Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/zkaTtwv5dd__jtfZxRyzhmxHMiw.roa
File:                     zkaTtwv5dd__jtfZxRyzhmxHMiw.roa (raw, json)
Hash identifier:          rsLGMRNUGu6Kx4L+Z7Nn9InjFVSp3JjCtlcXKPbE95s=
Subject key identifier:   CE:46:93:B7:0B:F9:75:DF:FF:8E:D7:D9:C5:1C:B3:86:6C:47:32:2C
Certificate issuer:       /CN=4a644c1156851803f37adeec0876ccf989d5aef0
Certificate serial:       018572BA6F3BE298ED0421E16D3621D3F07A
Authority key identifier: 4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/zkaTtwv5dd__jtfZxRyzhmxHMiw.roa
Signing time:             Mon 02 Jan 2023 13:44:58 +0000
ROA not before:           Mon 02 Jan 2023 13:44:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     56382
IP address blocks:        45.152.125.0/24 maxlen: 24
                          45.152.127.0/24 maxlen: 24
                          45.152.126.0/24 maxlen: 24
                          2a0f:5700:1220::/44 maxlen: 44
                          2a0f:5702::/32 maxlen: 48
                          2a0f:5701:fe80::/48 maxlen: 48
                          2a0f:5707:fe80::/48 maxlen: 48
                          2a0f:5700::/32 maxlen: 48
                          2a0f:5700:fe80::/48 maxlen: 48
                          2a0f:5707:ffff::/48 maxlen: 48
                          2a0f:5701:fe01::/48 maxlen: 48
                          2a0f:5701:1220::/44 maxlen: 44
                          2a0f:5707:1220::/44 maxlen: 44
                          2a0f:5707:aa80::/44 maxlen: 48
                          2a0f:5707:ab80::/44 maxlen: 48

Validation:               Failed, certificate revoked on Wed 15 Mar 2023 09:52:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:ba:6f:3b:e2:98:ed:04:21:e1:6d:36:21:d3:f0:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a644c1156851803f37adeec0876ccf989d5aef0
        Validity
            Not Before: Jan  2 13:44:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ce4693b70bf975dfff8ed7d9c51cb3866c47322c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:67:34:6f:4f:4a:10:f6:f6:3e:96:36:9e:88:
                    92:ca:ae:d4:5c:78:7d:ff:ae:e7:30:79:84:b3:89:
                    5b:af:f7:34:cc:6d:55:b3:e9:55:38:c2:7b:db:34:
                    d8:fa:85:b5:d8:7c:c9:e0:a1:74:81:57:cb:cc:04:
                    9f:48:e1:77:63:32:bf:61:f4:92:9a:9c:f9:13:b0:
                    92:c7:d1:53:ac:94:27:ce:33:7a:69:eb:07:3d:2f:
                    6f:b7:8d:9a:b9:b9:62:88:e3:cb:20:13:49:5d:a9:
                    70:ad:5a:47:81:28:ad:5e:d4:aa:44:22:8e:3c:0c:
                    66:b1:82:c6:57:16:4e:78:72:c5:d9:e6:a2:20:dc:
                    5a:16:82:5e:e9:05:88:02:08:2f:c5:69:db:57:3d:
                    b1:e4:0f:48:e3:5b:8a:61:0b:3a:c8:56:8f:d8:0e:
                    36:d2:ca:b8:d0:28:cb:ac:50:9a:b7:aa:dc:62:39:
                    5a:31:fa:3a:de:d3:ed:25:a7:3f:79:13:6b:bb:44:
                    a8:c3:08:a0:e3:bd:1a:fc:28:7c:82:de:25:e4:3b:
                    e1:88:ad:70:74:1f:33:8c:57:bb:dc:04:1c:64:b5:
                    23:96:38:6c:43:b5:ac:5d:c0:50:e4:0b:5b:a0:54:
                    32:9c:e6:c5:01:ef:39:89:02:06:92:33:4e:87:ad:
                    4e:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:46:93:B7:0B:F9:75:DF:FF:8E:D7:D9:C5:1C:B3:86:6C:47:32:2C
