Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/f0767c-b019-463c-a0b1-8d4bfd0aace8/1/PCtyhdXrWlyVPKaCuQJ5koM27C0.roa
File:                     PCtyhdXrWlyVPKaCuQJ5koM27C0.roa (raw, json)
Hash identifier:          2k1iT4HW241G2lTelOjCAy1iPsylxAE2n/g/gujRaVI=
Subject key identifier:   3C:2B:72:85:D5:EB:5A:5C:95:3C:A6:82:B9:02:79:92:83:36:EC:2D
Certificate issuer:       /CN=925cecefe522817405d26fc92bb5104ac90cfdc5
Certificate serial:       018570F088A55409EDEB5C0DEB16957F4EAE
Authority key identifier: 92:5C:EC:EF:E5:22:81:74:05:D2:6F:C9:2B:B5:10:4A:C9:0C:FD:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/klzs7-UigXQF0m_JK7UQSskM_cU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/f0767c-b019-463c-a0b1-8d4bfd0aace8/1/PCtyhdXrWlyVPKaCuQJ5koM27C0.roa
Signing time:             Mon 02 Jan 2023 05:24:49 +0000
ROA not before:           Mon 02 Jan 2023 05:24:49 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     49601
IP address blocks:        185.189.124.0/22 maxlen: 22
                          185.189.125.0/24 maxlen: 24
                          185.189.124.0/24 maxlen: 24
                          185.189.126.0/24 maxlen: 24
                          185.189.127.0/24 maxlen: 24
                          91.229.56.0/24 maxlen: 24
                          91.229.182.0/24 maxlen: 24
                          91.229.210.0/24 maxlen: 24
                          185.226.62.0/24 maxlen: 24
                          185.226.60.0/22 maxlen: 22
                          185.226.63.0/24 maxlen: 24
                          185.226.60.0/24 maxlen: 24
                          185.226.61.0/24 maxlen: 24
                          185.252.96.0/24 maxlen: 24
                          185.252.97.0/24 maxlen: 24
                          185.252.98.0/24 maxlen: 24
                          185.252.96.0/22 maxlen: 22
                          185.252.99.0/24 maxlen: 24
                          2a0c:3e00::/29 maxlen: 29
                          2a0b:e680::/29 maxlen: 29

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 16:29:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:f0:88:a5:54:09:ed:eb:5c:0d:eb:16:95:7f:4e:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=925cecefe522817405d26fc92bb5104ac90cfdc5
        Validity
            Not Before: Jan  2 05:24:49 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3c2b7285d5eb5a5c953ca682b90279928336ec2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:cc:81:fe:26:5e:0b:a2:71:87:66:df:5c:44:
                    d1:52:cc:03:71:a7:5f:26:99:11:e3:e5:bc:d0:7c:
                    1e:fb:f6:b1:67:92:3a:b0:a8:31:c8:24:b9:c5:fc:
                    4a:0a:0c:f6:f7:e5:c8:84:c1:d2:e8:cc:18:d7:12:
                    7c:15:c0:9c:7f:51:6e:b0:ab:ca:bb:4a:00:f3:20:
                    f3:71:ce:81:63:40:fd:11:a9:7f:95:88:e3:92:f5:
                    ce:ef:60:37:0c:3e:74:7e:41:f3:a9:60:de:e7:db:
                    07:04:ae:59:80:9a:73:5e:e8:ab:18:e7:9f:2b:b7:
                    9e:57:84:fa:9c:5d:dc:cb:83:19:fb:d5:2d:e4:74:
                    ce:60:4d:ae:29:74:f9:8f:5d:e5:66:e7:f7:8b:58:
                    fc:4d:a5:01:a9:95:e6:cb:db:b1:ec:62:54:11:2b:
                    e2:bc:47:89:5a:27:45:fa:9c:26:78:9a:87:43:aa:
                    4c:22:2c:3d:39:e2:a1:43:9b:5a:62:19:4d:4e:84:
                    54:57:bc:06:8e:b5:82:34:de:61:04:44:d8:09:e5:
                    95:58:a4:d3:6b:10:75:f8:56:ee:76:8c:a7:4b:73:
                    50:52:1b:88:9e:3f:65:32:b5:2c:93:08:6f:0e:94:
                    6c:3e:53:b7:db:31:9c:2f:b1:80:a4:c0:03:46:e2:
