Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/2d5bdf-5265-49b8-8afe-2b920bde3990/1/efO3kncEEbYad3pCSxOR_Cq64mo.roa
File:                     efO3kncEEbYad3pCSxOR_Cq64mo.roa (raw, json)
Hash identifier:          gkK+kRH/vC/HloAi4y5wbYVj+lO74HgJaP1CCA9xO9M=
Subject key identifier:   79:F3:B7:92:77:04:11:B6:1A:77:7A:42:4B:13:91:FC:2A:BA:E2:6A
Certificate issuer:       /CN=f51369ccbf86b1e84e1aeb46e6d336d39f752ae7
Certificate serial:       018C6D12A17BA9523E5FB2A8D35271E22AC2
Authority key identifier: F5:13:69:CC:BF:86:B1:E8:4E:1A:EB:46:E6:D3:36:D3:9F:75:2A:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9RNpzL-GsehOGutG5tM20591Kuc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/2d5bdf-5265-49b8-8afe-2b920bde3990/1/efO3kncEEbYad3pCSxOR_Cq64mo.roa
Signing time:             Fri 15 Dec 2023 10:43:06 +0000
ROA not before:           Fri 15 Dec 2023 10:43:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     21155
IP address blocks:        91.216.162.0/24 maxlen: 24
                          81.4.112.0/22 maxlen: 22
                          81.4.116.0/22 maxlen: 22
                          81.4.64.0/19 maxlen: 19
                          185.95.68.0/22 maxlen: 22
                          81.4.96.0/22 maxlen: 22
                          193.93.172.0/22 maxlen: 22
                          91.142.240.0/20 maxlen: 20
                          85.158.252.0/23 maxlen: 23
                          85.158.248.0/21 maxlen: 21
                          85.158.248.0/22 maxlen: 22
                          80.84.224.0/19 maxlen: 19
                          193.242.119.0/24 maxlen: 24
                          83.96.128.0/17 maxlen: 17
                          91.205.32.0/22 maxlen: 22
                          2001:828::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 10:32:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:6d:12:a1:7b:a9:52:3e:5f:b2:a8:d3:52:71:e2:2a:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f51369ccbf86b1e84e1aeb46e6d336d39f752ae7
        Validity
            Not Before: Dec 15 10:43:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=79f3b792770411b61a777a424b1391fc2abae26a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:24:13:69:87:37:9e:a4:03:17:d8:bb:f1:ab:
                    53:dc:e4:c3:7c:6f:e7:1c:cd:65:95:2a:83:55:59:
                    0b:72:e3:ba:90:9e:30:d3:a4:bf:7b:d5:47:49:37:
                    c8:90:a6:9c:42:54:52:21:32:22:b2:ce:31:2c:1b:
                    69:90:45:8f:50:ab:f3:7b:79:69:d7:19:0c:33:63:
                    e3:69:80:53:50:22:32:e2:67:60:25:5b:1c:c9:bd:
                    55:7b:83:00:39:ac:3f:56:90:d4:4c:90:78:cc:82:
                    a9:d5:c3:65:01:f0:c7:59:85:0a:52:d2:1a:58:ce:
                    06:37:0e:48:b1:5c:6e:5a:5d:38:74:4e:24:18:94:
                    6d:30:7a:52:7c:7d:fe:1a:99:2f:5e:5a:fb:39:0f:
                    ae:ce:4e:ed:4d:26:09:f8:fd:59:65:ff:58:23:c9:
                    4c:7a:fb:16:97:8f:a1:5e:54:69:e0:23:f8:22:6a:
                    26:3d:c2:46:72:48:f9:db:f0:3f:71:b8:77:73:4a:
                    16:89:31:02:6e:a9:72:b0:42:42:b0:ad:c3:5f:ca:
                    1a:28:0b:ab:d4:96:56:df:b2:fa:37:ee:7e:72:46:
                    af:35:18:9f:62:b3:ae:bd:65:04:68:8e:72:8b:a4:
                    9b:3f:3d:4e:96:f3:1f:8f:2b:b7:eb:6b:a0:e0:a7:
                    e8:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:F3:B7:92:77:04:11:B6:1A:77:7A:42:4B:13:91:FC:2A:BA:E2:6A
            X509v3 Authority Key Identifier:
