Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/400685-f48e-4ab9-8e3f-042446b70fb1/1/KVx2PxWxZkVc45lf9eX7uO1EqaQ.roa
File:                     KVx2PxWxZkVc45lf9eX7uO1EqaQ.roa (raw, json)
Hash identifier:          sM7Qd+obIkHBXNe3WYlkRXFHnofWoVhXzddOpc7ApUI=
Subject key identifier:   29:5C:76:3F:15:B1:66:45:5C:E3:99:5F:F5:E5:FB:B8:ED:44:A9:A4
Certificate issuer:       /CN=c6169716d0ae64068703140aa3730e3788fdd4c6
Certificate serial:       01886C014E1403435F7CC2684C701C61868D
Authority key identifier: C6:16:97:16:D0:AE:64:06:87:03:14:0A:A3:73:0E:37:88:FD:D4:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhaXFtCuZAaHAxQKo3MON4j91MY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/400685-f48e-4ab9-8e3f-042446b70fb1/1/KVx2PxWxZkVc45lf9eX7uO1EqaQ.roa
Signing time:             Tue 30 May 2023 09:33:24 +0000
ROA not before:           Tue 30 May 2023 09:33:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     12679
IP address blocks:        45.134.12.0/24 maxlen: 24
                          212.8.224.0/22 maxlen: 22
                          212.8.228.0/24 maxlen: 24
                          2a07:505::/32 maxlen: 32
                          2a0e:7c41::/32 maxlen: 32
                          2a0e:7c45::/32 maxlen: 32
                          2a07:501::/32 maxlen: 32
                          2a0e:7c44::/32 maxlen: 32
                          2a07:504::/32 maxlen: 32
                          2a0e:7c42::/32 maxlen: 32
                          2a07:502::/32 maxlen: 32
                          2a0e:7c43::/32 maxlen: 32
                          2a07:507::/32 maxlen: 32
                          2a0e:7c47::/32 maxlen: 32
                          2a07:506::/32 maxlen: 32
                          2a0e:7c40::/32 maxlen: 32
                          2a07:500::/32 maxlen: 32
                          2a0e:7c46::/32 maxlen: 32
                          2a07:503::/32 maxlen: 32

Validation:               Failed, certificate revoked on Wed 05 Jul 2023 10:06:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:6c:01:4e:14:03:43:5f:7c:c2:68:4c:70:1c:61:86:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c6169716d0ae64068703140aa3730e3788fdd4c6
        Validity
            Not Before: May 30 09:33:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=295c763f15b166455ce3995ff5e5fbb8ed44a9a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:e4:f8:83:37:8b:f0:7a:4c:5c:e4:51:13:7f:
                    9b:2d:91:7b:61:77:9f:f3:69:70:32:3e:50:93:f2:
                    aa:30:51:4e:fc:87:c1:f4:3b:40:44:5a:50:f4:d6:
                    10:b1:7f:24:1f:45:ef:bc:aa:50:a0:fb:8d:ef:f2:
                    c3:ed:b5:e5:02:28:14:38:7f:2c:aa:cc:77:03:37:
                    be:e9:fb:c9:7e:ea:68:5b:d5:01:26:a1:bf:fe:67:
                    81:74:af:8f:5e:cc:1a:fa:35:e0:15:df:cf:62:a1:
                    b2:57:3d:55:8a:70:6c:22:3c:16:f8:65:db:67:ef:
                    3d:bb:03:51:87:cc:51:73:d1:8b:ef:24:a9:0d:f6:
                    18:c9:f3:39:59:c3:9e:ac:35:36:bd:fc:e3:9c:96:
                    72:7d:9b:73:51:8f:5d:07:bf:79:bf:ca:d5:6f:6c:
                    e4:f0:47:eb:c3:c3:b9:ce:b6:1e:1d:11:c2:cc:ad:
                    40:0e:39:1c:a5:9a:db:e5:28:98:e4:e1:aa:a6:1d:
                    bf:69:3d:35:cc:16:ec:c1:4c:49:5f:e3:19:3a:af:
                    78:84:67:fd:ad:3f:01:cd:e0:fd:75:52:1e:cf:6f:
                    f1:57:87:50:8b:ee:a6:fe:0c:2b:69:0b:21:0d:5c:
                    2c:fa:c0:f5:7c:44:61:1a:7a:b1:02:58:fc:d6:aa:
                    38:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:5C:76:3F:15:B1:66:45:5C:E3:99:5F:F5:E5:FB:B8:ED:44:A9:A4
            X509v3 Authority Key Identifier:
                keyid:C6:16:97:16:D0:AE:64:06:87:03:14:0A:A3:73:0E:37:88:FD:D4:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhaXFtCuZAaHAxQKo3MON4j91MY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/400685-f48e-4ab9-8e3f-042446b70fb1/1/KVx2PxWxZkVc45lf9eX7uO1EqaQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/400685-f48e-4ab9-8e3f-042446b70fb1/1/xhaXFtCuZAaHAxQKo3MON4j91MY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.134.12.0/24
                  212.8.224.0-212.8.228.255
                IPv6:
                  2a07:500::/29
                  2a0e:7c40::/29

    Signature Algorithm: sha256WithRSAEncryption
         1d:82:96:2b:25:12:f8:08:d7:26:7f:24:a0:ce:d9:e2:3e:35:
         83:4f:0f:d7:b0:1d:27:7a:32:93:8f:3c:01:67:0b:31:3e:5d:
         52:f8:2a:85:57:97:de:f5:f0:4e:39:9c:86:b8:39:86:68:b3:
         69:81:4f:2c:97:72:36:96:10:4c:13:1b:ad:bd:3a:ef:fb:8c:
         2d:ac:c2:a2:4d:ed:5f:bb:49:00:72:56:dc:69:f8:fb:03:77:
         ff:0b:f7:70:f6:37:a2:6b:a3:9b:0d:4f:fe:2e:d2:8a:7e:c6:
         d7:3d:86:35:29:98:09:00:08:4f:54:4e:80:5f:ce:dc:53:ac:
         b0:ee:56:9f:ae:6a:7f:bd:13:3a:bd:b6:e2:c6:48:f8:da:0f:
         7e:32:25:78:2e:ee:5a:a6:83:e0:82:42:1d:ec:2c:9e:a9:e6:
         73:26:e6:bf:31:d5:0d:7b:86:7f:54:e3:aa:8a:68:90:ce:63:
         56:a0:be:64:11:7a:4a:15:74:79:29:a6:81:fa:d7:7e:75:17:
         04:11:ad:c6:f2:f8:da:bf:08:eb:99:7c:ec:1f:a2:cc:9e:fc:
         bf:02:c6:9f:b5:7e:8e:2c:8d:b5:d7:c9:f0:d5:96:e2:3e:b9:
         9c:84:92:dc:5e:2e:d2:a1:2b:19:de:d1:bd:37:a0:ba:25:e2:
         34:8d:c6:92
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYhsAU4UA0NffMJoTHAcYYaNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTY5NzE2ZDBhZTY0MDY4NzAzMTQwYWEzNzMwZTM3ODhm
ZGQ0YzYwHhcNMjMwNTMwMDkzMzI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTVjNzYzZjE1YjE2NjQ1NWNlMzk5NWZmNWU1ZmJiOGVkNDRhOWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi+T4gzeL8HpMXORRE3+bLZF7YXef
82lwMj5Qk/KqMFFO/IfB9DtARFpQ9NYQsX8kH0XvvKpQoPuN7/LD7bXlAigUOH8s
qsx3Aze+6fvJfupoW9UBJqG//meBdK+PXswa+jXgFd/PYqGyVz1VinBsIjwW+GXb
Z+89uwNRh8xRc9GL7ySpDfYYyfM5WcOerDU2vfzjnJZyfZtzUY9dB795v8rVb2zk
8Efrw8O5zrYeHRHCzK1ADjkcpZrb5SiY5OGqph2/aT01zBbswUxJX+MZOq94hGf9
rT8BzeD9dVIez2/xV4dQi+6m/gwraQshDVws+sD1fERhGnqxAlj81qo4IQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFClcdj8VsWZFXOOZX/Xl+7jtRKmkMB8GA1UdIwQY
MBaAFMYWlxbQrmQGhwMUCqNzDjeI/dTGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhhWEZ0Q3VaQWFIQXhRS28zTU9ONGo5MU1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC80MDA2ODUtZjQ4ZS00YWI5LThlM2Yt
MDQyNDQ2YjcwZmIxLzEvS1Z4MlB4V3haa1ZjNDVsZjllWDd1TzFFcWFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC80MDA2ODUtZjQ4ZS00YWI5LThlM2YtMDQyNDQ2YjcwZmIx
LzEveGhhWEZ0Q3VaQWFIQXhRS28zTU9ONGo5MU1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAaBAIAATAUAwQALYYMMAwD
BAXUCOADBADUCOQwFAQCAAIwDgMFAyoHBQADBQMqDnxAMA0GCSqGSIb3DQEBCwUA
A4IBAQAdgpYrJRL4CNcmfySgztniPjWDTw/XsB0nejKTjzwBZwsxPl1S+CqFV5fe
9fBOOZyGuDmGaLNpgU8sl3I2lhBMExutvTrv+4wtrMKiTe1fu0kAclbcafj7A3f/
C/dw9jeia6ObDU/+LtKKfsbXPYY1KZgJAAhPVE6AX87cU6yw7lafrmp/vRM6vbbi
xkj42g9+MiV4Lu5apoPggkId7CyeqeZzJua/MdUNe4Z/VOOqimiQzmNWoL5kEXpK
FXR5KaaB+td+dRcEEa3G8vjavwjrmXzsH6LMnvy/AsaftX6OLI2118nw1ZbiPrmc
hJLcXi7SoSsZ3tG9N6C6JeI0jcaS
-----END CERTIFICATE-----