Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/796vDZxV2vS6GBYHZpydwWDxM8w.roa
File:                     796vDZxV2vS6GBYHZpydwWDxM8w.roa (raw, json)
Hash identifier:          ZMRRacrAGBTcvP1n5uXpWBO8rpiQRMsv4pWpLWQmTxk=
Subject key identifier:   EF:DE:AF:0D:9C:55:DA:F4:BA:18:16:07:66:9C:9D:C1:60:F1:33:CC
Certificate issuer:       /CN=6640f89ce22645b97297d7803726dc2fb0e5f4b9
Certificate serial:       018B06DC50C85C0EBAF0AC75234B36732C7A
Authority key identifier: 66:40:F8:9C:E2:26:45:B9:72:97:D7:80:37:26:DC:2F:B0:E5:F4:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZkD4nOImRblyl9eANybcL7Dl9Lk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/796vDZxV2vS6GBYHZpydwWDxM8w.roa
Signing time:             Fri 06 Oct 2023 21:19:43 +0000
ROA not before:           Fri 06 Oct 2023 21:19:43 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     12599
IP address blocks:        212.64.218.0/24 maxlen: 24
                          212.64.220.0/24 maxlen: 24
                          212.64.192.0/24 maxlen: 24
                          212.64.194.0/24 maxlen: 24
                          212.64.197.0/24 maxlen: 24
                          212.64.198.0/24 maxlen: 24
                          212.64.199.0/24 maxlen: 24
                          212.64.200.0/24 maxlen: 24
                          212.64.204.0/24 maxlen: 24
                          212.64.203.0/24 maxlen: 24
                          212.64.205.0/24 maxlen: 24
                          212.64.206.0/24 maxlen: 24
                          212.64.209.0/24 maxlen: 24
                          212.64.208.0/24 maxlen: 24
                          212.64.212.0/24 maxlen: 24
                          212.64.207.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 01 Nov 2023 15:15:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:06:dc:50:c8:5c:0e:ba:f0:ac:75:23:4b:36:73:2c:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6640f89ce22645b97297d7803726dc2fb0e5f4b9
        Validity
            Not Before: Oct  6 21:19:43 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=efdeaf0d9c55daf4ba181607669c9dc160f133cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:c7:b0:f3:99:60:ed:7e:41:13:38:8c:da:e2:
                    2f:5f:ae:16:c3:f7:99:c3:0f:46:67:f3:a0:61:a1:
                    b5:b1:fa:49:e3:03:75:07:82:66:1b:94:cf:07:b3:
                    5a:1d:73:ba:f8:00:e6:e5:41:4e:0c:d4:50:0c:a3:
                    47:b0:11:5d:b6:fa:f2:b5:a3:9e:56:f0:1d:d9:0d:
                    26:ad:6f:75:4a:ed:84:2e:e3:3a:16:79:d0:c9:7f:
                    b2:b3:3e:7c:d9:37:ae:db:6f:ab:9c:62:26:19:55:
                    72:c1:8c:3d:dc:e5:df:1d:3f:34:0b:4f:3d:3d:fa:
                    51:cb:3a:32:e3:5e:65:79:3c:7f:dd:02:77:28:6b:
                    97:5d:46:0c:75:df:4d:cb:65:1e:b2:b3:e9:f7:a8:
                    78:f2:51:bd:28:07:44:f8:8e:8c:b3:99:60:b1:86:
                    53:7a:dd:8f:74:ac:34:fb:07:b9:97:6a:d0:78:71:
                    3a:41:ba:f2:5d:26:cd:31:ff:ac:f2:96:f5:14:9c:
                    07:64:46:0b:31:f1:80:71:68:1c:ad:5f:4d:a9:52:
                    2b:ff:dd:94:44:78:75:85:af:bd:0c:ad:7b:a3:5b:
                    60:c7:a1:6c:8f:8e:5f:c5:40:bb:12:9e:8f:af:32:
                    95:c8:72:95:24:6a:07:f3:e9:a1:5e:0f:17:85:34:
                    aa:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:DE:AF:0D:9C:55:DA:F4:BA:18:16:07:66:9C:9D:C1:60:F1:33:CC
