Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/fb5abe-6a3a-4d37-bf61-63e75e953a93/1/c9DsD0Lk99q1cxsepAoDiYycASA.roa
File:                     c9DsD0Lk99q1cxsepAoDiYycASA.roa (raw, json)
Hash identifier:          G2BThDx2KoKKDYJlKdf+l7yVfTWUaC90rJYpRVJvXXY=
Subject key identifier:   73:D0:EC:0F:42:E4:F7:DA:B5:73:1B:1E:A4:0A:03:89:8C:9C:01:20
Certificate issuer:       /CN=701624ffc5721c158e4cc9bb071eb4fb87d88c24
Certificate serial:       01856FE708E5556AD11F86C75F10C6514065
Authority key identifier: 70:16:24:FF:C5:72:1C:15:8E:4C:C9:BB:07:1E:B4:FB:87:D8:8C:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cBYk_8VyHBWOTMm7Bx60-4fYjCQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/fb5abe-6a3a-4d37-bf61-63e75e953a93/1/c9DsD0Lk99q1cxsepAoDiYycASA.roa
Signing time:             Mon 02 Jan 2023 00:34:50 +0000
ROA not before:           Mon 02 Jan 2023 00:34:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     47329
IP address blocks:        79.139.48.0/22 maxlen: 22
                          185.63.108.0/22 maxlen: 22
                          185.39.161.0/24 maxlen: 24
                          185.39.163.0/24 maxlen: 24
                          185.39.160.0/22 maxlen: 22
                          185.63.200.0/22 maxlen: 22
                          185.67.68.0/22 maxlen: 22
                          185.116.252.0/24 maxlen: 24
                          185.116.253.0/24 maxlen: 24
                          195.62.64.0/23 maxlen: 23
                          195.62.65.0/24 maxlen: 24
                          185.116.254.0/24 maxlen: 24
                          185.116.255.0/24 maxlen: 24
                          79.139.112.0/22 maxlen: 22
                          185.67.8.0/22 maxlen: 22

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 02:29:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:e7:08:e5:55:6a:d1:1f:86:c7:5f:10:c6:51:40:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=701624ffc5721c158e4cc9bb071eb4fb87d88c24
        Validity
            Not Before: Jan  2 00:34:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=73d0ec0f42e4f7dab5731b1ea40a03898c9c0120
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:73:2f:9b:e1:39:17:5e:6e:f6:fa:b0:e0:ed:
                    9e:d3:56:65:36:69:6f:49:02:39:0d:4c:1c:71:f4:
                    23:7b:9c:a7:86:83:f2:5e:ad:92:f3:e7:ea:f7:bd:
                    d0:3f:d6:a5:4f:8a:53:fd:d3:88:d5:77:9e:bd:ec:
                    c2:12:5b:85:d9:0d:d9:52:82:88:9a:16:a7:f8:d1:
                    17:28:70:e5:1a:07:d5:4d:ba:27:09:ef:d6:aa:8a:
                    65:6d:b9:4e:5b:39:33:b1:54:3a:74:55:28:37:77:
                    2b:31:ff:c7:23:2d:7a:a6:07:a4:7a:77:31:da:53:
                    d3:6f:44:c2:06:10:14:a9:f6:b9:54:b9:b3:f9:55:
                    ec:3f:44:bf:02:0a:22:ce:a5:72:60:e7:39:a5:25:
                    c1:45:32:6a:f5:45:f5:89:b4:c7:a9:16:f6:42:63:
                    b0:80:b5:ec:bb:ad:c9:ba:c5:14:d7:62:2f:3b:16:
                    27:3c:96:ef:1f:40:9f:a3:dd:81:20:63:ff:ba:65:
                    5f:5e:80:25:3c:96:84:0f:7e:d6:42:9c:93:47:18:
                    6c:92:5e:0d:c5:51:13:87:91:cb:9e:ec:22:27:52:
                    77:20:c1:e2:25:18:32:33:d5:c0:91:62:5c:a1:32:
                    b8:52:89:a3:5b:a7:f6:8f:fa:e9:a7:d3:6e:a6:7f:
                    36:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:D0:EC:0F:42:E4:F7:DA:B5:73:1B:1E:A4:0A:03:89:8C:9C:01:20
