Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/400685-f48e-4ab9-8e3f-042446b70fb1/1/VUIM9RqyJukb7q9bbvpkZdzNs94.roa
File:                     VUIM9RqyJukb7q9bbvpkZdzNs94.roa (raw, json)
Hash identifier:          v8xJkZKu65NDHEEKW8isTzvFs17dlPu8aFRcLgu2EDY=
Subject key identifier:   55:42:0C:F5:1A:B2:26:E9:1B:EE:AF:5B:6E:FA:64:65:DC:CD:B3:DE
Certificate issuer:       /CN=c6169716d0ae64068703140aa3730e3788fdd4c6
Certificate serial:       018C1564DFEBB4625444F8BA26FD81470E8C
Authority key identifier: C6:16:97:16:D0:AE:64:06:87:03:14:0A:A3:73:0E:37:88:FD:D4:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhaXFtCuZAaHAxQKo3MON4j91MY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/400685-f48e-4ab9-8e3f-042446b70fb1/1/VUIM9RqyJukb7q9bbvpkZdzNs94.roa
Signing time:             Tue 28 Nov 2023 10:06:21 +0000
ROA not before:           Tue 28 Nov 2023 10:06:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     12679
IP address blocks:        185.192.21.0/24 maxlen: 24
                          45.134.13.0/24 maxlen: 24
                          212.8.224.0/22 maxlen: 22
                          212.8.228.0/24 maxlen: 24
                          2a07:505::/32 maxlen: 32
                          2a0e:7c41::/32 maxlen: 32
                          2a0e:7c45::/32 maxlen: 32
                          2a07:501::/32 maxlen: 32
                          2a0e:7c44::/32 maxlen: 32
                          2a07:504::/32 maxlen: 32
                          2a0e:7c42::/32 maxlen: 32
                          2a07:502::/32 maxlen: 32
                          2a0e:7c43::/32 maxlen: 32
                          2a07:507::/32 maxlen: 32
                          2a0e:7c47::/32 maxlen: 32
                          2a07:506::/32 maxlen: 32
                          2a0e:7c40::/32 maxlen: 32
                          2a07:500::/32 maxlen: 32
                          2a0e:7c46::/32 maxlen: 32
                          2a07:503::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 00:31:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:15:64:df:eb:b4:62:54:44:f8:ba:26:fd:81:47:0e:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c6169716d0ae64068703140aa3730e3788fdd4c6
        Validity
            Not Before: Nov 28 10:06:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=55420cf51ab226e91beeaf5b6efa6465dccdb3de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:88:78:75:b8:03:74:fc:a6:d3:12:46:d5:73:
                    22:0e:ed:5c:b0:bc:81:44:e7:36:fb:f7:9a:13:91:
                    55:1f:4d:ec:e1:b8:a0:77:4b:ec:2c:88:43:20:df:
                    d7:ef:99:c5:ca:f5:59:80:57:fa:ff:15:a9:e9:f4:
                    cc:5a:9a:ce:82:ff:fb:01:6a:76:ee:1c:d8:75:bc:
                    50:df:de:12:64:49:a7:ee:a2:9e:b8:de:5c:e6:48:
                    a0:20:58:b2:92:2d:67:a9:25:eb:e3:01:dc:5e:68:
                    1e:91:d1:db:b5:71:01:22:76:a0:6f:31:38:e5:18:
                    b0:34:eb:16:92:78:1f:5c:d3:c3:ca:68:e8:c0:de:
                    bb:4f:39:fb:13:7f:51:60:8d:4d:c5:08:50:2e:c7:
                    0f:ce:c4:b0:b9:17:d9:a3:aa:e1:1e:db:c0:4e:ea:
                    63:d9:a0:74:38:c9:8c:a2:61:cc:36:10:67:2f:e9:
                    c3:d8:eb:2b:22:bd:d4:df:c3:4f:4a:0c:0b:df:2b:
                    13:db:72:80:bd:0e:7d:cc:b9:77:9c:03:50:eb:62:
                    ae:30:bd:f2:79:ab:9b:a8:5a:af:07:06:e7:17:f0:
                    f4:7a:e7:ca:81:82:4f:d6:e1:a2:e9:41:d0:a2:b2:
                    27:ee:c3:9e:47:33:50:a4:02:1e:e6:98:03:27:83:
