Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/d1628a-33c8-4e47-bfed-99ed6730f84a/1/MueQmnpy2zUZ3LfxyuKVWcIkw6o.roa
File:                     MueQmnpy2zUZ3LfxyuKVWcIkw6o.roa (raw, json)
Hash identifier:          C1ZnN/JUk4eeMuGHkakFLGjKE+5mwlxNGfg/Ye37Vfs=
Subject key identifier:   32:E7:90:9A:7A:72:DB:35:19:DC:B7:F1:CA:E2:95:59:C2:24:C3:AA
Certificate issuer:       /CN=1201cc343074102efa7f0c30f29499e1ad56e29f
Certificate serial:       01856FD52C5F58E41AAF99ADAEDD4A9E39CE
Authority key identifier: 12:01:CC:34:30:74:10:2E:FA:7F:0C:30:F2:94:99:E1:AD:56:E2:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EgHMNDB0EC76fwww8pSZ4a1W4p8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/d1628a-33c8-4e47-bfed-99ed6730f84a/1/MueQmnpy2zUZ3LfxyuKVWcIkw6o.roa
Signing time:             Mon 02 Jan 2023 00:15:19 +0000
ROA not before:           Mon 02 Jan 2023 00:15:19 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     42442
IP address blocks:        130.0.77.0/24 maxlen: 24
                          130.0.72.0/21 maxlen: 32
                          130.0.73.0/24 maxlen: 24
                          195.137.170.0/24 maxlen: 32
                          185.165.16.0/22 maxlen: 22
                          46.167.160.0/19 maxlen: 24
                          194.50.164.0/24 maxlen: 32
                          91.208.160.0/24 maxlen: 24
                          195.137.170.121/32 maxlen: 32
                          46.167.169.20/32 maxlen: 32
                          195.137.170.122/32 maxlen: 32
                          2a03:9480:302::/48 maxlen: 48
                          2a03:9480::/32 maxlen: 32
                          2a03:9480:200::/40 maxlen: 40
                          2a03:9480:300::/40 maxlen: 40
                          2a03:9480:301::/48 maxlen: 48
                          2a00:f660::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 10:33:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:d5:2c:5f:58:e4:1a:af:99:ad:ae:dd:4a:9e:39:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1201cc343074102efa7f0c30f29499e1ad56e29f
        Validity
            Not Before: Jan  2 00:15:19 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=32e7909a7a72db3519dcb7f1cae29559c224c3aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:2d:4d:30:78:c4:1f:ec:3a:9f:bc:5e:96:5a:
                    5b:8c:e0:d6:04:f7:d5:1e:4a:5d:90:04:ff:f7:53:
                    a1:6d:14:38:e9:40:a9:ac:40:6e:d1:df:4a:da:95:
                    49:3b:28:f1:87:6f:08:ef:c4:3a:ec:d5:0e:29:f2:
                    43:c8:89:5c:4b:d5:f9:6b:bc:2e:28:af:e0:e4:2c:
                    ea:6a:d2:4a:58:55:cb:f7:23:22:cd:c3:5b:2b:e8:
                    a9:07:84:d4:81:02:23:1a:a6:81:ff:81:5f:b1:da:
                    46:0d:e3:77:27:07:53:b7:56:9a:57:12:41:01:dc:
                    db:63:a2:7e:60:ee:3f:39:82:1d:8f:59:18:2d:1a:
                    f9:8a:ef:82:52:d7:e5:0d:54:f5:5e:76:6f:84:6b:
                    70:6e:d6:eb:17:40:9f:c1:51:12:49:b1:67:54:2b:
                    03:70:26:30:64:e6:13:70:2f:c8:e2:78:50:a0:b8:
                    e9:ea:b2:6c:fe:0f:da:8c:03:c8:0d:01:dc:cd:d6:
                    63:30:a6:c9:3f:9c:05:0c:e5:f3:09:7d:28:d1:96:
                    3c:0d:db:aa:bd:9b:b5:52:5a:2a:32:93:ba:3e:27:
                    c6:d0:20:ac:f6:be:2b:8d:65:23:1a:49:b9:14:84:
                    15:c0:7b:f7:53:ce:00:3f:da:66:ab:53:32:5f:5d:
                    dc:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:E7:90:9A:7A:72:DB:35:19:DC:B7:F1:CA:E2:95:59:C2:24:C3:AA
