Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/c6bcba-a996-4bb5-ba4a-a46153145cf8/1/qZNiXgqHNCIPjWw2QejvxQPDzV0.roa
File:                     qZNiXgqHNCIPjWw2QejvxQPDzV0.roa (raw, json)
Hash identifier:          lF3A1w6pGIOMd0UUv6YoLYA/0SzSQc8Fx5b+Ognqu/s=
Subject key identifier:   A9:93:62:5E:0A:87:34:22:0F:8D:6C:36:41:E8:EF:C5:03:C3:CD:5D
Certificate issuer:       /CN=f2beed4df207c3609adfded80dddd9316f0a9b45
Certificate serial:       01856EB8F4C587766BF0CEF7008AE5200346
Authority key identifier: F2:BE:ED:4D:F2:07:C3:60:9A:DF:DE:D8:0D:DD:D9:31:6F:0A:9B:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8r7tTfIHw2Ca397YDd3ZMW8Km0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/c6bcba-a996-4bb5-ba4a-a46153145cf8/1/qZNiXgqHNCIPjWw2QejvxQPDzV0.roa
Signing time:             Sun 01 Jan 2023 19:04:53 +0000
ROA not before:           Sun 01 Jan 2023 19:04:53 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     202619
IP address blocks:        176.109.176.0/21 maxlen: 32
                          176.109.184.0/21 maxlen: 32
                          176.109.224.0/20 maxlen: 32
                          193.192.37.0/24 maxlen: 32
                          193.192.36.0/24 maxlen: 32
                          94.158.32.0/21 maxlen: 32
                          94.158.40.0/21 maxlen: 32
                          185.33.140.0/23 maxlen: 32
                          185.33.142.0/23 maxlen: 32
                          194.246.94.0/23 maxlen: 32
                          176.109.240.0/20 maxlen: 32
                          194.246.92.0/23 maxlen: 32
                          2a03:a9c0::/30 maxlen: 128
                          2a0d:ec4::/30 maxlen: 128
                          2a0d:ec0::/30 maxlen: 128
                          2a03:a9c4::/30 maxlen: 128

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 02:29:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:b8:f4:c5:87:76:6b:f0:ce:f7:00:8a:e5:20:03:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f2beed4df207c3609adfded80dddd9316f0a9b45
        Validity
            Not Before: Jan  1 19:04:53 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a993625e0a8734220f8d6c3641e8efc503c3cd5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:74:14:79:87:d1:6d:ef:f2:99:a4:41:89:2a:
                    f1:5c:52:81:68:c4:f3:d2:b6:d3:2d:74:7d:b3:0b:
                    23:6b:4f:e5:01:51:54:63:5b:1d:bb:ea:bc:c1:6c:
                    0f:2c:95:2f:42:eb:c5:07:eb:2b:c9:45:32:aa:17:
                    8d:3a:d1:2e:f3:22:c6:04:0e:05:40:92:0e:33:6a:
                    af:50:a4:e7:31:2e:83:17:62:ac:b8:3b:e7:ec:13:
                    f3:2a:9f:f5:bd:3d:74:b4:29:0a:c4:d8:bd:c5:ac:
                    47:f5:f4:33:c5:fc:c9:bd:e2:9f:ce:69:86:26:4f:
                    4b:45:17:bb:53:ff:34:02:6a:7d:19:78:0d:d9:38:
                    aa:c6:bf:51:37:b3:93:31:26:8f:c8:6c:5d:9f:04:
                    fd:84:86:c1:28:d5:34:34:d7:55:4c:c3:e5:00:ff:
                    38:30:74:a7:65:a6:86:8c:9f:c5:a1:0c:8d:9b:b1:
                    50:a8:14:79:99:70:95:e3:b6:e6:8f:3e:f6:e7:07:
                    57:a3:26:67:3b:10:55:b8:d3:25:43:ef:e3:13:72:
                    e9:af:c8:1d:ae:d5:68:a6:af:29:40:29:6f:89:89:
                    de:70:dc:21:4d:bc:86:d7:92:6d:8e:74:c5:88:9e:
                    0f:ad:c1:28:b6:5d:70:67:94:72:d2:db:68:b1:30:
                    78:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:93:62:5E:0A:87:34:22:0F:8D:6C:36:41:E8:EF:C5:03:C3:CD:5D
