Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/07cdcf-8875-4770-8c75-41b745bf53db/1/veqKNXN0yZVsRLyDrxEc-txtqPM.roa
File:                     veqKNXN0yZVsRLyDrxEc-txtqPM.roa (raw, json)
Hash identifier:          4djcPA02HWYgL5fndG7V5YQkXZJ8omE4GApWpuNy0mQ=
Subject key identifier:   BD:EA:8A:35:73:74:C9:95:6C:44:BC:83:AF:11:1C:FA:DC:6D:A8:F3
Certificate issuer:       /CN=49378660f5f01923946c35d94be5ccd7d2b71051
Certificate serial:       018857D4D08A4EF90E3D504C6C991AFCE158
Authority key identifier: 49:37:86:60:F5:F0:19:23:94:6C:35:D9:4B:E5:CC:D7:D2:B7:10:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/STeGYPXwGSOUbDXZS-XM19K3EFE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/07cdcf-8875-4770-8c75-41b745bf53db/1/veqKNXN0yZVsRLyDrxEc-txtqPM.roa
Signing time:             Fri 26 May 2023 11:32:24 +0000
ROA not before:           Fri 26 May 2023 11:32:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     203593
IP address blocks:        185.129.253.0/24 maxlen: 24
                          185.129.252.0/24 maxlen: 24
                          185.129.254.0/24 maxlen: 24
                          185.129.255.0/24 maxlen: 24
                          213.244.63.0/24 maxlen: 24
                          213.244.35.0/24 maxlen: 24
                          213.244.32.0/24 maxlen: 24
                          213.244.33.0/24 maxlen: 24
                          213.244.38.0/24 maxlen: 24
                          213.244.36.0/24 maxlen: 24
                          213.244.37.0/24 maxlen: 24
                          213.244.41.0/24 maxlen: 24
                          157.97.163.0/24 maxlen: 24
                          213.244.42.0/24 maxlen: 24
                          213.244.40.0/24 maxlen: 24
                          213.244.48.0/22 maxlen: 22
                          193.254.202.0/24 maxlen: 24
                          193.254.203.0/24 maxlen: 24
                          2a06:d680::/29 maxlen: 29

Validation:               Failed, certificate revoked on Mon 29 May 2023 09:21:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:57:d4:d0:8a:4e:f9:0e:3d:50:4c:6c:99:1a:fc:e1:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49378660f5f01923946c35d94be5ccd7d2b71051
        Validity
            Not Before: May 26 11:32:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=bdea8a357374c9956c44bc83af111cfadc6da8f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:e2:8c:87:b9:39:ad:29:2e:67:f9:d1:09:76:
                    96:63:ad:74:9b:11:cf:29:30:50:d6:4d:14:b0:51:
                    7e:60:2e:50:c9:bb:63:f7:44:5e:99:b3:ff:b5:98:
                    1b:58:01:32:f0:7f:6f:f2:bc:e4:e0:3a:c0:b6:7a:
                    59:e1:65:fe:ad:fc:0d:dc:20:9c:a9:85:41:28:26:
                    fd:93:88:ff:43:b8:43:b7:91:31:a1:e7:f7:27:a9:
                    63:2c:5b:56:87:01:62:47:88:10:9a:8f:be:71:da:
                    ca:6f:6c:61:e2:22:39:31:a3:e5:dc:d8:01:b5:ca:
                    65:b3:35:23:ef:dd:28:ee:00:9d:28:4d:d7:cc:91:
                    11:e5:4c:17:7e:e1:92:01:cc:68:b7:4f:79:02:70:
                    ac:dd:9c:78:68:87:9a:0f:f5:01:ca:4d:bf:5d:00:
                    85:8c:09:e5:88:93:df:90:40:66:17:f9:93:76:0c:
                    da:cb:11:f1:f2:a1:74:36:bf:77:4d:3c:22:66:ca:
                    a7:10:e1:6d:86:50:f0:c8:e2:6d:a8:87:81:9f:ef:
                    82:37:df:3f:d1:05:4d:f7:1d:55:c0:1a:a7:24:53:
                    63:3d:96:bc:14:bd:a6:7a:2c:7f:1a:c7:e4:62:cc:
                    86:79:19:5a:35:c1:47:c2:a6:06:ac:69:ee:87:02:
                    54:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:EA:8A:35:73:74:C9:95:6C:44:BC:83:AF:11:1C:FA:DC:6D:A8:F3
