Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/827332-0a02-423f-b07f-05290becdc61/1/yGdrg0-8XDwdw6-IGE019fjW6G0.roa
File:                     yGdrg0-8XDwdw6-IGE019fjW6G0.roa (raw, json)
Hash identifier:          O3yUAOsa3MNa1ru7M9iQ7yLp00Sea2U+hyagGrSn1lI=
Subject key identifier:   C8:67:6B:83:4F:BC:5C:3C:1D:C3:AF:88:18:4D:35:F5:F8:D6:E8:6D
Certificate issuer:       /CN=6e6bcd1ee0415312babada96a5b4c7351bbca6bf
Certificate serial:       01857082D0DC53A00AE67695C08D997B2E01
Authority key identifier: 6E:6B:CD:1E:E0:41:53:12:BA:BA:DA:96:A5:B4:C7:35:1B:BC:A6:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bmvNHuBBUxK6utqWpbTHNRu8pr8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/827332-0a02-423f-b07f-05290becdc61/1/yGdrg0-8XDwdw6-IGE019fjW6G0.roa
Signing time:             Mon 02 Jan 2023 03:24:59 +0000
ROA not before:           Mon 02 Jan 2023 03:24:59 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     60924
IP address blocks:        185.177.186.0/24 maxlen: 24
                          185.177.184.0/22 maxlen: 24
                          185.177.184.0/24 maxlen: 24
                          185.177.185.0/24 maxlen: 24
                          185.177.187.0/24 maxlen: 24
                          185.23.197.0/24 maxlen: 24
                          185.23.198.0/24 maxlen: 24
                          185.23.196.0/22 maxlen: 24
                          185.23.196.0/24 maxlen: 24
                          185.23.199.0/24 maxlen: 24
                          146.71.94.0/23 maxlen: 24
                          146.71.94.0/24 maxlen: 24
                          146.71.95.0/24 maxlen: 24
                          185.92.128.0/22 maxlen: 24
                          185.92.128.0/24 maxlen: 24
                          185.92.131.0/24 maxlen: 24
                          185.92.129.0/24 maxlen: 24
                          185.92.130.0/24 maxlen: 24
                          2a0a:4380::/29 maxlen: 64
                          2a04:2600::/29 maxlen: 64
                          2a05:f1c0::/29 maxlen: 64

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 22:31:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:82:d0:dc:53:a0:0a:e6:76:95:c0:8d:99:7b:2e:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e6bcd1ee0415312babada96a5b4c7351bbca6bf
        Validity
            Not Before: Jan  2 03:24:59 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c8676b834fbc5c3c1dc3af88184d35f5f8d6e86d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:34:ce:97:3a:0b:be:32:20:1c:43:33:fe:6b:
                    74:42:f6:5a:81:94:3b:89:ac:1c:6b:f4:ba:f0:fb:
                    66:f2:6c:c0:e3:f4:4f:dd:55:8c:21:2d:0b:0a:8c:
                    c7:8d:b2:74:f3:8c:f9:fc:ab:0d:76:c3:ce:56:38:
                    fa:84:f9:3a:c7:49:a6:f0:51:15:d8:79:66:0f:44:
                    c5:b9:47:53:90:74:28:a2:6c:0d:b7:96:31:51:35:
                    9d:e4:5b:36:b7:c5:61:7f:88:0f:16:3d:d5:be:27:
                    68:a3:58:38:ef:45:78:eb:69:b6:22:18:68:0b:c9:
                    3b:7d:c0:d3:5b:a4:c3:ba:ac:12:3b:a9:5f:fd:85:
                    ac:72:fd:de:30:86:ac:3a:a8:80:61:ce:9b:51:c2:
                    24:7c:54:3f:45:bc:f3:11:4d:cd:8e:31:65:4b:0b:
                    cb:15:61:9e:36:df:8d:66:76:29:0d:32:08:7f:d9:
                    1a:11:f5:14:41:08:ee:10:e8:ab:a2:27:96:81:dd:
                    bc:53:0e:d9:c7:1c:5e:0d:1c:52:77:d0:98:be:98:
                    49:d9:17:19:5c:96:27:0c:e7:dc:0d:ca:87:8f:c5:
                    7d:88:d2:26:ab:c0:44:c5:db:a2:77:dc:b0:2c:b2:
                    22:b2:f0:b3:a0:dc:c0:15:bc:d7:f5:76:46:b8:b0:
                    b9:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:67:6B:83:4F:BC:5C:3C:1D:C3:AF:88:18:4D:35:F5:F8:D6:E8:6D
            X509v3 Authority Key Identifier:
                keyid:6E:6B:CD:1E:E0:41:53:12:BA:BA:DA:96:A5:B4:C7:35:1B:BC:A6:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bmvNHuBBUxK6utqWpbTHNRu8pr8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/827332-0a02-423f-b07f-05290becdc61/1/yGdrg0-8XDwdw6-IGE019fjW6G0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/827332-0a02-423f-b07f-05290becdc61/1/bmvNHuBBUxK6utqWpbTHNRu8pr8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.71.94.0/23
                  185.23.196.0/22
                  185.92.128.0/22
                  185.177.184.0/22
                IPv6:
                  2a04:2600::/29
                  2a05:f1c0::/29
                  2a0a:4380::/29

    Signature Algorithm: sha256WithRSAEncryption
         71:ae:f0:8e:4d:e5:6a:0d:a3:e7:b1:10:2d:39:a8:f2:48:92:
         22:9f:dc:0a:d4:3c:d1:38:50:63:37:6a:e8:f7:22:a6:cb:9b:
         21:b1:a7:49:8f:f6:37:ec:5f:4b:35:87:0f:01:bc:05:ea:69:
         92:bc:8b:89:07:30:6c:13:5e:b6:27:3a:47:48:d8:00:f0:7b:
         62:78:37:5c:d6:e3:b6:49:9e:dd:33:f8:44:3f:cb:3b:3e:e1:
         01:72:2d:44:d3:a6:c0:bb:6d:a4:70:db:cd:26:14:b7:eb:45:
         0e:e4:b1:9f:b6:c0:d5:be:b8:f8:9c:98:32:63:f9:86:f6:ec:
         b7:48:6f:51:e7:9f:39:01:40:44:83:b9:99:d0:20:19:68:ef:
         78:65:80:28:88:ae:fb:5a:df:c2:09:69:54:29:5c:89:60:2a:
         c0:17:0a:6c:59:35:2f:99:dd:2f:81:2d:0c:fd:d0:f0:68:17:
         c6:6c:cf:55:9b:d6:c7:ad:95:45:b1:60:15:0a:0c:07:5d:1c:
         fa:ec:1a:21:3e:98:5f:4b:c5:88:6b:61:28:34:cf:df:c7:7c:
         c3:50:73:61:0d:66:3b:eb:6c:77:2a:5d:24:76:a0:38:78:c0:
         72:30:e1:13:37:82:ec:b5:97:e8:6e:ea:ea:1b:1b:a6:de:27:
         a4:8a:b8:cf
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgISAYVwgtDcU6AK5naVwI2Zey4BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlNmJjZDFlZTA0MTUzMTJiYWJhZGE5NmE1YjRjNzM1MWJi
Y2E2YmYwHhcNMjMwMTAyMDMyNDU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODY3NmI4MzRmYmM1YzNjMWRjM2FmODgxODRkMzVmNWY4ZDZlODZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjzTOlzoLvjIgHEMz/mt0QvZagZQ7
iawca/S68Ptm8mzA4/RP3VWMIS0LCozHjbJ084z5/KsNdsPOVjj6hPk6x0mm8FEV
2HlmD0TFuUdTkHQoomwNt5YxUTWd5Fs2t8Vhf4gPFj3Vvidoo1g470V462m2Ihho
C8k7fcDTW6TDuqwSO6lf/YWscv3eMIasOqiAYc6bUcIkfFQ/RbzzEU3NjjFlSwvL
FWGeNt+NZnYpDTIIf9kaEfUUQQjuEOiroieWgd28Uw7ZxxxeDRxSd9CYvphJ2RcZ
XJYnDOfcDcqHj8V9iNImq8BExduid9ywLLIisvCzoNzAFbzX9XZGuLC58wIDAQAB
o4ICODCCAjQwHQYDVR0OBBYEFMhna4NPvFw8HcOviBhNNfX41uhtMB8GA1UdIwQY
MBaAFG5rzR7gQVMSurralqW0xzUbvKa/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm12Tkh1QkJVeEs2dXRxV3BiVEhOUnU4cHI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy84MjczMzItMGEwMi00MjNmLWIwN2Yt
MDUyOTBiZWNkYzYxLzEveUdkcmcwLThYRHdkdzYtSUdFMDE5ZmpXNkcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy84MjczMzItMGEwMi00MjNmLWIwN2YtMDUyOTBiZWNkYzYx
LzEvYm12Tkh1QkJVeEs2dXRxV3BiVEhOUnU4cHI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME4GCCsGAQUFBwEHAQH/BD8wPTAeBAIAATAYAwQBkkdeAwQC
uRfEAwQCuVyAAwQCubG4MBsEAgACMBUDBQMqBCYAAwUDKgXxwAMFAyoKQ4AwDQYJ
KoZIhvcNAQELBQADggEBAHGu8I5N5WoNo+exEC05qPJIkiKf3ArUPNE4UGM3auj3
IqbLmyGxp0mP9jfsX0s1hw8BvAXqaZK8i4kHMGwTXrYnOkdI2ADwe2J4N1zW47ZJ
nt0z+EQ/yzs+4QFyLUTTpsC7baRw280mFLfrRQ7ksZ+2wNW+uPicmDJj+Yb27LdI
b1HnnzkBQESDuZnQIBlo73hlgCiIrvta38IJaVQpXIlgKsAXCmxZNS+Z3S+BLQz9
0PBoF8Zsz1Wb1setlUWxYBUKDAddHPrsGiE+mF9LxYhrYSg0z9/HfMNQc2ENZjvr
bHcqXSR2oDh4wHIw4RM3guy1l+hu6uobG6beJ6SKuM8=
-----END CERTIFICATE-----