Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/KntBJ2vbNddfsv9vlLXpCsuRir4.roa
File:                     KntBJ2vbNddfsv9vlLXpCsuRir4.roa (raw, json)
Hash identifier:          PvHWg0I9AHo4BQVglQLEF/clJv39nCkHjbo+9sjgp4g=
Subject key identifier:   2A:7B:41:27:6B:DB:35:D7:5F:B2:FF:6F:94:B5:E9:0A:CB:91:8A:BE
Certificate issuer:       /CN=6c03a2caf298019fbd668621516c8c6e1d10e83c
Certificate serial:       0189DF34FACCDBF4EAFF6DA101191B9F1FD3
Authority key identifier: 6C:03:A2:CA:F2:98:01:9F:BD:66:86:21:51:6C:8C:6E:1D:10:E8:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/KntBJ2vbNddfsv9vlLXpCsuRir4.roa
Signing time:             Thu 10 Aug 2023 11:28:58 +0000
ROA not before:           Thu 10 Aug 2023 11:28:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     203020
IP address blocks:        91.132.114.0/23 maxlen: 32
                          103.53.82.0/23 maxlen: 32
                          193.28.237.0/24 maxlen: 32
                          45.114.8.0/22 maxlen: 32
                          45.114.12.0/22 maxlen: 32
                          193.28.182.0/24 maxlen: 32
                          193.28.191.0/24 maxlen: 32
                          193.28.202.0/24 maxlen: 32
                          103.240.180.0/22 maxlen: 32
                          103.53.216.0/22 maxlen: 32
                          193.19.204.0/24 maxlen: 32
                          193.19.205.0/24 maxlen: 32
                          193.19.206.0/24 maxlen: 32
                          193.19.207.0/24 maxlen: 32
                          45.145.104.0/22 maxlen: 32

Validation:               Failed, certificate revoked on Fri 27 Oct 2023 07:43:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:df:34:fa:cc:db:f4:ea:ff:6d:a1:01:19:1b:9f:1f:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c03a2caf298019fbd668621516c8c6e1d10e83c
        Validity
            Not Before: Aug 10 11:28:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2a7b41276bdb35d75fb2ff6f94b5e90acb918abe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:ac:c9:df:8d:f7:4d:00:2b:7e:f3:6f:ca:fb:
                    1d:60:81:08:f3:c0:1a:94:00:14:6f:9f:ce:a5:57:
                    52:46:88:56:b9:dc:7e:93:c5:d9:12:d2:34:bc:76:
                    cb:86:6c:97:2f:99:ce:f3:e8:45:6b:98:fc:04:0f:
                    59:3a:ae:e2:31:cd:42:ac:87:9c:09:5d:11:fc:e2:
                    a8:06:f8:e2:06:af:6d:1d:08:97:94:0b:5d:61:f0:
                    20:65:0d:9e:d6:06:a2:08:b9:3b:55:c9:c0:a6:52:
                    aa:24:1f:59:ce:d1:e6:a4:f6:0d:a1:1f:36:9b:90:
                    a8:83:41:33:4d:98:55:cf:f6:79:88:65:b7:28:c8:
                    3d:35:8e:37:31:1b:04:e7:d2:03:20:c9:d3:b5:bb:
                    20:ea:fa:e7:e3:57:21:f7:64:ac:18:2f:83:94:5c:
                    82:e1:0f:be:c6:e4:74:0c:ed:c2:d8:53:58:3d:ee:
                    4e:b8:05:af:79:99:dd:6a:f1:9b:41:70:39:3e:95:
                    67:c8:d1:8b:60:5d:44:67:00:89:6d:3d:29:13:10:
                    54:da:30:64:ca:b2:b7:64:d1:7d:90:48:c4:e1:f2:
                    00:23:ca:e6:04:85:ae:d5:5f:08:56:be:b4:29:a0:
                    2c:47:80:64:b8:d5:b1:fc:2b:79:18:28:05:2b:41:
                    e9:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:7B:41:27:6B:DB:35:D7:5F:B2:FF:6F:94:B5:E9:0A:CB:91:8A:BE
