Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/2406ab-3bcb-41bc-a942-368608385883/1/ETzaKcYL3G-wD7WswOMuHgV7P5A.roa
File:                     ETzaKcYL3G-wD7WswOMuHgV7P5A.roa (raw, json)
Hash identifier:          MdUl/4fdqcljEFMDXoFQZVhk8jDRWLb8a3FMUADJdzc=
Subject key identifier:   11:3C:DA:29:C6:0B:DC:6F:B0:0F:B5:AC:C0:E3:2E:1E:05:7B:3F:90
Certificate issuer:       /CN=c0747fbe26c9cdd7628adfedb57b78be8de75e29
Certificate serial:       01892CCC73CE6CD0A4C9F0405737E0B560B4
Authority key identifier: C0:74:7F:BE:26:C9:CD:D7:62:8A:DF:ED:B5:7B:78:BE:8D:E7:5E:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wHR_vibJzddiit_ttXt4vo3nXik.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/2406ab-3bcb-41bc-a942-368608385883/1/ETzaKcYL3G-wD7WswOMuHgV7P5A.roa
Signing time:             Thu 06 Jul 2023 20:02:23 +0000
ROA not before:           Thu 06 Jul 2023 20:02:23 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     36411
IP address blocks:        2a00:79e1:841::/48 maxlen: 48
                          2a00:79e1:840::/48 maxlen: 48
                          2a00:79e1:2000::/38 maxlen: 38
                          2a00:79e1:3800::/38 maxlen: 38
                          2a00:79e1:2800::/38 maxlen: 38
                          2a00:79e1:3000::/38 maxlen: 38
                          2a00:79e1:3a00::/39 maxlen: 39
                          2a00:79e1:2c00::/39 maxlen: 39
                          2a00:79e1:2000::/35 maxlen: 35
                          2a00:79e1:3200::/39 maxlen: 39
                          2a00:79e1:2a00::/39 maxlen: 39
                          2a00:79e1:3e00::/39 maxlen: 39
                          2a00:79e1:3600::/39 maxlen: 39
                          2a00:79e1:2200::/39 maxlen: 39
                          2a00:79e1:2e00::/39 maxlen: 39
                          2a00:79e1:2400::/39 maxlen: 39
                          2a00:79e1:3c00::/39 maxlen: 39
                          2a00:79e1:3400::/39 maxlen: 39
                          2a00:79e1:2600::/39 maxlen: 39

Validation:               Failed, certificate revoked on Wed 11 Oct 2023 14:01:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:2c:cc:73:ce:6c:d0:a4:c9:f0:40:57:37:e0:b5:60:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c0747fbe26c9cdd7628adfedb57b78be8de75e29
        Validity
            Not Before: Jul  6 20:02:23 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=113cda29c60bdc6fb00fb5acc0e32e1e057b3f90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:2c:cb:07:dc:22:b2:e7:e6:02:37:60:f5:a1:
                    a7:ac:d2:1e:04:89:98:9d:50:7b:34:b7:21:48:3f:
                    75:17:a1:4d:ed:d0:ab:15:b9:99:f7:17:fb:ba:5b:
                    3b:8a:98:69:f0:61:51:64:59:4a:80:a7:6e:f1:bb:
                    08:86:da:4a:41:4e:bf:2b:91:b6:58:68:35:13:ed:
                    e4:58:c2:35:ab:ed:5a:67:38:d9:99:99:9b:1c:42:
                    c3:1a:db:93:bb:90:a6:eb:c2:1f:fb:bb:99:79:91:
                    15:08:b8:61:c3:e2:04:43:d0:c2:26:4d:b8:8e:d4:
                    2c:4d:44:14:14:db:07:79:e7:d9:fe:f5:c8:3a:92:
                    a3:b6:e0:64:0d:c6:b1:ef:6b:73:69:ae:31:0a:92:
                    59:2c:93:5c:95:cb:5d:08:91:02:b0:40:e5:85:a9:
                    3c:16:02:05:4c:eb:97:75:3f:ff:a3:19:3e:d3:23:
                    97:ad:df:5a:dd:5a:0e:a7:59:8e:78:e8:d3:d2:c2:
                    2c:40:82:b5:09:5b:05:41:ec:8e:28:12:95:a5:ed:
                    b8:dd:bf:b5:9f:32:fc:0c:62:d4:0b:5d:60:92:72:
