Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/ffa457-34c8-48c2-9ebc-92b207f641b1/1/BR2xvWT9OZTZfRiF90wfxf7mw8k.roa
File:                     BR2xvWT9OZTZfRiF90wfxf7mw8k.roa (raw, json)
Hash identifier:          BpuW7VTwyqwXv9hltNjzjVGdmhBkDuHx5VZNiNacgvU=
Subject key identifier:   05:1D:B1:BD:64:FD:39:94:D9:7D:18:85:F7:4C:1F:C5:FE:E6:C3:C9
Certificate issuer:       /CN=daf0a39cfadf910f6b132ad228e606561887a06c
Certificate serial:       01856C0110A49F09570004368D213C28D7DA
Authority key identifier: DA:F0:A3:9C:FA:DF:91:0F:6B:13:2A:D2:28:E6:06:56:18:87:A0:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2vCjnPrfkQ9rEyrSKOYGVhiHoGw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/ffa457-34c8-48c2-9ebc-92b207f641b1/1/BR2xvWT9OZTZfRiF90wfxf7mw8k.roa
Signing time:             Sun 01 Jan 2023 06:24:47 +0000
ROA not before:           Sun 01 Jan 2023 06:24:47 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     55002
IP address blocks:        185.91.48.0/22 maxlen: 24
                          213.149.80.0/20 maxlen: 24
                          31.187.80.0/22 maxlen: 24
                          213.178.16.0/20 maxlen: 24
                          217.72.208.0/20 maxlen: 24
                          31.187.88.0/22 maxlen: 24
                          185.31.60.0/22 maxlen: 24
                          46.31.216.0/21 maxlen: 24
                          88.133.224.0/21 maxlen: 24
                          91.217.176.0/24 maxlen: 24
                          37.156.80.0/20 maxlen: 24
                          88.133.160.0/20 maxlen: 24
                          2a02:2488::/32 maxlen: 48

Validation:               Failed, certificate revoked on Mon 13 Mar 2023 12:40:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:01:10:a4:9f:09:57:00:04:36:8d:21:3c:28:d7:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=daf0a39cfadf910f6b132ad228e606561887a06c
        Validity
            Not Before: Jan  1 06:24:47 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=051db1bd64fd3994d97d1885f74c1fc5fee6c3c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:fc:5b:7e:d0:92:83:e3:98:93:3e:a9:5a:bd:
                    fe:dc:60:dd:d4:cc:72:fe:2c:7c:76:9a:a9:c9:3a:
                    ad:b3:ad:ce:e3:ec:23:97:54:94:c0:41:e3:d7:10:
                    47:16:7a:94:3c:46:70:56:86:43:d1:ab:f6:3a:e4:
                    25:d2:4d:b1:cd:64:30:03:47:1f:26:89:c1:1c:6a:
                    bb:c9:9d:70:37:9c:97:35:f7:ae:5d:58:d6:05:76:
                    29:e8:a8:99:7f:0c:be:f8:20:1d:b4:e6:12:35:3c:
                    b0:77:26:7f:2f:36:e2:22:ca:15:c4:d4:d2:76:e4:
                    a1:63:10:c7:2b:46:62:dc:af:ab:35:27:ae:f4:f7:
                    d8:ed:0f:7f:0d:b4:aa:12:77:46:24:ff:e2:fc:ed:
                    65:37:42:a1:da:6d:1c:61:8a:47:14:a9:a0:3a:f0:
                    13:71:6b:5f:86:17:7f:32:4a:fa:98:9e:7f:72:b2:
                    bd:f4:7d:44:45:e0:ad:ec:f4:2d:e1:4b:84:be:9c:
                    5a:fc:c4:69:1e:a2:87:a0:c0:36:64:5f:b7:b8:55:
                    0a:df:b5:e6:e9:51:58:f1:98:ed:1d:40:3e:ef:59:
                    e7:6b:9b:d7:2c:cc:0f:10:ef:02:18:4a:5c:a0:59:
                    82:67:50:cf:75:64:12:e4:7d:6b:84:4a:7b:3a:26:
                    34:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:1D:B1:BD:64:FD:39:94:D9:7D:18:85:F7:4C:1F:C5:FE:E6:C3:C9
            X509v3 Authority Key Identifier:
