Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/2d5bdf-5265-49b8-8afe-2b920bde3990/1/RnMKl3PKkL8GPGb5gp03jXJHG8U.roa
File:                     RnMKl3PKkL8GPGb5gp03jXJHG8U.roa (raw, json)
Hash identifier:          S+oUJK/8cjpep+wLRFH+C5azbggignmRTESOei/IguA=
Subject key identifier:   46:73:0A:97:73:CA:90:BF:06:3C:66:F9:82:9D:37:8D:72:47:1B:C5
Certificate issuer:       /CN=f51369ccbf86b1e84e1aeb46e6d336d39f752ae7
Certificate serial:       018A41BE98A426CB4CEACEAB407B802846C3
Authority key identifier: F5:13:69:CC:BF:86:B1:E8:4E:1A:EB:46:E6:D3:36:D3:9F:75:2A:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9RNpzL-GsehOGutG5tM20591Kuc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/2d5bdf-5265-49b8-8afe-2b920bde3990/1/RnMKl3PKkL8GPGb5gp03jXJHG8U.roa
Signing time:             Tue 29 Aug 2023 14:42:04 +0000
ROA not before:           Tue 29 Aug 2023 14:42:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     21155
IP address blocks:        91.216.162.0/24 maxlen: 24
                          81.4.112.0/22 maxlen: 22
                          81.4.116.0/22 maxlen: 22
                          81.4.64.0/19 maxlen: 19
                          185.95.68.0/22 maxlen: 22
                          81.4.96.0/22 maxlen: 22
                          193.93.172.0/22 maxlen: 22
                          91.142.240.0/20 maxlen: 20
                          85.158.248.0/21 maxlen: 21
                          80.84.224.0/19 maxlen: 19
                          193.242.119.0/24 maxlen: 24
                          83.96.128.0/17 maxlen: 17
                          91.205.32.0/22 maxlen: 22
                          2001:828::/32 maxlen: 32

Validation:               Failed, certificate revoked on Fri 15 Dec 2023 10:43:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:41:be:98:a4:26:cb:4c:ea:ce:ab:40:7b:80:28:46:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f51369ccbf86b1e84e1aeb46e6d336d39f752ae7
        Validity
            Not Before: Aug 29 14:42:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=46730a9773ca90bf063c66f9829d378d72471bc5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:ec:a6:2e:f6:0e:b7:bd:e8:3a:e5:c6:73:40:
                    d7:50:a3:c8:42:8b:e7:51:c3:ee:8b:b2:54:07:22:
                    ed:a3:64:6c:9b:12:df:3a:7c:bb:6d:b4:c5:ab:d9:
                    6f:0b:40:c3:70:f7:8a:a5:58:1e:c8:eb:05:2c:27:
                    18:ef:58:31:41:a9:73:aa:b6:6d:52:0e:7a:23:86:
                    39:d1:ac:f8:73:78:3c:57:e2:1f:b5:99:b8:45:e5:
                    0a:d3:cf:f2:a8:bf:ce:b1:5f:7d:4b:8d:79:c8:94:
                    9a:8e:bc:01:99:96:7a:0c:9d:44:89:7b:bd:ce:45:
                    85:b5:63:13:f3:23:1c:1e:b0:38:cd:5d:48:bf:3b:
                    c6:00:49:2d:a5:2e:e1:cc:b1:ea:bc:35:75:a2:34:
                    d0:ad:e5:a8:b1:ac:d5:4f:12:ef:82:3c:65:70:91:
                    1a:8c:a8:90:f6:44:f3:7b:09:2c:7f:1c:7b:57:2f:
                    87:c1:df:4f:2c:00:77:09:78:a5:77:bd:92:be:f6:
                    b4:1d:37:8f:6d:10:7d:d0:96:6d:b5:e0:2a:9a:8f:
                    01:ef:21:e9:ce:2b:9b:c8:fb:77:97:6c:00:9f:c5:
                    49:a0:be:a4:c5:eb:94:40:66:68:14:7e:55:dc:5e:
                    23:cc:5c:78:47:9a:9e:a3:49:54:1c:3b:72:cc:f9:
                    71:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:73:0A:97:73:CA:90:BF:06:3C:66:F9:82:9D:37:8D:72:47:1B:C5
            X509v3 Authority Key Identifier:
                keyid:F5:13:69:CC:BF:86:B1:E8:4E:1A:EB:46:E6:D3:36:D3:9F:75:2A:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9RNpzL-GsehOGutG5tM20591Kuc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/2d5bdf-5265-49b8-8afe-2b920bde3990/1/RnMKl3PKkL8GPGb5gp03jXJHG8U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/2d5bdf-5265-49b8-8afe-2b920bde3990/1/9RNpzL-GsehOGutG5tM20591Kuc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.84.224.0/19
                  81.4.64.0-81.4.99.255
                  81.4.112.0/21
                  83.96.128.0/17
                  85.158.248.0/21
                  91.142.240.0/20
                  91.205.32.0/22
                  91.216.162.0/24
                  185.95.68.0/22
                  193.93.172.0/22
                  193.242.119.0/24
                IPv6:
                  2001:828::/32

    Signature Algorithm: sha256WithRSAEncryption
         a1:c4:93:75:05:0c:4b:c3:42:14:fa:e6:62:9b:2b:dc:71:32:
         2d:90:84:d8:52:96:29:73:59:d0:60:28:f5:02:21:1d:c6:b5:
         7a:47:92:64:3a:f0:8e:2b:85:a0:ae:1c:98:31:cd:38:07:e9:
         ef:c3:82:bd:d3:27:dd:0d:0e:0c:60:73:ac:6a:59:39:ef:bd:
         08:25:6c:ec:a7:a4:20:de:99:a0:2a:bd:38:5f:c7:d7:33:33:
         14:11:d8:7f:01:06:fc:fa:c3:83:0a:00:fc:20:b3:e1:aa:19:
         07:19:9a:60:a0:00:53:90:d2:bd:0b:56:b5:cd:b1:ef:59:b5:
         4c:2d:cd:d0:d9:ce:b6:9f:1e:27:5a:6e:f0:f7:73:64:6b:a1:
         89:49:72:18:72:e8:20:f4:a9:0c:b7:ef:7f:e9:f2:94:eb:bd:
         2d:d8:a3:47:9e:b8:fd:60:ce:ce:35:0e:a2:76:af:87:4e:e3:
         a2:ec:08:53:90:46:74:a9:a8:c2:48:0e:30:1a:43:10:d9:de:
         da:5c:30:18:ff:48:fc:97:9c:df:79:ad:a1:a6:4b:05:d0:c4:
         39:18:25:2c:34:fe:e3:e3:f8:59:03:7d:7f:d7:98:94:a2:28:
         a0:09:f6:46:10:32:df:dc:12:0c:11:cc:8f:1b:28:8d:6a:c1:
         4a:d6:33:82
-----BEGIN CERTIFICATE-----
MIIFUDCCBDigAwIBAgISAYpBvpikJstM6s6rQHuAKEbDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1MTM2OWNjYmY4NmIxZTg0ZTFhZWI0NmU2ZDMzNmQzOWY3
NTJhZTcwHhcNMjMwODI5MTQ0MjA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjczMGE5NzczY2E5MGJmMDYzYzY2Zjk4MjlkMzc4ZDcyNDcxYmM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApOymLvYOt73oOuXGc0DXUKPIQovn
UcPui7JUByLto2RsmxLfOny7bbTFq9lvC0DDcPeKpVgeyOsFLCcY71gxQalzqrZt
Ug56I4Y50az4c3g8V+IftZm4ReUK08/yqL/OsV99S415yJSajrwBmZZ6DJ1EiXu9
zkWFtWMT8yMcHrA4zV1IvzvGAEktpS7hzLHqvDV1ojTQreWosazVTxLvgjxlcJEa
jKiQ9kTzewksfxx7Vy+Hwd9PLAB3CXild72Svva0HTePbRB90JZtteAqmo8B7yHp
ziubyPt3l2wAn8VJoL6kxeuUQGZoFH5V3F4jzFx4R5qeo0lUHDtyzPlxRwIDAQAB
o4ICXDCCAlgwHQYDVR0OBBYEFEZzCpdzypC/Bjxm+YKdN41yRxvFMB8GA1UdIwQY
MBaAFPUTacy/hrHoThrrRubTNtOfdSrnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVJOcHpMLUdzZWhPR3V0RzV0TTIwNTkxS3VjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi8yZDViZGYtNTI2NS00OWI4LThhZmUt
MmI5MjBiZGUzOTkwLzEvUm5NS2wzUEtrTDhHUEdiNWdwMDNqWEpIRzhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi8yZDViZGYtNTI2NS00OWI4LThhZmUtMmI5MjBiZGUzOTkw
LzEvOVJOcHpMLUdzZWhPR3V0RzV0TTIwNTkxS3VjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHIGCCsGAQUFBwEHAQH/BGMwYTBQBAIAATBKAwQFUFTgMAwD
BAZRBEADBAJRBGADBANRBHADBAdTYIADBANVnvgDBARbjvADBAJbzSADBABb2KID
BAK5X0QDBALBXawDBADB8ncwDQQCAAIwBwMFACABCCgwDQYJKoZIhvcNAQELBQAD
ggEBAKHEk3UFDEvDQhT65mKbK9xxMi2QhNhSlilzWdBgKPUCIR3GtXpHkmQ68I4r
haCuHJgxzTgH6e/Dgr3TJ90NDgxgc6xqWTnvvQglbOynpCDemaAqvThfx9czMxQR
2H8BBvz6w4MKAPwgs+GqGQcZmmCgAFOQ0r0LVrXNse9ZtUwtzdDZzrafHidabvD3
c2RroYlJchhy6CD0qQy373/p8pTrvS3Yo0eeuP1gzs41DqJ2r4dO46LsCFOQRnSp
qMJIDjAaQxDZ3tpcMBj/SPyXnN95raGmSwXQxDkYJSw0/uPj+FkDfX/XmJSiKKAJ
9kYQMt/cEgwRzI8bKI1qwUrWM4I=
-----END CERTIFICATE-----