Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/aESRZmNCyDGs6zpBanKgOuqpFtk.roa
File:                     aESRZmNCyDGs6zpBanKgOuqpFtk.roa (raw, json)
Hash identifier:          qS8xjKODX4PW2VvB3Cjcg5N37QE+tjdFXMPrKy+NDa0=
Subject key identifier:   68:44:91:66:63:42:C8:31:AC:EB:3A:41:6A:72:A0:3A:EA:A9:16:D9
Certificate issuer:       /CN=46ba3f80039b9e784cfb24bf2c7ddb24e1900a76
Certificate serial:       01856F823E3565B877052C2E514AC3CE3FC9
Authority key identifier: 46:BA:3F:80:03:9B:9E:78:4C:FB:24:BF:2C:7D:DB:24:E1:90:0A:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Rro_gAObnnhM-yS_LH3bJOGQCnY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/aESRZmNCyDGs6zpBanKgOuqpFtk.roa
Signing time:             Sun 01 Jan 2023 22:44:44 +0000
ROA not before:           Sun 01 Jan 2023 22:44:44 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     57073
IP address blocks:        85.198.76.0/22 maxlen: 24
                          185.138.253.0/24 maxlen: 24
                          185.138.252.0/24 maxlen: 24
                          185.138.252.0/22 maxlen: 24
                          185.138.254.0/24 maxlen: 24
                          185.138.255.0/24 maxlen: 24
                          194.1.214.0/24 maxlen: 24
                          213.184.154.0/23 maxlen: 24
                          213.184.156.0/22 maxlen: 24
                          94.141.112.0/22 maxlen: 24
                          185.62.200.0/23 maxlen: 24
                          185.62.202.0/24 maxlen: 24
                          91.230.107.0/24 maxlen: 24
                          2a03:720::/32 maxlen: 48

Validation:               Failed, certificate revoked on Fri 28 Jul 2023 12:59:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:82:3e:35:65:b8:77:05:2c:2e:51:4a:c3:ce:3f:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=46ba3f80039b9e784cfb24bf2c7ddb24e1900a76
        Validity
            Not Before: Jan  1 22:44:44 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=684491666342c831aceb3a416a72a03aeaa916d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:b4:d6:4b:e4:bd:d5:67:f2:2f:2e:22:10:99:
                    23:bb:0a:e4:b7:1b:52:9d:92:89:06:4b:55:6a:a9:
                    75:d5:f4:34:eb:30:7f:e9:b7:c9:e1:dd:fd:bc:c5:
                    e6:bb:11:76:61:62:7c:de:3a:96:5a:ad:3a:e0:33:
                    7b:a3:06:48:f0:f7:a5:38:df:93:ce:30:84:1b:e1:
                    10:14:6a:e4:78:b8:49:14:5a:bd:57:18:32:00:1e:
                    0d:cf:e9:17:3d:b1:06:23:8f:f8:69:23:82:e1:d2:
                    46:d6:ec:4e:05:56:ca:a8:e6:ae:89:02:7f:45:8a:
                    0a:09:3f:b9:fc:d2:4f:5e:1a:f0:36:41:3d:7c:83:
                    d6:db:66:c8:f9:92:a6:2b:14:9e:6e:cf:9e:06:41:
                    d2:0e:9f:c3:f2:a2:8a:85:94:d4:0b:cd:c8:f6:2d:
                    63:6c:c1:98:97:85:ce:b4:bd:0d:64:a5:9f:9b:db:
                    fd:c1:3c:f6:04:2e:d0:a5:44:91:bf:07:a3:37:fe:
                    60:66:43:c4:b9:81:0c:52:ca:2f:f5:7b:ce:8a:0a:
                    01:4b:b9:5e:79:69:03:27:d0:34:c7:ff:9f:69:ba:
                    b7:7d:a1:5a:25:0f:60:f6:73:e3:8b:f1:b7:b5:a4:
                    d5:f6:73:c4:49:d3:bf:18:30:dd:fb:86:1f:fe:3d:
                    eb:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:44:91:66:63:42:C8:31:AC:EB:3A:41:6A:72:A0:3A:EA:A9:16:D9
            X509v3 Authority Key Identifier:
                keyid:46:BA:3F:80:03:9B:9E:78:4C:FB:24:BF:2C:7D:DB:24:E1:90:0A:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rro_gAObnnhM-yS_LH3bJOGQCnY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/aESRZmNCyDGs6zpBanKgOuqpFtk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/Rro_gAObnnhM-yS_LH3bJOGQCnY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.198.76.0/22
                  91.230.107.0/24
                  94.141.112.0/22
                  185.62.200.0-185.62.202.255
                  185.138.252.0/22
                  194.1.214.0/24
                  213.184.154.0-213.184.159.255
                IPv6:
                  2a03:720::/32

    Signature Algorithm: sha256WithRSAEncryption
         11:f7:97:d1:4d:1f:2a:18:04:83:e7:54:ad:f9:5b:e4:e6:5a:
         43:e6:9f:30:17:7e:9b:b3:25:11:1c:ce:ae:c2:a7:2b:31:80:
         e0:01:8b:30:03:c7:01:9d:4b:65:48:30:ec:ff:9e:7e:ad:07:
         cf:97:1a:43:54:ce:52:60:77:a3:13:19:3b:e8:76:33:61:7c:
         43:10:3c:46:0e:ae:8b:54:c1:ea:e6:3a:e1:38:70:c6:c3:03:
         c3:6f:01:0c:2a:de:be:68:c0:ce:70:a6:fd:d7:04:81:75:02:
         9e:a0:a9:c2:06:5b:e8:b0:0d:a3:60:9b:af:4a:85:c5:e0:8e:
         da:2e:83:91:7e:1d:00:15:8d:1c:15:d8:25:16:88:cf:d3:22:
         8b:06:40:23:93:da:2c:f7:b6:14:b1:26:d0:75:de:be:23:2d:
         18:db:5b:df:2a:d6:9e:e5:83:7a:a7:52:f0:6d:09:dd:ca:f9:
         87:16:6c:48:93:d7:5a:96:d5:22:47:05:94:d7:c9:dc:ca:7e:
         23:d5:f3:89:cd:04:84:1c:60:2a:4e:e0:de:6f:39:38:86:04:
         7a:ca:60:f6:90:54:d6:14:00:8a:12:fd:70:09:82:5e:a8:30:
         88:4a:fb:38:c7:95:0f:02:90:15:12:28:c4:f2:89:24:6e:68:
         a1:8a:3f:86
-----BEGIN CERTIFICATE-----
MIIFQDCCBCigAwIBAgISAYVvgj41Zbh3BSwuUUrDzj/JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2YmEzZjgwMDM5YjllNzg0Y2ZiMjRiZjJjN2RkYjI0ZTE5
MDBhNzYwHhcNMjMwMTAxMjI0NDQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODQ0OTE2NjYzNDJjODMxYWNlYjNhNDE2YTcyYTAzYWVhYTkxNmQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt7TWS+S91WfyLy4iEJkjuwrktxtS
nZKJBktVaql11fQ06zB/6bfJ4d39vMXmuxF2YWJ83jqWWq064DN7owZI8PelON+T
zjCEG+EQFGrkeLhJFFq9VxgyAB4Nz+kXPbEGI4/4aSOC4dJG1uxOBVbKqOauiQJ/
RYoKCT+5/NJPXhrwNkE9fIPW22bI+ZKmKxSebs+eBkHSDp/D8qKKhZTUC83I9i1j
bMGYl4XOtL0NZKWfm9v9wTz2BC7QpUSRvwejN/5gZkPEuYEMUsov9XvOigoBS7le
eWkDJ9A0x/+fabq3faFaJQ9g9nPji/G3taTV9nPESdO/GDDd+4Yf/j3rDQIDAQAB
o4ICTDCCAkgwHQYDVR0OBBYEFGhEkWZjQsgxrOs6QWpyoDrqqRbZMB8GA1UdIwQY
MBaAFEa6P4ADm554TPskvyx92yThkAp2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnJvX2dBT2JubmhNLXlTX0xIM2JKT0dRQ25ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9jZmEyYWUtZTUyNC00YmQwLTg3NWIt
ODlhY2UzODIyMGZiLzEvYUVTUlptTkN5REdzNnpwQmFuS2dPdXFwRnRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9jZmEyYWUtZTUyNC00YmQwLTg3NWItODlhY2UzODIyMGZi
LzEvUnJvX2dBT2JubmhNLXlTX0xIM2JKT0dRQ25ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGIGCCsGAQUFBwEHAQH/BFMwUTBABAIAATA6AwQCVcZMAwQA
W+ZrAwQCXo1wMAwDBAO5PsgDBAC5PsoDBAK5ivwDBADCAdYwDAMEAdW4mgMEBdW4
gDANBAIAAjAHAwUAKgMHIDANBgkqhkiG9w0BAQsFAAOCAQEAEfeX0U0fKhgEg+dU
rflb5OZaQ+afMBd+m7MlERzOrsKnKzGA4AGLMAPHAZ1LZUgw7P+efq0Hz5caQ1TO
UmB3oxMZO+h2M2F8QxA8Rg6ui1TB6uY64ThwxsMDw28BDCrevmjAznCm/dcEgXUC
nqCpwgZb6LANo2Cbr0qFxeCO2i6DkX4dABWNHBXYJRaIz9MiiwZAI5PaLPe2FLEm
0HXeviMtGNtb3yrWnuWDeqdS8G0J3cr5hxZsSJPXWpbVIkcFlNfJ3Mp+I9Xzic0E
hBxgKk7g3m85OIYEespg9pBU1hQAihL9cAmCXqgwiEr7OMeVDwKQFRIoxPKJJG5o
oYo/hg==
-----END CERTIFICATE-----