            X509v3 Authority Key Identifier:
                keyid:49:37:86:60:F5:F0:19:23:94:6C:35:D9:4B:E5:CC:D7:D2:B7:10:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/STeGYPXwGSOUbDXZS-XM19K3EFE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/07cdcf-8875-4770-8c75-41b745bf53db/1/veqKNXN0yZVsRLyDrxEc-txtqPM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/07cdcf-8875-4770-8c75-41b745bf53db/1/STeGYPXwGSOUbDXZS-XM19K3EFE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.97.163.0/24
                  185.129.252.0/22
                  193.254.202.0/23
                  213.244.32.0/23
                  213.244.35.0-213.244.38.255
                  213.244.40.0-213.244.42.255
                  213.244.48.0/22
                  213.244.63.0/24
                IPv6:
                  2a06:d680::/29

    Signature Algorithm: sha256WithRSAEncryption
         07:7b:f1:3d:15:db:47:75:a5:35:c9:a0:53:5f:7e:be:3a:b3:
         a8:96:7d:bc:aa:b3:f8:b2:4f:35:95:08:f5:77:3f:17:86:ef:
         5f:f8:fb:c1:c2:1e:f1:8c:cf:5e:13:a1:0a:0e:66:35:ec:3e:
         f5:37:ca:2b:3a:1f:cc:77:fe:79:f6:fb:46:3b:61:d1:dd:ed:
         77:6e:85:f0:2a:cc:5d:e3:cf:19:87:16:03:27:d8:96:2f:45:
         f8:be:92:38:0c:37:fe:95:4c:62:63:57:f7:a9:ec:85:8b:9b:
         c8:ce:b7:f9:ba:a1:98:fa:d9:88:67:b3:51:5e:e1:ac:d8:96:
         08:58:5f:3f:99:2d:6c:39:47:15:35:b1:14:55:86:5f:03:e4:
         ae:69:dc:58:df:25:af:54:b8:7d:47:12:33:85:e0:2f:cf:ec:
         ff:b5:e5:08:a7:28:be:8c:63:28:3b:d2:8b:a5:cd:37:03:e9:
         82:a1:d7:96:71:a1:7b:59:c4:30:10:e2:45:5d:cf:17:39:3c:
         1a:73:9a:f1:29:fd:20:18:46:61:d7:27:91:78:d2:dd:fa:de:
         8f:d6:01:7d:5b:a4:6c:70:87:13:d6:2b:2e:7c:35:87:61:66:
         47:7c:6e:83:cb:4b:fd:68:2c:ae:eb:12:6c:e6:ea:1e:a3:b1:
         4c:45:83:5e
-----BEGIN CERTIFICATE-----
MIIFRjCCBC6gAwIBAgISAYhX1NCKTvkOPVBMbJka/OFYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5Mzc4NjYwZjVmMDE5MjM5NDZjMzVkOTRiZTVjY2Q3ZDJi
NzEwNTEwHhcNMjMwNTI2MTEzMjI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGVhOGEzNTczNzRjOTk1NmM0NGJjODNhZjExMWNmYWRjNmRhOGYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnuKMh7k5rSkuZ/nRCXaWY610mxHP
KTBQ1k0UsFF+YC5Qybtj90RembP/tZgbWAEy8H9v8rzk4DrAtnpZ4WX+rfwN3CCc
qYVBKCb9k4j/Q7hDt5Exoef3J6ljLFtWhwFiR4gQmo++cdrKb2xh4iI5MaPl3NgB
tcplszUj790o7gCdKE3XzJER5UwXfuGSAcxot095AnCs3Zx4aIeaD/UByk2/XQCF
jAnliJPfkEBmF/mTdgzayxHx8qF0Nr93TTwiZsqnEOFthlDwyOJtqIeBn++CN98/
0QVN9x1VwBqnJFNjPZa8FL2meix/GsfkYsyGeRlaNcFHwqYGrGnuhwJUNQIDAQAB
o4ICUjCCAk4wHQYDVR0OBBYEFL3qijVzdMmVbES8g68RHPrcbajzMB8GA1UdIwQY
MBaAFEk3hmD18BkjlGw12UvlzNfStxBRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1RlR1lQWHdHU09VYkRYWlMtWE0xOUszRUZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC8wN2NkY2YtODg3NS00NzcwLThjNzUt
NDFiNzQ1YmY1M2RiLzEvdmVxS05YTjB5WlZzUkx5RHJ4RWMtdHh0cVBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC8wN2NkY2YtODg3NS00NzcwLThjNzUtNDFiNzQ1YmY1M2Ri
LzEvU1RlR1lQWHdHU09VYkRYWlMtWE0xOUszRUZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGgGCCsGAQUFBwEHAQH/BFkwVzBGBAIAATBAAwQAnWGjAwQC
uYH8AwQBwf7KAwQB1fQgMAwDBADV9CMDBADV9CYwDAMEA9X0KAMEANX0KgMEAtX0
MAMEANX0PzANBAIAAjAHAwUDKgbWgDANBgkqhkiG9w0BAQsFAAOCAQEAB3vxPRXb
R3WlNcmgU19+vjqzqJZ9vKqz+LJPNZUI9Xc/F4bvX/j7wcIe8YzPXhOhCg5mNew+
9TfKKzofzHf+efb7Rjth0d3td26F8CrMXePPGYcWAyfYli9F+L6SOAw3/pVMYmNX
96nshYubyM63+bqhmPrZiGezUV7hrNiWCFhfP5ktbDlHFTWxFFWGXwPkrmncWN8l
r1S4fUcSM4XgL8/s/7XlCKcovoxjKDvSi6XNNwPpgqHXlnGhe1nEMBDiRV3PFzk8
GnOa8Sn9IBhGYdcnkXjS3frej9YBfVukbHCHE9YrLnw1h2FmR3xug8tL/WgsrusS
bObqHqOxTEWDXg==
-----END CERTIFICATE-----