Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/732a87-4db0-4ef1-bafb-ac4016120cb9/1/KyECT3YBJEAa4a3mNd0iFQ_D-pY.roa
File:                     KyECT3YBJEAa4a3mNd0iFQ_D-pY.roa (raw, json)
Hash identifier:          U7eQ6I+lje0RLeM9JhuOp9U+Oo6Jf5AkURBVRjOI6vo=
Subject key identifier:   2B:21:02:4F:76:01:24:40:1A:E1:AD:E6:35:DD:22:15:0F:C3:FA:96
Certificate issuer:       /CN=f7b50c7e81d8cf264d1209b6ad5a3ccb82c16fdd
Certificate serial:       0187309FC3F8185F15E84155CDD1051A8E78
Authority key identifier: F7:B5:0C:7E:81:D8:CF:26:4D:12:09:B6:AD:5A:3C:CB:82:C1:6F:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/97UMfoHYzyZNEgm2rVo8y4LBb90.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/732a87-4db0-4ef1-bafb-ac4016120cb9/1/KyECT3YBJEAa4a3mNd0iFQ_D-pY.roa
Signing time:             Thu 30 Mar 2023 03:46:29 +0000
ROA not before:           Thu 30 Mar 2023 03:46:29 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     63473
IP address blocks:        45.132.74.0/24 maxlen: 24
                          45.132.75.0/24 maxlen: 24
                          185.223.207.0/24 maxlen: 24
                          45.91.95.0/24 maxlen: 24
                          45.91.92.0/24 maxlen: 24
                          45.91.93.0/24 maxlen: 24
                          45.91.94.0/24 maxlen: 24
                          109.205.61.0/24 maxlen: 24
                          2a0e:dc0:4::/48 maxlen: 48
                          2a0e:dc0:5::/48 maxlen: 48
                          2a0e:dc0:8::/48 maxlen: 48
                          2a0e:dc0:3::/48 maxlen: 48
                          2a0e:dc0:9::/48 maxlen: 48
                          2a0e:dc0:6::/48 maxlen: 48

Validation:               Failed, certificate revoked on Thu 30 Mar 2023 12:54:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:30:9f:c3:f8:18:5f:15:e8:41:55:cd:d1:05:1a:8e:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f7b50c7e81d8cf264d1209b6ad5a3ccb82c16fdd
        Validity
            Not Before: Mar 30 03:46:29 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2b21024f760124401ae1ade635dd22150fc3fa96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:88:73:1a:71:4d:40:86:69:c2:0e:38:78:48:
                    52:57:59:c3:07:69:d4:58:f0:48:c7:57:ee:35:48:
                    a6:1b:fc:b0:4d:0f:00:0e:27:02:fd:4e:b6:03:3c:
                    bc:6e:9b:b1:dc:74:01:67:33:e5:65:ea:f9:fa:d4:
                    8c:b7:25:52:2e:e1:28:e9:7e:03:cd:2c:b4:40:b2:
                    60:f7:83:ef:f9:e9:1d:53:f8:e9:93:2b:0d:15:aa:
                    b8:70:a0:71:7d:04:8d:2c:1f:21:e7:f6:13:f2:f9:
                    92:ac:dc:43:43:b4:94:64:19:ec:96:2d:f5:b2:ab:
                    51:58:69:d4:e5:c8:bf:b9:0d:16:a2:64:5d:7a:ce:
                    e9:9d:a8:e5:70:1d:04:f5:bd:27:13:4c:9a:c5:08:
                    a1:06:b5:cc:31:da:1f:79:a7:ce:38:a3:3e:03:71:
                    7b:93:f1:c1:d7:3f:e7:29:a1:d2:bd:e2:e6:59:50:
                    97:eb:78:1c:44:eb:00:b5:56:30:2b:4b:0a:52:90:
                    ef:df:5d:5c:f7:78:1b:89:12:37:85:79:dd:23:4f:
                    ff:4c:50:b8:8b:b4:a9:80:4d:9d:f9:15:c0:ad:35:
                    c4:a7:2f:fd:95:c4:ae:b0:3a:39:d5:a1:8c:d1:eb:
                    3c:df:13:79:0e:8b:83:39:62:83:a0:c3:96:c9:61:
                    ef:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:21:02:4F:76:01:24:40:1A:E1:AD:E6:35:DD:22:15:0F:C3:FA:96
            X509v3 Authority Key Identifier:
