Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/febab0-d93a-4704-9a71-3ad52e8b9628/1/kVifUzhboplY7LHzr_ffrl69rkY.roa
File:                     kVifUzhboplY7LHzr_ffrl69rkY.roa (raw, json)
Hash identifier:          gusjXQezvTuDdlr97PuWRhrcS0Aump9gX0Y/MhCKQJU=
Subject key identifier:   91:58:9F:53:38:5B:A2:99:58:EC:B1:F3:AF:F7:DF:AE:5E:BD:AE:46
Certificate issuer:       /CN=2d28cfa3fd2da9caaa659284758dee67099934f8
Certificate serial:       0185720C63F93188F67930F74D04971891B0
Authority key identifier: 2D:28:CF:A3:FD:2D:A9:CA:AA:65:92:84:75:8D:EE:67:09:99:34:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LSjPo_0tqcqqZZKEdY3uZwmZNPg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/febab0-d93a-4704-9a71-3ad52e8b9628/1/kVifUzhboplY7LHzr_ffrl69rkY.roa
Signing time:             Mon 02 Jan 2023 10:34:52 +0000
ROA not before:           Mon 02 Jan 2023 10:34:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     198735
IP address blocks:        212.15.85.0/24 maxlen: 24
                          212.15.84.0/24 maxlen: 24
                          212.15.83.0/24 maxlen: 24
                          212.15.82.0/24 maxlen: 24
                          212.15.81.0/24 maxlen: 24
                          212.15.80.0/24 maxlen: 24
                          212.15.80.0/21 maxlen: 21
                          212.15.86.0/24 maxlen: 24
                          212.15.87.0/24 maxlen: 24
                          185.51.223.0/24 maxlen: 24
                          185.51.222.0/24 maxlen: 24
                          185.51.221.0/24 maxlen: 24
                          185.51.220.0/22 maxlen: 22
                          185.51.220.0/24 maxlen: 24
                          5.1.105.0/24 maxlen: 24
                          5.1.104.0/24 maxlen: 24
                          5.1.104.0/21 maxlen: 21
                          5.1.109.0/24 maxlen: 24
                          5.1.108.0/24 maxlen: 24
                          5.1.107.0/24 maxlen: 24
                          5.1.106.0/24 maxlen: 24
                          5.1.111.0/24 maxlen: 24
                          5.1.110.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 08 Jun 2023 12:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:0c:63:f9:31:88:f6:79:30:f7:4d:04:97:18:91:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d28cfa3fd2da9caaa659284758dee67099934f8
        Validity
            Not Before: Jan  2 10:34:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=91589f53385ba29958ecb1f3aff7dfae5ebdae46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:d3:52:76:57:ac:70:01:2f:b7:3b:dd:d8:b9:
                    6e:82:28:30:0c:92:e8:a0:58:83:17:d8:03:67:6e:
                    e0:a3:63:bb:9c:55:1b:56:0b:4f:6d:5a:d2:62:c4:
                    97:45:a7:2c:57:fc:2f:23:db:a8:cb:ab:35:2b:2f:
                    36:1d:af:90:5a:34:52:0e:8d:14:44:89:e9:11:63:
                    91:99:4e:9c:03:c8:ce:89:45:be:15:9d:17:ba:70:
                    a1:27:7d:87:09:cb:a5:16:02:46:d9:14:fc:d0:a2:
                    49:b6:0f:c9:5e:49:88:4f:2a:0a:b2:59:8d:ca:c6:
                    d5:a0:cf:b1:a4:54:da:7c:ee:c9:7f:a4:3d:ba:74:
                    1b:09:fb:e7:11:60:ee:8d:d8:69:7d:9d:50:4e:b8:
                    7e:53:3e:df:52:a6:d5:9a:3c:4d:f8:20:17:95:d6:
                    42:d0:10:4a:6d:3a:43:86:58:cd:f0:3c:bf:09:a4:
                    c6:b6:e8:0a:b8:cc:b1:b1:d7:71:a9:7c:b4:28:4b:
                    45:df:f2:2c:87:fe:fc:14:57:a1:82:2f:7d:16:df:
                    91:94:9b:f3:6d:ed:0c:ab:1a:6b:dd:2b:37:03:f3:
