Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/ec85f5-7f65-49f2-98b9-cf0907133241/1/68nwroKyje9KurePtvMkkl2bHqQ.roa
File:                     68nwroKyje9KurePtvMkkl2bHqQ.roa (raw, json)
Hash identifier:          s28M7BsPPgC3A3fzUWuZb82dUkdHPNeNvNB+hpio41A=
Subject key identifier:   EB:C9:F0:AE:82:B2:8D:EF:4A:BA:B7:8F:B6:F3:24:92:5D:9B:1E:A4
Certificate issuer:       /CN=2d18d87e8b9fe974bedf097f88948398861ac47e
Certificate serial:       01856FD52601B930FD1CCB504737CFF1558B
Authority key identifier: 2D:18:D8:7E:8B:9F:E9:74:BE:DF:09:7F:88:94:83:98:86:1A:C4:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LRjYfouf6XS-3wl_iJSDmIYaxH4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/ec85f5-7f65-49f2-98b9-cf0907133241/1/68nwroKyje9KurePtvMkkl2bHqQ.roa
Signing time:             Mon 02 Jan 2023 00:15:17 +0000
ROA not before:           Mon 02 Jan 2023 00:15:17 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     211196
IP address blocks:        185.53.112.0/24 maxlen: 24
                          185.198.68.0/24 maxlen: 24
                          185.53.113.0/24 maxlen: 24
                          185.53.114.0/24 maxlen: 24
                          185.53.115.0/24 maxlen: 24
                          2a0b:6f80:101::/48 maxlen: 48
                          2a0b:6f80:500::/40 maxlen: 40
                          2a0b:6f80:400::/40 maxlen: 40
                          2a0b:6f80:300::/40 maxlen: 40
                          2a0b:6f80:200::/40 maxlen: 40
                          2a0b:6f80:100::/48 maxlen: 48
                          2a0b:6f80:103::/48 maxlen: 48
                          2a0b:6f80:102::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 22:31:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:d5:26:01:b9:30:fd:1c:cb:50:47:37:cf:f1:55:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d18d87e8b9fe974bedf097f88948398861ac47e
        Validity
            Not Before: Jan  2 00:15:17 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ebc9f0ae82b28def4abab78fb6f324925d9b1ea4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:41:a0:06:ad:e7:6d:2a:62:59:c2:54:10:8b:
                    e0:86:33:0c:96:da:4d:ce:e6:9b:32:20:61:b4:37:
                    32:d7:11:94:43:2f:78:05:c4:c7:88:71:0c:74:cc:
                    4b:89:42:ff:94:f4:22:c3:ce:ca:f4:58:c9:fc:df:
                    a5:4a:5c:62:e8:08:8e:7d:e7:89:bb:fe:17:b5:4b:
                    b3:24:c7:ee:86:11:bf:d6:79:66:a9:ed:53:30:77:
                    68:06:0a:2b:54:7e:d6:bc:65:2f:7d:37:a1:2e:91:
                    58:9a:4c:25:b3:b3:7c:d5:95:8c:b9:1b:9f:9e:7e:
                    b2:74:3f:1f:90:bf:43:b6:a2:e0:12:ed:a4:e0:d4:
                    cc:a5:50:8d:a9:fd:30:db:b6:f8:84:28:8a:c8:07:
                    80:42:f5:dd:6b:94:c0:9e:92:7e:6b:12:a7:0f:fb:
                    a3:75:b8:18:54:65:09:8a:95:4d:37:72:b7:c3:a3:
                    9d:02:ff:83:6c:d1:a2:2d:bc:4f:28:69:f5:ee:6b:
                    1d:31:87:76:7e:eb:f4:ed:c3:b4:c2:6f:5c:95:00:
                    b1:f8:fa:06:22:1d:af:48:05:77:fa:eb:fd:fb:c2:
                    9e:64:1d:a8:d9:bc:8f:57:93:01:27:22:3d:b8:bb:
                    e2:bb:51:16:7c:f9:a8:1f:ec:2e:fe:e2:18:51:ac:
                    d2:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:C9:F0:AE:82:B2:8D:EF:4A:BA:B7:8F:B6:F3:24:92:5D:9B:1E:A4