                keyid:F7:B5:0C:7E:81:D8:CF:26:4D:12:09:B6:AD:5A:3C:CB:82:C1:6F:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/97UMfoHYzyZNEgm2rVo8y4LBb90.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/732a87-4db0-4ef1-bafb-ac4016120cb9/1/KyECT3YBJEAa4a3mNd0iFQ_D-pY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/732a87-4db0-4ef1-bafb-ac4016120cb9/1/97UMfoHYzyZNEgm2rVo8y4LBb90.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.92.0/22
                  45.132.74.0/23
                  109.205.61.0/24
                  185.223.207.0/24
                IPv6:
                  2a0e:dc0:3::-2a0e:dc0:6:ffff:ffff:ffff:ffff:ffff
                  2a0e:dc0:8::/47

    Signature Algorithm: sha256WithRSAEncryption
         1f:0d:f4:01:dd:e0:52:a6:16:ff:b8:9a:b5:c2:60:78:19:17:
         fc:d2:e5:c8:5c:06:a0:d9:a2:00:b7:fa:52:08:1d:7f:bd:98:
         dd:0c:f6:10:88:e4:54:58:a1:ce:39:46:68:52:1c:f8:b3:ff:
         20:e5:cb:f7:1e:13:45:fc:eb:a3:09:87:50:40:8a:36:a1:f0:
         6e:76:6a:cb:f1:34:95:8f:72:0e:02:45:aa:a4:d6:8f:9c:d3:
         f7:cc:13:89:8a:aa:32:b0:c3:da:00:60:6c:63:35:52:b6:6c:
         55:b9:b5:e3:07:0e:05:3a:b3:14:0d:9b:ad:c1:22:b5:cf:f5:
         44:7a:c4:4b:ac:44:c6:22:e3:cc:7a:23:a2:a6:9e:d1:39:88:
         c5:21:b0:1b:c9:bd:af:e5:ce:b0:0b:9f:1d:83:ad:f6:6c:be:
         d0:6e:44:20:57:37:57:e0:b2:64:c3:1b:b9:e9:ca:7c:b7:bc:
         41:87:c2:c8:70:ce:44:b1:22:64:63:7f:29:2e:9a:50:c1:c0:
         b3:00:38:a1:97:f9:1f:bb:da:c9:8f:a4:56:df:e9:dd:e8:2c:
         2e:8d:25:e7:68:e7:28:79:c7:20:e2:b2:4c:eb:c5:cf:40:a0:
         fb:bd:db:87:03:1a:84:95:8c:f5:28:a7:16:35:3d:16:bc:a3:
         f4:ca:c3:c4
-----BEGIN CERTIFICATE-----
MIIFNDCCBBygAwIBAgISAYcwn8P4GF8V6EFVzdEFGo54MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3YjUwYzdlODFkOGNmMjY0ZDEyMDliNmFkNWEzY2NiODJj
MTZmZGQwHhcNMjMwMzMwMDM0NjI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjIxMDI0Zjc2MDEyNDQwMWFlMWFkZTYzNWRkMjIxNTBmYzNmYTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx4hzGnFNQIZpwg44eEhSV1nDB2nU
WPBIx1fuNUimG/ywTQ8ADicC/U62Azy8bpux3HQBZzPlZer5+tSMtyVSLuEo6X4D
zSy0QLJg94Pv+ekdU/jpkysNFaq4cKBxfQSNLB8h5/YT8vmSrNxDQ7SUZBnsli31
sqtRWGnU5ci/uQ0WomRdes7pnajlcB0E9b0nE0yaxQihBrXMMdofeafOOKM+A3F7
k/HB1z/nKaHSveLmWVCX63gcROsAtVYwK0sKUpDv311c93gbiRI3hXndI0//TFC4
i7SpgE2d+RXArTXEpy/9lcSusDo51aGM0es83xN5DouDOWKDoMOWyWHvfwIDAQAB
o4ICQDCCAjwwHQYDVR0OBBYEFCshAk92ASRAGuGt5jXdIhUPw/qWMB8GA1UdIwQY
MBaAFPe1DH6B2M8mTRIJtq1aPMuCwW/dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTdVTWZvSFl6eVpORWdtMnJWbzh5NExCYjkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi83MzJhODctNGRiMC00ZWYxLWJhZmIt
YWM0MDE2MTIwY2I5LzEvS3lFQ1QzWUJKRUFhNGEzbU5kMGlGUV9ELXBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi83MzJhODctNGRiMC00ZWYxLWJhZmItYWM0MDE2MTIwY2I5
LzEvOTdVTWZvSFl6eVpORWdtMnJWbzh5NExCYjkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFYGCCsGAQUFBwEHAQH/BEcwRTAeBAIAATAYAwQCLVtcAwQB
LYRKAwQAbc09AwQAud/PMCMEAgACMB0wEgMHACoODcAAAwMHACoODcAABgMHASoO
DcAACDANBgkqhkiG9w0BAQsFAAOCAQEAHw30Ad3gUqYW/7iatcJgeBkX/NLlyFwG
oNmiALf6Uggdf72Y3Qz2EIjkVFihzjlGaFIc+LP/IOXL9x4TRfzrowmHUECKNqHw
bnZqy/E0lY9yDgJFqqTWj5zT98wTiYqqMrDD2gBgbGM1UrZsVbm14wcOBTqzFA2b
rcEitc/1RHrES6xExiLjzHojoqae0TmIxSGwG8m9r+XOsAufHYOt9my+0G5EIFc3
V+CyZMMbuenKfLe8QYfCyHDORLEiZGN/KS6aUMHAswA4oZf5H7vayY+kVt/p3egs
Lo0l52jnKHnHIOKyTOvFz0Cg+73bhwMahJWM9SinFjU9Fryj9MrDxA==
-----END CERTIFICATE-----