Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/ce69f0-b6e1-4ba6-b9e0-4eb2695a868d/1/MLiexEt1yJflpqqqrwu8f_BXxAo.roa
File:                     MLiexEt1yJflpqqqrwu8f_BXxAo.roa (raw, json)
Hash identifier:          jHq4T+N2yTLgEVSw8xLJmCcGg+bfiAliSR2aK2He2fA=
Subject key identifier:   30:B8:9E:C4:4B:75:C8:97:E5:A6:AA:AA:AF:0B:BC:7F:F0:57:C4:0A
Certificate issuer:       /CN=cf1d7ff016fff5d039a9689a43c93e84fe45dbc8
Certificate serial:       01856DE65017B2F66E0664638CC0A9AF4CD5
Authority key identifier: CF:1D:7F:F0:16:FF:F5:D0:39:A9:68:9A:43:C9:3E:84:FE:45:DB:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zx1_8Bb_9dA5qWiaQ8k-hP5F28g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/ce69f0-b6e1-4ba6-b9e0-4eb2695a868d/1/MLiexEt1yJflpqqqrwu8f_BXxAo.roa
Signing time:             Sun 01 Jan 2023 15:14:48 +0000
ROA not before:           Sun 01 Jan 2023 15:14:48 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     47477
IP address blocks:        192.164.161.0/24 maxlen: 24
                          192.164.164.0/24 maxlen: 24
                          192.164.172.0/24 maxlen: 24
                          192.164.167.0/24 maxlen: 24
                          192.164.173.0/24 maxlen: 24
                          192.164.174.0/24 maxlen: 24
                          2a04:62c2:1::/48 maxlen: 48
                          2a04:62c2:6::/48 maxlen: 48
                          2a04:62c1::/32 maxlen: 32
                          2a04:62c2:5::/48 maxlen: 48
                          2a04:62c2:4::/48 maxlen: 48
                          2a04:62c2:3::/48 maxlen: 48
                          2a04:62c0::/32 maxlen: 32
                          2a04:62c2:2::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 22:31:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:e6:50:17:b2:f6:6e:06:64:63:8c:c0:a9:af:4c:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf1d7ff016fff5d039a9689a43c93e84fe45dbc8
        Validity
            Not Before: Jan  1 15:14:48 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=30b89ec44b75c897e5a6aaaaaf0bbc7ff057c40a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:28:8b:c4:ac:a6:27:50:cd:ea:28:9f:da:31:
                    79:8e:93:4d:79:99:85:4e:12:bb:f2:e3:16:71:cf:
                    72:38:34:df:f6:db:db:86:da:13:d0:22:fd:b6:02:
                    c2:bf:a7:68:5b:72:f2:71:4f:41:eb:ff:df:14:e3:
                    37:12:68:79:ad:77:b9:d3:bc:9d:99:94:b7:10:86:
                    e5:7f:a7:23:bb:66:4a:95:50:dc:9e:71:1d:8f:9b:
                    d2:2b:46:67:93:87:1d:18:51:76:63:af:f2:bf:be:
                    3c:8b:8d:92:fa:28:9d:3a:3f:3c:95:70:59:45:c1:
                    5e:15:2e:03:6f:ef:67:83:1c:6b:b2:c8:7b:a9:39:
                    61:1d:c7:60:dc:51:52:9d:b5:15:a3:9a:f3:4f:fe:
                    f2:ad:3b:f7:59:eb:51:38:ba:e7:66:67:77:69:c4:
                    67:46:c4:c8:4d:8c:81:42:6f:9e:34:fc:41:7d:56:
                    11:28:35:af:f8:02:e3:3e:0b:89:1b:3a:6b:6f:2d:
                    39:b3:97:6e:f2:70:28:5e:59:a0:a0:c5:2d:e5:05:
                    15:88:d8:c3:e7:03:cd:bd:4d:fb:d6:eb:a9:b0:bd:
                    c2:45:a0:c3:4b:16:5d:81:26:cb:d9:98:a6:54:b9:
                    63:22:d1:3e:47:d5:e4:81:8a:9c:ef:18:a4:56:f5:
                    0d:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:B8:9E:C4:4B:75:C8:97:E5:A6:AA:AA:AF:0B:BC:7F:F0:57:C4:0A
            X509v3 Authority Key Identifier:
