Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/ERGBzKDqZz7SmHE5wkux5Ip7HEQ.roa
File:                     ERGBzKDqZz7SmHE5wkux5Ip7HEQ.roa (raw, json)
Hash identifier:          l+58c7mX68zYDeDNNXrdGDwYtq/w8jbGANPsUwrubd4=
Subject key identifier:   11:11:81:CC:A0:EA:67:3E:D2:98:71:39:C2:4B:B1:E4:8A:7B:1C:44
Certificate issuer:       /CN=4f9509b33da55f3e5d5283eb621d0d35d7aeed5c
Certificate serial:       01867B72F7C0B43C982732FA5D6D5C505031
Authority key identifier: 4F:95:09:B3:3D:A5:5F:3E:5D:52:83:EB:62:1D:0D:35:D7:AE:ED:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/ERGBzKDqZz7SmHE5wkux5Ip7HEQ.roa
Signing time:             Wed 22 Feb 2023 23:26:17 +0000
ROA not before:           Wed 22 Feb 2023 23:26:17 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     29262
IP address blocks:        193.38.44.0/23 maxlen: 23
                          194.56.186.0/23 maxlen: 23
                          193.38.46.0/23 maxlen: 23
                          85.235.74.0/23 maxlen: 23
                          85.235.72.0/23 maxlen: 23
                          139.28.35.0/24 maxlen: 24
                          139.28.34.0/24 maxlen: 24
                          139.28.33.0/24 maxlen: 24
                          139.28.32.0/24 maxlen: 24
                          194.169.94.0/23 maxlen: 23
                          194.169.92.0/23 maxlen: 23
                          83.171.244.0/22 maxlen: 22
                          37.221.78.0/23 maxlen: 23
                          185.254.54.0/24 maxlen: 24
                          185.254.55.0/24 maxlen: 24
                          188.119.68.0/22 maxlen: 22
                          193.187.140.0/22 maxlen: 22

Validation:               Failed, certificate revoked on Tue 28 Feb 2023 10:52:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:7b:72:f7:c0:b4:3c:98:27:32:fa:5d:6d:5c:50:50:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f9509b33da55f3e5d5283eb621d0d35d7aeed5c
        Validity
            Not Before: Feb 22 23:26:17 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=111181cca0ea673ed2987139c24bb1e48a7b1c44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:32:9b:fe:cd:0d:28:16:d5:5e:68:1a:e9:06:
                    04:67:27:a0:e2:43:f9:10:63:22:28:24:30:25:27:
                    3e:88:01:3d:57:05:ce:06:cd:99:c9:8d:05:f4:8b:
                    69:25:e9:b3:59:ee:02:fa:9f:4a:82:fd:69:a7:ea:
                    9a:17:7f:4a:a4:07:5e:89:6a:12:f9:33:10:0e:c5:
                    49:16:83:ae:73:36:9f:93:1c:f6:96:22:da:bc:d7:
                    83:34:68:bf:15:93:0a:23:a9:5f:57:e6:3b:8c:ec:
                    c9:d0:b5:5c:7d:c4:c9:9f:9c:31:fd:d1:b8:c8:ad:
                    3a:62:d2:3b:b6:94:7c:3d:26:59:f8:62:dd:18:63:
                    5e:d7:d7:66:e2:72:f3:5f:85:b8:59:51:92:cc:55:
                    0c:12:5a:b4:9a:0f:df:b5:cf:04:e1:b4:e8:21:98:
                    0c:c1:4c:b0:a3:36:ce:52:a5:59:b8:eb:be:57:70:
                    27:36:4f:af:4c:5c:44:9e:19:a9:b3:cb:23:29:3b:
                    59:b2:75:36:75:d8:dc:94:ab:a8:fe:63:f6:9d:91:
                    8e:cd:ef:e9:60:fc:79:fd:2e:33:be:d9:79:c6:77:
                    b5:e0:9c:d8:25:2e:29:31:b8:22:d7:64:2d:e5:69:
                    32:8a:3a:bd:49:98:35:6d:3f:b3:bd:09:a0:fd:80:
                    60:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:11:81:CC:A0:EA:67:3E:D2:98:71:39:C2:4B:B1:E4:8A:7B:1C:44
