Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/400685-f48e-4ab9-8e3f-042446b70fb1/1/xA7EO-i7231_f0oC14mcGRe5t2g.roa
File:                     xA7EO-i7231_f0oC14mcGRe5t2g.roa (raw, json)
Hash identifier:          mp55YAiWunKVRhHxyaGxu2+64DhhIPvU4ZdkmqzX0t0=
Subject key identifier:   C4:0E:C4:3B:E8:BB:DB:7D:7F:7F:4A:02:D7:89:9C:19:17:B9:B7:68
Certificate issuer:       /CN=c6169716d0ae64068703140aa3730e3788fdd4c6
Certificate serial:       018AF506B419F4681A92790E2D60FC8C66FD
Authority key identifier: C6:16:97:16:D0:AE:64:06:87:03:14:0A:A3:73:0E:37:88:FD:D4:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhaXFtCuZAaHAxQKo3MON4j91MY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/400685-f48e-4ab9-8e3f-042446b70fb1/1/xA7EO-i7231_f0oC14mcGRe5t2g.roa
Signing time:             Tue 03 Oct 2023 10:12:51 +0000
ROA not before:           Tue 03 Oct 2023 10:12:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     12679
IP address blocks:        185.192.21.0/24 maxlen: 24
                          185.192.20.0/24 maxlen: 24
                          45.134.13.0/24 maxlen: 24
                          212.8.224.0/22 maxlen: 22
                          212.8.228.0/24 maxlen: 24
                          2a07:505::/32 maxlen: 32
                          2a0e:7c41::/32 maxlen: 32
                          2a0e:7c45::/32 maxlen: 32
                          2a07:501::/32 maxlen: 32
                          2a0e:7c44::/32 maxlen: 32
                          2a07:504::/32 maxlen: 32
                          2a0e:7c42::/32 maxlen: 32
                          2a07:502::/32 maxlen: 32
                          2a0e:7c43::/32 maxlen: 32
                          2a07:507::/32 maxlen: 32
                          2a0e:7c47::/32 maxlen: 32
                          2a07:506::/32 maxlen: 32
                          2a0e:7c40::/32 maxlen: 32
                          2a07:500::/32 maxlen: 32
                          2a0e:7c46::/32 maxlen: 32
                          2a07:503::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 28 Nov 2023 10:06:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:f5:06:b4:19:f4:68:1a:92:79:0e:2d:60:fc:8c:66:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c6169716d0ae64068703140aa3730e3788fdd4c6
        Validity
            Not Before: Oct  3 10:12:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c40ec43be8bbdb7d7f7f4a02d7899c1917b9b768
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:4d:cc:c8:00:b1:61:f7:37:fd:67:11:36:ce:
                    3f:ae:c0:e3:1c:f0:cb:24:5c:06:2a:6e:0a:3f:3e:
                    0e:0e:8f:c9:3c:87:6e:a6:85:45:75:33:7c:eb:ff:
                    28:fe:27:64:09:27:ce:f7:84:4c:5f:65:d1:98:eb:
                    15:d5:f6:8c:5b:4d:ef:e5:e7:fd:e8:9b:d2:fd:67:
                    f8:a1:7b:84:08:b8:73:f8:eb:7c:d9:a1:b3:b2:59:
                    2d:c7:33:9d:31:c4:6a:36:09:d9:ce:2e:f5:ac:c1:
                    9f:61:9a:ef:de:c5:65:66:3e:53:20:3c:9d:5e:80:
                    ca:94:50:26:cd:28:ce:4b:48:34:01:be:cf:24:c4:
                    8d:aa:d2:ca:7b:1d:de:81:89:ce:ec:c9:97:15:80:
                    00:66:d5:58:25:8d:c1:29:f4:3f:05:96:e2:79:94:
                    78:d5:55:ac:20:e3:3d:70:61:15:c8:ce:1b:8d:1c:
                    a0:af:8a:23:d9:75:3c:b2:c5:9c:a9:04:50:81:17:
                    2a:2a:94:4b:79:a5:84:fc:a1:9e:89:21:c6:60:8d:
                    4e:e5:93:57:b4:c1:36:c3:50:5f:31:2a:45:ba:83:
                    f9:7a:4d:72:40:17:78:cd:9f:90:ca:8d:ff:c8:1a:
                    38:19:8f:5c:86:ff:3e:00:50:ec:e6:64:40:45:a9:
                    2e:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:0E:C4:3B:E8:BB:DB:7D:7F:7F:4A:02:D7:89:9C:19:17:B9:B7:68
            X509v3 Authority Key Identifier:
                keyid:C6:16:97:16:D0:AE:64:06:87:03:14:0A:A3:73:0E:37:88:FD:D4:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhaXFtCuZAaHAxQKo3MON4j91MY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/400685-f48e-4ab9-8e3f-042446b70fb1/1/xA7EO-i7231_f0oC14mcGRe5t2g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/400685-f48e-4ab9-8e3f-042446b70fb1/1/xhaXFtCuZAaHAxQKo3MON4j91MY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.134.13.0/24
                  185.192.20.0/23
                  212.8.224.0-212.8.228.255
                IPv6:
                  2a07:500::/29
                  2a0e:7c40::/29

    Signature Algorithm: sha256WithRSAEncryption
         2e:cf:5a:32:82:45:55:6d:f9:d1:45:93:c3:8b:f2:65:31:e4:
         62:2f:e6:04:c2:f2:66:3f:d0:76:33:c8:e4:03:47:35:63:dd:
         08:76:26:c4:c1:6f:38:30:a6:cf:ae:7e:c4:07:2d:7b:3f:e0:
         03:4d:77:c9:85:e2:e8:06:fe:4d:0e:30:d2:bd:03:18:5e:74:
         73:b1:47:f6:d9:fc:3a:b6:f4:3d:4d:b8:c7:7d:7c:14:f6:d8:
         d3:5a:49:40:50:44:b2:58:76:e5:b0:4e:56:8c:3d:bb:51:c2:
         f8:0d:db:a7:3d:23:6d:15:a5:80:c6:1c:9a:31:cf:71:af:10:
         3c:89:d1:a8:a4:c4:7e:aa:50:f6:60:94:95:8e:a2:7f:e6:77:
         49:51:cd:37:d6:f7:27:b9:33:22:6b:00:4f:0f:99:f4:96:8e:
         0b:a4:4d:54:95:7c:ff:09:01:39:7a:f6:84:2b:fa:db:20:c3:
         ec:e3:ba:1d:2f:de:ec:7d:82:eb:5d:89:8b:ad:a6:50:d4:c5:
         e9:4c:83:86:47:bc:5b:5b:99:56:a7:89:d4:31:cb:62:39:1f:
         04:c8:3f:72:4e:e1:c1:50:e8:ce:cb:da:82:ad:0c:e3:f4:40:
         8d:3d:6f:4a:99:74:f5:15:7e:04:e1:14:9e:b5:a4:04:e9:79:
         b5:41:7f:d9
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYr1BrQZ9GgaknkOLWD8jGb9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTY5NzE2ZDBhZTY0MDY4NzAzMTQwYWEzNzMwZTM3ODhm
ZGQ0YzYwHhcNMjMxMDAzMTAxMjUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDBlYzQzYmU4YmJkYjdkN2Y3ZjRhMDJkNzg5OWMxOTE3YjliNzY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArU3MyACxYfc3/WcRNs4/rsDjHPDL
JFwGKm4KPz4ODo/JPIdupoVFdTN86/8o/idkCSfO94RMX2XRmOsV1faMW03v5ef9
6JvS/Wf4oXuECLhz+Ot82aGzslktxzOdMcRqNgnZzi71rMGfYZrv3sVlZj5TIDyd
XoDKlFAmzSjOS0g0Ab7PJMSNqtLKex3egYnO7MmXFYAAZtVYJY3BKfQ/BZbieZR4
1VWsIOM9cGEVyM4bjRygr4oj2XU8ssWcqQRQgRcqKpRLeaWE/KGeiSHGYI1O5ZNX
tME2w1BfMSpFuoP5ek1yQBd4zZ+Qyo3/yBo4GY9chv8+AFDs5mRARaku/wIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFMQOxDvou9t9f39KAteJnBkXubdoMB8GA1UdIwQY
MBaAFMYWlxbQrmQGhwMUCqNzDjeI/dTGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhhWEZ0Q3VaQWFIQXhRS28zTU9ONGo5MU1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC80MDA2ODUtZjQ4ZS00YWI5LThlM2Yt
MDQyNDQ2YjcwZmIxLzEveEE3RU8taTcyMzFfZjBvQzE0bWNHUmU1dDJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC80MDA2ODUtZjQ4ZS00YWI5LThlM2YtMDQyNDQ2YjcwZmIx
LzEveGhhWEZ0Q3VaQWFIQXhRS28zTU9ONGo5MU1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODAgBAIAATAaAwQALYYNAwQB
ucAUMAwDBAXUCOADBADUCOQwFAQCAAIwDgMFAyoHBQADBQMqDnxAMA0GCSqGSIb3
DQEBCwUAA4IBAQAuz1oygkVVbfnRRZPDi/JlMeRiL+YEwvJmP9B2M8jkA0c1Y90I
dibEwW84MKbPrn7EBy17P+ADTXfJheLoBv5NDjDSvQMYXnRzsUf22fw6tvQ9TbjH
fXwU9tjTWklAUESyWHblsE5WjD27UcL4DdunPSNtFaWAxhyaMc9xrxA8idGopMR+
qlD2YJSVjqJ/5ndJUc031vcnuTMiawBPD5n0lo4LpE1UlXz/CQE5evaEK/rbIMPs
47odL97sfYLrXYmLraZQ1MXpTIOGR7xbW5lWp4nUMctiOR8EyD9yTuHBUOjOy9qC
rQzj9ECNPW9KmXT1FX4E4RSetaQE6Xm1QX/Z
-----END CERTIFICATE-----