                    df:63:dc:48:b0:84:23:8c:80:73:ad:c7:3c:f3:d8:
                    59:25:77:e6:80:27:b9:61:bb:b9:2f:3e:42:ee:58:
                    3b:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:3C:DA:29:C6:0B:DC:6F:B0:0F:B5:AC:C0:E3:2E:1E:05:7B:3F:90
            X509v3 Authority Key Identifier:
                keyid:C0:74:7F:BE:26:C9:CD:D7:62:8A:DF:ED:B5:7B:78:BE:8D:E7:5E:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wHR_vibJzddiit_ttXt4vo3nXik.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/2406ab-3bcb-41bc-a942-368608385883/1/ETzaKcYL3G-wD7WswOMuHgV7P5A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/2406ab-3bcb-41bc-a942-368608385883/1/wHR_vibJzddiit_ttXt4vo3nXik.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:79e1:840::/47
                  2a00:79e1:2000::/35

    Signature Algorithm: sha256WithRSAEncryption
         30:4b:a7:f6:08:80:6d:20:42:f2:92:a4:47:1f:73:d3:15:f5:
         27:d5:31:51:f8:7d:b7:17:9f:b0:51:8b:1e:6c:9e:61:96:c2:
         81:d7:1f:ca:de:9c:6a:52:2c:e6:75:15:38:28:44:57:12:d2:
         40:94:96:35:58:42:3e:77:b5:d3:99:da:8a:24:21:b6:3e:83:
         a9:b5:49:fe:77:f5:fd:e4:52:b0:fa:be:30:62:8f:7c:24:b5:
         82:c1:43:1a:77:af:2a:ac:d4:32:01:f0:d4:c2:ec:8c:29:6d:
         78:bd:58:b8:77:cf:12:82:07:18:ab:1b:f4:cd:a8:ea:67:a4:
         e3:d7:15:c7:35:bb:60:bb:07:44:77:09:f5:cc:85:78:04:9c:
         c0:b1:f7:99:04:f2:65:62:97:e8:0b:fc:45:a7:86:38:f8:f2:
         f4:24:d6:60:8f:ec:db:26:0a:c9:e7:1d:3b:f3:54:0e:ed:72:
         a4:f6:92:c4:be:c2:d7:5a:7d:45:4e:fa:69:56:38:92:11:de:
         98:0b:48:92:e3:f7:4e:2e:54:cd:5c:42:65:6f:02:48:69:91:
         2e:3e:36:8b:96:28:cf:6b:db:5f:02:38:ff:ca:b0:6c:a0:d4:
         ea:12:43:df:e2:b4:f0:3b:dd:48:5d:79:36:6c:cb:2c:34:f9:
         b4:03:f1:dc
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAYkszHPObNCkyfBAVzfgtWC0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwNzQ3ZmJlMjZjOWNkZDc2MjhhZGZlZGI1N2I3OGJlOGRl
NzVlMjkwHhcNMjMwNzA2MjAwMjIzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTNjZGEyOWM2MGJkYzZmYjAwZmI1YWNjMGUzMmUxZTA1N2IzZjkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzSzLB9wisufmAjdg9aGnrNIeBImY
nVB7NLchSD91F6FN7dCrFbmZ9xf7uls7iphp8GFRZFlKgKdu8bsIhtpKQU6/K5G2
WGg1E+3kWMI1q+1aZzjZmZmbHELDGtuTu5Cm68If+7uZeZEVCLhhw+IEQ9DCJk24
jtQsTUQUFNsHeefZ/vXIOpKjtuBkDcax72tzaa4xCpJZLJNclctdCJECsEDlhak8
FgIFTOuXdT//oxk+0yOXrd9a3VoOp1mOeOjT0sIsQIK1CVsFQeyOKBKVpe243b+1
nzL8DGLUC11gknLfY9xIsIQjjIBzrcc889hZJXfmgCe5Ybu5Lz5C7lg7eQIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFBE82inGC9xvsA+1rMDjLh4Fez+QMB8GA1UdIwQY
MBaAFMB0f74myc3XYorf7bV7eL6N514pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0hSX3ZpYkp6ZGRpaXRfdHRYdDR2bzNuWGlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC8yNDA2YWItM2JjYi00MWJjLWE5NDIt
MzY4NjA4Mzg1ODgzLzEvRVR6YUtjWUwzRy13RDdXc3dPTXVIZ1Y3UDVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC8yNDA2YWItM2JjYi00MWJjLWE5NDItMzY4NjA4Mzg1ODgz
LzEvd0hSX3ZpYkp6ZGRpaXRfdHRYdDR2bzNuWGlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwcBKgB54QhA
AwYFKgB54SAwDQYJKoZIhvcNAQELBQADggEBADBLp/YIgG0gQvKSpEcfc9MV9SfV
MVH4fbcXn7BRix5snmGWwoHXH8renGpSLOZ1FTgoRFcS0kCUljVYQj53tdOZ2ook
IbY+g6m1Sf539f3kUrD6vjBij3wktYLBQxp3ryqs1DIB8NTC7IwpbXi9WLh3zxKC
BxirG/TNqOpnpOPXFcc1u2C7B0R3CfXMhXgEnMCx95kE8mVil+gL/EWnhjj48vQk
1mCP7NsmCsnnHTvzVA7tcqT2ksS+wtdafUVO+mlWOJIR3pgLSJLj904uVM1cQmVv
AkhpkS4+NouWKM9r218COP/KsGyg1OoSQ9/itPA73UhdeTZsyyw0+bQD8dw=
-----END CERTIFICATE-----