Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/46d943-8cbd-41a2-b9f2-52058f8a9a1a/1/GRmd5nKQA0fixwiXt_r7BznQ-cw.roa
File:                     GRmd5nKQA0fixwiXt_r7BznQ-cw.roa (raw, json)
Hash identifier:          pnJyts213RgFV6mhM1Sq+2vdVblKYfNMYbVf+WaOx88=
Subject key identifier:   19:19:9D:E6:72:90:03:47:E2:C7:08:97:B7:FA:FB:07:39:D0:F9:CC
Certificate issuer:       /CN=3ec63e5db0435c2d3e74a6b28ad3d9c30d6a8cee
Certificate serial:       01896F37AC3FADCCB5B6D77D2A9D7A669C62
Authority key identifier: 3E:C6:3E:5D:B0:43:5C:2D:3E:74:A6:B2:8A:D3:D9:C3:0D:6A:8C:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PsY-XbBDXC0-dKayitPZww1qjO4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/46d943-8cbd-41a2-b9f2-52058f8a9a1a/1/GRmd5nKQA0fixwiXt_r7BznQ-cw.roa
Signing time:             Wed 19 Jul 2023 17:34:26 +0000
ROA not before:           Wed 19 Jul 2023 17:34:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     20253
IP address blocks:        146.19.181.0/24 maxlen: 26
                          217.20.52.0/24 maxlen: 24
                          217.20.58.0/24 maxlen: 24
                          217.20.57.0/24 maxlen: 24
                          217.20.56.0/24 maxlen: 24
                          217.20.54.0/24 maxlen: 24
                          217.20.53.0/24 maxlen: 24
                          217.20.59.0/24 maxlen: 24
                          217.20.63.0/24 maxlen: 24
                          217.20.61.0/24 maxlen: 24
                          217.20.60.0/24 maxlen: 24
                          217.20.51.0/24 maxlen: 24
                          217.20.50.0/24 maxlen: 24
                          217.20.49.0/24 maxlen: 24
                          217.20.48.0/24 maxlen: 24
                          2a12:45c7:ffff::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 00:29:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:6f:37:ac:3f:ad:cc:b5:b6:d7:7d:2a:9d:7a:66:9c:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ec63e5db0435c2d3e74a6b28ad3d9c30d6a8cee
        Validity
            Not Before: Jul 19 17:34:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=19199de672900347e2c70897b7fafb0739d0f9cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:74:b6:25:3f:cf:76:2c:93:e3:26:b1:64:19:
                    f0:c8:8e:79:c8:7b:a0:01:eb:95:77:83:95:68:56:
                    90:11:00:f2:e9:a4:27:2d:27:f4:4f:72:d2:04:ec:
                    78:f5:c9:cf:81:68:49:3b:05:de:40:0d:25:87:2e:
                    7f:a1:0d:0e:86:e9:b8:ef:d4:d7:ed:d2:43:d2:59:
                    af:e1:87:22:d5:91:06:c8:6e:68:6c:0f:26:31:0a:
                    0c:74:ae:26:bf:b7:c8:7b:33:82:1a:bb:a2:c3:83:
                    f2:5d:cf:1b:64:9e:cf:7e:2d:40:b1:0f:7e:a9:4f:
                    36:46:00:1a:6c:3e:79:8a:2b:8d:92:75:16:0f:a3:
                    c3:1b:e8:15:5e:72:4c:a2:4c:e5:92:7f:62:91:68:
                    38:35:be:ab:c0:7b:aa:22:74:ee:39:e6:f6:3a:ac:
                    6d:bb:25:44:94:7c:fd:71:c2:49:5d:4a:68:c2:7e:
                    ec:b8:b6:ac:55:0b:3c:5d:82:bb:4a:2d:3f:85:26:
                    7d:1f:01:24:23:67:f8:2a:e2:ec:c1:db:10:e3:89:
                    d4:37:e3:50:af:72:98:ee:2c:6f:ec:17:d6:ab:11:
                    a8:bd:b4:72:cd:67:f6:ce:b4:6b:60:c2:9a:34:92:
                    5a:f7:79:d9:b7:e1:97:97:63:21:89:96:77:e5:04:
                    4c:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:19:9D:E6:72:90:03:47:E2:C7:08:97:B7:FA:FB:07:39:D0:F9:CC
