Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/7ZV9qQyPndzDz1omNzXp9kKn14s.roa
File:                     7ZV9qQyPndzDz1omNzXp9kKn14s.roa (raw, json)
Hash identifier:          uX7Xb7eLeNUEuFkAJLb1nof73L2Ba3Alza2RxufuY3c=
Subject key identifier:   ED:95:7D:A9:0C:8F:9D:DC:C3:CF:5A:26:37:35:E9:F6:42:A7:D7:8B
Certificate issuer:       /CN=359f0f5ff620e0db5311f64736909973ac60f6f3
Certificate serial:       018570B97DD60741989EB689B1FEB97F1822
Authority key identifier: 35:9F:0F:5F:F6:20:E0:DB:53:11:F6:47:36:90:99:73:AC:60:F6:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/7ZV9qQyPndzDz1omNzXp9kKn14s.roa
Signing time:             Mon 02 Jan 2023 04:24:42 +0000
ROA not before:           Mon 02 Jan 2023 04:24:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     198668
IP address blocks:        185.97.24.0/22 maxlen: 22
                          185.64.222.0/24 maxlen: 32
                          37.221.240.0/20 maxlen: 32
                          45.153.192.0/22 maxlen: 24
                          185.19.0.0/22 maxlen: 32
                          185.74.60.0/23 maxlen: 32
                          85.255.88.0/22 maxlen: 22
                          2a0d:3140::/29 maxlen: 29
                          2a03:d840:ffff::/48 maxlen: 48
                          2a04:c740::/29 maxlen: 48
                          2a0f:9300::/29 maxlen: 29
                          2a03:d840::/32 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 12:29:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:b9:7d:d6:07:41:98:9e:b6:89:b1:fe:b9:7f:18:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=359f0f5ff620e0db5311f64736909973ac60f6f3
        Validity
            Not Before: Jan  2 04:24:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ed957da90c8f9ddcc3cf5a263735e9f642a7d78b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:a7:eb:34:27:88:32:ab:26:c3:f6:83:87:f9:
                    ce:37:bf:e3:4d:ff:b8:79:78:d8:3b:f6:3c:69:7f:
                    43:de:c8:81:b3:a6:7a:f9:53:c0:aa:db:70:54:87:
                    26:ec:52:93:bf:a1:64:8b:cf:e7:86:ab:3a:c1:84:
                    8d:f0:4e:dc:39:c8:04:8a:d7:95:f4:b6:31:b9:2a:
                    1f:03:37:1b:d5:be:a3:67:ea:92:08:63:34:18:90:
                    db:36:57:bf:89:3a:e9:66:72:66:fb:55:1d:be:fe:
                    86:d3:95:4d:8c:27:1d:13:8f:30:f6:af:8b:04:e1:
                    27:99:9f:ce:5a:bc:50:9a:4d:f2:d5:17:8f:4a:59:
                    2b:98:05:dc:e4:de:f5:26:3e:93:34:73:1d:16:6e:
                    fe:d5:42:41:55:c4:f0:f7:86:3c:b3:97:2e:35:f2:
                    42:8a:d0:db:fb:0d:c0:f2:ab:d8:ed:09:72:74:b7:
                    25:a4:36:f4:cd:56:d9:b7:fb:a2:a7:ef:f0:3b:d5:
                    e5:e6:e6:44:5e:95:83:4f:e2:9c:05:29:e6:7f:26:
                    24:a6:99:29:66:85:52:b4:2a:b0:e2:1f:e2:59:6a:
                    e0:0a:15:ab:3a:de:17:87:f2:4b:36:78:6e:5a:45:
                    f6:26:3c:0f:97:f3:df:45:57:73:a4:8f:bf:f8:c0:
                    5d:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:95:7D:A9:0C:8F:9D:DC:C3:CF:5A:26:37:35:E9:F6:42:A7:D7:8B
            X509v3 Authority Key Identifier:
                keyid:35:9F:0F:5F:F6:20:E0:DB:53:11:F6:47:36:90:99:73:AC:60:F6:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/7ZV9qQyPndzDz1omNzXp9kKn14s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.221.240.0/20
                  45.153.192.0/22
                  85.255.88.0/22
                  185.19.0.0/22
                  185.64.222.0/24
                  185.74.60.0/23
                  185.97.24.0/22
                IPv6:
                  2a03:d840::/32
                  2a04:c740::/29
                  2a0d:3140::/29
                  2a0f:9300::/29

    Signature Algorithm: sha256WithRSAEncryption
         2c:66:fe:b6:69:1f:7d:44:5c:b9:ef:20:c8:f2:7e:f9:f6:20:
         62:d3:d9:be:d6:0f:30:9a:7f:c7:d5:b5:5d:77:4b:51:d9:37:
         cc:0e:7d:41:8f:70:cc:bb:a3:32:72:44:06:d6:52:98:1f:db:
         78:f1:e5:c3:4c:16:68:ed:7a:74:35:5f:00:05:1c:76:0d:45:
         cc:fc:c9:67:41:83:c3:d4:14:cc:8a:8d:75:4f:64:dd:76:02:
         0c:52:f1:a1:56:0d:84:94:64:fa:fe:19:76:db:b7:28:15:f2:
         aa:d7:fd:7d:54:9b:77:aa:17:81:83:f4:ad:9d:81:d2:ee:82:
         0e:38:f9:0f:80:c8:28:a9:34:27:f9:1b:e1:31:c6:72:e6:72:
         0c:78:f1:29:74:01:71:59:b2:6b:54:d3:24:6d:59:2c:0d:11:
         2e:d5:82:2f:95:47:84:8c:aa:f6:2a:8f:cb:13:c8:66:d8:ec:
         c8:4c:5a:a4:16:e3:b1:4e:d8:2f:8c:5a:ef:6c:22:cd:f1:3d:
         09:d7:dd:c1:b5:64:44:da:83:d6:60:d8:b0:8e:09:98:c3:8c:
         ff:31:30:f6:62:93:20:da:30:59:96:99:07:f2:c6:f1:a4:18:
         d9:95:ba:15:36:8f:be:70:79:b8:4f:e9:32:ad:c0:91:3c:ef:
         1a:05:34:1a
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAYVwuX3WB0GYnraJsf65fxgiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1OWYwZjVmZjYyMGUwZGI1MzExZjY0NzM2OTA5OTczYWM2
MGY2ZjMwHhcNMjMwMTAyMDQyNDQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDk1N2RhOTBjOGY5ZGRjYzNjZjVhMjYzNzM1ZTlmNjQyYTdkNzhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp6frNCeIMqsmw/aDh/nON7/jTf+4
eXjYO/Y8aX9D3siBs6Z6+VPAqttwVIcm7FKTv6Fki8/nhqs6wYSN8E7cOcgEiteV
9LYxuSofAzcb1b6jZ+qSCGM0GJDbNle/iTrpZnJm+1Udvv6G05VNjCcdE48w9q+L
BOEnmZ/OWrxQmk3y1RePSlkrmAXc5N71Jj6TNHMdFm7+1UJBVcTw94Y8s5cuNfJC
itDb+w3A8qvY7QlydLclpDb0zVbZt/uip+/wO9Xl5uZEXpWDT+KcBSnmfyYkppkp
ZoVStCqw4h/iWWrgChWrOt4Xh/JLNnhuWkX2JjwPl/PfRVdzpI+/+MBdPQIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFO2VfakMj53cw89aJjc16fZCp9eLMB8GA1UdIwQY
MBaAFDWfD1/2IODbUxH2RzaQmXOsYPbzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlo4UFhfWWc0TnRURWZaSE5wQ1pjNnhnOXZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS80MGQ5YTUtMjU2Ni00OWUxLWE1N2It
ZDFhYmY0ZWUzMmNiLzEvN1pWOXFReVBuZHpEejFvbU56WHA5a0tuMTRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS80MGQ5YTUtMjU2Ni00OWUxLWE1N2ItZDFhYmY0ZWUzMmNi
LzEvTlo4UFhfWWc0TnRURWZaSE5wQ1pjNnhnOXZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjAwBAIAATAqAwQEJd3wAwQC
LZnAAwQCVf9YAwQCuRMAAwQAuUDeAwQBuUo8AwQCuWEYMCIEAgACMBwDBQAqA9hA
AwUDKgTHQAMFAyoNMUADBQMqD5MAMA0GCSqGSIb3DQEBCwUAA4IBAQAsZv62aR99
RFy57yDI8n759iBi09m+1g8wmn/H1bVdd0tR2TfMDn1Bj3DMu6MyckQG1lKYH9t4
8eXDTBZo7Xp0NV8ABRx2DUXM/MlnQYPD1BTMio11T2TddgIMUvGhVg2ElGT6/hl2
27coFfKq1/19VJt3qheBg/StnYHS7oIOOPkPgMgoqTQn+RvhMcZy5nIMePEpdAFx
WbJrVNMkbVksDREu1YIvlUeEjKr2Ko/LE8hm2OzITFqkFuOxTtgvjFrvbCLN8T0J
193BtWRE2oPWYNiwjgmYw4z/MTD2YpMg2jBZlpkH8sbxpBjZlboVNo++cHm4T+ky
rcCRPO8aBTQa
-----END CERTIFICATE-----