Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/X3gVZm4x_rMFBH1nrN3_L92gtyc.roa
File:                     X3gVZm4x_rMFBH1nrN3_L92gtyc.roa (raw, json)
Hash identifier:          w9v02rWH0gdE9MXhtLTNwo6YLsYZo1I9dbDQiu2alAM=
Subject key identifier:   5F:78:15:66:6E:31:FE:B3:05:04:7D:67:AC:DD:FF:2F:DD:A0:B7:27
Certificate issuer:       /CN=4f9509b33da55f3e5d5283eb621d0d35d7aeed5c
Certificate serial:       018BBFDCC08DE69AC1D4CC2EDCA73124FF73
Authority key identifier: 4F:95:09:B3:3D:A5:5F:3E:5D:52:83:EB:62:1D:0D:35:D7:AE:ED:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/X3gVZm4x_rMFBH1nrN3_L92gtyc.roa
Signing time:             Sat 11 Nov 2023 19:29:57 +0000
ROA not before:           Sat 11 Nov 2023 19:29:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     39521
IP address blocks:        85.8.160.0/22 maxlen: 22
                          139.28.240.0/22 maxlen: 22
                          5.133.100.0/22 maxlen: 22
                          31.40.204.0/22 maxlen: 22
                          139.28.48.0/22 maxlen: 22
                          212.107.4.0/22 maxlen: 22
                          194.169.92.0/22 maxlen: 22
                          83.171.244.0/22 maxlen: 22
                          212.87.196.0/22 maxlen: 22
                          37.221.76.0/22 maxlen: 22
                          92.249.60.0/22 maxlen: 22
                          176.96.128.0/22 maxlen: 22
                          188.119.68.0/22 maxlen: 22
                          176.53.156.0/22 maxlen: 22
                          194.93.60.0/22 maxlen: 22

Validation:               Failed, certificate revoked on Sun 03 Dec 2023 19:18:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:bf:dc:c0:8d:e6:9a:c1:d4:cc:2e:dc:a7:31:24:ff:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f9509b33da55f3e5d5283eb621d0d35d7aeed5c
        Validity
            Not Before: Nov 11 19:29:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5f7815666e31feb305047d67acddff2fdda0b727
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:be:3b:a5:5d:df:f1:2d:66:a2:c4:aa:32:2a:
                    64:b0:e7:02:d0:2e:c8:2b:63:57:b3:cf:2b:48:5f:
                    20:96:d6:83:97:df:f0:4c:48:54:7a:f6:26:90:3a:
                    ab:5b:1c:38:16:cf:56:d6:a2:12:6c:4a:87:d2:24:
                    bf:e0:f0:78:03:28:4a:6f:a9:8e:14:f9:83:d4:34:
                    52:e5:1d:27:eb:2d:16:3a:82:90:a2:7e:44:cc:60:
                    12:27:0a:25:2e:95:ce:e6:34:97:5e:61:68:ac:4f:
                    fa:6a:c9:94:4c:82:ff:ad:84:ea:13:36:57:7b:f9:
                    67:ac:05:67:99:d8:d6:9a:aa:d8:61:dc:1c:17:22:
                    b4:27:d6:0b:b3:60:c3:de:fc:19:86:2a:8b:4d:55:
                    e1:36:92:01:be:0f:c6:8b:c3:d3:96:a9:3a:09:92:
                    42:93:8e:5e:24:48:0b:4f:64:be:61:77:9f:d3:2d:
                    8a:af:19:0b:66:f2:61:7b:9f:10:16:87:51:b5:dd:
                    b1:c5:18:d7:f4:74:86:a5:48:ae:dd:75:bd:56:31:
                    38:06:59:1d:46:70:ca:a9:ee:e7:d2:a9:97:b4:bc:
                    7e:89:d1:65:2d:42:86:4f:42:b6:bf:ab:c2:f2:9c:
                    31:e9:76:fe:82:1b:1d:58:ab:fc:14:df:02:e8:c0:
                    c1:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:78:15:66:6E:31:FE:B3:05:04:7D:67:AC:DD:FF:2F:DD:A0:B7:27
            X509v3 Authority Key Identifier:
                keyid:4F:95:09:B3:3D:A5:5F:3E:5D:52:83:EB:62:1D:0D:35:D7:AE:ED:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/X3gVZm4x_rMFBH1nrN3_L92gtyc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.133.100.0/22
                  31.40.204.0/22
                  37.221.76.0/22
                  83.171.244.0/22
                  85.8.160.0/22
                  92.249.60.0/22
                  139.28.48.0/22
                  139.28.240.0/22
                  176.53.156.0/22
                  176.96.128.0/22
                  188.119.68.0/22
                  194.93.60.0/22
                  194.169.92.0/22
                  212.87.196.0/22
                  212.107.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         77:34:13:13:33:d9:a6:0a:8e:cd:28:14:53:00:28:54:84:25:
         fe:d9:0f:59:8d:46:1f:65:f4:6e:10:94:55:d1:16:e6:69:32:
         86:76:28:67:4c:b6:ec:27:f1:75:ef:14:e8:66:d9:b8:fd:42:
         d0:34:a8:c8:58:8f:a6:7a:26:de:37:5a:7c:10:af:e8:f5:5f:
         3c:78:f0:99:ca:a9:8a:0d:f0:21:f6:fa:f1:7d:56:fd:63:e8:
         b6:d2:73:a0:5c:18:16:59:60:a9:02:98:ba:9e:32:fa:2d:be:
         8c:92:f6:72:ff:13:d7:ce:20:47:14:80:37:86:12:73:8f:2d:
         be:cc:cf:fc:fa:66:9c:98:a2:5d:79:5d:0f:ad:d3:7f:21:c0:
         fb:94:4b:94:9d:43:11:c1:50:9a:51:fa:ef:c9:e6:ee:cc:dd:
         59:42:49:ba:c3:5f:c7:62:ce:a3:f6:80:40:24:8f:cc:b7:ce:
         df:eb:2b:1c:81:2c:28:58:44:c3:2b:d3:ea:61:31:6e:4c:1f:
         9a:f9:3e:48:85:08:f0:ea:1a:16:08:05:ad:ae:29:fb:1b:d5:
         6d:f3:2e:c9:db:e9:0d:56:13:86:74:d2:e7:f4:47:d3:16:e2:
         7c:50:17:57:67:0c:c7:54:0f:1c:c4:bb:b1:9a:53:f1:47:db:
         0d:68:e0:8a
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISAYu/3MCN5prB1Mwu3KcxJP9zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOTUwOWIzM2RhNTVmM2U1ZDUyODNlYjYyMWQwZDM1ZDdh
ZWVkNWMwHhcNMjMxMTExMTkyOTU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Zjc4MTU2NjZlMzFmZWIzMDUwNDdkNjdhY2RkZmYyZmRkYTBiNzI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq747pV3f8S1mosSqMipksOcC0C7I
K2NXs88rSF8gltaDl9/wTEhUevYmkDqrWxw4Fs9W1qISbEqH0iS/4PB4AyhKb6mO
FPmD1DRS5R0n6y0WOoKQon5EzGASJwolLpXO5jSXXmForE/6asmUTIL/rYTqEzZX
e/lnrAVnmdjWmqrYYdwcFyK0J9YLs2DD3vwZhiqLTVXhNpIBvg/Gi8PTlqk6CZJC
k45eJEgLT2S+YXef0y2KrxkLZvJhe58QFodRtd2xxRjX9HSGpUiu3XW9VjE4Blkd
RnDKqe7n0qmXtLx+idFlLUKGT0K2v6vC8pwx6Xb+ghsdWKv8FN8C6MDBeQIDAQAB
o4ICXTCCAlkwHQYDVR0OBBYEFF94FWZuMf6zBQR9Z6zd/y/doLcnMB8GA1UdIwQY
MBaAFE+VCbM9pV8+XVKD62IdDTXXru1cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDVVSnN6MmxYejVkVW9QclloME5OZGV1N1Z3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi82ZmMxYmMtYTVmOC00MmE4LTk1ZTQt
NjAxMDdlMmI1MTA5LzEvWDNnVlptNHhfck1GQkgxbnJOM19MOTJndHljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi82ZmMxYmMtYTVmOC00MmE4LTk1ZTQtNjAxMDdlMmI1MTA5
LzEvVDVVSnN6MmxYejVkVW9QclloME5OZGV1N1Z3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHMGCCsGAQUFBwEHAQH/BGQwYjBgBAIAATBaAwQCBYVkAwQC
HyjMAwQCJd1MAwQCU6v0AwQCVQigAwQCXPk8AwQCixwwAwQCixzwAwQCsDWcAwQC
sGCAAwQCvHdEAwQCwl08AwQCwqlcAwQC1FfEAwQC1GsEMA0GCSqGSIb3DQEBCwUA
A4IBAQB3NBMTM9mmCo7NKBRTAChUhCX+2Q9ZjUYfZfRuEJRV0RbmaTKGdihnTLbs
J/F17xToZtm4/ULQNKjIWI+meibeN1p8EK/o9V88ePCZyqmKDfAh9vrxfVb9Y+i2
0nOgXBgWWWCpApi6njL6Lb6MkvZy/xPXziBHFIA3hhJzjy2+zM/8+macmKJdeV0P
rdN/IcD7lEuUnUMRwVCaUfrvyebuzN1ZQkm6w1/HYs6j9oBAJI/Mt87f6yscgSwo
WETDK9PqYTFuTB+a+T5IhQjw6hoWCAWtrin7G9Vt8y7J2+kNVhOGdNLn9EfTFuJ8
UBdXZwzHVA8cxLuxmlPxR9sNaOCK
-----END CERTIFICATE-----