Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/63eb42-a0e1-4f1c-bcc9-87524014dbfb/1/COKNtUx1qp1s7oEBXBOkev9TfS4.roa
File:                     COKNtUx1qp1s7oEBXBOkev9TfS4.roa (raw, json)
Hash identifier:          esHCusKa4epFtme9iJRxtx4goC03A2Yn/L+KBH9Hrl8=
Subject key identifier:   08:E2:8D:B5:4C:75:AA:9D:6C:EE:81:01:5C:13:A4:7A:FF:53:7D:2E
Certificate issuer:       /CN=2c571d688aa503a2e566bbc876df0ba455c577ed
Certificate serial:       018737D230F9893C760E753C0705DC3D78F8
Authority key identifier: 2C:57:1D:68:8A:A5:03:A2:E5:66:BB:C8:76:DF:0B:A4:55:C5:77:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LFcdaIqlA6LlZrvIdt8LpFXFd-0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/63eb42-a0e1-4f1c-bcc9-87524014dbfb/1/COKNtUx1qp1s7oEBXBOkev9TfS4.roa
Signing time:             Fri 31 Mar 2023 13:18:54 +0000
ROA not before:           Fri 31 Mar 2023 13:18:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     15796
IP address blocks:        213.55.206.0/24 maxlen: 24
                          213.55.147.0/24 maxlen: 24
                          213.55.192.0/24 maxlen: 24
                          213.55.193.0/24 maxlen: 24
                          213.55.194.0/24 maxlen: 24
                          213.55.195.0/24 maxlen: 24
                          213.55.128.0/17 maxlen: 24
                          213.55.131.0/24 maxlen: 24
                          213.55.132.0/24 maxlen: 24
                          51.154.0.0/16 maxlen: 16
                          213.55.128.0/24 maxlen: 24
                          213.55.141.0/24 maxlen: 24
                          2a04:ee42:53::/64 maxlen: 64
                          2a04:ee40::/29 maxlen: 29
                          2a04:ee42:2::/64 maxlen: 64
                          2a04:ee40:2000::/35 maxlen: 35
                          2a04:ee42:1::/64 maxlen: 64
                          2a04:ee41:80::/41 maxlen: 41
                          2a04:ee41::/41 maxlen: 41

Validation:               Failed, certificate revoked on Wed 26 Jul 2023 14:26:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:37:d2:30:f9:89:3c:76:0e:75:3c:07:05:dc:3d:78:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c571d688aa503a2e566bbc876df0ba455c577ed
        Validity
            Not Before: Mar 31 13:18:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=08e28db54c75aa9d6cee81015c13a47aff537d2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:a5:15:3e:52:27:35:af:75:a6:8b:a6:c4:d5:
                    98:20:2f:2d:25:7e:97:c3:b4:bc:e8:7d:84:cc:0b:
                    ce:b4:fc:b8:21:6f:93:e9:c3:50:80:fb:68:b8:de:
                    55:63:66:f2:7f:81:75:66:36:f8:b0:a7:0e:27:3d:
                    d9:55:6d:c2:39:d3:0d:6a:9e:6b:00:9e:0d:f8:f1:
                    82:5f:8a:35:1c:de:ea:e3:64:e4:61:b3:87:ab:1e:
                    9f:9a:61:da:e9:8a:4d:33:8b:6f:9f:99:4f:dd:85:
                    69:ca:a7:ae:67:82:34:40:49:f4:4e:66:06:f0:c3:
                    71:c2:93:36:10:f5:7b:c0:ca:4f:3e:d8:2b:86:5e:
                    26:16:7c:51:df:db:44:98:21:2a:2c:72:00:6b:89:
                    e9:ee:28:df:86:38:3b:f9:81:c5:19:af:44:54:c5:
                    cc:c3:2f:87:5f:c0:7a:f4:22:2b:81:35:36:70:34:
                    de:98:13:c5:7c:38:f4:9f:04:1e:cb:76:16:e5:3e:
                    6c:29:56:40:2b:5b:50:46:d0:c3:f7:af:b8:bf:13:
                    35:51:c1:24:80:bb:54:e1:6b:bc:07:49:7f:8b:35:
                    82:bd:52:10:04:80:7b:72:91:8f:1c:93:ec:ab:15:
                    d7:7b:89:6e:66:69:30:ad:5b:52:73:ad:60:e1:a6:
                    5b:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:E2:8D:B5:4C:75:AA:9D:6C:EE:81:01:5C:13:A4:7A:FF:53:7D:2E
            X509v3 Authority Key Identifier:
                keyid:2C:57:1D:68:8A:A5:03:A2:E5:66:BB:C8:76:DF:0B:A4:55:C5:77:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LFcdaIqlA6LlZrvIdt8LpFXFd-0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/63eb42-a0e1-4f1c-bcc9-87524014dbfb/1/COKNtUx1qp1s7oEBXBOkev9TfS4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/63eb42-a0e1-4f1c-bcc9-87524014dbfb/1/LFcdaIqlA6LlZrvIdt8LpFXFd-0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.154.0.0/16
                  213.55.128.0/17
                IPv6:
                  2a04:ee40::/29

    Signature Algorithm: sha256WithRSAEncryption
         5b:ae:fb:24:7a:97:2b:5c:22:43:8d:9e:43:dd:46:a6:ba:4f:
         3f:17:3b:96:d3:49:db:d8:c0:a5:11:27:fa:25:f0:79:1e:74:
         23:3a:0b:56:ce:b4:8a:ae:d7:52:55:f8:8d:29:4f:0c:da:b6:
         98:97:a9:37:b5:7d:d1:24:6e:0e:f2:a4:28:a1:a3:9b:cf:e9:
         6f:eb:a8:7b:c2:16:bd:21:a1:63:31:79:c4:31:20:c7:0c:42:
         ee:a1:0e:94:32:2e:1b:5d:18:5e:e4:c2:6c:7f:eb:0e:78:3e:
         cd:5c:c4:7b:79:d1:3a:14:fa:c5:df:99:ee:ea:f9:94:d3:cb:
         2d:28:62:9f:50:e0:4b:ba:1e:9b:93:fb:89:72:19:1f:5c:dd:
         ce:38:6d:20:e2:bb:eb:d5:b1:74:1c:2d:9e:22:b9:64:f0:e3:
         5e:82:e4:58:25:5f:79:b0:66:57:01:72:08:47:e4:82:fd:15:
         fa:18:41:7f:cc:bd:ea:88:13:45:3c:82:0b:4b:b7:59:2b:11:
         f7:18:86:44:5e:d7:c8:28:21:63:47:74:d1:60:10:2c:1c:00:
         ca:28:36:c5:1d:8f:45:ea:2c:da:b3:da:d3:18:8b:61:ac:c2:
         82:c2:b7:65:f8:fe:6b:36:55:cd:ca:10:ec:06:86:e1:7e:48:
         f5:56:29:c1
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYc30jD5iTx2DnU8BwXcPXj4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjNTcxZDY4OGFhNTAzYTJlNTY2YmJjODc2ZGYwYmE0NTVj
NTc3ZWQwHhcNMjMwMzMxMTMxODU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGUyOGRiNTRjNzVhYTlkNmNlZTgxMDE1YzEzYTQ3YWZmNTM3ZDJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnaUVPlInNa91poumxNWYIC8tJX6X
w7S86H2EzAvOtPy4IW+T6cNQgPtouN5VY2byf4F1Zjb4sKcOJz3ZVW3COdMNap5r
AJ4N+PGCX4o1HN7q42TkYbOHqx6fmmHa6YpNM4tvn5lP3YVpyqeuZ4I0QEn0TmYG
8MNxwpM2EPV7wMpPPtgrhl4mFnxR39tEmCEqLHIAa4np7ijfhjg7+YHFGa9EVMXM
wy+HX8B69CIrgTU2cDTemBPFfDj0nwQey3YW5T5sKVZAK1tQRtDD96+4vxM1UcEk
gLtU4Wu8B0l/izWCvVIQBIB7cpGPHJPsqxXXe4luZmkwrVtSc61g4aZbPQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFAjijbVMdaqdbO6BAVwTpHr/U30uMB8GA1UdIwQY
MBaAFCxXHWiKpQOi5Wa7yHbfC6RVxXftMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEZjZGFJcWxBNkxsWnJ2SWR0OExwRlhGZC0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy82M2ViNDItYTBlMS00ZjFjLWJjYzkt
ODc1MjQwMTRkYmZiLzEvQ09LTnRVeDFxcDFzN29FQlhCT2tldjlUZlM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy82M2ViNDItYTBlMS00ZjFjLWJjYzktODc1MjQwMTRkYmZi
LzEvTEZjZGFJcWxBNkxsWnJ2SWR0OExwRlhGZC0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjARBAIAATALAwMAM5oDBAfV
N4AwDQQCAAIwBwMFAyoE7kAwDQYJKoZIhvcNAQELBQADggEBAFuu+yR6lytcIkON
nkPdRqa6Tz8XO5bTSdvYwKURJ/ol8HkedCM6C1bOtIqu11JV+I0pTwzatpiXqTe1
fdEkbg7ypCiho5vP6W/rqHvCFr0hoWMxecQxIMcMQu6hDpQyLhtdGF7kwmx/6w54
Ps1cxHt50ToU+sXfme7q+ZTTyy0oYp9Q4Eu6HpuT+4lyGR9c3c44bSDiu+vVsXQc
LZ4iuWTw416C5FglX3mwZlcBcghH5IL9FfoYQX/MveqIE0U8ggtLt1krEfcYhkRe
18goIWNHdNFgECwcAMooNsUdj0XqLNqz2tMYi2GswoLCt2X4/ms2Vc3KEOwGhuF+
SPVWKcE=
-----END CERTIFICATE-----