Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/69cbc0-b6c5-4e67-a73b-2b65a7a8be8c/1/A0VxLk6NIfLxuNtzQIwW2-pzUL0.roa
File:                     A0VxLk6NIfLxuNtzQIwW2-pzUL0.roa (raw, json)
Hash identifier:          mZCMub3OWf5E9IoofPXhVo8qqzALOGlF4SEnLAf16xI=
Subject key identifier:   03:45:71:2E:4E:8D:21:F2:F1:B8:DB:73:40:8C:16:DB:EA:73:50:BD
Certificate issuer:       /CN=68b22eea4a4a3b81654a227eda94e0e75937b015
Certificate serial:       0189B65569CC7AD1F8BD30071623AC55D4EE
Authority key identifier: 68:B2:2E:EA:4A:4A:3B:81:65:4A:22:7E:DA:94:E0:E7:59:37:B0:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aLIu6kpKO4FlSiJ-2pTg51k3sBU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/69cbc0-b6c5-4e67-a73b-2b65a7a8be8c/1/A0VxLk6NIfLxuNtzQIwW2-pzUL0.roa
Signing time:             Wed 02 Aug 2023 12:59:58 +0000
ROA not before:           Wed 02 Aug 2023 12:59:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     204348
IP address blocks:        185.252.112.0/24 maxlen: 24
                          185.252.115.0/24 maxlen: 24
                          185.252.113.0/24 maxlen: 24
                          185.249.255.0/24 maxlen: 24
                          2a0e:e7c3::/32 maxlen: 32
                          2a04:b804::/32 maxlen: 32
                          2a04:b800::/32 maxlen: 32
                          2a0e:e7c7::/32 maxlen: 32
                          2a04:b803::/32 maxlen: 32
                          2a0e:e7c0::/32 maxlen: 32
                          2a04:b805::/32 maxlen: 32
                          2a10:a6c0::/29 maxlen: 29
                          2a0e:e7c6::/32 maxlen: 32
                          2a04:b802::/32 maxlen: 32
                          2a0e:e7c1::/32 maxlen: 32
                          2a0e:e7c5::/32 maxlen: 32
                          2a04:b806::/32 maxlen: 32
                          2a0e:e7c4::/32 maxlen: 32
                          2a0e:e7c2::/32 maxlen: 32
                          2a04:b807::/32 maxlen: 32
                          2a04:b801::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 02:29:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:b6:55:69:cc:7a:d1:f8:bd:30:07:16:23:ac:55:d4:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68b22eea4a4a3b81654a227eda94e0e75937b015
        Validity
            Not Before: Aug  2 12:59:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0345712e4e8d21f2f1b8db73408c16dbea7350bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:be:e1:66:03:68:d3:be:6f:56:d2:2d:c3:ba:
                    dc:b6:99:f7:4d:ed:b9:e7:e0:18:31:c4:9a:26:76:
                    4d:ac:b7:ee:11:ed:09:0b:d3:1b:91:03:1c:b6:4f:
                    c9:b1:b5:a5:e7:7a:01:2f:a0:6c:9b:e2:8a:bf:c2:
                    35:90:2d:3a:d6:57:fe:d5:a1:b4:a1:5f:02:57:c6:
                    14:a9:23:40:d0:0b:a6:e5:05:3a:bc:54:48:9d:a0:
                    e6:8d:e4:8d:ae:6f:40:56:76:29:5c:09:82:76:14:
                    17:40:49:81:19:b1:3c:22:4a:1e:42:37:d5:0c:1b:
                    02:6a:25:b3:d0:37:39:1e:f8:04:bb:19:52:ca:ff:
                    bf:c1:5b:8d:35:71:c8:dd:50:75:85:51:ac:77:52:
                    bf:e0:60:8e:92:7a:a9:c4:d2:1c:e9:f6:f0:0e:7f:
                    cc:37:a8:ac:dc:8a:c3:58:47:58:00:29:92:d3:2a:
                    3b:83:98:0e:ed:28:05:24:e4:c9:16:f3:01:a3:aa:
                    4e:81:8b:87:29:36:3c:9c:9e:7a:53:d1:bb:a1:0e:
                    1f:8f:e7:31:40:7b:db:a2:0e:7f:c7:4a:aa:d4:c9:
                    f7:5e:e0:51:32:00:28:cc:3f:f8:b6:9f:1d:90:da:
                    a0:8a:6c:d1:3b:fc:f4:46:75:8d:be:4f:0d:7a:dd:
                    60:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:45:71:2E:4E:8D:21:F2:F1:B8:DB:73:40:8C:16:DB:EA:73:50:BD
            X509v3 Authority Key Identifier:
                keyid:68:B2:2E:EA:4A:4A:3B:81:65:4A:22:7E:DA:94:E0:E7:59:37:B0:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aLIu6kpKO4FlSiJ-2pTg51k3sBU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/69cbc0-b6c5-4e67-a73b-2b65a7a8be8c/1/A0VxLk6NIfLxuNtzQIwW2-pzUL0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/69cbc0-b6c5-4e67-a73b-2b65a7a8be8c/1/aLIu6kpKO4FlSiJ-2pTg51k3sBU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.249.255.0/24
                  185.252.112.0/23
                  185.252.115.0/24
                IPv6:
                  2a04:b800::/29
                  2a0e:e7c0::/29
                  2a10:a6c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         78:6b:7e:61:3b:15:1e:68:40:cc:27:d1:20:03:cf:b3:e8:e1:
         dc:a4:63:73:94:16:da:a5:2c:b9:70:d9:1b:23:cf:71:49:cc:
         99:74:07:05:d5:50:34:ed:81:d2:9a:41:9f:f1:59:d3:8f:f7:
         10:f7:b7:a0:b8:9e:83:20:c3:06:19:64:60:2f:83:e5:be:dd:
         55:5a:84:ff:9c:f7:98:d7:fb:0d:15:cd:f6:5b:83:26:f7:71:
         5f:e3:27:b5:5a:5c:ec:f5:67:04:21:fa:f1:45:5c:85:93:bd:
         1d:f6:e7:1e:2f:22:42:72:41:f8:ec:14:6d:4b:f3:89:4c:ba:
         a7:83:77:45:c3:7c:f7:b8:ba:aa:15:aa:2b:aa:d0:5f:ef:37:
         3e:35:85:53:2c:a2:86:04:2a:6c:94:06:40:16:5b:57:e4:b3:
         cb:e5:a4:ea:57:a6:f1:42:d3:9b:ea:18:df:78:ca:4a:a4:e2:
         ce:e4:a9:68:c9:d2:bd:ef:64:da:fd:16:ad:24:b6:a9:33:cc:
         f3:40:ca:80:6e:50:e9:f9:35:9a:d9:5f:1e:d8:f6:ab:e1:b3:
         f0:a5:66:78:95:cd:1e:45:8e:8e:3b:fe:07:2e:86:f3:47:88:
         6f:1c:4c:fd:4f:4b:fe:01:e1:13:26:ca:4f:8c:67:3c:f2:7e:
         27:34:8d:39
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAYm2VWnMetH4vTAHFiOsVdTuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4YjIyZWVhNGE0YTNiODE2NTRhMjI3ZWRhOTRlMGU3NTkz
N2IwMTUwHhcNMjMwODAyMTI1OTU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzQ1NzEyZTRlOGQyMWYyZjFiOGRiNzM0MDhjMTZkYmVhNzM1MGJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl77hZgNo075vVtItw7rctpn3Te25
5+AYMcSaJnZNrLfuEe0JC9MbkQMctk/JsbWl53oBL6Bsm+KKv8I1kC061lf+1aG0
oV8CV8YUqSNA0Aum5QU6vFRInaDmjeSNrm9AVnYpXAmCdhQXQEmBGbE8IkoeQjfV
DBsCaiWz0Dc5HvgEuxlSyv+/wVuNNXHI3VB1hVGsd1K/4GCOknqpxNIc6fbwDn/M
N6is3IrDWEdYACmS0yo7g5gO7SgFJOTJFvMBo6pOgYuHKTY8nJ56U9G7oQ4fj+cx
QHvbog5/x0qq1Mn3XuBRMgAozD/4tp8dkNqgimzRO/z0RnWNvk8Net1gxQIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFANFcS5OjSHy8bjbc0CMFtvqc1C9MB8GA1UdIwQY
MBaAFGiyLupKSjuBZUoiftqU4OdZN7AVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUxJdTZrcEtPNEZsU2lKLTJwVGc1MWszc0JVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy82OWNiYzAtYjZjNS00ZTY3LWE3M2It
MmI2NWE3YThiZThjLzEvQTBWeExrNk5JZkx4dU50elFJd1cyLXB6VUwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy82OWNiYzAtYjZjNS00ZTY3LWE3M2ItMmI2NWE3YThiZThj
LzEvYUxJdTZrcEtPNEZsU2lKLTJwVGc1MWszc0JVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzAYBAIAATASAwQAufn/AwQB
ufxwAwQAufxzMBsEAgACMBUDBQMqBLgAAwUDKg7nwAMFAyoQpsAwDQYJKoZIhvcN
AQELBQADggEBAHhrfmE7FR5oQMwn0SADz7Po4dykY3OUFtqlLLlw2Rsjz3FJzJl0
BwXVUDTtgdKaQZ/xWdOP9xD3t6C4noMgwwYZZGAvg+W+3VVahP+c95jX+w0VzfZb
gyb3cV/jJ7VaXOz1ZwQh+vFFXIWTvR325x4vIkJyQfjsFG1L84lMuqeDd0XDfPe4
uqoVqiuq0F/vNz41hVMsooYEKmyUBkAWW1fks8vlpOpXpvFC05vqGN94ykqk4s7k
qWjJ0r3vZNr9Fq0ktqkzzPNAyoBuUOn5NZrZXx7Y9qvhs/ClZniVzR5Fjo47/gcu
hvNHiG8cTP1PS/4B4RMmyk+MZzzyfic0jTk=
-----END CERTIFICATE-----