            X509v3 Authority Key Identifier:
                keyid:70:16:24:FF:C5:72:1C:15:8E:4C:C9:BB:07:1E:B4:FB:87:D8:8C:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cBYk_8VyHBWOTMm7Bx60-4fYjCQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/fb5abe-6a3a-4d37-bf61-63e75e953a93/1/c9DsD0Lk99q1cxsepAoDiYycASA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/fb5abe-6a3a-4d37-bf61-63e75e953a93/1/cBYk_8VyHBWOTMm7Bx60-4fYjCQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.139.48.0/22
                  79.139.112.0/22
                  185.39.160.0/22
                  185.63.108.0/22
                  185.63.200.0/22
                  185.67.8.0/22
                  185.67.68.0/22
                  185.116.252.0/22
                  195.62.64.0/23

    Signature Algorithm: sha256WithRSAEncryption
         73:1b:f3:56:e4:a1:4b:43:6b:4f:65:66:c8:e1:8c:77:13:11:
         e0:bc:82:a8:7e:18:c3:62:e2:de:90:0b:19:d4:0c:c1:9e:d5:
         50:f9:d1:fd:7f:85:58:df:ca:a4:ab:23:2d:69:be:ff:83:e6:
         4f:06:77:35:a0:3a:4b:93:0a:5c:3d:54:9d:77:0a:2a:b9:92:
         73:d0:cd:72:06:8a:83:31:83:6b:c8:db:34:08:44:71:83:f1:
         b7:cb:02:fe:f6:0c:e8:1f:8b:96:d3:c1:dd:27:f3:cd:fa:66:
         d7:5d:cb:85:bb:52:ba:55:89:a4:9f:37:65:6d:da:82:c8:13:
         aa:24:88:b8:e8:de:61:cb:15:f6:d4:4e:92:23:83:1e:b9:9b:
         53:69:30:73:10:51:35:00:2b:7c:84:60:6a:8a:16:ca:e1:84:
         0c:4c:9c:12:80:67:76:f4:56:7f:08:1a:b3:e7:48:cf:77:3e:
         cd:a2:68:9e:eb:34:98:31:f0:59:5b:23:16:cc:c5:5b:8f:1c:
         0c:f6:32:2d:9b:89:7d:88:d6:8f:90:92:c4:6f:fc:b7:13:5e:
         ab:0c:ce:4a:c8:8c:a8:67:34:ff:f8:39:f2:35:68:f5:dd:96:
         31:e9:73:cb:b3:b2:cc:1c:05:5f:b0:97:d6:32:5d:e9:de:63:
         bf:5c:ce:36
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYVv5wjlVWrRH4bHXxDGUUBlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwMTYyNGZmYzU3MjFjMTU4ZTRjYzliYjA3MWViNGZiODdk
ODhjMjQwHhcNMjMwMTAyMDAzNDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2QwZWMwZjQyZTRmN2RhYjU3MzFiMWVhNDBhMDM4OThjOWMwMTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj3Mvm+E5F15u9vqw4O2e01ZlNmlv
SQI5DUwccfQje5ynhoPyXq2S8+fq973QP9alT4pT/dOI1XeevezCEluF2Q3ZUoKI
mhan+NEXKHDlGgfVTbonCe/WqoplbblOWzkzsVQ6dFUoN3crMf/HIy16pgekencx
2lPTb0TCBhAUqfa5VLmz+VXsP0S/AgoizqVyYOc5pSXBRTJq9UX1ibTHqRb2QmOw
gLXsu63JusUU12IvOxYnPJbvH0Cfo92BIGP/umVfXoAlPJaED37WQpyTRxhskl4N
xVETh5HLnuwiJ1J3IMHiJRgyM9XAkWJcoTK4UomjW6f2j/rpp9Nupn820QIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFHPQ7A9C5PfatXMbHqQKA4mMnAEgMB8GA1UdIwQY
MBaAFHAWJP/FchwVjkzJuwcetPuH2IwkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0JZa184VnlIQldPVE1tN0J4NjAtNGZZakNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9mYjVhYmUtNmEzYS00ZDM3LWJmNjEt
NjNlNzVlOTUzYTkzLzEvYzlEc0QwTGs5OXExY3hzZXBBb0RpWXljQVNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9mYjVhYmUtNmEzYS00ZDM3LWJmNjEtNjNlNzVlOTUzYTkz
LzEvY0JZa184VnlIQldPVE1tN0J4NjAtNGZZakNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQCT4swAwQC
T4twAwQCuSegAwQCuT9sAwQCuT/IAwQCuUMIAwQCuUNEAwQCuXT8AwQBwz5AMA0G
CSqGSIb3DQEBCwUAA4IBAQBzG/NW5KFLQ2tPZWbI4Yx3ExHgvIKofhjDYuLekAsZ
1AzBntVQ+dH9f4VY38qkqyMtab7/g+ZPBnc1oDpLkwpcPVSddwoquZJz0M1yBoqD
MYNryNs0CERxg/G3ywL+9gzoH4uW08HdJ/PN+mbXXcuFu1K6VYmknzdlbdqCyBOq
JIi46N5hyxX21E6SI4MeuZtTaTBzEFE1ACt8hGBqihbK4YQMTJwSgGd29FZ/CBqz
50jPdz7Nomie6zSYMfBZWyMWzMVbjxwM9jItm4l9iNaPkJLEb/y3E16rDM5KyIyo
ZzT/+DnyNWj13ZYx6XPLs7LMHAVfsJfWMl3p3mO/XM42
-----END CERTIFICATE-----