                keyid:F5:13:69:CC:BF:86:B1:E8:4E:1A:EB:46:E6:D3:36:D3:9F:75:2A:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9RNpzL-GsehOGutG5tM20591Kuc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/2d5bdf-5265-49b8-8afe-2b920bde3990/1/efO3kncEEbYad3pCSxOR_Cq64mo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/2d5bdf-5265-49b8-8afe-2b920bde3990/1/9RNpzL-GsehOGutG5tM20591Kuc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.84.224.0/19
                  81.4.64.0-81.4.99.255
                  81.4.112.0/21
                  83.96.128.0/17
                  85.158.248.0/21
                  91.142.240.0/20
                  91.205.32.0/22
                  91.216.162.0/24
                  185.95.68.0/22
                  193.93.172.0/22
                  193.242.119.0/24
                IPv6:
                  2001:828::/32

    Signature Algorithm: sha256WithRSAEncryption
         10:da:6d:ec:93:68:34:c3:e7:c6:35:20:98:21:22:10:db:38:
         3b:11:f8:f8:fb:26:d6:1f:94:be:7d:5f:97:a9:f6:df:31:6b:
         0f:fa:ae:37:c8:2f:b3:d3:6a:5a:da:8b:4a:52:06:dd:4d:4b:
         a3:f6:7e:9b:b1:2c:8f:79:61:6e:57:34:cc:3b:9f:d0:a7:44:
         c7:32:cb:75:f8:f5:44:ab:6f:40:f1:4b:71:eb:c9:0a:c9:15:
         43:02:f3:7a:d7:e1:6e:d8:ef:6e:00:65:75:9f:14:e0:2f:d5:
         23:fe:d3:6b:bf:a7:49:28:96:fd:e4:1f:4c:3f:87:33:46:f7:
         a3:75:0c:03:b4:28:62:1e:d5:44:db:d0:d9:9f:05:5a:00:4e:
         6a:99:ad:f1:fb:31:8d:ae:37:c8:45:b3:d2:7d:b5:b7:f8:cc:
         09:63:90:e3:a4:9c:80:c2:91:60:45:25:32:88:89:65:eb:75:
         48:8f:f6:02:a3:2c:b3:a0:23:a4:6e:dd:36:ce:88:25:9c:17:
         75:34:ef:bb:3e:a4:57:fd:4b:52:a4:0d:87:93:ad:dd:a8:5a:
         d5:40:2c:9b:43:2e:3a:b7:57:55:e9:48:6f:e2:45:ec:75:11:
         e6:ff:0f:61:09:de:aa:d8:f8:39:66:ca:79:fb:9e:6d:c4:1c:
         03:b9:01:04
-----BEGIN CERTIFICATE-----
MIIFUDCCBDigAwIBAgISAYxtEqF7qVI+X7Ko01Jx4irCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1MTM2OWNjYmY4NmIxZTg0ZTFhZWI0NmU2ZDMzNmQzOWY3
NTJhZTcwHhcNMjMxMjE1MTA0MzA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OWYzYjc5Mjc3MDQxMWI2MWE3NzdhNDI0YjEzOTFmYzJhYmFlMjZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhiQTaYc3nqQDF9i78atT3OTDfG/n
HM1llSqDVVkLcuO6kJ4w06S/e9VHSTfIkKacQlRSITIiss4xLBtpkEWPUKvze3lp
1xkMM2PjaYBTUCIy4mdgJVscyb1Ve4MAOaw/VpDUTJB4zIKp1cNlAfDHWYUKUtIa
WM4GNw5IsVxuWl04dE4kGJRtMHpSfH3+GpkvXlr7OQ+uzk7tTSYJ+P1ZZf9YI8lM
evsWl4+hXlRp4CP4ImomPcJGckj52/A/cbh3c0oWiTECbqlysEJCsK3DX8oaKAur
1JZW37L6N+5+ckavNRifYrOuvWUEaI5yi6SbPz1OlvMfjyu362ug4KfokwIDAQAB
o4ICXDCCAlgwHQYDVR0OBBYEFHnzt5J3BBG2Gnd6QksTkfwquuJqMB8GA1UdIwQY
MBaAFPUTacy/hrHoThrrRubTNtOfdSrnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVJOcHpMLUdzZWhPR3V0RzV0TTIwNTkxS3VjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi8yZDViZGYtNTI2NS00OWI4LThhZmUt
MmI5MjBiZGUzOTkwLzEvZWZPM2tuY0VFYllhZDNwQ1N4T1JfQ3E2NG1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi8yZDViZGYtNTI2NS00OWI4LThhZmUtMmI5MjBiZGUzOTkw
LzEvOVJOcHpMLUdzZWhPR3V0RzV0TTIwNTkxS3VjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHIGCCsGAQUFBwEHAQH/BGMwYTBQBAIAATBKAwQFUFTgMAwD
BAZRBEADBAJRBGADBANRBHADBAdTYIADBANVnvgDBARbjvADBAJbzSADBABb2KID
BAK5X0QDBALBXawDBADB8ncwDQQCAAIwBwMFACABCCgwDQYJKoZIhvcNAQELBQAD
ggEBABDabeyTaDTD58Y1IJghIhDbODsR+Pj7JtYflL59X5ep9t8xaw/6rjfIL7PT
alrai0pSBt1NS6P2fpuxLI95YW5XNMw7n9CnRMcyy3X49USrb0DxS3HryQrJFUMC
83rX4W7Y724AZXWfFOAv1SP+02u/p0kolv3kH0w/hzNG96N1DAO0KGIe1UTb0Nmf
BVoATmqZrfH7MY2uN8hFs9J9tbf4zAljkOOknIDCkWBFJTKIiWXrdUiP9gKjLLOg
I6Ru3TbOiCWcF3U077s+pFf9S1KkDYeTrd2oWtVALJtDLjq3V1XpSG/iRex1Eeb/
D2EJ3qrY+Dlmynn7nm3EHAO5AQQ=
-----END CERTIFICATE-----