            X509v3 Authority Key Identifier:
                keyid:F2:BE:ED:4D:F2:07:C3:60:9A:DF:DE:D8:0D:DD:D9:31:6F:0A:9B:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8r7tTfIHw2Ca397YDd3ZMW8Km0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/c6bcba-a996-4bb5-ba4a-a46153145cf8/1/qZNiXgqHNCIPjWw2QejvxQPDzV0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/c6bcba-a996-4bb5-ba4a-a46153145cf8/1/8r7tTfIHw2Ca397YDd3ZMW8Km0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.158.32.0/20
                  176.109.176.0/20
                  176.109.224.0/19
                  185.33.140.0/22
                  193.192.36.0/23
                  194.246.92.0/22
                IPv6:
                  2a03:a9c0::/29
                  2a0d:ec0::/29

    Signature Algorithm: sha256WithRSAEncryption
         87:64:86:d1:24:dd:74:ed:17:11:ac:0d:49:4a:ff:3c:db:56:
         80:b5:45:b6:63:a5:5e:26:3e:5c:13:c6:39:74:eb:a5:f7:a9:
         b8:1f:73:5b:6c:ae:97:2a:89:a8:98:ac:26:b0:bf:3d:95:f8:
         61:5d:fa:14:ff:94:2f:08:e5:9a:a9:a0:49:ea:f9:a4:a5:5a:
         0b:ff:7a:56:9b:72:f9:b3:a5:3e:20:0e:fd:4e:42:72:63:e8:
         29:26:ca:1a:53:af:21:b3:3f:6b:64:40:62:be:d9:8e:b2:0f:
         d8:18:a7:67:88:dc:e0:f5:3b:f8:09:84:d5:1b:08:8b:1d:94:
         c7:46:72:d8:c6:7e:f8:f7:4b:aa:59:89:be:8c:18:1b:59:96:
         6a:ea:66:50:d2:cd:5a:72:d0:cc:be:e0:47:d1:c3:47:9d:e5:
         f4:06:ba:94:03:ba:55:9b:53:07:46:35:ee:15:4e:9f:b0:6c:
         26:36:c0:54:b6:68:ee:71:35:46:9e:c0:25:10:fb:77:98:08:
         e6:48:b1:e4:b5:3a:b9:ef:c9:18:a8:1d:76:6b:b7:fd:25:78:
         17:a3:4d:f7:40:7f:de:1e:6d:3d:88:27:4b:48:3d:f2:4a:fe:
         c4:96:5a:9f:73:b8:17:89:26:e8:6e:f2:35:3d:28:3b:04:c5:
         cb:12:c0:7f
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAYVuuPTFh3Zr8M73AIrlIANGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyYmVlZDRkZjIwN2MzNjA5YWRmZGVkODBkZGRkOTMxNmYw
YTliNDUwHhcNMjMwMTAxMTkwNDUzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTkzNjI1ZTBhODczNDIyMGY4ZDZjMzY0MWU4ZWZjNTAzYzNjZDVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq3QUeYfRbe/ymaRBiSrxXFKBaMTz
0rbTLXR9swsja0/lAVFUY1sdu+q8wWwPLJUvQuvFB+sryUUyqheNOtEu8yLGBA4F
QJIOM2qvUKTnMS6DF2KsuDvn7BPzKp/1vT10tCkKxNi9xaxH9fQzxfzJveKfzmmG
Jk9LRRe7U/80Amp9GXgN2Tiqxr9RN7OTMSaPyGxdnwT9hIbBKNU0NNdVTMPlAP84
MHSnZaaGjJ/FoQyNm7FQqBR5mXCV47bmjz725wdXoyZnOxBVuNMlQ+/jE3Lpr8gd
rtVopq8pQClviYnecNwhTbyG15JtjnTFiJ4PrcEotl1wZ5Ry0ttosTB4zwIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFKmTYl4KhzQiD41sNkHo78UDw81dMB8GA1UdIwQY
MBaAFPK+7U3yB8Ngmt/e2A3d2TFvCptFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHI3dFRmSUh3MkNhMzk3WURkM1pNVzhLbTBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9jNmJjYmEtYTk5Ni00YmI1LWJhNGEt
YTQ2MTUzMTQ1Y2Y4LzEvcVpOaVhncUhOQ0lQald3MlFlanZ4UVBEelYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9jNmJjYmEtYTk5Ni00YmI1LWJhNGEtYTQ2MTUzMTQ1Y2Y4
LzEvOHI3dFRmSUh3MkNhMzk3WURkM1pNVzhLbTBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjAqBAIAATAkAwQEXp4gAwQE
sG2wAwQFsG3gAwQCuSGMAwQBwcAkAwQCwvZcMBQEAgACMA4DBQMqA6nAAwUDKg0O
wDANBgkqhkiG9w0BAQsFAAOCAQEAh2SG0STddO0XEawNSUr/PNtWgLVFtmOlXiY+
XBPGOXTrpfepuB9zW2yulyqJqJisJrC/PZX4YV36FP+ULwjlmqmgSer5pKVaC/96
Vpty+bOlPiAO/U5CcmPoKSbKGlOvIbM/a2RAYr7ZjrIP2BinZ4jc4PU7+AmE1RsI
ix2Ux0Zy2MZ++PdLqlmJvowYG1mWaupmUNLNWnLQzL7gR9HDR53l9Aa6lAO6VZtT
B0Y17hVOn7BsJjbAVLZo7nE1Rp7AJRD7d5gI5kix5LU6ue/JGKgddmu3/SV4F6NN
90B/3h5tPYgnS0g98kr+xJZan3O4F4km6G7yNT0oOwTFyxLAfw==
-----END CERTIFICATE-----