Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/400685-f48e-4ab9-8e3f-042446b70fb1/1/lP6-ylmG5OXWXXflbuiN1auEKoY.roa
File:                     lP6-ylmG5OXWXXflbuiN1auEKoY.roa (raw, json)
Hash identifier:          peCkuTSBFAQmc/W9350FjYlsYgvRUibHrEsmiW3VG/I=
Subject key identifier:   94:FE:BE:CA:59:86:E4:E5:D6:5D:77:E5:6E:E8:8D:D5:AB:84:2A:86
Certificate issuer:       /CN=c6169716d0ae64068703140aa3730e3788fdd4c6
Certificate serial:       018925843DA9160C3DD98FE841854BC91F41
Authority key identifier: C6:16:97:16:D0:AE:64:06:87:03:14:0A:A3:73:0E:37:88:FD:D4:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhaXFtCuZAaHAxQKo3MON4j91MY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/400685-f48e-4ab9-8e3f-042446b70fb1/1/lP6-ylmG5OXWXXflbuiN1auEKoY.roa
Signing time:             Wed 05 Jul 2023 10:06:10 +0000
ROA not before:           Wed 05 Jul 2023 10:06:10 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     12679
IP address blocks:        45.134.13.0/24 maxlen: 24
                          45.134.12.0/24 maxlen: 24
                          212.8.224.0/22 maxlen: 22
                          212.8.228.0/24 maxlen: 24
                          2a07:505::/32 maxlen: 32
                          2a0e:7c41::/32 maxlen: 32
                          2a0e:7c45::/32 maxlen: 32
                          2a07:501::/32 maxlen: 32
                          2a0e:7c44::/32 maxlen: 32
                          2a07:504::/32 maxlen: 32
                          2a0e:7c42::/32 maxlen: 32
                          2a07:502::/32 maxlen: 32
                          2a0e:7c43::/32 maxlen: 32
                          2a07:507::/32 maxlen: 32
                          2a0e:7c47::/32 maxlen: 32
                          2a07:506::/32 maxlen: 32
                          2a0e:7c40::/32 maxlen: 32
                          2a07:500::/32 maxlen: 32
                          2a0e:7c46::/32 maxlen: 32
                          2a07:503::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 10 Jul 2023 11:33:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:25:84:3d:a9:16:0c:3d:d9:8f:e8:41:85:4b:c9:1f:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c6169716d0ae64068703140aa3730e3788fdd4c6
        Validity
            Not Before: Jul  5 10:06:10 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=94febeca5986e4e5d65d77e56ee88dd5ab842a86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:b2:f0:5b:0f:b2:85:fd:12:92:8b:d7:9f:83:
                    7a:3f:74:61:cf:49:3d:b1:cc:58:96:f7:6b:e9:1b:
                    2c:fa:80:05:f8:1e:00:0e:9c:a4:01:dc:f8:e0:c7:
                    9f:61:49:c7:e1:35:c2:2f:34:d7:b1:ec:cd:55:9a:
                    a9:88:3f:42:44:83:de:d6:2e:c0:6e:da:f2:79:27:
                    88:39:b9:2b:a7:9b:75:a1:f1:40:3f:e1:5d:f7:9b:
                    80:22:9d:76:82:b5:06:3f:dc:6a:fb:9d:99:a3:35:
                    f5:f0:5c:4c:ed:d4:09:04:d3:96:96:0e:31:61:f9:
                    e5:4e:c8:f1:85:a0:b1:fd:64:8d:26:48:7e:63:d8:
                    b2:92:90:50:79:74:b8:29:e8:8a:8c:b4:0a:f9:a9:
                    08:83:1f:a3:0c:13:1e:62:b0:c0:1d:0b:32:86:48:
                    2c:5a:db:b6:df:36:9d:9c:e8:ba:c4:e5:59:2e:37:
                    e4:dd:c2:e7:70:82:6b:71:47:ec:ea:17:fa:91:c8:
                    6f:22:06:a7:34:b9:71:f2:1e:67:14:e2:7c:2b:90:
                    3e:b7:50:e5:fa:45:83:77:05:c2:54:6a:ad:3a:c2:
                    00:f3:63:f0:fa:1e:ad:74:24:b3:a2:1d:59:02:c6:
                    be:f9:93:1b:ca:1e:23:b5:2b:1b:44:0a:dc:63:f5:
                    c4:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:FE:BE:CA:59:86:E4:E5:D6:5D:77:E5:6E:E8:8D:D5:AB:84:2A:86
            X509v3 Authority Key Identifier:
                keyid:C6:16:97:16:D0:AE:64:06:87:03:14:0A:A3:73:0E:37:88:FD:D4:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhaXFtCuZAaHAxQKo3MON4j91MY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/400685-f48e-4ab9-8e3f-042446b70fb1/1/lP6-ylmG5OXWXXflbuiN1auEKoY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/400685-f48e-4ab9-8e3f-042446b70fb1/1/xhaXFtCuZAaHAxQKo3MON4j91MY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.134.12.0/23
                  212.8.224.0-212.8.228.255
                IPv6:
                  2a07:500::/29
                  2a0e:7c40::/29

    Signature Algorithm: sha256WithRSAEncryption
         58:36:13:dc:51:a3:6f:b8:d0:cb:7b:5b:a9:c9:ef:6f:ab:9f:
         c1:16:a1:19:2f:a1:bf:94:09:8b:79:c9:f1:24:0c:8d:50:0a:
         93:b9:a5:50:de:3a:6a:c7:a7:05:65:ea:dd:f6:e1:9b:c3:77:
         7f:00:23:da:2e:d3:f2:51:cc:2b:48:79:99:db:d2:0c:f7:27:
         42:55:83:3d:e3:03:f4:8f:ca:f9:85:62:b8:fd:a4:56:d2:7b:
         54:54:a6:b5:2b:37:f7:50:4f:0e:ea:84:f5:99:1b:18:6e:4b:
         d7:c5:5f:59:00:71:49:3a:1e:70:01:11:cd:2e:c1:0a:bb:a7:
         bf:a6:5a:b0:89:72:cf:74:cc:32:99:df:1c:f3:35:d3:48:33:
         27:65:9e:df:32:3f:76:be:38:15:97:cb:5c:31:dc:34:69:83:
         ee:d4:9a:35:7c:fc:cb:0f:f3:ca:b1:bd:e2:db:a6:3d:d5:b2:
         de:ea:75:19:6f:14:7d:0c:15:d5:84:6b:a5:1e:68:e6:e0:f4:
         12:1b:06:1d:ed:80:9c:34:84:89:2b:f2:9e:52:80:34:43:e7:
         9b:26:d6:ac:0e:ed:5d:90:16:4d:cd:78:86:86:d0:2a:45:69:
         da:9b:a1:62:95:6d:ea:9d:6e:25:62:09:6a:6e:0b:94:eb:89:
         bc:7e:11:47
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYklhD2pFgw92Y/oQYVLyR9BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTY5NzE2ZDBhZTY0MDY4NzAzMTQwYWEzNzMwZTM3ODhm
ZGQ0YzYwHhcNMjMwNzA1MTAwNjEwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGZlYmVjYTU5ODZlNGU1ZDY1ZDc3ZTU2ZWU4OGRkNWFiODQyYTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoLLwWw+yhf0SkovXn4N6P3Rhz0k9
scxYlvdr6Rss+oAF+B4ADpykAdz44MefYUnH4TXCLzTXsezNVZqpiD9CRIPe1i7A
btryeSeIObkrp5t1ofFAP+Fd95uAIp12grUGP9xq+52ZozX18FxM7dQJBNOWlg4x
YfnlTsjxhaCx/WSNJkh+Y9iykpBQeXS4KeiKjLQK+akIgx+jDBMeYrDAHQsyhkgs
Wtu23zadnOi6xOVZLjfk3cLncIJrcUfs6hf6kchvIganNLlx8h5nFOJ8K5A+t1Dl
+kWDdwXCVGqtOsIA82Pw+h6tdCSzoh1ZAsa++ZMbyh4jtSsbRArcY/XEZQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFJT+vspZhuTl1l135W7ojdWrhCqGMB8GA1UdIwQY
MBaAFMYWlxbQrmQGhwMUCqNzDjeI/dTGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhhWEZ0Q3VaQWFIQXhRS28zTU9ONGo5MU1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC80MDA2ODUtZjQ4ZS00YWI5LThlM2Yt
MDQyNDQ2YjcwZmIxLzEvbFA2LXlsbUc1T1hXWFhmbGJ1aU4xYXVFS29ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC80MDA2ODUtZjQ4ZS00YWI5LThlM2YtMDQyNDQ2YjcwZmIx
LzEveGhhWEZ0Q3VaQWFIQXhRS28zTU9ONGo5MU1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAaBAIAATAUAwQBLYYMMAwD
BAXUCOADBADUCOQwFAQCAAIwDgMFAyoHBQADBQMqDnxAMA0GCSqGSIb3DQEBCwUA
A4IBAQBYNhPcUaNvuNDLe1upye9vq5/BFqEZL6G/lAmLecnxJAyNUAqTuaVQ3jpq
x6cFZerd9uGbw3d/ACPaLtPyUcwrSHmZ29IM9ydCVYM94wP0j8r5hWK4/aRW0ntU
VKa1Kzf3UE8O6oT1mRsYbkvXxV9ZAHFJOh5wARHNLsEKu6e/plqwiXLPdMwymd8c
8zXTSDMnZZ7fMj92vjgVl8tcMdw0aYPu1Jo1fPzLD/PKsb3i26Y91bLe6nUZbxR9
DBXVhGulHmjm4PQSGwYd7YCcNISJK/KeUoA0Q+ebJtasDu1dkBZNzXiGhtAqRWna
m6FilW3qnW4lYglqbguU64m8fhFH
-----END CERTIFICATE-----