                keyid:CF:1D:7F:F0:16:FF:F5:D0:39:A9:68:9A:43:C9:3E:84:FE:45:DB:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zx1_8Bb_9dA5qWiaQ8k-hP5F28g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/ce69f0-b6e1-4ba6-b9e0-4eb2695a868d/1/MLiexEt1yJflpqqqrwu8f_BXxAo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/ce69f0-b6e1-4ba6-b9e0-4eb2695a868d/1/zx1_8Bb_9dA5qWiaQ8k-hP5F28g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.164.161.0/24
                  192.164.164.0/24
                  192.164.167.0/24
                  192.164.172.0-192.164.174.255
                IPv6:
                  2a04:62c0::/31
                  2a04:62c2:1::-2a04:62c2:6:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         74:10:02:7e:5f:7c:73:4c:78:ba:7f:28:34:e5:1e:d8:4b:94:
         c5:53:97:ba:21:0f:ae:c5:31:88:22:f4:2f:52:0e:32:b6:a7:
         5b:76:cc:2a:d4:07:93:1a:c3:ad:86:89:52:e9:1f:08:38:93:
         ee:c7:13:00:30:3e:ab:68:ed:b7:03:78:a9:30:8b:32:d1:37:
         c4:a1:35:eb:be:78:82:4b:6b:8e:ae:cb:cb:12:f9:c1:c8:35:
         63:b9:43:7c:0e:20:d3:2c:b5:87:f9:f4:9c:37:af:e7:3c:4c:
         64:d9:f6:fd:c6:6b:aa:d2:b9:77:c6:82:64:02:3f:b7:f4:65:
         74:23:24:bd:6e:25:82:db:02:ca:b0:3c:89:f8:0f:f2:19:c6:
         cc:8a:c6:4c:cc:45:45:37:4b:93:d0:ba:6e:d0:ee:b3:39:ef:
         4c:e8:a0:b8:60:a7:d7:4b:7f:f4:f6:25:77:c9:60:b8:87:54:
         2b:4c:fa:4e:fa:86:8e:25:b0:e7:03:da:31:5c:b2:0b:90:f2:
         c8:83:40:df:28:af:50:8e:5b:e4:dc:d8:d5:0d:55:8e:85:e3:
         0d:21:58:03:26:af:87:f1:84:e2:68:56:bd:29:a7:04:ca:94:
         f0:2b:4c:d7:59:87:69:d9:ef:bf:e6:cd:64:18:d7:07:42:5d:
         34:e4:eb:d8
-----BEGIN CERTIFICATE-----
MIIFOjCCBCKgAwIBAgISAYVt5lAXsvZuBmRjjMCpr0zVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmMWQ3ZmYwMTZmZmY1ZDAzOWE5Njg5YTQzYzkzZTg0ZmU0
NWRiYzgwHhcNMjMwMTAxMTUxNDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGI4OWVjNDRiNzVjODk3ZTVhNmFhYWFhZjBiYmM3ZmYwNTdjNDBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1iiLxKymJ1DN6iif2jF5jpNNeZmF
ThK78uMWcc9yODTf9tvbhtoT0CL9tgLCv6doW3LycU9B6//fFOM3Emh5rXe507yd
mZS3EIblf6cju2ZKlVDcnnEdj5vSK0Znk4cdGFF2Y6/yv748i42S+iidOj88lXBZ
RcFeFS4Db+9ngxxrssh7qTlhHcdg3FFSnbUVo5rzT/7yrTv3WetROLrnZmd3acRn
RsTITYyBQm+eNPxBfVYRKDWv+ALjPguJGzprby05s5du8nAoXlmgoMUt5QUViNjD
5wPNvU371uupsL3CRaDDSxZdgSbL2ZimVLljItE+R9XkgYqc7xikVvUNYwIDAQAB
o4ICRjCCAkIwHQYDVR0OBBYEFDC4nsRLdciX5aaqqq8LvH/wV8QKMB8GA1UdIwQY
MBaAFM8df/AW//XQOalomkPJPoT+RdvIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvengxXzhCYl85ZEE1cVdpYVE4ay1oUDVGMjhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9jZTY5ZjAtYjZlMS00YmE2LWI5ZTAt
NGViMjY5NWE4NjhkLzEvTUxpZXhFdDF5SmZscHFxcXJ3dThmX0JYeEFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9jZTY5ZjAtYjZlMS00YmE2LWI5ZTAtNGViMjY5NWE4Njhk
LzEvengxXzhCYl85ZEE1cVdpYVE4ay1oUDVGMjhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFwGCCsGAQUFBwEHAQH/BE0wSzAmBAIAATAgAwQAwKShAwQA
wKSkAwQAwKSnMAwDBALApKwDBADApK4wIQQCAAIwGwMFASoEYsAwEgMHACoEYsIA
AQMHACoEYsIABjANBgkqhkiG9w0BAQsFAAOCAQEAdBACfl98c0x4un8oNOUe2EuU
xVOXuiEPrsUxiCL0L1IOMranW3bMKtQHkxrDrYaJUukfCDiT7scTADA+q2jttwN4
qTCLMtE3xKE16754gktrjq7LyxL5wcg1Y7lDfA4g0yy1h/n0nDev5zxMZNn2/cZr
qtK5d8aCZAI/t/RldCMkvW4lgtsCyrA8ifgP8hnGzIrGTMxFRTdLk9C6btDusznv
TOiguGCn10t/9PYld8lguIdUK0z6TvqGjiWw5wPaMVyyC5DyyINA3yivUI5b5NzY
1Q1VjoXjDSFYAyavh/GE4mhWvSmnBMqU8CtM11mHadnvv+bNZBjXB0JdNOTr2A==
-----END CERTIFICATE-----