Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/0c363c-2d0e-4bca-a9f2-813c5aab783e/1/KqKBKbZhKtQMnJ7hVINdPabblzY.roa
File:                     KqKBKbZhKtQMnJ7hVINdPabblzY.roa (raw, json)
Hash identifier:          0Ex+okUmOlMJT4CZ3f3+ds0JELjDyG9CEnOBCUqGtuw=
Subject key identifier:   2A:A2:81:29:B6:61:2A:D4:0C:9C:9E:E1:54:83:5D:3D:A6:DB:97:36
Certificate issuer:       /CN=a0639adf1e0b84b9ff64e4f8ebe638ebbf5d27b9
Certificate serial:       0186081532B97AA4E9D68308C84EBAEBF70B
Authority key identifier: A0:63:9A:DF:1E:0B:84:B9:FF:64:E4:F8:EB:E6:38:EB:BF:5D:27:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oGOa3x4LhLn_ZOT46-Y4679dJ7k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/0c363c-2d0e-4bca-a9f2-813c5aab783e/1/KqKBKbZhKtQMnJ7hVINdPabblzY.roa
Signing time:             Tue 31 Jan 2023 13:47:32 +0000
ROA not before:           Tue 31 Jan 2023 13:47:32 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     21263
IP address blocks:        185.124.224.0/22 maxlen: 24
                          146.255.112.0/22 maxlen: 24
                          185.16.72.0/22 maxlen: 24
                          217.24.192.0/20 maxlen: 24
                          185.162.220.0/22 maxlen: 24
                          77.81.52.0/22 maxlen: 24
                          217.31.208.0/20 maxlen: 24
                          185.198.140.0/22 maxlen: 24
                          212.62.192.0/19 maxlen: 24
                          45.155.112.0/22 maxlen: 24
                          81.27.112.0/20 maxlen: 24
                          185.231.72.0/22 maxlen: 24
                          161.51.240.0/21 maxlen: 24
                          217.11.144.0/20 maxlen: 24
                          2a02:590::/29 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 16:30:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:08:15:32:b9:7a:a4:e9:d6:83:08:c8:4e:ba:eb:f7:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0639adf1e0b84b9ff64e4f8ebe638ebbf5d27b9
        Validity
            Not Before: Jan 31 13:47:32 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2aa28129b6612ad40c9c9ee154835d3da6db9736
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:5f:4f:67:e9:e5:b6:bf:f2:11:b9:2a:f9:dc:
                    c8:45:2f:57:6a:c6:b3:96:56:52:ce:c2:95:e8:80:
                    45:be:38:2b:24:ae:9c:9b:e8:76:90:0a:0d:7d:da:
                    ee:9f:68:ff:b4:09:4e:07:5a:32:37:54:06:57:fe:
                    df:38:af:5e:5b:f7:26:de:1a:8f:03:5c:94:2f:7c:
                    13:8e:b2:f7:9a:f7:f9:59:30:f9:97:08:90:82:87:
                    b2:20:ee:4d:ec:95:56:49:33:4e:98:c0:66:17:02:
                    0a:7e:e7:ff:3c:04:db:90:4d:3c:d3:11:d2:29:86:
                    a9:63:88:c8:70:80:60:66:eb:39:67:f8:17:b6:62:
                    b7:e0:ac:61:b5:25:bf:c5:ca:d6:57:3b:e7:ec:bd:
                    2c:37:05:d5:4f:f2:ab:ef:f1:e4:11:2f:4d:29:a5:
                    43:58:99:d5:47:b5:e8:78:1a:bd:1a:76:3a:55:a4:
                    fb:8f:d2:6d:fe:a7:11:3a:44:68:21:84:64:99:51:
                    da:84:ca:54:6b:22:0a:22:bb:f0:c4:9b:87:80:02:
                    1d:88:20:e5:08:26:f1:01:a6:fe:6c:35:59:4b:18:
                    88:0e:f4:bb:f7:69:82:1a:c6:dd:9a:21:2b:b7:e9:
                    2a:27:71:72:9b:56:7d:da:88:54:4b:35:1a:87:58:
                    24:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:A2:81:29:B6:61:2A:D4:0C:9C:9E:E1:54:83:5D:3D:A6:DB:97:36
            X509v3 Authority Key Identifier:
                keyid:A0:63:9A:DF:1E:0B:84:B9:FF:64:E4:F8:EB:E6:38:EB:BF:5D:27:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oGOa3x4LhLn_ZOT46-Y4679dJ7k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/0c363c-2d0e-4bca-a9f2-813c5aab783e/1/KqKBKbZhKtQMnJ7hVINdPabblzY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/0c363c-2d0e-4bca-a9f2-813c5aab783e/1/oGOa3x4LhLn_ZOT46-Y4679dJ7k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.112.0/22
                  77.81.52.0/22
                  81.27.112.0/20
                  146.255.112.0/22
                  161.51.240.0/21
                  185.16.72.0/22
                  185.124.224.0/22
                  185.162.220.0/22
                  185.198.140.0/22
                  185.231.72.0/22
                  212.62.192.0/19
                  217.11.144.0/20
                  217.24.192.0/20
                  217.31.208.0/20
                IPv6:
                  2a02:590::/29

    Signature Algorithm: sha256WithRSAEncryption
         85:56:3d:26:4b:94:b7:c4:94:5e:60:09:d6:12:47:14:3c:73:
         57:1c:09:33:4b:ad:ec:8f:62:cf:8e:4d:3f:c8:68:10:34:b2:
         24:50:8f:2a:7a:7f:54:8b:ef:ed:15:8c:42:3d:56:ad:1d:86:
         a8:ba:e8:bf:dd:a7:97:65:4e:65:7f:79:2e:74:78:19:d8:6c:
         e6:a0:97:bc:32:fb:75:d7:dd:99:c4:10:da:21:45:86:41:cb:
         ec:cd:5c:66:32:be:b3:ac:7a:d7:eb:2f:eb:16:62:d3:af:e7:
         0c:59:34:76:7c:32:3e:30:73:7b:d5:2e:83:6f:3a:15:23:d1:
         a1:92:25:9b:ea:7b:49:1b:ea:36:d5:5c:06:0e:c7:3d:f9:3e:
         2b:cc:48:b5:63:2b:dd:75:af:b1:46:aa:43:e1:3a:09:62:ed:
         a7:86:d2:d4:8d:2e:67:45:bf:bc:dc:74:70:d1:ba:54:c3:fb:
         4e:bc:72:c6:66:c5:32:2d:e3:67:4d:8b:6f:83:ee:4f:5e:cb:
         45:37:05:bb:c6:6d:a2:4b:c2:45:4a:53:c2:8e:f4:54:3b:f2:
         95:b4:36:f3:e3:3c:f2:2e:e0:3a:1c:5c:d5:6b:c9:75:2c:60:
         1c:6d:81:fc:1a:19:c1:60:56:e6:4f:d4:e7:dc:7f:66:a6:f1:
         6e:7c:eb:2b
-----BEGIN CERTIFICATE-----
MIIFWjCCBEKgAwIBAgISAYYIFTK5eqTp1oMIyE666/cLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwNjM5YWRmMWUwYjg0YjlmZjY0ZTRmOGViZTYzOGViYmY1
ZDI3YjkwHhcNMjMwMTMxMTM0NzMyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWEyODEyOWI2NjEyYWQ0MGM5YzllZTE1NDgzNWQzZGE2ZGI5NzM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqF9PZ+nltr/yEbkq+dzIRS9Xasaz
llZSzsKV6IBFvjgrJK6cm+h2kAoNfdrun2j/tAlOB1oyN1QGV/7fOK9eW/cm3hqP
A1yUL3wTjrL3mvf5WTD5lwiQgoeyIO5N7JVWSTNOmMBmFwIKfuf/PATbkE080xHS
KYapY4jIcIBgZus5Z/gXtmK34KxhtSW/xcrWVzvn7L0sNwXVT/Kr7/HkES9NKaVD
WJnVR7XoeBq9GnY6VaT7j9Jt/qcROkRoIYRkmVHahMpUayIKIrvwxJuHgAIdiCDl
CCbxAab+bDVZSxiIDvS792mCGsbdmiErt+kqJ3Fym1Z92ohUSzUah1gkowIDAQAB
o4ICZjCCAmIwHQYDVR0OBBYEFCqigSm2YSrUDJye4VSDXT2m25c2MB8GA1UdIwQY
MBaAFKBjmt8eC4S5/2Tk+OvmOOu/XSe5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0dPYTN4NExoTG5fWk9UNDYtWTQ2NzlkSjdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC8wYzM2M2MtMmQwZS00YmNhLWE5ZjIt
ODEzYzVhYWI3ODNlLzEvS3FLQktiWmhLdFFNbko3aFZJTmRQYWJibHpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC8wYzM2M2MtMmQwZS00YmNhLWE5ZjItODEzYzVhYWI3ODNl
LzEvb0dPYTN4NExoTG5fWk9UNDYtWTQ2NzlkSjdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHwGCCsGAQUFBwEHAQH/BG0wazBaBAIAATBUAwQCLZtwAwQC
TVE0AwQEURtwAwQCkv9wAwQDoTPwAwQCuRBIAwQCuXzgAwQCuaLcAwQCucaMAwQC
uedIAwQF1D7AAwQE2QuQAwQE2RjAAwQE2R/QMA0EAgACMAcDBQMqAgWQMA0GCSqG
SIb3DQEBCwUAA4IBAQCFVj0mS5S3xJReYAnWEkcUPHNXHAkzS63sj2LPjk0/yGgQ
NLIkUI8qen9Ui+/tFYxCPVatHYaouui/3aeXZU5lf3kudHgZ2GzmoJe8Mvt1192Z
xBDaIUWGQcvszVxmMr6zrHrX6y/rFmLTr+cMWTR2fDI+MHN71S6DbzoVI9GhkiWb
6ntJG+o21VwGDsc9+T4rzEi1Yyvdda+xRqpD4ToJYu2nhtLUjS5nRb+83HRw0bpU
w/tOvHLGZsUyLeNnTYtvg+5PXstFNwW7xm2iS8JFSlPCjvRUO/KVtDbz4zzyLuA6
HFzVa8l1LGAcbYH8GhnBYFbmT9Tn3H9mpvFufOsr
-----END CERTIFICATE-----