            X509v3 Authority Key Identifier:
                keyid:4F:95:09:B3:3D:A5:5F:3E:5D:52:83:EB:62:1D:0D:35:D7:AE:ED:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/ERGBzKDqZz7SmHE5wkux5Ip7HEQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.221.78.0/23
                  83.171.244.0/22
                  85.235.72.0/22
                  139.28.32.0/22
                  185.254.54.0/23
                  188.119.68.0/22
                  193.38.44.0/22
                  193.187.140.0/22
                  194.56.186.0/23
                  194.169.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4b:8a:e0:69:95:90:63:a8:fa:44:a5:7b:cd:5b:43:b0:f2:11:
         e9:4d:2f:d2:70:95:fd:d2:70:69:f3:1e:53:d2:90:0b:54:2b:
         77:5b:ae:db:03:c9:0b:8e:0a:e3:25:cf:37:29:f3:f1:6b:18:
         25:08:14:c3:88:d7:90:b0:dc:2c:33:1d:f9:31:14:e1:49:bc:
         9d:a6:92:33:ee:bd:67:ad:ef:50:17:97:46:e5:c2:e5:5a:86:
         82:af:b0:0e:90:3d:45:fc:ca:d0:29:7f:62:38:7e:bc:86:8d:
         63:66:7e:b4:20:d9:e3:5b:54:2c:3f:c9:59:e8:b2:e8:0a:94:
         81:88:8c:05:3c:39:d0:6a:86:ba:3d:e3:77:ca:20:ae:65:f5:
         75:8c:9b:ef:d7:66:1a:83:b1:71:59:cc:b3:b6:5d:87:c9:40:
         b0:99:38:04:21:32:f9:78:da:88:08:0f:00:48:fc:25:bb:dd:
         31:c3:2a:95:74:57:8a:80:a8:e0:83:7d:c7:40:4d:ae:60:16:
         2f:fc:64:59:cf:12:ed:9d:a9:e1:89:cb:f1:81:5f:ed:39:67:
         07:e6:25:3f:9e:fc:ec:89:29:0b:35:88:64:82:27:2b:d2:b2:
         9d:64:47:88:04:63:f7:92:5a:b7:29:46:14:59:7f:27:af:bf:
         9c:a2:2e:e6
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYZ7cvfAtDyYJzL6XW1cUFAxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOTUwOWIzM2RhNTVmM2U1ZDUyODNlYjYyMWQwZDM1ZDdh
ZWVkNWMwHhcNMjMwMjIyMjMyNjE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTExODFjY2EwZWE2NzNlZDI5ODcxMzljMjRiYjFlNDhhN2IxYzQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApTKb/s0NKBbVXmga6QYEZyeg4kP5
EGMiKCQwJSc+iAE9VwXOBs2ZyY0F9ItpJemzWe4C+p9Kgv1pp+qaF39KpAdeiWoS
+TMQDsVJFoOuczafkxz2liLavNeDNGi/FZMKI6lfV+Y7jOzJ0LVcfcTJn5wx/dG4
yK06YtI7tpR8PSZZ+GLdGGNe19dm4nLzX4W4WVGSzFUMElq0mg/ftc8E4bToIZgM
wUywozbOUqVZuOu+V3AnNk+vTFxEnhmps8sjKTtZsnU2ddjclKuo/mP2nZGOze/p
YPx5/S4zvtl5xne14JzYJS4pMbgi12Qt5Wkyijq9SZg1bT+zvQmg/YBgIwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFBERgcyg6mc+0phxOcJLseSKexxEMB8GA1UdIwQY
MBaAFE+VCbM9pV8+XVKD62IdDTXXru1cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDVVSnN6MmxYejVkVW9QclloME5OZGV1N1Z3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi82ZmMxYmMtYTVmOC00MmE4LTk1ZTQt
NjAxMDdlMmI1MTA5LzEvRVJHQnpLRHFaejdTbUhFNXdrdXg1SXA3SEVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi82ZmMxYmMtYTVmOC00MmE4LTk1ZTQtNjAxMDdlMmI1MTA5
LzEvVDVVSnN6MmxYejVkVW9QclloME5OZGV1N1Z3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQBJd1OAwQC
U6v0AwQCVetIAwQCixwgAwQBuf42AwQCvHdEAwQCwSYsAwQCwbuMAwQBwji6AwQC
wqlcMA0GCSqGSIb3DQEBCwUAA4IBAQBLiuBplZBjqPpEpXvNW0Ow8hHpTS/ScJX9
0nBp8x5T0pALVCt3W67bA8kLjgrjJc83KfPxaxglCBTDiNeQsNwsMx35MRThSbyd
ppIz7r1nre9QF5dG5cLlWoaCr7AOkD1F/MrQKX9iOH68ho1jZn60INnjW1QsP8lZ
6LLoCpSBiIwFPDnQaoa6PeN3yiCuZfV1jJvv12Yag7FxWcyztl2HyUCwmTgEITL5
eNqICA8ASPwlu90xwyqVdFeKgKjgg33HQE2uYBYv/GRZzxLtnanhicvxgV/tOWcH
5iU/nvzsiSkLNYhkgicr0rKdZEeIBGP3klq3KUYUWX8nr7+coi7m
-----END CERTIFICATE-----