                    01:99:f3:ef:41:5f:61:24:04:22:bd:e7:52:13:e1:
                    73:be:4d:f4:92:93:87:81:66:c4:2c:71:eb:04:3b:
                    f6:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:58:9F:53:38:5B:A2:99:58:EC:B1:F3:AF:F7:DF:AE:5E:BD:AE:46
            X509v3 Authority Key Identifier:
                keyid:2D:28:CF:A3:FD:2D:A9:CA:AA:65:92:84:75:8D:EE:67:09:99:34:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LSjPo_0tqcqqZZKEdY3uZwmZNPg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/febab0-d93a-4704-9a71-3ad52e8b9628/1/kVifUzhboplY7LHzr_ffrl69rkY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/febab0-d93a-4704-9a71-3ad52e8b9628/1/LSjPo_0tqcqqZZKEdY3uZwmZNPg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.1.104.0/21
                  185.51.220.0/22
                  212.15.80.0/21

    Signature Algorithm: sha256WithRSAEncryption
         e3:c5:1e:a3:45:e5:f1:25:b0:1c:a1:9f:06:f7:2a:9c:07:d7:
         c5:94:dd:05:23:b1:09:f5:1c:a7:95:10:05:96:6d:ad:a1:7c:
         c3:bb:f5:e3:ca:03:29:a9:e3:c5:46:22:9d:c4:d0:5a:ac:6f:
         ee:d7:4a:d9:29:e0:51:b0:ae:36:6a:58:8a:0c:37:48:f4:3f:
         89:8a:59:7f:52:18:3d:c8:b6:1e:e1:3e:b7:f0:aa:ee:46:2e:
         4e:4e:b9:b0:64:21:16:11:62:bf:96:ef:b7:33:12:87:a3:f4:
         83:e8:7c:1d:94:29:e9:80:3c:48:64:38:85:a8:3f:f4:22:84:
         4c:f5:47:14:ae:5b:19:49:88:db:92:83:1b:17:d1:96:0f:0c:
         87:48:21:78:e5:8e:91:04:2b:de:8c:6d:1a:a5:41:21:35:2d:
         3b:d3:10:b5:b0:da:5e:64:ac:b3:78:db:58:5f:8f:e4:14:e0:
         e9:03:26:5c:03:60:d9:34:f9:1b:b7:68:7d:d1:c7:65:e7:68:
         a1:f8:0e:8e:a7:ae:67:f8:24:e4:7d:87:37:24:22:59:55:ec:
         9a:c4:ea:ae:85:4b:b3:1d:19:28:31:78:43:f1:5e:fd:e9:e4:
         f6:20:71:44:6e:ad:1f:95:e2:31:93:4f:7f:4a:07:62:f6:35:
         85:c9:f3:b5
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYVyDGP5MYj2eTD3TQSXGJGwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkMjhjZmEzZmQyZGE5Y2FhYTY1OTI4NDc1OGRlZTY3MDk5
OTM0ZjgwHhcNMjMwMTAyMTAzNDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTU4OWY1MzM4NWJhMjk5NThlY2IxZjNhZmY3ZGZhZTVlYmRhZTQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxdNSdlescAEvtzvd2LlugigwDJLo
oFiDF9gDZ27go2O7nFUbVgtPbVrSYsSXRacsV/wvI9uoy6s1Ky82Ha+QWjRSDo0U
RInpEWORmU6cA8jOiUW+FZ0XunChJ32HCculFgJG2RT80KJJtg/JXkmITyoKslmN
ysbVoM+xpFTafO7Jf6Q9unQbCfvnEWDujdhpfZ1QTrh+Uz7fUqbVmjxN+CAXldZC
0BBKbTpDhljN8Dy/CaTGtugKuMyxsddxqXy0KEtF3/Ish/78FFehgi99Ft+RlJvz
be0Mqxpr3Ss3A/MBmfPvQV9hJAQivedSE+Fzvk30kpOHgWbELHHrBDv2XwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJFYn1M4W6KZWOyx86/3365eva5GMB8GA1UdIwQY
MBaAFC0oz6P9LanKqmWShHWN7mcJmTT4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFNqUG9fMHRxY3FxWlpLRWRZM3Vad21aTlBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC9mZWJhYjAtZDkzYS00NzA0LTlhNzEt
M2FkNTJlOGI5NjI4LzEva1ZpZlV6aGJvcGxZN0xIenJfZmZybDY5cmtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC9mZWJhYjAtZDkzYS00NzA0LTlhNzEtM2FkNTJlOGI5NjI4
LzEvTFNqUG9fMHRxY3FxWlpLRWRZM3Vad21aTlBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDBQFoAwQC
uTPcAwQD1A9QMA0GCSqGSIb3DQEBCwUAA4IBAQDjxR6jReXxJbAcoZ8G9yqcB9fF
lN0FI7EJ9RynlRAFlm2toXzDu/XjygMpqePFRiKdxNBarG/u10rZKeBRsK42aliK
DDdI9D+Jill/Uhg9yLYe4T638KruRi5OTrmwZCEWEWK/lu+3MxKHo/SD6HwdlCnp
gDxIZDiFqD/0IoRM9UcUrlsZSYjbkoMbF9GWDwyHSCF45Y6RBCvejG0apUEhNS07
0xC1sNpeZKyzeNtYX4/kFODpAyZcA2DZNPkbt2h90cdl52ih+A6Op65n+CTkfYc3
JCJZVeyaxOquhUuzHRkoMXhD8V796eT2IHFEbq0fleIxk09/Sgdi9jWFyfO1
-----END CERTIFICATE-----