Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/xUbwApzjp8OLp4f2HrAKFsj9MOw.roa
File:                     xUbwApzjp8OLp4f2HrAKFsj9MOw.roa (raw, json)
Hash identifier:          uMxyh0CzTYfNMf71lP4e64Ms7yeAuji0YIl8pSdtFq0=
Subject key identifier:   C5:46:F0:02:9C:E3:A7:C3:8B:A7:87:F6:1E:B0:0A:16:C8:FD:30:EC
Certificate issuer:       /CN=4776afb74fad5baf0a6180b49510d8b8497df8d3
Certificate serial:       018571DE87A46905F5D7E397F0E2CAF869BD
Authority key identifier: 47:76:AF:B7:4F:AD:5B:AF:0A:61:80:B4:95:10:D8:B8:49:7D:F8:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R3avt0-tW68KYYC0lRDYuEl9-NM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/xUbwApzjp8OLp4f2HrAKFsj9MOw.roa
Signing time:             Mon 02 Jan 2023 09:44:46 +0000
ROA not before:           Mon 02 Jan 2023 09:44:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     42044
IP address blocks:        185.24.65.0/24 maxlen: 24
                          185.24.66.0/24 maxlen: 24
                          193.105.170.0/24 maxlen: 24
                          212.18.250.0/24 maxlen: 24
                          2a04:2b00:212::/48 maxlen: 48
                          2a04:2b00:100::/48 maxlen: 48
                          2a04:2b00:200::/48 maxlen: 48
                          2a04:2b02::/32 maxlen: 32
                          2001:67c:2630::/48 maxlen: 48
                          2a04:2b01::/32 maxlen: 32
                          2a04:2b00:6374::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 14:29:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:de:87:a4:69:05:f5:d7:e3:97:f0:e2:ca:f8:69:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4776afb74fad5baf0a6180b49510d8b8497df8d3
        Validity
            Not Before: Jan  2 09:44:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c546f0029ce3a7c38ba787f61eb00a16c8fd30ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:7d:c5:2b:b0:57:34:05:49:d6:ed:70:73:20:
                    2c:7a:b7:15:f8:61:72:53:1d:8a:98:8d:bf:ed:69:
                    7d:1c:52:ed:c3:aa:40:93:18:8e:5f:61:33:86:24:
                    dd:d8:93:48:0e:32:e5:6d:43:24:5e:4a:c6:da:40:
                    77:21:61:f7:9f:92:a4:2d:ff:48:2f:72:54:0c:0a:
                    21:55:df:f0:53:58:68:f7:0d:17:a6:f7:ee:82:7d:
                    38:42:64:95:02:de:b5:c0:d6:ea:73:ba:1a:0d:4b:
                    f9:aa:bd:56:d6:ef:6f:c7:57:3d:92:82:b9:24:b8:
                    c4:6c:26:01:d7:b9:2a:ac:3d:39:f2:f6:3c:82:43:
                    1f:06:d6:a4:2c:c4:b8:0c:b3:63:a7:36:37:5d:95:
                    c4:0e:9c:6a:37:a8:a3:54:b4:45:b3:b4:cb:fc:8a:
                    39:4c:12:15:46:8b:e1:5c:50:db:62:92:fc:b1:db:
                    72:f3:61:ca:76:0e:34:fa:f6:8b:1a:1f:05:17:ec:
                    73:ab:28:bb:9d:6c:6e:f0:79:2f:26:e1:ae:fc:0b:
                    93:9c:a7:ca:17:d0:3e:ed:91:48:ae:6c:30:5a:10:
                    71:a6:d9:61:44:32:fe:dd:f1:c0:2f:a2:09:87:57:
                    b7:4f:f1:3a:cc:3b:d0:56:33:8f:19:7b:f3:8a:ad:
                    d1:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:46:F0:02:9C:E3:A7:C3:8B:A7:87:F6:1E:B0:0A:16:C8:FD:30:EC
            X509v3 Authority Key Identifier:
                keyid:47:76:AF:B7:4F:AD:5B:AF:0A:61:80:B4:95:10:D8:B8:49:7D:F8:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R3avt0-tW68KYYC0lRDYuEl9-NM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/xUbwApzjp8OLp4f2HrAKFsj9MOw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/R3avt0-tW68KYYC0lRDYuEl9-NM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.24.65.0-185.24.66.255
                  193.105.170.0/24
                  212.18.250.0/24
                IPv6:
                  2001:67c:2630::/48
                  2a04:2b00:100::/48
                  2a04:2b00:200::/48
                  2a04:2b00:212::/48
                  2a04:2b00:6374::/48
                  2a04:2b01::-2a04:2b02:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         1c:67:74:37:49:a0:dd:09:e2:83:d3:3a:85:42:05:75:1a:3a:
         5d:f3:ee:c3:ad:6c:8e:bd:10:d0:ba:05:36:43:36:fe:80:7d:
         00:1f:4d:4d:43:7a:db:fd:99:7a:68:44:9a:f3:24:69:b2:74:
         8d:4f:d1:21:51:ce:a5:da:72:14:ca:b9:59:9a:3c:60:dd:9f:
         e3:e5:33:3d:7b:81:e3:c9:7d:98:e2:5d:3c:a3:6c:1b:46:f4:
         43:c9:2b:fd:cf:4d:4f:6d:52:b9:02:e8:66:ba:87:83:e0:76:
         d3:29:d6:91:01:79:2b:2f:49:c4:9c:11:3a:71:48:f7:ec:51:
         0f:cd:c4:55:eb:54:f1:c2:72:27:40:32:a8:b4:d7:d2:bd:18:
         e9:d9:48:9c:80:88:f4:79:51:ff:e6:80:12:95:92:5a:d2:f0:
         91:d9:75:83:a6:9d:3e:81:a4:fe:03:87:59:4f:65:fa:11:42:
         1d:65:1d:05:d1:8a:0e:7b:58:d6:c9:7a:4f:75:fb:eb:68:34:
         4e:fa:e6:2e:cc:a0:db:1a:63:a2:25:0e:e3:8c:9f:0d:f1:4b:
         ae:bc:5c:5a:1d:0a:03:99:9f:fc:57:76:00:5b:1d:44:5e:89:
         77:d6:ce:53:f9:85:3a:43:e3:10:dd:a3:e0:d8:68:0b:4d:34:
         f1:3e:11:cd
-----BEGIN CERTIFICATE-----
MIIFVjCCBD6gAwIBAgISAYVx3oekaQX11+OX8OLK+Gm9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3NzZhZmI3NGZhZDViYWYwYTYxODBiNDk1MTBkOGI4NDk3
ZGY4ZDMwHhcNMjMwMTAyMDk0NDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTQ2ZjAwMjljZTNhN2MzOGJhNzg3ZjYxZWIwMGExNmM4ZmQzMGVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi33FK7BXNAVJ1u1wcyAsercV+GFy
Ux2KmI2/7Wl9HFLtw6pAkxiOX2EzhiTd2JNIDjLlbUMkXkrG2kB3IWH3n5KkLf9I
L3JUDAohVd/wU1ho9w0Xpvfugn04QmSVAt61wNbqc7oaDUv5qr1W1u9vx1c9koK5
JLjEbCYB17kqrD058vY8gkMfBtakLMS4DLNjpzY3XZXEDpxqN6ijVLRFs7TL/Io5
TBIVRovhXFDbYpL8sdty82HKdg40+vaLGh8FF+xzqyi7nWxu8HkvJuGu/AuTnKfK
F9A+7ZFIrmwwWhBxptlhRDL+3fHAL6IJh1e3T/E6zDvQVjOPGXvziq3RKQIDAQAB
o4ICYjCCAl4wHQYDVR0OBBYEFMVG8AKc46fDi6eH9h6wChbI/TDsMB8GA1UdIwQY
MBaAFEd2r7dPrVuvCmGAtJUQ2LhJffjTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjNhdnQwLXRXNjhLWVlDMGxSRFl1RWw5LU5NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9mNzFjYzItYjcxZC00NjY4LTg2NjEt
MDUzOGU5NWYzZjEyLzEveFVid0FwempwOE9McDRmMkhyQUtGc2o5TU93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9mNzFjYzItYjcxZC00NjY4LTg2NjEtMDUzOGU5NWYzZjEy
LzEvUjNhdnQwLXRXNjhLWVlDMGxSRFl1RWw5LU5NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHgGCCsGAQUFBwEHAQH/BGkwZzAgBAIAATAaMAwDBAC5GEED
BAC5GEIDBADBaaoDBADUEvowQwQCAAIwPQMHACABBnwmMAMHACoEKwABAAMHACoE
KwACAAMHACoEKwACEgMHACoEKwBjdDAOAwUAKgQrAQMFACoEKwIwDQYJKoZIhvcN
AQELBQADggEBABxndDdJoN0J4oPTOoVCBXUaOl3z7sOtbI69ENC6BTZDNv6AfQAf
TU1Detv9mXpoRJrzJGmydI1P0SFRzqXachTKuVmaPGDdn+PlMz17gePJfZjiXTyj
bBtG9EPJK/3PTU9tUrkC6Ga6h4PgdtMp1pEBeSsvScScETpxSPfsUQ/NxFXrVPHC
cidAMqi019K9GOnZSJyAiPR5Uf/mgBKVklrS8JHZdYOmnT6BpP4Dh1lPZfoRQh1l
HQXRig57WNbJek91++toNE765i7MoNsaY6IlDuOMnw3xS668XFodCgOZn/xXdgBb
HUReiXfWzlP5hTpD4xDdo+DYaAtNNPE+Ec0=
-----END CERTIFICATE-----