            X509v3 Authority Key Identifier:
                keyid:4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/zkaTtwv5dd__jtfZxRyzhmxHMiw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.125.0-45.152.127.255
                IPv6:
                  2a0f:5700::/32
                  2a0f:5701:1220::/44
                  2a0f:5701:fe01::/48
                  2a0f:5701:fe80::/48
                  2a0f:5702::/32
                  2a0f:5707:1220::/44
                  2a0f:5707:aa80::/44
                  2a0f:5707:ab80::/44
                  2a0f:5707:fe80::/48
                  2a0f:5707:ffff::/48

    Signature Algorithm: sha256WithRSAEncryption
         a9:9b:d0:b0:6a:a3:ae:fc:97:38:a7:bd:06:ee:a5:d9:4e:48:
         d7:bd:6d:d0:23:b1:21:bc:4f:82:1c:63:94:91:db:41:a4:03:
         5a:53:b2:a1:a9:82:c8:d2:0d:bb:ec:bf:5b:c6:cb:5f:7b:16:
         f0:21:87:bc:69:f4:e7:6e:9a:b4:b7:c9:b5:d5:77:22:9d:9c:
         7b:83:c7:38:6a:4b:b4:64:0c:a5:e6:b7:ac:8d:21:cb:1f:ef:
         c0:a3:e7:16:db:19:65:d1:ff:6f:54:f2:ef:b0:c7:7d:b7:d5:
         4f:d4:bd:bb:37:e9:4c:71:6b:b1:ca:15:a5:df:05:e8:f8:6d:
         42:09:0e:fd:d7:d9:53:58:76:bb:bf:d6:f4:49:e1:4a:27:f1:
         f9:12:70:69:05:85:c4:b7:00:f3:70:8f:85:91:bf:78:71:07:
         33:f6:ff:c2:ea:62:9c:6a:bd:8b:5d:c3:3b:b6:0f:c0:97:55:
         98:0a:23:66:37:f1:52:dd:ac:f3:ee:ff:ec:55:34:24:fa:7a:
         fd:86:e3:ad:d3:38:9d:68:6d:be:0d:fc:c8:14:a0:9e:4d:46:
         0a:06:d7:92:eb:0b:60:ae:0e:8f:21:df:e6:36:d9:5f:54:76:
         62:8f:73:c6:f6:dd:dc:e3:5d:3d:00:b5:67:38:43:73:ae:74:
         8d:a4:e9:09
-----BEGIN CERTIFICATE-----
MIIFZDCCBEygAwIBAgISAYVyum874pjtBCHhbTYh0/B6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNjQ0YzExNTY4NTE4MDNmMzdhZGVlYzA4NzZjY2Y5ODlk
NWFlZjAwHhcNMjMwMTAyMTM0NDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTQ2OTNiNzBiZjk3NWRmZmY4ZWQ3ZDljNTFjYjM4NjZjNDczMjJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhGc0b09KEPb2PpY2noiSyq7UXHh9
/67nMHmEs4lbr/c0zG1Vs+lVOMJ72zTY+oW12HzJ4KF0gVfLzASfSOF3YzK/YfSS
mpz5E7CSx9FTrJQnzjN6aesHPS9vt42aubliiOPLIBNJXalwrVpHgSitXtSqRCKO
PAxmsYLGVxZOeHLF2eaiINxaFoJe6QWIAggvxWnbVz2x5A9I41uKYQs6yFaP2A42
0sq40CjLrFCat6rcYjlaMfo63tPtJac/eRNru0Sowwig470a/Ch8gt4l5DvhiK1w
dB8zjFe73AQcZLUjljhsQ7WsXcBQ5AtboFQynObFAe85iQIGkjNOh61OZwIDAQAB
o4ICcDCCAmwwHQYDVR0OBBYEFM5Gk7cL+XXf/47X2cUcs4ZsRzIsMB8GA1UdIwQY
MBaAFEpkTBFWhRgD83re7Ah2zPmJ1a7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3Mzkt
Y2MxYzliNWY2NjQwLzEvemthVHR3djVkZF9fanRmWnhSeXpobXhITWl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3MzktY2MxYzliNWY2NjQw
LzEvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGFBggrBgEFBQcBBwEB/wR2MHQwFAQCAAEwDjAMAwQALZh9
AwQHLZgAMFwEAgACMFYDBQAqD1cAAwcEKg9XARIgAwcAKg9XAf4BAwcAKg9XAf6A
AwUAKg9XAgMHBCoPVwcSIAMHBCoPVweqgAMHBCoPVwergAMHACoPVwf+gAMHACoP
Vwf//zANBgkqhkiG9w0BAQsFAAOCAQEAqZvQsGqjrvyXOKe9Bu6l2U5I171t0COx
IbxPghxjlJHbQaQDWlOyoamCyNINu+y/W8bLX3sW8CGHvGn0526atLfJtdV3Ip2c
e4PHOGpLtGQMpea3rI0hyx/vwKPnFtsZZdH/b1Ty77DHfbfVT9S9uzfpTHFrscoV
pd8F6PhtQgkO/dfZU1h2u7/W9EnhSifx+RJwaQWFxLcA83CPhZG/eHEHM/b/wupi
nGq9i13DO7YPwJdVmAojZjfxUt2s8+7/7FU0JPp6/YbjrdM4nWhtvg38yBSgnk1G
CgbXkusLYK4OjyHf5jbZX1R2Yo9zxvbd3ONdPQC1ZzhDc650jaTpCQ==
-----END CERTIFICATE-----