Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/1aa875-03b5-4c17-bb39-b0c1e3304e74/1/jTVDZjCL3_iktTgvUFccE-X8aEY.roa
File:                     jTVDZjCL3_iktTgvUFccE-X8aEY.roa (raw, json)
Hash identifier:          MR4VEqq1AT7vNW+kWBw4jlxNNq7aB+2DTs+aVk23DzQ=
Subject key identifier:   8D:35:43:66:30:8B:DF:F8:A4:B5:38:2F:50:57:1C:13:E5:FC:68:46
Certificate issuer:       /CN=f222fbe85ae408d377b217d4eba7b38b24baf5dd
Certificate serial:       01856F0257ECE4133487A3D93BF6505A87E9
Authority key identifier: F2:22:FB:E8:5A:E4:08:D3:77:B2:17:D4:EB:A7:B3:8B:24:BA:F5:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8iL76FrkCNN3shfU66eziyS69d0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/1aa875-03b5-4c17-bb39-b0c1e3304e74/1/jTVDZjCL3_iktTgvUFccE-X8aEY.roa
Signing time:             Sun 01 Jan 2023 20:25:02 +0000
ROA not before:           Sun 01 Jan 2023 20:25:02 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     25394
IP address blocks:        91.196.140.0/22 maxlen: 24
                          212.90.128.0/19 maxlen: 24
                          109.75.16.0/20 maxlen: 24
                          217.199.192.0/20 maxlen: 24
                          153.94.128.0/17 maxlen: 24
                          153.94.32.0/20 maxlen: 24
                          178.210.96.0/19 maxlen: 24
                          153.94.48.0/21 maxlen: 24
                          85.220.128.0/17 maxlen: 24
                          93.93.248.0/21 maxlen: 24
                          82.100.192.0/18 maxlen: 24
                          213.172.96.0/19 maxlen: 24
                          31.209.112.0/20 maxlen: 24
                          2a00:4d80::/32 maxlen: 48
                          2001:1640::/32 maxlen: 48

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 02:30:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:02:57:ec:e4:13:34:87:a3:d9:3b:f6:50:5a:87:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f222fbe85ae408d377b217d4eba7b38b24baf5dd
        Validity
            Not Before: Jan  1 20:25:02 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8d354366308bdff8a4b5382f50571c13e5fc6846
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:71:d2:62:6b:8f:ea:cd:f7:be:b2:ac:cb:f7:
                    37:58:29:14:3d:cd:fe:ba:38:0b:f7:19:d1:84:89:
                    56:0f:d7:a9:91:91:9d:17:4c:cc:c5:fc:5f:13:10:
                    7a:f1:df:0a:e0:ee:15:9d:47:c7:3c:40:0d:89:e7:
                    3e:3f:6d:18:ad:fd:4c:b8:fb:8a:74:9c:5b:74:e5:
                    60:23:88:ec:91:e2:ae:04:99:c5:ed:dc:83:db:50:
                    46:ed:6e:bd:76:64:84:b7:61:57:e5:ac:2a:51:16:
                    0b:d3:5e:46:99:90:c0:8a:bb:48:8c:4c:be:7e:c2:
                    32:5e:ab:5f:a0:88:bc:49:0c:4b:f7:81:50:ed:f7:
                    60:4a:2e:ec:bf:1f:c2:ef:65:1d:d6:b9:d7:7f:9a:
                    16:58:0c:4b:11:b0:dc:d3:d2:43:d9:a3:00:02:f1:
                    f4:eb:3a:12:e7:cf:95:3e:87:fe:33:63:c6:96:56:
                    4c:77:1d:49:aa:4d:58:f8:51:08:8d:f1:2c:35:af:
                    d5:e7:d2:7a:a6:81:1f:e7:6e:35:6e:36:1a:ff:18:
                    c2:7e:33:51:6a:84:62:6e:e3:eb:47:a8:9d:ce:bd:
                    26:cf:ae:e9:03:a3:0f:6d:39:64:4e:0b:c4:fc:39:
                    b8:9f:8b:67:ba:8a:50:3e:43:26:3a:61:ef:6a:df:
                    8e:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:35:43:66:30:8B:DF:F8:A4:B5:38:2F:50:57:1C:13:E5:FC:68:46
            X509v3 Authority Key Identifier:
                keyid:F2:22:FB:E8:5A:E4:08:D3:77:B2:17:D4:EB:A7:B3:8B:24:BA:F5:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8iL76FrkCNN3shfU66eziyS69d0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/1aa875-03b5-4c17-bb39-b0c1e3304e74/1/jTVDZjCL3_iktTgvUFccE-X8aEY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/1aa875-03b5-4c17-bb39-b0c1e3304e74/1/8iL76FrkCNN3shfU66eziyS69d0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.209.112.0/20
                  82.100.192.0/18
                  85.220.128.0/17
                  91.196.140.0/22
                  93.93.248.0/21
                  109.75.16.0/20
                  153.94.32.0-153.94.55.255
                  153.94.128.0/17
                  178.210.96.0/19
                  212.90.128.0/19
                  213.172.96.0/19
                  217.199.192.0/20
                IPv6:
                  2001:1640::/32
                  2a00:4d80::/32

    Signature Algorithm: sha256WithRSAEncryption
         73:f4:0d:a6:f2:92:0b:fd:5e:47:de:6a:61:41:1a:8e:b1:1e:
         50:bf:50:42:7a:12:da:c1:f8:1c:78:1d:b1:bd:1a:0b:fa:51:
         68:f9:90:8f:c7:f8:74:01:82:99:54:1e:89:7f:f3:c1:99:50:
         2a:53:4d:6d:8d:40:f2:d1:dd:aa:56:39:8a:88:51:e4:9a:c6:
         49:52:e4:78:df:2d:4a:eb:50:9a:fa:86:11:41:ad:7d:cd:39:
         62:1c:c9:bb:37:20:48:ad:96:29:cb:53:23:e5:96:f7:60:65:
         00:22:e9:17:22:17:29:8d:5c:a4:a0:e0:5b:c8:60:90:e9:3d:
         27:9f:f1:58:cb:a1:c3:96:7d:c2:ab:a7:fe:68:f0:23:10:fa:
         3e:38:bb:7d:e4:6b:d9:46:0c:b7:c5:7a:79:cf:d2:f9:70:ff:
         38:01:3d:f9:52:ea:39:3b:b9:85:c8:59:68:cc:53:1d:61:9d:
         eb:aa:e7:10:4b:00:31:10:a8:ab:b2:c4:bc:95:4c:e2:0c:ff:
         28:6b:fd:de:e1:5a:08:15:71:7d:aa:88:8f:a2:ea:4d:92:49:
         a5:39:51:4b:ff:68:01:97:ff:50:aa:20:8f:ac:7c:0c:28:c3:
         66:1a:22:30:d2:c2:ad:05:7c:47:67:8a:51:67:8d:61:2b:4e:
         38:8b:14:40
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgISAYVvAlfs5BM0h6PZO/ZQWofpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyMjJmYmU4NWFlNDA4ZDM3N2IyMTdkNGViYTdiMzhiMjRi
YWY1ZGQwHhcNMjMwMTAxMjAyNTAyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDM1NDM2NjMwOGJkZmY4YTRiNTM4MmY1MDU3MWMxM2U1ZmM2ODQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3HSYmuP6s33vrKsy/c3WCkUPc3+
ujgL9xnRhIlWD9epkZGdF0zMxfxfExB68d8K4O4VnUfHPEANiec+P20Yrf1MuPuK
dJxbdOVgI4jskeKuBJnF7dyD21BG7W69dmSEt2FX5awqURYL015GmZDAirtIjEy+
fsIyXqtfoIi8SQxL94FQ7fdgSi7svx/C72Ud1rnXf5oWWAxLEbDc09JD2aMAAvH0
6zoS58+VPof+M2PGllZMdx1Jqk1Y+FEIjfEsNa/V59J6poEf5241bjYa/xjCfjNR
aoRibuPrR6idzr0mz67pA6MPbTlkTgvE/Dm4n4tnuopQPkMmOmHvat+O5wIDAQAB
o4ICaTCCAmUwHQYDVR0OBBYEFI01Q2Ywi9/4pLU4L1BXHBPl/GhGMB8GA1UdIwQY
MBaAFPIi++ha5AjTd7IX1Ouns4skuvXdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGlMNzZGcmtDTk4zc2hmVTY2ZXppeVM2OWQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi8xYWE4NzUtMDNiNS00YzE3LWJiMzkt
YjBjMWUzMzA0ZTc0LzEvalRWRFpqQ0wzX2lrdFRndlVGY2NFLVg4YUVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi8xYWE4NzUtMDNiNS00YzE3LWJiMzktYjBjMWUzMzA0ZTc0
LzEvOGlMNzZGcmtDTk4zc2hmVTY2ZXppeVM2OWQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH8GCCsGAQUFBwEHAQH/BHAwbjBWBAIAATBQAwQEH9FwAwQG
UmTAAwQHVdyAAwQCW8SMAwQDXV34AwQEbUsQMAwDBAWZXiADBAOZXjADBAeZXoAD
BAWy0mADBAXUWoADBAXVrGADBATZx8AwFAQCAAIwDgMFACABFkADBQAqAE2AMA0G
CSqGSIb3DQEBCwUAA4IBAQBz9A2m8pIL/V5H3mphQRqOsR5Qv1BCehLawfgceB2x
vRoL+lFo+ZCPx/h0AYKZVB6Jf/PBmVAqU01tjUDy0d2qVjmKiFHkmsZJUuR43y1K
61Ca+oYRQa19zTliHMm7NyBIrZYpy1Mj5Zb3YGUAIukXIhcpjVykoOBbyGCQ6T0n
n/FYy6HDln3Cq6f+aPAjEPo+OLt95GvZRgy3xXp5z9L5cP84AT35Uuo5O7mFyFlo
zFMdYZ3rqucQSwAxEKirssS8lUziDP8oa/3e4VoIFXF9qoiPoupNkkmlOVFL/2gB
l/9QqiCPrHwMKMNmGiIw0sKtBXxHZ4pRZ41hK044ixRA
-----END CERTIFICATE-----