Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/e29dce-a174-4b77-89aa-236e92fc6a59/1/ihycCoJ4l07BZN4mDL0H8OMFQgA.roa
File:                     ihycCoJ4l07BZN4mDL0H8OMFQgA.roa (raw, json)
Hash identifier:          2x/WBEqb+LQQ8HrQJK/tx4z4su2Y3+z1xskA0Fcp+Y8=
Subject key identifier:   8A:1C:9C:0A:82:78:97:4E:C1:64:DE:26:0C:BD:07:F0:E3:05:42:00
Certificate issuer:       /CN=a86580e18ad6ff8dc942be883c16de8b731f9605
Certificate serial:       01866F4104294C664AD502B72A3C0A906783
Authority key identifier: A8:65:80:E1:8A:D6:FF:8D:C9:42:BE:88:3C:16:DE:8B:73:1F:96:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qGWA4YrW_43JQr6IPBbei3MflgU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/e29dce-a174-4b77-89aa-236e92fc6a59/1/ihycCoJ4l07BZN4mDL0H8OMFQgA.roa
Signing time:             Mon 20 Feb 2023 14:36:17 +0000
ROA not before:           Mon 20 Feb 2023 14:36:17 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     39686
IP address blocks:        144.178.192.0/19 maxlen: 24
                          144.178.224.0/20 maxlen: 24
                          185.184.204.0/22 maxlen: 24
                          144.178.96.0/21 maxlen: 24
                          45.11.164.0/22 maxlen: 24
                          161.51.64.0/19 maxlen: 24
                          144.178.112.0/22 maxlen: 24
                          144.178.120.0/21 maxlen: 24
                          93.95.248.0/21 maxlen: 24
                          144.178.240.0/21 maxlen: 24
                          89.20.160.0/19 maxlen: 24
                          144.178.64.0/19 maxlen: 24
                          2a01:9bc0::/29 maxlen: 48
                          2a02:fe8::/32 maxlen: 48
                          2a02:fe9::/32 maxlen: 48

Validation:               Failed, certificate revoked on Wed 29 Mar 2023 15:19:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:6f:41:04:29:4c:66:4a:d5:02:b7:2a:3c:0a:90:67:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a86580e18ad6ff8dc942be883c16de8b731f9605
        Validity
            Not Before: Feb 20 14:36:17 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8a1c9c0a8278974ec164de260cbd07f0e3054200
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:88:79:a5:52:64:f8:64:15:64:b7:8c:28:e5:
                    c5:26:d7:0e:b2:8c:0e:79:32:e8:03:dd:5d:02:ae:
                    e0:c4:03:ee:23:32:81:43:f8:4a:a1:dc:e2:e3:c7:
                    94:b6:c8:6a:6e:28:f5:2c:2e:12:ee:93:58:06:06:
                    43:c5:35:5d:28:9e:bc:23:2f:82:d5:7d:b9:23:66:
                    13:83:b3:be:3e:0c:a9:fe:0d:62:9c:9f:cb:4b:99:
                    c0:31:f3:4e:d1:7d:53:3e:57:32:62:51:bf:a3:a1:
                    39:3d:dc:27:c3:44:5a:ab:a0:91:19:18:26:3d:7c:
                    24:34:98:97:98:95:b5:91:3f:5a:b4:8f:2d:2d:71:
                    92:1b:6c:20:da:60:ce:1f:87:e0:78:fc:e2:4f:62:
                    d3:0f:d6:dc:5c:b2:f1:8f:77:5f:1c:87:f2:95:58:
                    f5:b4:55:6a:88:ab:36:e0:b5:53:90:bd:6c:23:fe:
                    68:07:2f:4f:5e:08:fb:44:a4:7f:32:73:8d:f6:53:
                    ff:62:9b:92:e7:5e:a4:93:bd:c8:3f:81:fe:a6:59:
                    d8:4b:9c:52:b8:62:c5:1b:11:05:4f:04:a5:e2:0c:
                    59:1e:b2:08:3e:bd:45:03:de:c3:fb:61:3d:eb:5d:
                    b8:5f:10:b5:ed:65:34:17:2a:31:ae:52:57:c7:6c:
                    9c:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:1C:9C:0A:82:78:97:4E:C1:64:DE:26:0C:BD:07:F0:E3:05:42:00
            X509v3 Authority Key Identifier:
                keyid:A8:65:80:E1:8A:D6:FF:8D:C9:42:BE:88:3C:16:DE:8B:73:1F:96:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qGWA4YrW_43JQr6IPBbei3MflgU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/e29dce-a174-4b77-89aa-236e92fc6a59/1/ihycCoJ4l07BZN4mDL0H8OMFQgA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/e29dce-a174-4b77-89aa-236e92fc6a59/1/qGWA4YrW_43JQr6IPBbei3MflgU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.164.0/22
                  89.20.160.0/19
                  93.95.248.0/21
                  144.178.64.0-144.178.103.255
                  144.178.112.0/22
                  144.178.120.0/21
                  144.178.192.0-144.178.247.255
                  161.51.64.0/19
                  185.184.204.0/22
                IPv6:
                  2a01:9bc0::/29
                  2a02:fe8::/31

    Signature Algorithm: sha256WithRSAEncryption
         7d:2c:b2:1f:84:6c:5e:d1:24:ba:e8:7b:90:06:ce:7a:99:21:
         fb:45:aa:01:88:12:9b:b1:3f:8a:d1:10:28:1a:76:bc:54:67:
         8d:5e:34:24:14:3c:e8:a8:41:8a:3c:23:63:cf:d3:a7:e2:5a:
         20:d6:75:13:49:f0:1c:33:9d:ea:3c:38:31:35:39:ab:1b:d5:
         d4:ad:bd:a6:89:f7:e6:a2:87:84:f5:23:d5:cb:e7:f9:37:77:
         35:b0:0b:e6:5d:d4:f2:fe:27:12:ea:af:c6:5d:9e:6b:fe:9d:
         a7:cc:83:08:28:fa:aa:12:b5:8d:68:17:f4:40:e7:6c:65:fb:
         de:1d:5d:ff:17:ac:04:b4:00:7a:63:96:dd:3a:c4:6e:a0:2a:
         ff:ec:2f:1e:81:17:77:e1:67:1b:c7:b0:80:59:4b:19:1c:2f:
         27:88:fe:b2:fa:75:08:69:56:6d:d3:a4:e2:e2:87:a0:e0:7a:
         2f:12:3c:01:3b:4a:b5:13:6b:e5:bf:0d:17:f2:90:19:f3:f5:
         68:38:ad:53:ce:21:e9:d6:8c:35:c9:72:fc:90:69:95:ac:7c:
         9b:9c:6b:41:c3:4c:73:2f:1e:87:6f:df:bb:a6:6e:c1:ca:da:
         11:42:bb:8d:99:1f:0a:22:e2:82:a0:da:48:3c:20:08:0c:f7:
         cb:b9:94:35
-----BEGIN CERTIFICATE-----
MIIFUzCCBDugAwIBAgISAYZvQQQpTGZK1QK3KjwKkGeDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NjU4MGUxOGFkNmZmOGRjOTQyYmU4ODNjMTZkZThiNzMx
Zjk2MDUwHhcNMjMwMjIwMTQzNjE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTFjOWMwYTgyNzg5NzRlYzE2NGRlMjYwY2JkMDdmMGUzMDU0MjAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkYh5pVJk+GQVZLeMKOXFJtcOsowO
eTLoA91dAq7gxAPuIzKBQ/hKodzi48eUtshqbij1LC4S7pNYBgZDxTVdKJ68Iy+C
1X25I2YTg7O+Pgyp/g1inJ/LS5nAMfNO0X1TPlcyYlG/o6E5Pdwnw0Raq6CRGRgm
PXwkNJiXmJW1kT9atI8tLXGSG2wg2mDOH4fgePziT2LTD9bcXLLxj3dfHIfylVj1
tFVqiKs24LVTkL1sI/5oBy9PXgj7RKR/MnON9lP/YpuS516kk73IP4H+plnYS5xS
uGLFGxEFTwSl4gxZHrIIPr1FA97D+2E96124XxC17WU0FyoxrlJXx2yc2QIDAQAB
o4ICXzCCAlswHQYDVR0OBBYEFIocnAqCeJdOwWTeJgy9B/DjBUIAMB8GA1UdIwQY
MBaAFKhlgOGK1v+NyUK+iDwW3otzH5YFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUdXQTRZcldfNDNKUXI2SVBCYmVpM01mbGdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS9lMjlkY2UtYTE3NC00Yjc3LTg5YWEt
MjM2ZTkyZmM2YTU5LzEvaWh5Y0NvSjRsMDdCWk40bURMMEg4T01GUWdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS9lMjlkY2UtYTE3NC00Yjc3LTg5YWEtMjM2ZTkyZmM2YTU5
LzEvcUdXQTRZcldfNDNKUXI2SVBCYmVpM01mbGdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHUGCCsGAQUFBwEHAQH/BGYwZDBMBAIAATBGAwQCLQukAwQF
WRSgAwQDXV/4MAwDBAaQskADBAOQsmADBAKQsnADBAOQsngwDAMEBpCywAMEA5Cy
8AMEBaEzQAMEArm4zDAUBAIAAjAOAwUDKgGbwAMFASoCD+gwDQYJKoZIhvcNAQEL
BQADggEBAH0ssh+EbF7RJLroe5AGznqZIftFqgGIEpuxP4rRECgadrxUZ41eNCQU
POioQYo8I2PP06fiWiDWdRNJ8Bwzneo8ODE1Oasb1dStvaaJ9+aih4T1I9XL5/k3
dzWwC+Zd1PL+JxLqr8Zdnmv+nafMgwgo+qoStY1oF/RA52xl+94dXf8XrAS0AHpj
lt06xG6gKv/sLx6BF3fhZxvHsIBZSxkcLyeI/rL6dQhpVm3TpOLih6Dgei8SPAE7
SrUTa+W/DRfykBnz9Wg4rVPOIenWjDXJcvyQaZWsfJuca0HDTHMvHodv37umbsHK
2hFCu42ZHwoi4oKg2kg8IAgM98u5lDU=
-----END CERTIFICATE-----