                keyid:DA:F0:A3:9C:FA:DF:91:0F:6B:13:2A:D2:28:E6:06:56:18:87:A0:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2vCjnPrfkQ9rEyrSKOYGVhiHoGw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/ffa457-34c8-48c2-9ebc-92b207f641b1/1/BR2xvWT9OZTZfRiF90wfxf7mw8k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/ffa457-34c8-48c2-9ebc-92b207f641b1/1/2vCjnPrfkQ9rEyrSKOYGVhiHoGw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.187.80.0/22
                  31.187.88.0/22
                  37.156.80.0/20
                  46.31.216.0/21
                  88.133.160.0/20
                  88.133.224.0/21
                  91.217.176.0/24
                  185.31.60.0/22
                  185.91.48.0/22
                  213.149.80.0/20
                  213.178.16.0/20
                  217.72.208.0/20
                IPv6:
                  2a02:2488::/32

    Signature Algorithm: sha256WithRSAEncryption
         32:cc:8f:0c:37:36:d9:32:b0:53:43:3a:48:49:d2:81:55:fa:
         37:fb:3c:2d:34:27:1c:34:e9:40:69:88:62:9a:ec:9d:55:7a:
         f0:eb:f6:b4:6b:37:af:6c:16:b4:5f:d9:00:41:03:45:ca:8c:
         a9:47:42:40:f8:8f:54:a0:4e:7a:c2:5e:bf:f5:7d:1b:e5:d3:
         71:23:d3:30:9f:c3:6e:86:db:dd:84:6f:30:fb:a8:7b:12:e3:
         6b:ce:38:e1:f0:e7:ae:19:d4:0a:b3:c4:11:c5:bd:e8:36:1b:
         30:e3:10:fa:bf:b2:e9:f3:fe:29:1b:98:bf:16:03:b4:a4:5c:
         4b:e2:bb:09:7a:ae:42:01:04:1c:82:1c:72:08:59:a6:cb:20:
         5e:2a:c0:d4:da:1f:13:59:43:8c:e4:09:86:64:eb:66:31:8c:
         3a:34:85:03:23:74:5f:56:0a:70:75:38:18:21:8b:63:ec:6c:
         d5:bc:65:81:18:73:8f:a0:9b:b8:3a:88:e4:74:55:e3:62:98:
         ae:3c:b9:34:cd:89:1d:3b:b1:9f:c6:66:cc:90:ad:74:ab:6e:
         55:99:6d:fe:45:54:9f:c3:62:fd:11:5b:3b:25:d5:8e:ef:bc:
         b3:e3:65:29:6d:de:d5:85:b3:d5:3c:65:23:f7:f9:cb:27:7a:
         0d:26:70:6c
-----BEGIN CERTIFICATE-----
MIIFTjCCBDagAwIBAgISAYVsARCknwlXAAQ2jSE8KNfaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhZjBhMzljZmFkZjkxMGY2YjEzMmFkMjI4ZTYwNjU2MTg4
N2EwNmMwHhcNMjMwMTAxMDYyNDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTFkYjFiZDY0ZmQzOTk0ZDk3ZDE4ODVmNzRjMWZjNWZlZTZjM2M5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk/xbftCSg+OYkz6pWr3+3GDd1Mxy
/ix8dpqpyTqts63O4+wjl1SUwEHj1xBHFnqUPEZwVoZD0av2OuQl0k2xzWQwA0cf
JonBHGq7yZ1wN5yXNfeuXVjWBXYp6KiZfwy++CAdtOYSNTywdyZ/LzbiIsoVxNTS
duShYxDHK0Zi3K+rNSeu9PfY7Q9/DbSqEndGJP/i/O1lN0Kh2m0cYYpHFKmgOvAT
cWtfhhd/Mkr6mJ5/crK99H1EReCt7PQt4UuEvpxa/MRpHqKHoMA2ZF+3uFUK37Xm
6VFY8ZjtHUA+71nna5vXLMwPEO8CGEpcoFmCZ1DPdWQS5H1rhEp7OiY0nQIDAQAB
o4ICWjCCAlYwHQYDVR0OBBYEFAUdsb1k/TmU2X0YhfdMH8X+5sPJMB8GA1UdIwQY
MBaAFNrwo5z635EPaxMq0ijmBlYYh6BsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnZDam5QcmZrUTlyRXlyU0tPWUdWaGlIb0d3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny9mZmE0NTctMzRjOC00OGMyLTllYmMt
OTJiMjA3ZjY0MWIxLzEvQlIyeHZXVDlPWlRaZlJpRjkwd2Z4ZjdtdzhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny9mZmE0NTctMzRjOC00OGMyLTllYmMtOTJiMjA3ZjY0MWIx
LzEvMnZDam5QcmZrUTlyRXlyU0tPWUdWaGlIb0d3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHAGCCsGAQUFBwEHAQH/BGEwXzBOBAIAATBIAwQCH7tQAwQC
H7tYAwQEJZxQAwQDLh/YAwQEWIWgAwQDWIXgAwQAW9mwAwQCuR88AwQCuVswAwQE
1ZVQAwQE1bIQAwQE2UjQMA0EAgACMAcDBQAqAiSIMA0GCSqGSIb3DQEBCwUAA4IB
AQAyzI8MNzbZMrBTQzpISdKBVfo3+zwtNCccNOlAaYhimuydVXrw6/a0azevbBa0
X9kAQQNFyoypR0JA+I9UoE56wl6/9X0b5dNxI9Mwn8NuhtvdhG8w+6h7EuNrzjjh
8OeuGdQKs8QRxb3oNhsw4xD6v7Lp8/4pG5i/FgO0pFxL4rsJeq5CAQQcghxyCFmm
yyBeKsDU2h8TWUOM5AmGZOtmMYw6NIUDI3RfVgpwdTgYIYtj7GzVvGWBGHOPoJu4
OojkdFXjYpiuPLk0zYkdO7GfxmbMkK10q25VmW3+RVSfw2L9EVs7JdWO77yz42Up
bd7VhbPVPGUj9/nLJ3oNJnBs
-----END CERTIFICATE-----