Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/7b7825-a0f7-4f5b-9c23-77cf81041083/1/tD47suDAt5syBPet56mRzQwhIe8.roa
File:                     tD47suDAt5syBPet56mRzQwhIe8.roa (raw, json)
Hash identifier:          VaLCj+c2YdOrXF1N9KTFH8gOfAOMRY9qwc6tHyihXhM=
Subject key identifier:   B4:3E:3B:B2:E0:C0:B7:9B:32:04:F7:AD:E7:A9:91:CD:0C:21:21:EF
Certificate issuer:       /CN=6a798f0fe4f4dffdfed2c8e62d235430f49377cd
Certificate serial:       01856DA63579DA14802B6B4F5CC2AC0C0FD9
Authority key identifier: 6A:79:8F:0F:E4:F4:DF:FD:FE:D2:C8:E6:2D:23:54:30:F4:93:77:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/anmPD-T03_3-0sjmLSNUMPSTd80.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/7b7825-a0f7-4f5b-9c23-77cf81041083/1/tD47suDAt5syBPet56mRzQwhIe8.roa
Signing time:             Sun 01 Jan 2023 14:04:47 +0000
ROA not before:           Sun 01 Jan 2023 14:04:47 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     42237
IP address blocks:        193.105.134.0/24 maxlen: 24
                          91.236.116.0/24 maxlen: 24
                          185.217.2.0/24 maxlen: 24
                          185.217.1.0/24 maxlen: 24
                          185.217.0.0/24 maxlen: 24
                          185.246.130.0/24 maxlen: 24
                          185.246.129.0/24 maxlen: 24
                          185.246.128.0/24 maxlen: 24
                          2a0d:8986::/32 maxlen: 32
                          2a0d:8985::/32 maxlen: 32
                          2a0d:8982::/32 maxlen: 32
                          2a0d:8981::/32 maxlen: 32
                          2a0b:c040::/32 maxlen: 32
                          2a0d:8987::/32 maxlen: 32
                          2a0d:8984::/32 maxlen: 32
                          2a0d:8980::/32 maxlen: 32
                          2a0b:c041::/32 maxlen: 32
                          2a0d:8983::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 14:29:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:a6:35:79:da:14:80:2b:6b:4f:5c:c2:ac:0c:0f:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a798f0fe4f4dffdfed2c8e62d235430f49377cd
        Validity
            Not Before: Jan  1 14:04:47 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b43e3bb2e0c0b79b3204f7ade7a991cd0c2121ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:15:31:b3:3a:65:05:f8:d8:ef:14:b1:c0:70:
                    5c:ff:61:11:13:b5:95:66:7a:bf:5a:a3:51:a4:92:
                    bd:0b:b0:d5:b0:f1:e7:d5:6a:9e:41:b7:7d:d4:26:
                    55:01:db:04:68:9b:29:6b:6a:44:61:3a:da:b8:3a:
                    5d:4c:84:fa:ad:38:0c:60:38:24:9f:83:42:18:8f:
                    33:ba:a0:2d:25:bf:51:05:39:07:5a:fa:74:af:63:
                    ec:16:2c:8a:56:14:91:86:bf:02:0f:b6:15:f4:99:
                    5c:8b:41:96:27:64:fa:f7:18:39:3c:d8:6a:c7:bb:
                    d5:b1:2f:36:19:89:98:97:bb:4a:a5:5b:1f:a3:6f:
                    63:49:93:dc:d0:e3:23:81:b3:cb:a1:aa:78:4f:7a:
                    9c:6d:b9:a8:4d:f5:d1:11:26:a1:8c:ed:a4:95:9a:
                    18:2c:9e:fe:90:da:1d:39:27:57:fa:95:01:70:b9:
                    b8:e2:da:62:33:45:3d:5b:62:76:ef:3c:a9:66:57:
                    aa:31:0b:29:64:5a:9f:be:09:12:fe:51:30:ae:12:
                    51:13:4e:fc:21:6e:48:ea:4f:83:2d:48:f6:39:d1:
                    9d:93:72:e8:f8:a0:0d:75:5f:bb:79:6d:83:cc:ec:
                    cd:e1:c8:dd:9c:cf:fa:48:8d:67:30:70:e9:7c:0b:
                    d6:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:3E:3B:B2:E0:C0:B7:9B:32:04:F7:AD:E7:A9:91:CD:0C:21:21:EF