                    ba:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:42:0C:F5:1A:B2:26:E9:1B:EE:AF:5B:6E:FA:64:65:DC:CD:B3:DE
            X509v3 Authority Key Identifier:
                keyid:C6:16:97:16:D0:AE:64:06:87:03:14:0A:A3:73:0E:37:88:FD:D4:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhaXFtCuZAaHAxQKo3MON4j91MY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/400685-f48e-4ab9-8e3f-042446b70fb1/1/VUIM9RqyJukb7q9bbvpkZdzNs94.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/400685-f48e-4ab9-8e3f-042446b70fb1/1/xhaXFtCuZAaHAxQKo3MON4j91MY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.134.13.0/24
                  185.192.21.0/24
                  212.8.224.0-212.8.228.255
                IPv6:
                  2a07:500::/29
                  2a0e:7c40::/29

    Signature Algorithm: sha256WithRSAEncryption
         34:ac:79:1b:6a:71:9f:63:dc:50:fc:5c:3f:2f:5f:40:84:ca:
         53:05:e3:db:1e:f2:2d:dd:6b:59:42:35:3d:fe:b3:b1:ca:35:
         52:d6:7b:3e:37:be:a6:24:26:11:ff:8e:8e:f1:3d:af:46:f0:
         66:6a:94:6c:de:8b:5c:c5:79:92:ae:f2:ee:9f:69:8a:02:3b:
         8b:fa:2a:67:05:ec:7c:cd:0d:92:97:a5:fc:66:cf:c9:42:f1:
         a4:6d:a4:50:43:95:a0:39:4d:0f:b9:b6:3e:a4:e1:25:fc:d4:
         a2:5f:27:2b:7e:7a:e9:21:78:b2:f9:b6:9d:62:68:ba:be:f1:
         ec:a3:ad:02:d5:74:91:74:6a:fc:6c:7d:76:15:4e:e9:27:2f:
         22:df:51:46:49:b8:71:19:87:02:87:4a:3b:cf:6b:f3:8e:37:
         21:70:ff:4d:d3:aa:7e:07:e4:53:bd:dd:61:c1:60:11:c4:4f:
         1c:77:0a:97:6e:46:4e:63:38:b8:2a:21:1a:9e:b5:ba:a1:65:
         77:a4:0e:39:a3:55:e9:cf:e1:9f:a2:30:54:ed:ff:d2:5b:83:
         fb:21:ff:8a:7a:08:ac:6a:54:54:c1:aa:55:68:28:c2:f3:af:
         19:64:73:9a:bd:72:95:0e:8b:d3:30:20:48:d8:2e:c2:7d:3b:
         f4:04:8a:97
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYwVZN/rtGJURPi6Jv2BRw6MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTY5NzE2ZDBhZTY0MDY4NzAzMTQwYWEzNzMwZTM3ODhm
ZGQ0YzYwHhcNMjMxMTI4MTAwNjIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTQyMGNmNTFhYjIyNmU5MWJlZWFmNWI2ZWZhNjQ2NWRjY2RiM2RlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Ih4dbgDdPym0xJG1XMiDu1csLyB
ROc2+/eaE5FVH03s4bigd0vsLIhDIN/X75nFyvVZgFf6/xWp6fTMWprOgv/7AWp2
7hzYdbxQ394SZEmn7qKeuN5c5kigIFiyki1nqSXr4wHcXmgekdHbtXEBInagbzE4
5RiwNOsWkngfXNPDymjowN67Tzn7E39RYI1NxQhQLscPzsSwuRfZo6rhHtvATupj
2aB0OMmMomHMNhBnL+nD2OsrIr3U38NPSgwL3ysT23KAvQ59zLl3nANQ62KuML3y
eaubqFqvBwbnF/D0eufKgYJP1uGi6UHQorIn7sOeRzNQpAIe5pgDJ4O6kwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFFVCDPUasibpG+6vW276ZGXczbPeMB8GA1UdIwQY
MBaAFMYWlxbQrmQGhwMUCqNzDjeI/dTGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhhWEZ0Q3VaQWFIQXhRS28zTU9ONGo5MU1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC80MDA2ODUtZjQ4ZS00YWI5LThlM2Yt
MDQyNDQ2YjcwZmIxLzEvVlVJTTlScXlKdWtiN3E5YmJ2cGtaZHpOczk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC80MDA2ODUtZjQ4ZS00YWI5LThlM2YtMDQyNDQ2YjcwZmIx
LzEveGhhWEZ0Q3VaQWFIQXhRS28zTU9ONGo5MU1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODAgBAIAATAaAwQALYYNAwQA
ucAVMAwDBAXUCOADBADUCOQwFAQCAAIwDgMFAyoHBQADBQMqDnxAMA0GCSqGSIb3
DQEBCwUAA4IBAQA0rHkbanGfY9xQ/Fw/L19AhMpTBePbHvIt3WtZQjU9/rOxyjVS
1ns+N76mJCYR/46O8T2vRvBmapRs3otcxXmSrvLun2mKAjuL+ipnBex8zQ2Sl6X8
Zs/JQvGkbaRQQ5WgOU0PubY+pOEl/NSiXycrfnrpIXiy+badYmi6vvHso60C1XSR
dGr8bH12FU7pJy8i31FGSbhxGYcCh0o7z2vzjjchcP9N06p+B+RTvd1hwWARxE8c
dwqXbkZOYzi4KiEanrW6oWV3pA45o1Xpz+GfojBU7f/SW4P7If+KegisalRUwapV
aCjC868ZZHOavXKVDovTMCBI2C7CfTv0BIqX
-----END CERTIFICATE-----