Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/400685-f48e-4ab9-8e3f-042446b70fb1/1/72NI9CpfmcqhBdHp8uEIsBFWIG4.roa
File:                     72NI9CpfmcqhBdHp8uEIsBFWIG4.roa (raw, json)
Hash identifier:          oFIYVKiN6XXex74FJG+EFYcWN6mFX+92xNjoMRWbp2c=
Subject key identifier:   EF:63:48:F4:2A:5F:99:CA:A1:05:D1:E9:F2:E1:08:B0:11:56:20:6E
Certificate issuer:       /CN=c6169716d0ae64068703140aa3730e3788fdd4c6
Certificate serial:       0186E4FC55B07207296283D06B06E867C056
Authority key identifier: C6:16:97:16:D0:AE:64:06:87:03:14:0A:A3:73:0E:37:88:FD:D4:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhaXFtCuZAaHAxQKo3MON4j91MY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/400685-f48e-4ab9-8e3f-042446b70fb1/1/72NI9CpfmcqhBdHp8uEIsBFWIG4.roa
Signing time:             Wed 15 Mar 2023 11:16:27 +0000
ROA not before:           Wed 15 Mar 2023 11:16:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     12679
IP address blocks:        185.192.20.0/23 maxlen: 23
                          45.134.12.0/24 maxlen: 24
                          45.134.15.0/24 maxlen: 24
                          45.134.14.0/24 maxlen: 24
                          212.8.224.0/22 maxlen: 22
                          212.8.229.0/24 maxlen: 24
                          212.8.228.0/24 maxlen: 24
                          2a07:505::/32 maxlen: 32
                          2a0e:7c41::/32 maxlen: 32
                          2a0e:7c45::/32 maxlen: 32
                          2a07:501::/32 maxlen: 32
                          2a0e:7c44::/32 maxlen: 32
                          2a07:504::/32 maxlen: 32
                          2a0e:7c42::/32 maxlen: 32
                          2a07:502::/32 maxlen: 32
                          2a0e:7c43::/32 maxlen: 32
                          2a07:507::/32 maxlen: 32
                          2a0e:7c47::/32 maxlen: 32
                          2a07:506::/32 maxlen: 32
                          2a0e:7c40::/32 maxlen: 32
                          2a07:500::/32 maxlen: 32
                          2a0e:7c46::/32 maxlen: 32
                          2a07:503::/32 maxlen: 32

Validation:               Failed, certificate revoked on Fri 21 Apr 2023 14:41:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:e4:fc:55:b0:72:07:29:62:83:d0:6b:06:e8:67:c0:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c6169716d0ae64068703140aa3730e3788fdd4c6
        Validity
            Not Before: Mar 15 11:16:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ef6348f42a5f99caa105d1e9f2e108b01156206e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:b1:a9:73:fa:01:f2:c8:79:02:42:5b:9c:a8:
                    3f:f4:80:2b:69:d6:bd:6a:79:32:d2:2c:cb:43:03:
                    c0:43:63:da:96:1f:5d:08:01:a0:c8:1e:95:62:2c:
                    c8:ef:c0:28:2c:1e:1f:f7:6f:54:64:67:26:7f:0d:
                    ae:f4:5d:9d:9a:de:16:1f:5b:ac:54:a1:db:c6:b0:
                    95:22:c7:e8:e4:83:54:78:d8:84:57:61:db:45:e6:
                    0d:f5:41:a5:87:36:bc:e0:bb:56:2f:e2:5e:e8:ef:
                    40:2c:d3:f5:bb:22:ff:5b:8c:54:1e:e3:a2:a5:c8:
                    69:ea:a5:14:0f:5e:1d:89:61:0c:84:18:31:b2:bf:
                    f9:66:7a:59:8a:6b:ff:62:01:a5:d1:99:b9:a4:d4:
                    c7:e5:56:31:4a:9c:d3:49:75:ee:08:c0:9e:dd:40:
                    82:16:d2:8e:a9:1f:46:cb:0c:9a:a9:16:22:43:80:
                    59:6d:18:56:56:21:93:01:22:32:e4:e1:eb:44:c4:
                    9b:c7:76:20:fa:95:19:c4:8c:d2:0d:64:bc:c6:27:
                    2d:8d:03:28:13:3a:0b:79:32:d4:5d:04:3e:b1:79:
                    9e:87:79:6a:b2:38:20:63:e0:7e:82:f0:9a:cd:2a:
                    eb:3d:b2:26:cd:9b:44:93:21:3c:53:75:d0:f8:f9:
                    f0:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:63:48:F4:2A:5F:99:CA:A1:05:D1:E9:F2:E1:08:B0:11:56:20:6E
            X509v3 Authority Key Identifier:
                keyid:C6:16:97:16:D0:AE:64:06:87:03:14:0A:A3:73:0E:37:88:FD:D4:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhaXFtCuZAaHAxQKo3MON4j91MY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/400685-f48e-4ab9-8e3f-042446b70fb1/1/72NI9CpfmcqhBdHp8uEIsBFWIG4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/400685-f48e-4ab9-8e3f-042446b70fb1/1/xhaXFtCuZAaHAxQKo3MON4j91MY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.134.12.0/24
                  45.134.14.0/23
                  185.192.20.0/23
                  212.8.224.0-212.8.229.255
                IPv6:
                  2a07:500::/29
                  2a0e:7c40::/29

    Signature Algorithm: sha256WithRSAEncryption
         73:ae:23:70:2b:42:e0:27:b4:48:3b:b4:41:1a:4c:ea:2c:ad:
         2f:50:fc:d7:35:56:40:e5:c4:1b:60:72:58:f3:47:68:be:b3:
         f8:6d:6b:a1:b2:43:56:2b:a2:e4:f7:ec:73:a0:c8:53:73:78:
         d1:f1:06:6a:94:bd:da:4d:32:71:c1:55:54:5f:19:fe:48:2e:
         aa:d4:14:16:f1:61:30:e7:5a:68:ed:b7:e4:c6:e8:bd:41:74:
         da:8c:b6:ca:34:60:29:41:51:ac:b2:b9:9f:d9:93:e5:09:86:
         7f:eb:eb:dd:4a:fd:c7:50:e8:8a:fc:ae:6f:d8:ae:08:2d:83:
         3e:1d:dd:0e:8a:2e:a4:70:2f:c3:5f:14:c2:f9:9a:20:ba:d7:
         79:e8:80:e5:39:ba:03:60:7d:94:6c:aa:82:13:7c:c4:41:2a:
         cd:de:8c:6f:f6:bd:cb:25:ba:20:06:c1:e4:c9:43:ee:8f:b4:
         97:e1:98:2c:58:ce:b0:55:d0:8b:73:c0:64:3e:de:27:c8:29:
         c7:30:e0:b8:5c:b9:e7:af:e2:ca:4b:99:42:48:1f:54:68:df:
         05:fa:3e:62:49:b6:86:98:a4:22:7c:eb:3e:db:1e:84:2d:0c:
         7a:f2:51:11:6f:c7:f0:56:bb:f3:e2:50:0a:ff:98:06:d4:04:
         d7:9d:31:d6
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYbk/FWwcgcpYoPQawboZ8BWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTY5NzE2ZDBhZTY0MDY4NzAzMTQwYWEzNzMwZTM3ODhm
ZGQ0YzYwHhcNMjMwMzE1MTExNjI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjYzNDhmNDJhNWY5OWNhYTEwNWQxZTlmMmUxMDhiMDExNTYyMDZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnLGpc/oB8sh5AkJbnKg/9IArada9
anky0izLQwPAQ2Palh9dCAGgyB6VYizI78AoLB4f929UZGcmfw2u9F2dmt4WH1us
VKHbxrCVIsfo5INUeNiEV2HbReYN9UGlhza84LtWL+Je6O9ALNP1uyL/W4xUHuOi
pchp6qUUD14diWEMhBgxsr/5ZnpZimv/YgGl0Zm5pNTH5VYxSpzTSXXuCMCe3UCC
FtKOqR9GywyaqRYiQ4BZbRhWViGTASIy5OHrRMSbx3Yg+pUZxIzSDWS8xictjQMo
EzoLeTLUXQQ+sXmeh3lqsjggY+B+gvCazSrrPbImzZtEkyE8U3XQ+PnwhwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFO9jSPQqX5nKoQXR6fLhCLARViBuMB8GA1UdIwQY
MBaAFMYWlxbQrmQGhwMUCqNzDjeI/dTGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhhWEZ0Q3VaQWFIQXhRS28zTU9ONGo5MU1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC80MDA2ODUtZjQ4ZS00YWI5LThlM2Yt
MDQyNDQ2YjcwZmIxLzEvNzJOSTlDcGZtY3FoQmRIcDh1RUlzQkZXSUc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC80MDA2ODUtZjQ4ZS00YWI5LThlM2YtMDQyNDQ2YjcwZmIx
LzEveGhhWEZ0Q3VaQWFIQXhRS28zTU9ONGo5MU1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjAmBAIAATAgAwQALYYMAwQB
LYYOAwQBucAUMAwDBAXUCOADBAHUCOQwFAQCAAIwDgMFAyoHBQADBQMqDnxAMA0G
CSqGSIb3DQEBCwUAA4IBAQBzriNwK0LgJ7RIO7RBGkzqLK0vUPzXNVZA5cQbYHJY
80dovrP4bWuhskNWK6Lk9+xzoMhTc3jR8QZqlL3aTTJxwVVUXxn+SC6q1BQW8WEw
51po7bfkxui9QXTajLbKNGApQVGssrmf2ZPlCYZ/6+vdSv3HUOiK/K5v2K4ILYM+
Hd0Oii6kcC/DXxTC+Zogutd56IDlOboDYH2UbKqCE3zEQSrN3oxv9r3LJbogBsHk
yUPuj7SX4ZgsWM6wVdCLc8BkPt4nyCnHMOC4XLnnr+LKS5lCSB9UaN8F+j5iSbaG
mKQifOs+2x6ELQx68lERb8fwVrvz4lAK/5gG1ATXnTHW
-----END CERTIFICATE-----