Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/400685-f48e-4ab9-8e3f-042446b70fb1/1/SlfOzYi1pwDiVkANsHY-wDyNDZo.roa
File:                     SlfOzYi1pwDiVkANsHY-wDyNDZo.roa (raw, json)
Hash identifier:          hlIxBVW9DlTk8J4cEKMqpinzaGAOFal5lWmT8NBdXso=
Subject key identifier:   4A:57:CE:CD:88:B5:A7:00:E2:56:40:0D:B0:76:3E:C0:3C:8D:0D:9A
Certificate issuer:       /CN=c6169716d0ae64068703140aa3730e3788fdd4c6
Certificate serial:       018CC794C87AE518D284C7C112C2C1BF0A5F
Authority key identifier: C6:16:97:16:D0:AE:64:06:87:03:14:0A:A3:73:0E:37:88:FD:D4:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhaXFtCuZAaHAxQKo3MON4j91MY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/400685-f48e-4ab9-8e3f-042446b70fb1/1/SlfOzYi1pwDiVkANsHY-wDyNDZo.roa
Signing time:             Tue 02 Jan 2024 00:31:05 +0000
ROA not before:           Tue 02 Jan 2024 00:31:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12679
IP address blocks:        185.192.21.0/24 maxlen: 24
                          45.134.13.0/24 maxlen: 24
                          212.8.224.0/22 maxlen: 22
                          212.8.228.0/24 maxlen: 24
                          2a07:505::/32 maxlen: 32
                          2a0e:7c41::/32 maxlen: 32
                          2a0e:7c45::/32 maxlen: 32
                          2a07:501::/32 maxlen: 32
                          2a0e:7c44::/32 maxlen: 32
                          2a07:504::/32 maxlen: 32
                          2a0e:7c42::/32 maxlen: 32
                          2a07:502::/32 maxlen: 32
                          2a0e:7c43::/32 maxlen: 32
                          2a07:507::/32 maxlen: 32
                          2a0e:7c47::/32 maxlen: 32
                          2a07:506::/32 maxlen: 32
                          2a0e:7c40::/32 maxlen: 32
                          2a07:500::/32 maxlen: 32
                          2a0e:7c46::/32 maxlen: 32
                          2a07:503::/32 maxlen: 32

Validation:               Failed, certificate revoked on Wed 24 Jan 2024 09:43:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:c8:7a:e5:18:d2:84:c7:c1:12:c2:c1:bf:0a:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c6169716d0ae64068703140aa3730e3788fdd4c6
        Validity
            Not Before: Jan  2 00:31:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4a57cecd88b5a700e256400db0763ec03c8d0d9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:0a:bf:8a:08:81:1f:4e:2b:c7:c9:b1:ee:36:
                    a2:8c:27:5e:fe:9e:c6:bb:32:e3:b1:8a:05:cf:f3:
                    63:95:41:fa:a1:25:0d:60:15:4d:7f:d0:25:4b:fc:
                    65:4d:b6:28:b2:00:ed:f1:48:38:04:a9:41:71:36:
                    ac:1c:de:f1:7a:ce:85:78:35:41:e6:cb:e1:b7:4c:
                    da:41:7c:17:da:b3:07:5d:6b:9a:bc:ed:94:5a:48:
                    76:b0:42:4c:be:97:8d:64:18:7a:8c:0d:70:43:7c:
                    f4:a6:59:d6:dd:b4:32:86:91:7c:11:6a:f0:a3:02:
                    40:50:1c:a7:a2:d5:70:c6:7b:a4:e9:cc:06:ae:31:
                    c7:9d:c4:ce:ff:03:23:7b:71:e5:0f:7e:38:22:47:
                    3e:cc:04:22:b7:ec:59:6c:b0:b4:aa:a4:b3:ab:9f:
                    25:6d:73:c7:a3:86:a1:65:be:fc:b8:b7:47:0b:b0:
                    78:8e:3c:f2:02:46:7b:51:98:07:fd:48:a3:10:b4:
                    8e:9e:f4:36:3c:d2:d1:29:73:98:52:a2:7a:e9:c6:
                    76:f1:82:ca:a7:e3:0a:86:eb:b3:b2:91:9d:49:70:
                    87:87:23:b0:83:f0:19:f5:76:c6:d6:4b:c7:27:27:
                    80:b2:e5:26:76:5d:39:c8:70:22:f3:b9:87:e5:3a:
                    43:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:57:CE:CD:88:B5:A7:00:E2:56:40:0D:B0:76:3E:C0:3C:8D:0D:9A
            X509v3 Authority Key Identifier:
                keyid:C6:16:97:16:D0:AE:64:06:87:03:14:0A:A3:73:0E:37:88:FD:D4:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhaXFtCuZAaHAxQKo3MON4j91MY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/400685-f48e-4ab9-8e3f-042446b70fb1/1/SlfOzYi1pwDiVkANsHY-wDyNDZo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/400685-f48e-4ab9-8e3f-042446b70fb1/1/xhaXFtCuZAaHAxQKo3MON4j91MY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.134.13.0/24
                  185.192.21.0/24
                  212.8.224.0-212.8.228.255
                IPv6:
                  2a07:500::/29
                  2a0e:7c40::/29

    Signature Algorithm: sha256WithRSAEncryption
         2a:7d:ea:38:cc:44:34:3f:3e:f0:83:1d:27:06:1d:08:60:79:
         b0:bb:db:e3:e3:f2:e2:e1:f1:17:84:8b:b3:55:dc:6d:0a:07:
         be:c0:0e:7b:bb:50:8f:76:8a:63:a0:46:fd:ab:78:85:7f:4c:
         0c:ba:e4:f0:d0:a4:27:02:9f:15:fc:aa:26:cc:74:b0:dc:45:
         44:f0:7a:c7:df:21:ea:4e:e7:57:87:cb:7f:fd:56:e7:89:f3:
         f9:57:16:da:7e:f7:0e:d8:e6:86:f5:ff:b0:8e:d0:98:fb:ed:
         57:a3:47:3b:f2:34:c8:1a:02:f6:a2:fa:58:f4:10:a7:91:31:
         44:6f:50:4f:be:1a:58:58:6a:fb:2b:d2:47:70:05:ce:c1:59:
         c9:8b:71:f1:14:09:48:ec:50:d8:44:07:2a:ff:d2:3a:83:1b:
         1d:8e:f0:cc:bd:4b:d1:17:66:a3:f6:6d:19:79:f2:06:08:33:
         6e:ba:e4:b0:c7:37:06:e4:10:26:f0:90:c6:70:26:22:14:65:
         19:c9:3e:c4:f6:25:68:f9:39:fc:7f:26:2a:fd:55:ce:05:0b:
         cc:33:12:74:c9:63:a0:15:56:1a:66:17:31:67:52:11:f2:4e:
         c3:0a:ee:99:29:2d:c1:c9:18:d9:9b:9f:55:74:37:38:40:6a:
         cd:ee:ed:1e
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYzHlMh65RjShMfBEsLBvwpfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTY5NzE2ZDBhZTY0MDY4NzAzMTQwYWEzNzMwZTM3ODhm
ZGQ0YzYwHhcNMjQwMTAyMDAzMTA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTU3Y2VjZDg4YjVhNzAwZTI1NjQwMGRiMDc2M2VjMDNjOGQwZDlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlwq/igiBH04rx8mx7jaijCde/p7G
uzLjsYoFz/NjlUH6oSUNYBVNf9AlS/xlTbYosgDt8Ug4BKlBcTasHN7xes6FeDVB
5svht0zaQXwX2rMHXWuavO2UWkh2sEJMvpeNZBh6jA1wQ3z0plnW3bQyhpF8EWrw
owJAUBynotVwxnuk6cwGrjHHncTO/wMje3HlD344Ikc+zAQit+xZbLC0qqSzq58l
bXPHo4ahZb78uLdHC7B4jjzyAkZ7UZgH/UijELSOnvQ2PNLRKXOYUqJ66cZ28YLK
p+MKhuuzspGdSXCHhyOwg/AZ9XbG1kvHJyeAsuUmdl05yHAi87mH5TpDtQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFEpXzs2ItacA4lZADbB2PsA8jQ2aMB8GA1UdIwQY
MBaAFMYWlxbQrmQGhwMUCqNzDjeI/dTGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhhWEZ0Q3VaQWFIQXhRS28zTU9ONGo5MU1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC80MDA2ODUtZjQ4ZS00YWI5LThlM2Yt
MDQyNDQ2YjcwZmIxLzEvU2xmT3pZaTFwd0RpVmtBTnNIWS13RHlORFpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC80MDA2ODUtZjQ4ZS00YWI5LThlM2YtMDQyNDQ2YjcwZmIx
LzEveGhhWEZ0Q3VaQWFIQXhRS28zTU9ONGo5MU1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODAgBAIAATAaAwQALYYNAwQA
ucAVMAwDBAXUCOADBADUCOQwFAQCAAIwDgMFAyoHBQADBQMqDnxAMA0GCSqGSIb3
DQEBCwUAA4IBAQAqfeo4zEQ0Pz7wgx0nBh0IYHmwu9vj4/Li4fEXhIuzVdxtCge+
wA57u1CPdopjoEb9q3iFf0wMuuTw0KQnAp8V/KomzHSw3EVE8HrH3yHqTudXh8t/
/VbnifP5VxbafvcO2OaG9f+wjtCY++1Xo0c78jTIGgL2ovpY9BCnkTFEb1BPvhpY
WGr7K9JHcAXOwVnJi3HxFAlI7FDYRAcq/9I6gxsdjvDMvUvRF2aj9m0ZefIGCDNu
uuSwxzcG5BAm8JDGcCYiFGUZyT7E9iVo+Tn8fyYq/VXOBQvMMxJ0yWOgFVYaZhcx
Z1IR8k7DCu6ZKS3ByRjZm59VdDc4QGrN7u0e
-----END CERTIFICATE-----