            X509v3 Authority Key Identifier:
                keyid:6C:03:A2:CA:F2:98:01:9F:BD:66:86:21:51:6C:8C:6E:1D:10:E8:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/KntBJ2vbNddfsv9vlLXpCsuRir4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.114.8.0/21
                  45.145.104.0/22
                  91.132.114.0/23
                  103.53.82.0/23
                  103.53.216.0/22
                  103.240.180.0/22
                  193.19.204.0/22
                  193.28.182.0/24
                  193.28.191.0/24
                  193.28.202.0/24
                  193.28.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:a0:dc:2c:05:ea:16:dd:92:21:ec:41:e1:fd:d2:04:7b:cc:
         d3:ca:e4:4c:85:03:3b:f9:76:81:83:76:d5:e7:9f:dd:5d:dd:
         d7:d2:5e:9f:14:e0:3d:6e:89:c3:64:92:d4:32:fb:d6:bd:e3:
         3d:e8:7a:7a:9a:b0:27:8c:ff:5e:01:db:ba:55:c3:cd:1a:ce:
         11:6b:f0:91:35:44:0a:aa:6b:d2:72:57:28:33:21:a3:c7:69:
         b1:26:10:21:52:2a:82:e5:8c:0e:a6:11:fc:5c:41:37:53:2c:
         19:85:87:0b:33:b9:8c:e9:f6:cb:de:62:51:2b:70:a7:b9:e4:
         93:f2:94:a4:70:0a:32:b5:5a:7e:28:a7:f7:87:ef:a3:29:eb:
         ed:9c:bd:7a:cb:4b:01:0e:e3:1c:eb:f2:45:7a:ca:f8:1f:88:
         34:8c:a8:a7:bc:cc:b6:0c:62:22:39:1a:b8:fc:37:ba:fb:e1:
         99:89:4c:2d:da:75:57:d6:5e:bd:27:a7:cd:69:6c:7e:22:88:
         d0:7c:6e:e7:73:82:3f:2b:9e:a0:ef:4f:7d:61:42:27:13:20:
         50:9d:e9:39:2a:5c:cd:71:35:4c:32:03:a2:a6:be:1e:a2:ff:
         e0:3f:c9:33:c6:31:3f:f6:18:6a:53:c3:28:1b:c2:90:0c:ed:
         77:29:96:14
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYnfNPrM2/Tq/22hARkbnx/TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjMDNhMmNhZjI5ODAxOWZiZDY2ODYyMTUxNmM4YzZlMWQx
MGU4M2MwHhcNMjMwODEwMTEyODU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTdiNDEyNzZiZGIzNWQ3NWZiMmZmNmY5NGI1ZTkwYWNiOTE4YWJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiqzJ3433TQArfvNvyvsdYIEI88Aa
lAAUb5/OpVdSRohWudx+k8XZEtI0vHbLhmyXL5nO8+hFa5j8BA9ZOq7iMc1CrIec
CV0R/OKoBvjiBq9tHQiXlAtdYfAgZQ2e1gaiCLk7VcnAplKqJB9ZztHmpPYNoR82
m5Cog0EzTZhVz/Z5iGW3KMg9NY43MRsE59IDIMnTtbsg6vrn41ch92SsGC+DlFyC
4Q++xuR0DO3C2FNYPe5OuAWveZndavGbQXA5PpVnyNGLYF1EZwCJbT0pExBU2jBk
yrK3ZNF9kEjE4fIAI8rmBIWu1V8IVr60KaAsR4BkuNWx/Ct5GCgFK0HpdQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFCp7QSdr2zXXX7L/b5S16QrLkYq+MB8GA1UdIwQY
MBaAFGwDosrymAGfvWaGIVFsjG4dEOg8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkFPaXl2S1lBWi05Wm9ZaFVXeU1iaDBRNkR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny8xNmI4ZTQtMTI1My00ZDllLWJkNDkt
ZmMzN2ZiMGNkNDNiLzEvS250QkoydmJOZGRmc3Y5dmxMWHBDc3VSaXI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny8xNmI4ZTQtMTI1My00ZDllLWJkNDktZmMzN2ZiMGNkNDNi
LzEvYkFPaXl2S1lBWi05Wm9ZaFVXeU1iaDBRNkR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQDLXIIAwQC
LZFoAwQBW4RyAwQBZzVSAwQCZzXYAwQCZ/C0AwQCwRPMAwQAwRy2AwQAwRy/AwQA
wRzKAwQAwRztMA0GCSqGSIb3DQEBCwUAA4IBAQC3oNwsBeoW3ZIh7EHh/dIEe8zT
yuRMhQM7+XaBg3bV55/dXd3X0l6fFOA9bonDZJLUMvvWveM96Hp6mrAnjP9eAdu6
VcPNGs4Ra/CRNUQKqmvSclcoMyGjx2mxJhAhUiqC5YwOphH8XEE3UywZhYcLM7mM
6fbL3mJRK3CnueST8pSkcAoytVp+KKf3h++jKevtnL16y0sBDuMc6/JFesr4H4g0
jKinvMy2DGIiORq4/De6++GZiUwt2nVX1l69J6fNaWx+IojQfG7nc4I/K56g7099
YUInEyBQnek5KlzNcTVMMgOipr4eov/gP8kzxjE/9hhqU8MoG8KQDO13KZYU
-----END CERTIFICATE-----