Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/eQi2VwEjj4iU26S6A0P5lb4Usj4.roa
File:                     eQi2VwEjj4iU26S6A0P5lb4Usj4.roa (raw, json)
Hash identifier:          4jxWKMcseozGXyhOeGk69oRwkzixT24tMrM3OHvPlHI=
Subject key identifier:   79:08:B6:57:01:23:8F:88:94:DB:A4:BA:03:43:F9:95:BE:14:B2:3E
Certificate issuer:       /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial:       01856CB83241A86F4353945955932138B27E
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/eQi2VwEjj4iU26S6A0P5lb4Usj4.roa
Signing time:             Sun 01 Jan 2023 09:44:48 +0000
ROA not before:           Sun 01 Jan 2023 09:44:48 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2285
IP address blocks:        90.84.250.0/24 maxlen: 24
                          90.84.249.0/24 maxlen: 24
                          90.84.248.0/24 maxlen: 24
                          2a01:c9c0:8010::/48 maxlen: 64
                          2a01:c9c0:8018::/48 maxlen: 64
                          2a01:c9c0:8030::/48 maxlen: 64
                          2a01:c9c0:8016::/48 maxlen: 64
                          2a01:c9c0:801e::/48 maxlen: 64
                          2a01:c9c0:8014::/48 maxlen: 64
                          2a01:c9c0:801c::/48 maxlen: 64
                          2a01:c9c0:8012::/48 maxlen: 64
                          2a01:c9c0:801a::/48 maxlen: 64

Validation:               Failed, certificate revoked on Thu 13 Jul 2023 06:50:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:b8:32:41:a8:6f:43:53:94:59:55:93:21:38:b2:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
        Validity
            Not Before: Jan  1 09:44:48 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=7908b65701238f8894dba4ba0343f995be14b23e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:31:7c:39:d0:a7:c7:a7:db:e1:6e:c9:23:ec:
                    31:da:99:d2:98:69:98:24:73:27:9e:63:88:ea:25:
                    74:35:fc:88:67:93:00:52:33:4f:e8:2a:cc:80:33:
                    26:2a:42:ae:bb:dd:c7:fe:59:3d:b5:07:f8:1d:57:
                    7e:7a:01:01:0b:c1:45:53:71:d2:ee:b6:2f:49:4e:
                    54:7c:4b:f5:03:04:cb:40:9c:d8:ec:42:38:05:53:
                    95:53:f3:6f:0f:2b:51:96:9f:7d:a5:21:ef:c1:5d:
                    08:ea:b6:5a:11:39:7f:f7:c7:51:dd:ed:b8:97:b7:
                    7f:11:89:89:a4:4c:c4:65:37:c3:a2:96:eb:1a:95:
                    fb:57:c9:2e:91:dd:4e:7f:2c:81:da:ef:22:6a:cc:
                    3b:5b:fd:75:c4:62:fe:8c:2a:19:4d:b8:e1:06:c9:
                    09:65:86:b2:77:0e:2a:d4:f7:58:93:11:40:a3:35:
                    fa:02:59:d7:3c:9e:2e:fc:d6:70:a0:d9:95:c7:48:
                    b6:b5:35:c6:36:df:84:40:e5:a9:67:db:d7:3a:79:
                    b9:3a:e8:75:46:bb:81:66:4c:36:a1:6b:ff:72:1c:
                    16:10:31:55:e3:5b:8a:00:b6:a1:a5:28:32:25:90:
                    e6:5d:44:e1:28:11:66:07:51:95:54:57:61:2b:e5:
                    ac:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:08:B6:57:01:23:8F:88:94:DB:A4:BA:03:43:F9:95:BE:14:B2:3E
            X509v3 Authority Key Identifier:
                keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/eQi2VwEjj4iU26S6A0P5lb4Usj4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  90.84.248.0-90.84.250.255
                IPv6:
                  2a01:c9c0:8010::/48
                  2a01:c9c0:8012::/48
                  2a01:c9c0:8014::/48
                  2a01:c9c0:8016::/48
                  2a01:c9c0:8018::/48
                  2a01:c9c0:801a::/48
                  2a01:c9c0:801c::/48
                  2a01:c9c0:801e::/48
                  2a01:c9c0:8030::/48

    Signature Algorithm: sha256WithRSAEncryption
         20:7f:33:cb:7a:71:1c:99:3f:df:51:94:aa:5e:57:f6:cf:41:
         7a:f1:dc:92:17:48:8d:c8:4f:43:cc:f1:8d:eb:3c:0b:f6:60:
         29:ab:b3:2c:47:98:5d:87:7e:f7:3b:5f:67:4d:06:68:02:e9:
         3a:7e:5f:cb:09:6f:eb:4a:ba:ad:7b:e6:e2:fe:63:4b:08:fa:
         e2:14:50:75:d2:9d:55:c0:66:0f:99:3d:89:f4:d8:ad:22:23:
         1c:bb:ee:7f:cf:46:2d:96:b9:42:b3:e3:07:ca:9b:68:14:0f:
         61:07:01:f9:22:9f:ca:b5:3a:f8:a0:4d:50:09:e7:09:f4:10:
         c5:f6:7a:49:af:b1:33:73:13:61:8e:1e:c6:cc:b0:38:83:2b:
         32:08:59:78:60:53:9a:1c:1f:03:c0:ab:aa:d2:13:ab:c6:4e:
         ca:f3:8e:04:5e:d8:62:33:d3:a1:b4:d2:d7:85:aa:68:eb:1d:
         01:f4:a8:60:93:2d:7d:97:a3:66:0b:ec:96:38:44:c9:bb:d2:
         59:8f:69:77:12:81:1b:df:94:93:dc:b3:5d:e3:b1:00:3e:f9:
         ac:99:f7:20:7c:87:1e:5f:6a:5a:4b:11:88:90:f0:5e:3d:04:
         3a:66:59:18:c6:e6:81:d1:9a:4c:fc:5a:df:9f:43:56:a4:c3:
         7f:c4:58:63
-----BEGIN CERTIFICATE-----
MIIFXzCCBEegAwIBAgISAYVsuDJBqG9DU5RZVZMhOLJ+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjA5YmEzM2I1YWU1ODFiMGQyOTMyMzI0OTMxNGY3NmFh
MTA1MTEwHhcNMjMwMTAxMDk0NDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTA4YjY1NzAxMjM4Zjg4OTRkYmE0YmEwMzQzZjk5NWJlMTRiMjNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAujF8OdCnx6fb4W7JI+wx2pnSmGmY
JHMnnmOI6iV0NfyIZ5MAUjNP6CrMgDMmKkKuu93H/lk9tQf4HVd+egEBC8FFU3HS
7rYvSU5UfEv1AwTLQJzY7EI4BVOVU/NvDytRlp99pSHvwV0I6rZaETl/98dR3e24
l7d/EYmJpEzEZTfDopbrGpX7V8kukd1OfyyB2u8iasw7W/11xGL+jCoZTbjhBskJ
ZYaydw4q1PdYkxFAozX6AlnXPJ4u/NZwoNmVx0i2tTXGNt+EQOWpZ9vXOnm5Ouh1
RruBZkw2oWv/chwWEDFV41uKALahpSgyJZDmXUThKBFmB1GVVFdhK+WscwIDAQAB
o4ICazCCAmcwHQYDVR0OBBYEFHkItlcBI4+IlNukugND+ZW+FLI+MB8GA1UdIwQY
MBaAFDrwm6M7WuWBsNKTIySTFPdqoQURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQt
NDU5MzVmNTA2YTEyLzEvZVFpMlZ3RWpqNGlVMjZTNkEwUDVsYjRVc2o0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQtNDU5MzVmNTA2YTEy
LzEvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGABggrBgEFBQcBBwEB/wRxMG8wFAQCAAEwDjAMAwQDWlT4
AwQAWlT6MFcEAgACMFEDBwAqAcnAgBADBwAqAcnAgBIDBwAqAcnAgBQDBwAqAcnA
gBYDBwAqAcnAgBgDBwAqAcnAgBoDBwAqAcnAgBwDBwAqAcnAgB4DBwAqAcnAgDAw
DQYJKoZIhvcNAQELBQADggEBACB/M8t6cRyZP99RlKpeV/bPQXrx3JIXSI3IT0PM
8Y3rPAv2YCmrsyxHmF2Hfvc7X2dNBmgC6Tp+X8sJb+tKuq175uL+Y0sI+uIUUHXS
nVXAZg+ZPYn02K0iIxy77n/PRi2WuUKz4wfKm2gUD2EHAfkin8q1OvigTVAJ5wn0
EMX2ekmvsTNzE2GOHsbMsDiDKzIIWXhgU5ocHwPAq6rSE6vGTsrzjgRe2GIz06G0
0teFqmjrHQH0qGCTLX2Xo2YL7JY4RMm70lmPaXcSgRvflJPcs13jsQA++ayZ9yB8
hx5falpLEYiQ8F49BDpmWRjG5oHRmkz8Wt+fQ1akw3/EWGM=
-----END CERTIFICATE-----