            X509v3 Authority Key Identifier:
                keyid:2D:18:D8:7E:8B:9F:E9:74:BE:DF:09:7F:88:94:83:98:86:1A:C4:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LRjYfouf6XS-3wl_iJSDmIYaxH4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/ec85f5-7f65-49f2-98b9-cf0907133241/1/68nwroKyje9KurePtvMkkl2bHqQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/ec85f5-7f65-49f2-98b9-cf0907133241/1/LRjYfouf6XS-3wl_iJSDmIYaxH4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.53.112.0/22
                  185.198.68.0/24
                IPv6:
                  2a0b:6f80:100::/46
                  2a0b:6f80:200::-2a0b:6f80:5ff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         66:c1:d2:3d:2d:a7:f1:fb:58:cd:12:ef:d7:83:13:9a:d1:df:
         cf:f5:5e:43:13:93:ab:db:6b:fd:a9:83:b4:e9:a9:55:2d:68:
         47:ca:9e:33:2f:3b:c2:c3:26:a6:db:5d:cb:c9:32:2e:e5:7b:
         70:bf:ff:e7:94:e3:83:5a:2a:2e:8b:63:e8:1d:3f:55:d5:2b:
         6a:7b:77:2b:dd:44:5b:81:bb:5a:5d:98:92:e8:fc:eb:78:5a:
         e5:26:dd:34:03:94:76:da:75:c0:4a:09:c1:9c:50:14:90:25:
         76:c3:b6:5c:cc:66:56:dd:fe:0b:8a:d8:2c:16:df:2a:83:ac:
         05:ed:ea:97:3b:f1:aa:4e:9e:53:c5:5d:6b:22:1c:b0:dc:80:
         15:b0:3f:bc:85:81:bd:ec:4e:3b:75:a4:8f:f9:df:0b:5a:f8:
         eb:c5:5d:5c:57:f2:4d:7d:f9:c5:60:15:69:69:29:b1:2b:1e:
         e0:55:13:3a:3a:37:c3:17:02:77:3e:ed:0c:fb:69:92:25:f7:
         b7:1a:a4:c1:6d:76:4a:a8:fa:a7:a5:c4:1b:82:32:bf:52:95:
         32:b1:ef:36:92:6d:88:22:76:c2:5f:1d:70:f9:b9:89:22:32:
         17:65:0d:32:5c:fa:ad:6f:25:64:8b:62:83:9a:d3:09:93:6b:
         6c:2f:c6:30
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAYVv1SYBuTD9HMtQRzfP8VWLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkMThkODdlOGI5ZmU5NzRiZWRmMDk3Zjg4OTQ4Mzk4ODYx
YWM0N2UwHhcNMjMwMTAyMDAxNTE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmM5ZjBhZTgyYjI4ZGVmNGFiYWI3OGZiNmYzMjQ5MjVkOWIxZWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo0GgBq3nbSpiWcJUEIvghjMMltpN
zuabMiBhtDcy1xGUQy94BcTHiHEMdMxLiUL/lPQiw87K9FjJ/N+lSlxi6AiOfeeJ
u/4XtUuzJMfuhhG/1nlmqe1TMHdoBgorVH7WvGUvfTehLpFYmkwls7N81ZWMuRuf
nn6ydD8fkL9DtqLgEu2k4NTMpVCNqf0w27b4hCiKyAeAQvXda5TAnpJ+axKnD/uj
dbgYVGUJipVNN3K3w6OdAv+DbNGiLbxPKGn17msdMYd2fuv07cO0wm9clQCx+PoG
Ih2vSAV3+uv9+8KeZB2o2byPV5MBJyI9uLviu1EWfPmoH+wu/uIYUazSeQIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFOvJ8K6Cso3vSrq3j7bzJJJdmx6kMB8GA1UdIwQY
MBaAFC0Y2H6Ln+l0vt8Jf4iUg5iGGsR+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFJqWWZvdWY2WFMtM3dsX2lKU0RtSVlheEg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9lYzg1ZjUtN2Y2NS00OWYyLTk4Yjkt
Y2YwOTA3MTMzMjQxLzEvNjhud3JvS3lqZTlLdXJlUHR2TWtrbDJiSHFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9lYzg1ZjUtN2Y2NS00OWYyLTk4YjktY2YwOTA3MTMzMjQx
LzEvTFJqWWZvdWY2WFMtM3dsX2lKU0RtSVlheEg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzASBAIAATAMAwQCuTVwAwQA
ucZEMCEEAgACMBsDBwIqC2+AAQAwEAMGASoLb4ACAwYBKgtvgAQwDQYJKoZIhvcN
AQELBQADggEBAGbB0j0tp/H7WM0S79eDE5rR38/1XkMTk6vba/2pg7TpqVUtaEfK
njMvO8LDJqbbXcvJMi7le3C//+eU44NaKi6LY+gdP1XVK2p7dyvdRFuBu1pdmJLo
/Ot4WuUm3TQDlHbadcBKCcGcUBSQJXbDtlzMZlbd/guK2CwW3yqDrAXt6pc78apO
nlPFXWsiHLDcgBWwP7yFgb3sTjt1pI/53wta+OvFXVxX8k19+cVgFWlpKbErHuBV
Ezo6N8MXAnc+7Qz7aZIl97capMFtdkqo+qelxBuCMr9SlTKx7zaSbYgidsJfHXD5
uYkiMhdlDTJc+q1vJWSLYoOa0wmTa2wvxjA=
-----END CERTIFICATE-----