Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/7cb179-ad2c-4824-a1e5-ae07f32e4102/1/Crq0xIPpZWEjYjtYjLpOJIZg8rA.roa
File:                     Crq0xIPpZWEjYjtYjLpOJIZg8rA.roa (raw, json)
Hash identifier:          HCt6WpJNCh6PqhmBMLzd5T5JU0M2iMyQEQlH2TL5CMo=
Subject key identifier:   0A:BA:B4:C4:83:E9:65:61:23:62:3B:58:8C:BA:4E:24:86:60:F2:B0
Certificate issuer:       /CN=fc44297e9271c6edf064915f6180ae12690dda8b
Certificate serial:       01856E66706D4594FB30A3A461F998CBA248
Authority key identifier: FC:44:29:7E:92:71:C6:ED:F0:64:91:5F:61:80:AE:12:69:0D:DA:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_EQpfpJxxu3wZJFfYYCuEmkN2os.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/7cb179-ad2c-4824-a1e5-ae07f32e4102/1/Crq0xIPpZWEjYjtYjLpOJIZg8rA.roa
Signing time:             Sun 01 Jan 2023 17:34:45 +0000
ROA not before:           Sun 01 Jan 2023 17:34:45 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     5504
IP address blocks:        194.30.136.0/22 maxlen: 22
                          194.30.135.0/24 maxlen: 24
                          194.30.134.0/24 maxlen: 24
                          213.169.128.0/21 maxlen: 24
                          194.30.140.0/23 maxlen: 23
                          194.30.144.0/23 maxlen: 23
                          194.30.143.0/24 maxlen: 24
                          194.30.146.0/23 maxlen: 23
                          194.30.148.0/22 maxlen: 22
                          194.30.152.0/23 maxlen: 23
                          213.169.136.0/22 maxlen: 24
                          213.169.140.0/22 maxlen: 22
                          213.169.144.0/22 maxlen: 22
                          194.30.154.0/23 maxlen: 23
                          194.30.156.0/23 maxlen: 23
                          213.169.158.0/23 maxlen: 23
                          194.30.132.0/23 maxlen: 23
                          194.30.131.0/24 maxlen: 24
                          194.30.130.0/24 maxlen: 24
                          194.30.128.0/23 maxlen: 23
                          82.114.32.0/19 maxlen: 22

Validation:               Failed, certificate revoked on Tue 10 Jan 2023 13:35:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:66:70:6d:45:94:fb:30:a3:a4:61:f9:98:cb:a2:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc44297e9271c6edf064915f6180ae12690dda8b
        Validity
            Not Before: Jan  1 17:34:45 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0abab4c483e9656123623b588cba4e248660f2b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:e8:a5:97:3d:02:25:87:89:c7:52:ea:89:83:
                    b9:08:e0:77:c6:a2:df:a9:35:77:bf:5e:86:f0:4e:
                    8b:1b:82:99:13:7c:8a:c7:2f:b4:d9:fa:37:70:f5:
                    b9:14:62:bd:91:fe:19:0f:23:5f:50:6b:2b:53:2d:
                    3f:b6:01:5a:15:8a:b8:4e:10:42:75:9c:9d:f3:02:
                    83:f4:bb:97:00:4e:02:86:e3:b9:f6:a6:d3:bb:38:
                    87:84:61:ea:db:73:9b:d4:b2:14:cf:ad:5f:f1:e3:
                    2f:32:ea:3d:ee:e3:8e:22:3b:24:e1:09:ff:5f:90:
                    90:bf:37:70:69:9a:06:31:c6:cf:23:15:50:c7:c3:
                    88:49:4c:3d:34:f7:94:71:e3:c2:c7:fa:bd:e2:ce:
                    87:0e:64:20:16:30:76:bf:d9:c3:6f:88:ef:49:ed:
                    e4:c7:2d:3b:69:25:2d:91:99:dd:11:04:1a:91:d2:
                    a9:c7:bd:7e:ce:6e:ce:3e:ea:69:70:cf:77:e6:5b:
                    f0:99:27:2b:5a:64:fd:ce:79:a4:85:dc:8a:a8:40:
                    17:f9:ad:b2:7c:40:29:40:f0:e2:46:5a:4c:0a:4a:
                    5d:ae:d7:5d:ac:14:eb:76:44:7f:18:2f:5d:27:9f:
                    79:0e:13:56:a6:f2:20:9c:47:da:90:9d:dd:e3:27:
                    e6:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:BA:B4:C4:83:E9:65:61:23:62:3B:58:8C:BA:4E:24:86:60:F2:B0
            X509v3 Authority Key Identifier:
                keyid:FC:44:29:7E:92:71:C6:ED:F0:64:91:5F:61:80:AE:12:69:0D:DA:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_EQpfpJxxu3wZJFfYYCuEmkN2os.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/7cb179-ad2c-4824-a1e5-ae07f32e4102/1/Crq0xIPpZWEjYjtYjLpOJIZg8rA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/7cb179-ad2c-4824-a1e5-ae07f32e4102/1/_EQpfpJxxu3wZJFfYYCuEmkN2os.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.114.32.0/19
                  194.30.128.0-194.30.141.255
                  194.30.143.0-194.30.157.255
                  213.169.128.0-213.169.147.255
                  213.169.158.0/23

    Signature Algorithm: sha256WithRSAEncryption
         63:f2:57:96:ef:ba:f7:90:f0:49:75:99:a2:72:24:f8:b6:cc:
         ff:a1:c9:06:71:be:8f:ca:55:29:59:5b:31:4c:ca:da:05:a9:
         7f:c3:a9:1d:a2:18:a0:8a:fe:5e:23:35:5a:bf:2c:37:ba:8d:
         5d:39:95:54:86:6c:b7:af:9b:8f:ad:11:88:cc:f2:79:04:55:
         09:a9:d0:d3:6d:e0:1c:4e:51:96:cc:de:9e:5b:94:b3:99:f4:
         56:64:65:29:2a:59:2d:44:a5:47:1b:fe:df:e3:72:ce:38:6a:
         f3:b1:c1:1d:b5:47:54:77:3c:ce:64:80:4c:ef:fc:be:62:e0:
         bc:d0:cd:85:07:e9:d0:0d:98:ba:2b:9d:6d:99:39:87:3b:f0:
         18:c7:9c:67:af:7a:62:ee:cd:7c:2d:05:23:90:62:2d:aa:7c:
         ed:22:e2:69:72:a4:5d:98:3c:94:c0:f7:30:0c:1f:1f:f5:b3:
         5f:e0:d4:10:f0:84:69:e9:30:c2:29:eb:08:14:41:ee:5c:8f:
         4d:38:e8:b5:ee:b7:7b:84:e7:71:f5:46:bf:c5:cb:ea:7b:57:
         ef:3c:8d:e4:94:e3:15:9d:c2:b4:90:2f:83:8e:1b:d9:b0:10:
         9c:db:e0:5c:e2:23:53:6c:cb:f2:29:7c:36:21:d1:3f:ca:b4:
         a6:2b:e0:da
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYVuZnBtRZT7MKOkYfmYy6JIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjNDQyOTdlOTI3MWM2ZWRmMDY0OTE1ZjYxODBhZTEyNjkw
ZGRhOGIwHhcNMjMwMTAxMTczNDQ1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWJhYjRjNDgzZTk2NTYxMjM2MjNiNTg4Y2JhNGUyNDg2NjBmMmIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgeillz0CJYeJx1LqiYO5COB3xqLf
qTV3v16G8E6LG4KZE3yKxy+02fo3cPW5FGK9kf4ZDyNfUGsrUy0/tgFaFYq4ThBC
dZyd8wKD9LuXAE4ChuO59qbTuziHhGHq23Ob1LIUz61f8eMvMuo97uOOIjsk4Qn/
X5CQvzdwaZoGMcbPIxVQx8OISUw9NPeUcePCx/q94s6HDmQgFjB2v9nDb4jvSe3k
xy07aSUtkZndEQQakdKpx71+zm7OPuppcM935lvwmScrWmT9znmkhdyKqEAX+a2y
fEApQPDiRlpMCkpdrtddrBTrdkR/GC9dJ595DhNWpvIgnEfakJ3d4yfmlwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFAq6tMSD6WVhI2I7WIy6TiSGYPKwMB8GA1UdIwQY
MBaAFPxEKX6Sccbt8GSRX2GArhJpDdqLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0VRcGZwSnh4dTN3WkpGZllZQ3VFbWtOMm9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi83Y2IxNzktYWQyYy00ODI0LWExZTUt
YWUwN2YzMmU0MTAyLzEvQ3JxMHhJUHBaV0VqWWp0WWpMcE9KSVpnOHJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi83Y2IxNzktYWQyYy00ODI0LWExZTUtYWUwN2YzMmU0MTAy
LzEvX0VRcGZwSnh4dTN3WkpGZllZQ3VFbWtOMm9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQFUnIgMAwD
BAfCHoADBAHCHowwDAMEAMIejwMEAcIenDAMAwQH1amAAwQC1amQAwQB1ameMA0G
CSqGSIb3DQEBCwUAA4IBAQBj8leW77r3kPBJdZmiciT4tsz/ockGcb6PylUpWVsx
TMraBal/w6kdohigiv5eIzVavyw3uo1dOZVUhmy3r5uPrRGIzPJ5BFUJqdDTbeAc
TlGWzN6eW5SzmfRWZGUpKlktRKVHG/7f43LOOGrzscEdtUdUdzzOZIBM7/y+YuC8
0M2FB+nQDZi6K51tmTmHO/AYx5xnr3pi7s18LQUjkGItqnztIuJpcqRdmDyUwPcw
DB8f9bNf4NQQ8IRp6TDCKesIFEHuXI9NOOi17rd7hOdx9Ua/xcvqe1fvPI3klOMV
ncK0kC+DjhvZsBCc2+Bc4iNTbMvyKXw2IdE/yrSmK+Da
-----END CERTIFICATE-----