            X509v3 Authority Key Identifier:
                keyid:66:40:F8:9C:E2:26:45:B9:72:97:D7:80:37:26:DC:2F:B0:E5:F4:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZkD4nOImRblyl9eANybcL7Dl9Lk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/796vDZxV2vS6GBYHZpydwWDxM8w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/ZkD4nOImRblyl9eANybcL7Dl9Lk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.64.192.0/24
                  212.64.194.0/24
                  212.64.197.0-212.64.200.255
                  212.64.203.0-212.64.209.255
                  212.64.212.0/24
                  212.64.218.0/24
                  212.64.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:13:c8:b6:82:b2:18:ad:d0:f3:1f:b0:00:b7:f4:6b:28:25:
         8b:76:c4:01:56:95:7f:d5:4b:1a:6e:c8:32:a5:cd:73:f8:72:
         47:94:e9:e9:ad:63:c9:17:4f:9d:66:70:0d:c2:80:64:80:40:
         ba:e8:90:38:fa:6d:e0:06:90:c7:a8:7a:88:b5:04:89:38:ca:
         ff:9d:44:86:51:32:ab:f0:74:bb:27:f6:39:f2:c5:ef:d5:21:
         a0:95:71:00:9a:5e:b8:cc:92:09:66:7d:c7:36:62:25:25:a7:
         fe:ef:dc:90:a4:a5:c0:e7:be:a3:25:32:7b:ff:cb:f6:c2:25:
         ce:aa:de:17:11:6d:cd:9a:91:38:45:42:f8:d8:7e:03:48:08:
         a6:69:70:ec:26:59:1f:7b:23:f7:cf:b9:1c:a5:17:41:22:b3:
         ff:69:3c:d1:33:c1:2a:74:e8:c8:25:b7:71:f4:19:c5:ab:6c:
         46:b0:00:2c:04:27:e7:75:be:87:9b:a8:0e:7a:d8:46:85:f6:
         d8:e5:dc:6d:ce:79:55:cd:95:09:d6:61:d7:51:47:0e:e5:94:
         2e:d6:17:16:1f:79:c9:11:83:c4:9e:f5:50:31:1d:ce:d3:ce:
         cc:da:03:bc:1e:d4:24:a3:6c:4e:6b:20:ba:73:a6:45:ae:7a:
         ef:3f:b9:8b
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAYsG3FDIXA668Kx1I0s2cyx6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2NDBmODljZTIyNjQ1Yjk3Mjk3ZDc4MDM3MjZkYzJmYjBl
NWY0YjkwHhcNMjMxMDA2MjExOTQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmRlYWYwZDljNTVkYWY0YmExODE2MDc2NjljOWRjMTYwZjEzM2NjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhMew85lg7X5BEziM2uIvX64Ww/eZ
ww9GZ/OgYaG1sfpJ4wN1B4JmG5TPB7NaHXO6+ADm5UFODNRQDKNHsBFdtvrytaOe
VvAd2Q0mrW91Su2ELuM6FnnQyX+ysz582Teu22+rnGImGVVywYw93OXfHT80C089
PfpRyzoy415leTx/3QJ3KGuXXUYMdd9Ny2UesrPp96h48lG9KAdE+I6Ms5lgsYZT
et2PdKw0+we5l2rQeHE6QbryXSbNMf+s8pb1FJwHZEYLMfGAcWgcrV9NqVIr/92U
RHh1ha+9DK17o1tgx6Fsj45fxUC7Ep6PrzKVyHKVJGoH8+mhXg8XhTSqqQIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFO/erw2cVdr0uhgWB2acncFg8TPMMB8GA1UdIwQY
MBaAFGZA+JziJkW5cpfXgDcm3C+w5fS5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmtENG5PSW1SYmx5bDllQU55YmNMN0RsOUxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy9jM2FkMmUtYjUyZS00NDFjLTg5YmEt
NDRhYjdhOWQ3ZGVhLzEvNzk2dkRaeFYydlM2R0JZSFpweWR3V0R4TTh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy9jM2FkMmUtYjUyZS00NDFjLTg5YmEtNDRhYjdhOWQ3ZGVh
LzEvWmtENG5PSW1SYmx5bDllQU55YmNMN0RsOUxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjBABAIAATA6AwQA1EDAAwQA
1EDCMAwDBADUQMUDBADUQMgwDAMEANRAywMEAdRA0AMEANRA1AMEANRA2gMEANRA
3DANBgkqhkiG9w0BAQsFAAOCAQEAFhPItoKyGK3Q8x+wALf0aygli3bEAVaVf9VL
Gm7IMqXNc/hyR5Tp6a1jyRdPnWZwDcKAZIBAuuiQOPpt4AaQx6h6iLUEiTjK/51E
hlEyq/B0uyf2OfLF79UhoJVxAJpeuMySCWZ9xzZiJSWn/u/ckKSlwOe+oyUye//L
9sIlzqreFxFtzZqROEVC+Nh+A0gIpmlw7CZZH3sj98+5HKUXQSKz/2k80TPBKnTo
yCW3cfQZxatsRrAALAQn53W+h5uoDnrYRoX22OXcbc55Vc2VCdZh11FHDuWULtYX
Fh95yRGDxJ71UDEdztPOzNoDvB7UJKNsTmsgunOmRa567z+5iw==
-----END CERTIFICATE-----