            X509v3 Authority Key Identifier:
                keyid:3E:C6:3E:5D:B0:43:5C:2D:3E:74:A6:B2:8A:D3:D9:C3:0D:6A:8C:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PsY-XbBDXC0-dKayitPZww1qjO4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/46d943-8cbd-41a2-b9f2-52058f8a9a1a/1/GRmd5nKQA0fixwiXt_r7BznQ-cw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/46d943-8cbd-41a2-b9f2-52058f8a9a1a/1/PsY-XbBDXC0-dKayitPZww1qjO4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.181.0/24
                  217.20.48.0-217.20.54.255
                  217.20.56.0-217.20.61.255
                  217.20.63.0/24
                IPv6:
                  2a12:45c7:ffff::/48

    Signature Algorithm: sha256WithRSAEncryption
         cf:cc:4e:fb:9c:1b:53:52:8b:98:7a:3b:d0:ca:30:44:42:e1:
         17:2f:c8:a5:06:66:90:93:ff:2f:8f:d0:b4:11:01:1c:3f:56:
         c3:57:92:67:a9:35:20:21:07:4d:12:46:6c:07:5c:7d:4f:15:
         bd:98:e1:53:9c:39:83:a3:d5:7a:5a:55:cf:2d:7d:12:48:aa:
         ee:af:11:6d:f8:da:b5:da:b6:15:6c:c5:3d:08:68:34:66:1b:
         b5:05:8b:0c:87:8c:ea:4a:e9:62:50:66:eb:74:b8:78:db:55:
         d3:a3:4c:87:c2:a0:e1:d3:bf:33:16:dd:0b:45:17:b3:a3:0e:
         c7:20:19:e0:1a:f0:64:9e:52:db:5c:d6:e2:8c:9f:79:2d:71:
         dd:52:06:e3:c4:05:9e:2e:3e:0d:63:8a:15:10:90:ce:ee:bb:
         a1:c1:4a:a8:41:c0:ff:39:16:b1:96:cd:0f:b8:e0:6b:44:df:
         60:53:f2:c7:00:90:df:0c:81:da:bc:c3:30:ff:97:0d:79:5b:
         90:17:4c:70:b8:a5:1b:75:a5:9c:63:37:11:93:f9:2e:2a:37:
         67:ba:35:02:16:3b:ef:27:3a:f2:39:4c:32:a0:5a:ef:e5:25:
         65:13:4e:f9:1a:17:3c:f6:4e:6f:0d:fd:89:3e:57:d9:e8:0d:
         4d:b6:ec:7d
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAYlvN6w/rcy1ttd9Kp16ZpxiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlYzYzZTVkYjA0MzVjMmQzZTc0YTZiMjhhZDNkOWMzMGQ2
YThjZWUwHhcNMjMwNzE5MTczNDI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTE5OWRlNjcyOTAwMzQ3ZTJjNzA4OTdiN2ZhZmIwNzM5ZDBmOWNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh3S2JT/PdiyT4yaxZBnwyI55yHug
AeuVd4OVaFaQEQDy6aQnLSf0T3LSBOx49cnPgWhJOwXeQA0lhy5/oQ0Ohum479TX
7dJD0lmv4Yci1ZEGyG5obA8mMQoMdK4mv7fIezOCGruiw4PyXc8bZJ7Pfi1AsQ9+
qU82RgAabD55iiuNknUWD6PDG+gVXnJMokzlkn9ikWg4Nb6rwHuqInTuOeb2Oqxt
uyVElHz9ccJJXUpown7suLasVQs8XYK7Si0/hSZ9HwEkI2f4KuLswdsQ44nUN+NQ
r3KY7ixv7BfWqxGovbRyzWf2zrRrYMKaNJJa93nZt+GXl2MhiZZ35QRMRwIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFBkZneZykANH4scIl7f6+wc50PnMMB8GA1UdIwQY
MBaAFD7GPl2wQ1wtPnSmsorT2cMNaozuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHNZLVhiQkRYQzAtZEtheWl0UFp3dzFxak80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS80NmQ5NDMtOGNiZC00MWEyLWI5ZjIt
NTIwNThmOGE5YTFhLzEvR1JtZDVuS1FBMGZpeHdpWHRfcjdCem5RLWN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS80NmQ5NDMtOGNiZC00MWEyLWI5ZjItNTIwNThmOGE5YTFh
LzEvUHNZLVhiQkRYQzAtZEtheWl0UFp3dzFxak80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAuBAIAATAoAwQAkhO1MAwD
BATZFDADBADZFDYwDAMEA9kUOAMEAdkUPAMEANkUPzAPBAIAAjAJAwcAKhJFx///
MA0GCSqGSIb3DQEBCwUAA4IBAQDPzE77nBtTUouYejvQyjBEQuEXL8ilBmaQk/8v
j9C0EQEcP1bDV5JnqTUgIQdNEkZsB1x9TxW9mOFTnDmDo9V6WlXPLX0SSKrurxFt
+Nq12rYVbMU9CGg0Zhu1BYsMh4zqSuliUGbrdLh421XTo0yHwqDh078zFt0LRRez
ow7HIBngGvBknlLbXNbijJ95LXHdUgbjxAWeLj4NY4oVEJDO7ruhwUqoQcD/ORax
ls0PuOBrRN9gU/LHAJDfDIHavMMw/5cNeVuQF0xwuKUbdaWcYzcRk/kuKjdnujUC
FjvvJzryOUwyoFrv5SVlE075Ghc89k5vDf2JPlfZ6A1Ntux9
-----END CERTIFICATE-----