            X509v3 Authority Key Identifier:
                keyid:6A:79:8F:0F:E4:F4:DF:FD:FE:D2:C8:E6:2D:23:54:30:F4:93:77:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/anmPD-T03_3-0sjmLSNUMPSTd80.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/7b7825-a0f7-4f5b-9c23-77cf81041083/1/tD47suDAt5syBPet56mRzQwhIe8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/7b7825-a0f7-4f5b-9c23-77cf81041083/1/anmPD-T03_3-0sjmLSNUMPSTd80.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.236.116.0/24
                  185.217.0.0-185.217.2.255
                  185.246.128.0-185.246.130.255
                  193.105.134.0/24
                IPv6:
                  2a0b:c040::/31
                  2a0d:8980::/29

    Signature Algorithm: sha256WithRSAEncryption
         66:ef:dc:21:15:d9:40:87:12:18:85:e5:db:9c:f9:2d:c4:54:
         88:79:9f:0c:3b:34:c5:8e:32:6f:ad:c7:ee:06:9a:58:15:ec:
         e3:d2:bb:72:9c:6b:e5:a6:25:9e:96:af:41:b3:35:b9:58:e5:
         ba:1d:da:40:dd:aa:f8:87:18:8c:22:4d:99:1e:72:c6:49:8c:
         94:74:d7:c6:1a:37:cc:5a:b3:8b:db:c4:38:f9:e9:3e:9b:b3:
         98:cc:5d:45:c6:c2:7b:c1:9e:b7:a3:1d:9c:40:aa:e6:ce:cb:
         ee:89:a0:66:80:f4:70:34:27:90:bf:a6:43:4e:bd:f3:48:21:
         a1:22:f5:e7:0d:31:b9:f0:44:b6:6e:86:32:52:38:68:2e:fb:
         72:84:c7:52:b7:48:9b:79:a3:48:7a:0c:b8:85:aa:ff:a9:74:
         e0:bc:64:9b:31:dc:78:3e:40:bf:fa:85:80:13:10:c2:b0:2f:
         36:6d:7c:e4:10:98:95:c2:6e:b8:d7:b6:b4:e6:3a:ae:60:cf:
         98:0a:95:92:95:1e:ee:a9:81:fa:2f:21:4f:94:89:95:cb:11:
         78:35:43:a4:e5:78:49:22:96:38:04:ff:58:89:57:ed:f0:1e:
         ff:35:4b:a3:0c:70:47:38:d0:46:6c:71:4f:4f:55:45:29:79:
         95:a0:70:4d
-----BEGIN CERTIFICATE-----
MIIFNDCCBBygAwIBAgISAYVtpjV52hSAK2tPXMKsDA/ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhNzk4ZjBmZTRmNGRmZmRmZWQyYzhlNjJkMjM1NDMwZjQ5
Mzc3Y2QwHhcNMjMwMTAxMTQwNDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDNlM2JiMmUwYzBiNzliMzIwNGY3YWRlN2E5OTFjZDBjMjEyMWVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjhUxszplBfjY7xSxwHBc/2ERE7WV
Znq/WqNRpJK9C7DVsPHn1WqeQbd91CZVAdsEaJspa2pEYTrauDpdTIT6rTgMYDgk
n4NCGI8zuqAtJb9RBTkHWvp0r2PsFiyKVhSRhr8CD7YV9Jlci0GWJ2T69xg5PNhq
x7vVsS82GYmYl7tKpVsfo29jSZPc0OMjgbPLoap4T3qcbbmoTfXRESahjO2klZoY
LJ7+kNodOSdX+pUBcLm44tpiM0U9W2J27zypZleqMQspZFqfvgkS/lEwrhJRE078
IW5I6k+DLUj2OdGdk3Lo+KANdV+7eW2DzOzN4cjdnM/6SI1nMHDpfAvW0wIDAQAB
o4ICQDCCAjwwHQYDVR0OBBYEFLQ+O7LgwLebMgT3reepkc0MISHvMB8GA1UdIwQY
MBaAFGp5jw/k9N/9/tLI5i0jVDD0k3fNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYW5tUEQtVDAzXzMtMHNqbUxTTlVNUFNUZDgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC83Yjc4MjUtYTBmNy00ZjViLTljMjMt
NzdjZjgxMDQxMDgzLzEvdEQ0N3N1REF0NXN5QlBldDU2bVJ6UXdoSWU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC83Yjc4MjUtYTBmNy00ZjViLTljMjMtNzdjZjgxMDQxMDgz
LzEvYW5tUEQtVDAzXzMtMHNqbUxTTlVNUFNUZDgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFYGCCsGAQUFBwEHAQH/BEcwRTAtBAIAATAnAwQAW+x0MAsD
AwC52QMEALnZAjAMAwQHufaAAwQAufaCAwQAwWmGMBQEAgACMA4DBQEqC8BAAwUD
Kg2JgDANBgkqhkiG9w0BAQsFAAOCAQEAZu/cIRXZQIcSGIXl25z5LcRUiHmfDDs0
xY4yb63H7gaaWBXs49K7cpxr5aYlnpavQbM1uVjluh3aQN2q+IcYjCJNmR5yxkmM
lHTXxho3zFqzi9vEOPnpPpuzmMxdRcbCe8Get6MdnECq5s7L7omgZoD0cDQnkL+m
Q06980ghoSL15w0xufBEtm6GMlI4aC77coTHUrdIm3mjSHoMuIWq/6l04LxkmzHc
eD5Av/qFgBMQwrAvNm185BCYlcJuuNe2tOY6rmDPmAqVkpUe7qmB+i8hT5SJlcsR
eDVDpOV4SSKWOAT/WIlX7fAe/zVLowxwRzjQRmxxT09VRSl5laBwTQ==
-----END CERTIFICATE-----