            X509v3 Authority Key Identifier:
                keyid:12:01:CC:34:30:74:10:2E:FA:7F:0C:30:F2:94:99:E1:AD:56:E2:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EgHMNDB0EC76fwww8pSZ4a1W4p8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/d1628a-33c8-4e47-bfed-99ed6730f84a/1/MueQmnpy2zUZ3LfxyuKVWcIkw6o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/d1628a-33c8-4e47-bfed-99ed6730f84a/1/EgHMNDB0EC76fwww8pSZ4a1W4p8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.167.160.0/19
                  91.208.160.0/24
                  130.0.72.0/21
                  185.165.16.0/22
                  194.50.164.0/24
                  195.137.170.0/24
                IPv6:
                  2a00:f660::/32
                  2a03:9480::/32

    Signature Algorithm: sha256WithRSAEncryption
         9f:24:c9:82:ed:16:a3:c1:08:ba:7f:43:40:f5:3c:79:c6:21:
         fe:5e:6d:5c:71:43:1f:ad:06:95:48:ce:39:48:49:de:91:23:
         3a:f8:f2:95:2a:b5:40:99:2f:7c:a2:d7:08:2e:d8:4e:5d:e2:
         55:91:89:21:96:8a:f7:84:a1:c8:58:0a:d5:cd:0b:61:6b:2b:
         36:a9:b1:1d:3c:3d:5a:30:d9:09:20:f6:7c:06:fe:87:b9:32:
         82:18:e5:c8:8e:7b:22:f4:62:2c:25:82:85:94:45:2a:26:41:
         08:de:92:81:92:67:f0:b8:8e:6f:bf:19:1b:c8:42:28:b4:87:
         03:d5:71:4a:f0:c9:c8:71:23:03:d0:36:36:ca:e1:53:35:c5:
         f6:3a:85:97:56:cd:a4:b4:19:a2:eb:0c:df:92:1f:8d:a0:2b:
         23:89:1c:ad:be:c0:a0:80:fe:0d:4f:9a:7c:f3:c3:de:12:9c:
         88:21:45:80:25:30:8b:79:e9:d8:80:3d:66:a4:a3:97:99:6e:
         d5:aa:75:7f:81:15:ca:e9:57:1c:1a:3d:ed:eb:01:57:8d:d2:
         01:0c:4b:95:9b:bc:29:7a:10:f1:9f:fa:cb:33:75:67:78:98:
         4c:d4:9f:74:4c:4f:99:d3:95:b5:fc:1d:0e:70:8a:14:a0:78:
         5c:e4:32:f8
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAYVv1SxfWOQar5mtrt1KnjnOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyMDFjYzM0MzA3NDEwMmVmYTdmMGMzMGYyOTQ5OWUxYWQ1
NmUyOWYwHhcNMjMwMTAyMDAxNTE5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMmU3OTA5YTdhNzJkYjM1MTlkY2I3ZjFjYWUyOTU1OWMyMjRjM2FhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjy1NMHjEH+w6n7xellpbjODWBPfV
HkpdkAT/91OhbRQ46UCprEBu0d9K2pVJOyjxh28I78Q67NUOKfJDyIlcS9X5a7wu
KK/g5CzqatJKWFXL9yMizcNbK+ipB4TUgQIjGqaB/4FfsdpGDeN3JwdTt1aaVxJB
AdzbY6J+YO4/OYIdj1kYLRr5iu+CUtflDVT1XnZvhGtwbtbrF0CfwVESSbFnVCsD
cCYwZOYTcC/I4nhQoLjp6rJs/g/ajAPIDQHczdZjMKbJP5wFDOXzCX0o0ZY8Dduq
vZu1UloqMpO6PifG0CCs9r4rjWUjGkm5FIQVwHv3U84AP9pmq1MyX13cqQIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFDLnkJp6cts1Gdy38crilVnCJMOqMB8GA1UdIwQY
MBaAFBIBzDQwdBAu+n8MMPKUmeGtVuKfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWdITU5EQjBFQzc2Znd3dzhwU1o0YTFXNHA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS9kMTYyOGEtMzNjOC00ZTQ3LWJmZWQt
OTllZDY3MzBmODRhLzEvTXVlUW1ucHkyelVaM0xmeHl1S1ZXY0lrdzZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS9kMTYyOGEtMzNjOC00ZTQ3LWJmZWQtOTllZDY3MzBmODRh
LzEvRWdITU5EQjBFQzc2Znd3dzhwU1o0YTFXNHA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjAqBAIAATAkAwQFLqegAwQA
W9CgAwQDggBIAwQCuaUQAwQAwjKkAwQAw4mqMBQEAgACMA4DBQAqAPZgAwUAKgOU
gDANBgkqhkiG9w0BAQsFAAOCAQEAnyTJgu0Wo8EIun9DQPU8ecYh/l5tXHFDH60G
lUjOOUhJ3pEjOvjylSq1QJkvfKLXCC7YTl3iVZGJIZaK94ShyFgK1c0LYWsrNqmx
HTw9WjDZCSD2fAb+h7kyghjlyI57IvRiLCWChZRFKiZBCN6SgZJn8LiOb78ZG8hC
KLSHA9VxSvDJyHEjA9A2NsrhUzXF9jqFl1bNpLQZousM35IfjaArI4kcrb7AoID+
DU+afPPD3hKciCFFgCUwi3np2IA9ZqSjl5lu1ap1f4EVyulXHBo97esBV43SAQxL
lZu8KXoQ8Z/6yzN1Z3iYTNSfdExPmdOVtfwdDnCKFKB4XOQy+A==
-----END CERTIFICATE-----