Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/OiJeAXjhfVrlFNYwLyGp2ZKM7uY.roa
File:                     OiJeAXjhfVrlFNYwLyGp2ZKM7uY.roa (raw, json)
Hash identifier:          gnPgKeUNhWIsr+7HKtmaPLQulhJyPfeqTg+cY6gsoo0=
Subject key identifier:   3A:22:5E:01:78:E1:7D:5A:E5:14:D6:30:2F:21:A9:D9:92:8C:EE:E6
Certificate issuer:       /CN=6640f89ce22645b97297d7803726dc2fb0e5f4b9
Certificate serial:       01856CAF0881332EF94D9B205550069DDE47
Authority key identifier: 66:40:F8:9C:E2:26:45:B9:72:97:D7:80:37:26:DC:2F:B0:E5:F4:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZkD4nOImRblyl9eANybcL7Dl9Lk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/OiJeAXjhfVrlFNYwLyGp2ZKM7uY.roa
Signing time:             Sun 01 Jan 2023 09:34:48 +0000
ROA not before:           Sun 01 Jan 2023 09:34:48 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     12599
IP address blocks:        212.64.218.0/24 maxlen: 24
                          212.64.220.0/24 maxlen: 24
                          212.64.192.0/24 maxlen: 24
                          212.64.194.0/24 maxlen: 24
                          212.64.197.0/24 maxlen: 24
                          212.64.196.0/24 maxlen: 24
                          212.64.198.0/24 maxlen: 24
                          212.64.199.0/24 maxlen: 24
                          212.64.200.0/24 maxlen: 24
                          212.64.202.0/24 maxlen: 24
                          212.64.201.0/24 maxlen: 24
                          212.64.204.0/24 maxlen: 24
                          212.64.203.0/24 maxlen: 24
                          212.64.205.0/24 maxlen: 24
                          212.64.206.0/24 maxlen: 24
                          212.64.209.0/24 maxlen: 24
                          212.64.208.0/24 maxlen: 24
                          212.64.212.0/24 maxlen: 24
                          212.64.207.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sun 01 Oct 2023 15:22:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:af:08:81:33:2e:f9:4d:9b:20:55:50:06:9d:de:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6640f89ce22645b97297d7803726dc2fb0e5f4b9
        Validity
            Not Before: Jan  1 09:34:48 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3a225e0178e17d5ae514d6302f21a9d9928ceee6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:69:94:bb:33:f2:d0:17:03:02:0e:95:ca:f6:
                    5e:55:16:cd:89:23:23:47:dc:3e:3d:2c:01:3e:88:
                    55:04:82:c8:4a:0c:68:b7:bf:0c:5b:07:6d:d8:75:
                    64:71:ed:24:8c:62:a7:ec:e8:73:24:26:71:2e:9b:
                    ff:d7:e8:7a:0a:14:1c:f7:0b:c0:8f:9b:d3:5b:6a:
                    4b:8f:98:86:7b:07:e8:5a:fe:be:d2:b7:59:94:24:
                    a1:fb:f8:1e:6a:e1:0c:70:05:5d:97:99:c8:7c:28:
                    32:92:a1:0f:be:5b:10:58:33:b9:97:2f:dc:a4:77:
                    db:86:bf:df:df:24:67:1f:71:ee:5b:5b:94:a5:1d:
                    4a:7e:17:84:03:45:b1:f8:94:5f:8d:6e:0c:73:66:
                    6a:8d:68:94:36:fb:5a:c6:4c:32:1a:04:c8:ac:9e:
                    75:a8:a5:2c:58:bd:92:0e:84:7c:27:b5:42:f2:71:
                    57:8c:c2:a2:0d:60:ed:75:84:5c:1c:ca:36:5b:8d:
                    18:2a:c0:6d:ac:27:48:0e:bc:ba:4c:99:9e:fd:66:
                    e3:4a:e1:10:c2:dc:38:94:aa:e0:f8:14:34:7e:8b:
                    f1:8c:6a:86:ca:4d:63:5b:b6:f5:37:b7:12:e7:c8:
                    f3:ca:c8:3a:49:45:9c:91:be:3b:4f:ae:df:3d:1e:
                    06:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:22:5E:01:78:E1:7D:5A:E5:14:D6:30:2F:21:A9:D9:92:8C:EE:E6
            X509v3 Authority Key Identifier:
                keyid:66:40:F8:9C:E2:26:45:B9:72:97:D7:80:37:26:DC:2F:B0:E5:F4:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZkD4nOImRblyl9eANybcL7Dl9Lk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/OiJeAXjhfVrlFNYwLyGp2ZKM7uY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/ZkD4nOImRblyl9eANybcL7Dl9Lk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.64.192.0/24
                  212.64.194.0/24
                  212.64.196.0-212.64.209.255
                  212.64.212.0/24
                  212.64.218.0/24
                  212.64.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:26:63:ba:ea:04:8b:d8:e5:ba:4c:9f:65:f0:4e:55:b7:cb:
         89:7d:a4:b5:b6:96:06:85:85:f6:bd:b1:8d:f5:28:02:29:9e:
         da:71:10:62:7f:93:0b:6f:1d:64:2f:aa:4a:3d:40:4f:f4:9e:
         69:f6:88:12:35:9e:c0:3f:3d:25:b0:82:4a:55:d7:e8:d6:f9:
         6b:99:71:a6:8b:e5:f1:f7:a9:6b:a3:1b:c9:29:41:35:29:16:
         03:3c:93:0d:4b:bc:26:b1:63:9e:b0:bc:50:27:2b:18:1c:58:
         4d:34:1e:2a:b4:25:0b:46:63:50:ed:3a:58:18:3e:dd:00:75:
         48:b6:ec:7c:8c:a8:59:81:0f:69:47:e9:c3:37:66:20:c7:67:
         bf:f8:c2:10:4a:48:7a:b8:fa:83:dd:ce:51:72:3f:4f:88:70:
         1f:5d:80:6d:83:41:bf:28:97:b6:c4:85:3a:6f:90:1a:b9:0f:
         3d:69:3f:fc:88:c0:6c:74:55:7e:13:42:5b:52:20:4d:95:22:
         cb:56:01:ba:ad:f4:a3:a3:74:82:40:cf:e6:3d:d7:8c:9a:ed:
         57:49:0d:03:99:06:3e:24:b3:59:e0:dd:28:01:ca:90:3e:bf:
         24:bd:bb:a9:7d:f1:f7:82:c5:a9:e8:0b:08:f5:a8:d6:18:ed:
         f5:f1:de:74
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAYVsrwiBMy75TZsgVVAGnd5HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2NDBmODljZTIyNjQ1Yjk3Mjk3ZDc4MDM3MjZkYzJmYjBl
NWY0YjkwHhcNMjMwMTAxMDkzNDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTIyNWUwMTc4ZTE3ZDVhZTUxNGQ2MzAyZjIxYTlkOTkyOGNlZWU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApWmUuzPy0BcDAg6VyvZeVRbNiSMj
R9w+PSwBPohVBILISgxot78MWwdt2HVkce0kjGKn7OhzJCZxLpv/1+h6ChQc9wvA
j5vTW2pLj5iGewfoWv6+0rdZlCSh+/geauEMcAVdl5nIfCgykqEPvlsQWDO5ly/c
pHfbhr/f3yRnH3HuW1uUpR1KfheEA0Wx+JRfjW4Mc2ZqjWiUNvtaxkwyGgTIrJ51
qKUsWL2SDoR8J7VC8nFXjMKiDWDtdYRcHMo2W40YKsBtrCdIDry6TJme/WbjSuEQ
wtw4lKrg+BQ0fovxjGqGyk1jW7b1N7cS58jzysg6SUWckb47T67fPR4GIQIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFDoiXgF44X1a5RTWMC8hqdmSjO7mMB8GA1UdIwQY
MBaAFGZA+JziJkW5cpfXgDcm3C+w5fS5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmtENG5PSW1SYmx5bDllQU55YmNMN0RsOUxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy9jM2FkMmUtYjUyZS00NDFjLTg5YmEt
NDRhYjdhOWQ3ZGVhLzEvT2lKZUFYamhmVnJsRk5Zd0x5R3AyWktNN3VZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy9jM2FkMmUtYjUyZS00NDFjLTg5YmEtNDRhYjdhOWQ3ZGVh
LzEvWmtENG5PSW1SYmx5bDllQU55YmNMN0RsOUxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQA1EDAAwQA
1EDCMAwDBALUQMQDBAHUQNADBADUQNQDBADUQNoDBADUQNwwDQYJKoZIhvcNAQEL
BQADggEBAAgmY7rqBIvY5bpMn2XwTlW3y4l9pLW2lgaFhfa9sY31KAIpntpxEGJ/
kwtvHWQvqko9QE/0nmn2iBI1nsA/PSWwgkpV1+jW+WuZcaaL5fH3qWujG8kpQTUp
FgM8kw1LvCaxY56wvFAnKxgcWE00Hiq0JQtGY1DtOlgYPt0AdUi27HyMqFmBD2lH
6cM3ZiDHZ7/4whBKSHq4+oPdzlFyP0+IcB9dgG2DQb8ol7bEhTpvkBq5Dz1pP/yI
wGx0VX4TQltSIE2VIstWAbqt9KOjdIJAz+Y914ya7VdJDQOZBj4ks1ng3SgBypA+
vyS9u6l98feCxanoCwj1qNYY7fXx3nQ=
-----END CERTIFICATE-----