUjVxn0mw8Y+
dvq7ZctrLXG5KrQNP6nuVrO0GlnHMlVFtrK/P4iZfppvF6fnkN0W
-----END CERTIFICATE-----