                    3d:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:2B:72:85:D5:EB:5A:5C:95:3C:A6:82:B9:02:79:92:83:36:EC:2D
            X509v3 Authority Key Identifier:
                keyid:92:5C:EC:EF:E5:22:81:74:05:D2:6F:C9:2B:B5:10:4A:C9:0C:FD:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/klzs7-UigXQF0m_JK7UQSskM_cU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/f0767c-b019-463c-a0b1-8d4bfd0aace8/1/PCtyhdXrWlyVPKaCuQJ5koM27C0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/f0767c-b019-463c-a0b1-8d4bfd0aace8/1/klzs7-UigXQF0m_JK7UQSskM_cU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.229.56.0/24
                  91.229.182.0/24
                  91.229.210.0/24
                  185.189.124.0/22
                  185.226.60.0/22
                  185.252.96.0/22
                IPv6:
                  2a0b:e680::/29
                  2a0c:3e00::/29

    Signature Algorithm: sha256WithRSAEncryption
         4f:5d:a0:fa:f7:83:de:c8:53:c7:f6:ed:c3:18:d2:a3:c2:f6:
         9e:d8:eb:7e:c4:4f:e8:26:2d:dc:34:a2:07:a5:c8:3a:42:76:
         a0:3a:7a:64:ff:5d:cb:a1:b4:27:19:86:7a:0d:da:dc:22:0d:
         a6:7d:04:cb:92:37:15:b3:b0:85:2a:46:99:25:75:d4:20:b4:
         32:b4:30:92:2f:51:87:f6:e2:b1:fb:b8:8e:ca:a2:dd:e6:3c:
         6a:14:9e:cc:27:db:0b:26:a7:16:7d:2c:7f:63:dc:05:0a:d9:
         8d:5b:8d:2f:5e:14:68:fa:eb:24:00:65:20:2a:03:43:de:5c:
         f4:5a:6e:b1:27:f0:cd:6a:e1:77:e0:45:1c:39:5f:c3:b6:4a:
         77:17:ec:13:69:83:dc:e9:b5:e1:48:b4:ad:93:a5:3c:93:d2:
         47:fe:ee:ef:a9:21:51:3a:43:e1:ee:07:f8:0b:aa:72:5c:c0:
         43:9a:8d:11:bc:1b:ba:f1:95:0f:af:89:39:08:31:e4:97:c7:
         6a:38:b0:e8:ed:b1:75:c5:ed:e6:a5:17:28:7d:da:ca:46:53:
         67:de:9f:4c:1c:d7:43:34:c5:4b:03:ac:ae:f9:2b:2c:69:c0:
         e2:58:a3:88:c1:cf:b7:24:c8:45:71:e0:1a:46:e4:8b:91:27:
         de:fc:aa:c2
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAYVw8IilVAnt61wN6xaVf06uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyNWNlY2VmZTUyMjgxNzQwNWQyNmZjOTJiYjUxMDRhYzkw
Y2ZkYzUwHhcNMjMwMTAyMDUyNDQ5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzJiNzI4NWQ1ZWI1YTVjOTUzY2E2ODJiOTAyNzk5MjgzMzZlYzJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAosyB/iZeC6Jxh2bfXETRUswDcadf
JpkR4+W80Hwe+/axZ5I6sKgxyCS5xfxKCgz29+XIhMHS6MwY1xJ8FcCcf1FusKvK
u0oA8yDzcc6BY0D9Eal/lYjjkvXO72A3DD50fkHzqWDe59sHBK5ZgJpzXuirGOef
K7eeV4T6nF3cy4MZ+9Ut5HTOYE2uKXT5j13lZuf3i1j8TaUBqZXmy9ux7GJUESvi
vEeJWidF+pwmeJqHQ6pMIiw9OeKhQ5taYhlNToRUV7wGjrWCNN5hBETYCeWVWKTT
axB1+FbudoynS3NQUhuInj9lMrUskwhvDpRsPlO32zGcL7GApMADRuI9HQIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFDwrcoXV61pclTymgrkCeZKDNuwtMB8GA1UdIwQY
MBaAFJJc7O/lIoF0BdJvySu1EErJDP3FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2x6czctVWlnWFFGMG1fSks3VVFTc2tNX2NVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC9mMDc2N2MtYjAxOS00NjNjLWEwYjEt
OGQ0YmZkMGFhY2U4LzEvUEN0eWhkWHJXbHlWUEthQ3VRSjVrb00yN0MwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC9mMDc2N2MtYjAxOS00NjNjLWEwYjEtOGQ0YmZkMGFhY2U4
LzEva2x6czctVWlnWFFGMG1fSks3VVFTc2tNX2NVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjAqBAIAATAkAwQAW+U4AwQA
W+W2AwQAW+XSAwQCub18AwQCueI8AwQCufxgMBQEAgACMA4DBQMqC+aAAwUDKgw+
ADANBgkqhkiG9w0BAQsFAAOCAQEAT12g+veD3shTx/btwxjSo8L2ntjrfsRP6CYt
3DSiB6XIOkJ2oDp6ZP9dy6G0JxmGeg3a3CINpn0Ey5I3FbOwhSpGmSV11CC0MrQw
ki9Rh/bisfu4jsqi3eY8ahSezCfbCyanFn0sf2PcBQrZjVuNL14UaPrrJABlICoD
Q95c9FpusSfwzWrhd+BFHDlfw7ZKdxfsE2mD3Om14Ui0rZOlPJPSR/7u76khUTpD
4e4H+AuqclzAQ5qNEbwbuvGVD6+JOQgx5JfHajiw6O2xdcXt5qUXKH3aykZTZ96f
TBzXQzTFSwOsrvkrLGnA4lijiMHPtyTIRXHgGkbki5En3vyqwg==
-----END CERTIFICATE-----