Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/2fa86f-7f4e-4aab-9dfd-1b3d98bef1e9/1/NqWbLzP8NXR4-2eON5ZaFT07xDI.roa
File:                     NqWbLzP8NXR4-2eON5ZaFT07xDI.roa (raw, json)
Hash identifier:          Ja1oBk/iy1G9WXil4mR2o4++ynRFVOczKioC7S2WUfM=
Subject key identifier:   36:A5:9B:2F:33:FC:35:74:78:FB:67:8E:37:96:5A:15:3D:3B:C4:32
Certificate issuer:       /CN=6d150b438cc68f62dc15d359593161f799de53af
Certificate serial:       01856ECB8EDEA830CA2A5BCA1D953A89DDB6
Authority key identifier: 6D:15:0B:43:8C:C6:8F:62:DC:15:D3:59:59:31:61:F7:99:DE:53:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bRULQ4zGj2LcFdNZWTFh95neU68.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/2fa86f-7f4e-4aab-9dfd-1b3d98bef1e9/1/NqWbLzP8NXR4-2eON5ZaFT07xDI.roa
Signing time:             Sun 01 Jan 2023 19:25:12 +0000
ROA not before:           Sun 01 Jan 2023 19:25:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     35258
IP address blocks:        185.6.252.0/22 maxlen: 22
                          87.253.184.0/22 maxlen: 22
                          195.85.72.0/23 maxlen: 23
                          195.85.38.0/24 maxlen: 24
                          91.208.244.0/24 maxlen: 24
                          46.254.120.0/21 maxlen: 21
                          83.143.208.0/21 maxlen: 21
                          83.143.210.0/24 maxlen: 24
                          83.143.208.0/23 maxlen: 24
                          185.102.105.0/24 maxlen: 24
                          185.102.104.0/22 maxlen: 22
                          185.102.106.0/23 maxlen: 23
                          2a06:23c0::/29 maxlen: 29
                          2a00:e400::/29 maxlen: 29

Validation:               Failed, certificate revoked on Thu 02 Nov 2023 14:25:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:cb:8e:de:a8:30:ca:2a:5b:ca:1d:95:3a:89:dd:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d150b438cc68f62dc15d359593161f799de53af
        Validity
            Not Before: Jan  1 19:25:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=36a59b2f33fc357478fb678e37965a153d3bc432
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:bc:34:a9:fc:3b:2c:2b:65:fd:af:39:76:ea:
                    4c:9e:a1:54:fd:a0:83:0f:be:06:63:42:2c:90:8a:
                    c7:de:78:b3:22:a6:58:a5:53:4f:f5:10:b6:82:44:
                    c2:2f:de:65:ef:b0:2f:28:20:a3:78:c9:76:49:44:
                    49:72:41:54:d5:00:43:8f:46:05:2c:e3:0e:55:bb:
                    94:d7:a1:a0:59:1a:be:87:22:be:85:f2:87:e9:7e:
                    55:7e:6e:d6:64:1e:5c:48:6a:ef:7c:6a:60:12:64:
                    19:ef:b1:a1:66:50:e3:0d:43:94:4f:42:27:25:ac:
                    cb:d9:7d:15:d6:3f:d2:ae:ae:1c:25:66:5f:b7:d9:
                    ff:fc:2f:12:87:70:35:61:84:f1:f6:6a:1b:d3:17:
                    14:ca:4a:ea:7a:fb:51:2a:ce:4e:b8:cc:31:eb:1d:
                    ff:2a:c8:8e:29:db:76:70:bf:63:ab:91:37:94:bd:
                    8b:99:a9:e6:b5:76:85:4e:27:21:67:d6:5f:db:8e:
                    ef:16:2f:ff:ee:7a:98:b1:ba:9b:71:75:7e:76:17:
                    b3:85:ed:b2:e6:72:ea:13:a3:d7:56:fd:06:44:a2:
                    c5:ea:88:a2:d5:87:c8:73:a0:1e:aa:46:3b:b2:2a:
                    68:3a:ed:79:3e:24:5c:dd:0b:a3:e2:33:e7:c1:0f:
                    a3:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:A5:9B:2F:33:FC:35:74:78:FB:67:8E:37:96:5A:15:3D:3B:C4:32
            X509v3 Authority Key Identifier:
                keyid:6D:15:0B:43:8C:C6:8F:62:DC:15:D3:59:59:31:61:F7:99:DE:53:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bRULQ4zGj2LcFdNZWTFh95neU68.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/2fa86f-7f4e-4aab-9dfd-1b3d98bef1e9/1/NqWbLzP8NXR4-2eON5ZaFT07xDI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/2fa86f-7f4e-4aab-9dfd-1b3d98bef1e9/1/bRULQ4zGj2LcFdNZWTFh95neU68.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.254.120.0/21
                  83.143.208.0/21
                  87.253.184.0/22
                  91.208.244.0/24
                  185.6.252.0/22
                  185.102.104.0/22
                  195.85.38.0/24
                  195.85.72.0/23
                IPv6:
                  2a00:e400::/29
                  2a06:23c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         47:f4:37:49:ec:3c:ca:51:59:8b:53:b1:f0:cf:e5:72:e5:0b:
         f2:2a:83:b2:35:bd:f9:47:12:5d:bf:4c:47:fc:12:3f:78:e8:
         3d:55:11:4b:82:aa:93:e5:2d:bb:b1:62:04:7d:46:f4:05:e6:
         66:06:58:49:84:f8:4c:b5:cc:9a:31:85:4a:18:f6:da:1f:7b:
         aa:5a:d4:dd:4c:e8:08:21:1f:76:3c:d5:3d:e7:99:a8:97:25:
         ed:58:bc:90:6f:73:22:d9:92:c9:a7:14:a0:41:c0:d2:90:23:
         44:a2:13:a5:4b:5a:e9:f8:11:6c:20:fb:63:d7:23:ff:77:5a:
         d6:c7:c5:ae:61:df:bc:ce:b9:59:3b:8f:33:fd:14:33:7a:f9:
         ee:df:61:28:ae:c0:31:79:c1:2c:6b:a1:6c:8d:5e:ec:06:08:
         79:6c:88:5d:96:c7:26:fa:a1:a3:db:ea:47:99:94:d9:06:85:
         99:ee:d9:81:fe:ed:2b:24:79:de:07:47:fd:e1:ee:5d:ca:6f:
         d0:3a:5e:f5:f4:76:05:0d:b6:a7:d4:91:54:ad:7b:c7:d7:27:
         78:0d:75:58:9e:5e:fa:f5:c0:0c:b4:7c:8d:90:8e:3b:e8:e4:
         1b:41:22:09:75:37:ea:b3:a6:cd:f5:6c:c6:b1:77:68:40:70:
         ae:eb:77:94
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYVuy47eqDDKKlvKHZU6id22MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMTUwYjQzOGNjNjhmNjJkYzE1ZDM1OTU5MzE2MWY3OTlk
ZTUzYWYwHhcNMjMwMTAxMTkyNTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmE1OWIyZjMzZmMzNTc0NzhmYjY3OGUzNzk2NWExNTNkM2JjNDMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArrw0qfw7LCtl/a85dupMnqFU/aCD
D74GY0IskIrH3nizIqZYpVNP9RC2gkTCL95l77AvKCCjeMl2SURJckFU1QBDj0YF
LOMOVbuU16GgWRq+hyK+hfKH6X5Vfm7WZB5cSGrvfGpgEmQZ77GhZlDjDUOUT0In
JazL2X0V1j/Srq4cJWZft9n//C8Sh3A1YYTx9mob0xcUykrqevtRKs5OuMwx6x3/
KsiOKdt2cL9jq5E3lL2LmanmtXaFTichZ9Zf247vFi//7nqYsbqbcXV+dhezhe2y
5nLqE6PXVv0GRKLF6oii1YfIc6AeqkY7sipoOu15PiRc3Quj4jPnwQ+jWwIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFDalmy8z/DV0ePtnjjeWWhU9O8QyMB8GA1UdIwQY
MBaAFG0VC0OMxo9i3BXTWVkxYfeZ3lOvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlJVTFE0ekdqMkxjRmROWldURmg5NW5lVTY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8yZmE4NmYtN2Y0ZS00YWFiLTlkZmQt
MWIzZDk4YmVmMWU5LzEvTnFXYkx6UDhOWFI0LTJlT041WmFGVDA3eERJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8yZmE4NmYtN2Y0ZS00YWFiLTlkZmQtMWIzZDk4YmVmMWU5
LzEvYlJVTFE0ekdqMkxjRmROWldURmg5NW5lVTY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjA2BAIAATAwAwQDLv54AwQD
U4/QAwQCV/24AwQAW9D0AwQCuQb8AwQCuWZoAwQAw1UmAwQBw1VIMBQEAgACMA4D
BQMqAOQAAwUDKgYjwDANBgkqhkiG9w0BAQsFAAOCAQEAR/Q3Sew8ylFZi1Ox8M/l
cuUL8iqDsjW9+UcSXb9MR/wSP3joPVURS4Kqk+Utu7FiBH1G9AXmZgZYSYT4TLXM
mjGFShj22h97qlrU3UzoCCEfdjzVPeeZqJcl7Vi8kG9zItmSyacUoEHA0pAjRKIT
pUta6fgRbCD7Y9cj/3da1sfFrmHfvM65WTuPM/0UM3r57t9hKK7AMXnBLGuhbI1e
7AYIeWyIXZbHJvqho9vqR5mU2QaFme7Zgf7tKyR53gdH/eHuXcpv0Dpe9fR2BQ22
p9SRVK17x9cneA11WJ5e+vXADLR8jZCOO+jkG0EiCXU36rOmzfVsxrF3aEBwrut3
lA==
-----END CERTIFICATE-----