Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/CONyFC7jN0bES1W1NtnirmhO9Ww.roa
File:                     CONyFC7jN0bES1W1NtnirmhO9Ww.roa (raw, json)
Hash identifier:          c1K0SR75J34bXyTTth+bDbP3oLToA1Ap9t7JtYzq14Q=
Subject key identifier:   08:E3:72:14:2E:E3:37:46:C4:4B:55:B5:36:D9:E2:AE:68:4E:F5:6C
Certificate issuer:       /CN=eea02b197dbaf7deb74e0a27d9d4ecd3fae1e8ed
Certificate serial:       01879D2A0164793F9E5A36C546664AC00255
Authority key identifier: EE:A0:2B:19:7D:BA:F7:DE:B7:4E:0A:27:D9:D4:EC:D3:FA:E1:E8:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7qArGX269963Tgon2dTs0_rh6O0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/CONyFC7jN0bES1W1NtnirmhO9Ww.roa
Signing time:             Thu 20 Apr 2023 05:36:28 +0000
ROA not before:           Thu 20 Apr 2023 05:36:28 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     57152
IP address blocks:        185.73.128.0/22 maxlen: 24
                          104.247.172.0/24 maxlen: 24
                          104.247.171.0/24 maxlen: 24
                          104.247.170.0/24 maxlen: 24
                          104.247.175.0/24 maxlen: 24
                          104.247.174.0/24 maxlen: 24
                          104.247.173.0/24 maxlen: 24
                          104.247.179.0/24 maxlen: 24
                          104.247.178.0/24 maxlen: 24
                          104.247.177.0/24 maxlen: 24
                          104.247.176.0/24 maxlen: 24
                          104.247.182.0/24 maxlen: 24
                          104.247.180.0/24 maxlen: 24
                          104.247.186.0/24 maxlen: 24
                          104.247.185.0/24 maxlen: 24
                          104.247.184.0/24 maxlen: 24
                          185.137.215.0/24 maxlen: 24
                          2a03:a5a0:1::/48 maxlen: 48

Validation:               Failed, certificate revoked on Wed 31 May 2023 13:27:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:9d:2a:01:64:79:3f:9e:5a:36:c5:46:66:4a:c0:02:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eea02b197dbaf7deb74e0a27d9d4ecd3fae1e8ed
        Validity
            Not Before: Apr 20 05:36:28 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=08e372142ee33746c44b55b536d9e2ae684ef56c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:40:46:58:92:97:1f:3f:1e:70:f3:77:39:de:
                    3b:91:66:f5:25:f6:c8:18:c8:fa:37:7c:66:79:9e:
                    7b:1d:5e:bb:bf:3d:ed:09:45:eb:e0:f5:6d:02:9a:
                    13:2b:02:d4:2b:57:47:d2:72:90:04:26:7b:57:1a:
                    c3:fe:20:6e:ee:6a:56:ff:01:6d:15:01:d2:93:53:
                    6b:e3:ea:ae:7a:30:db:ba:8a:af:77:6f:06:98:c6:
                    67:a2:59:51:cb:09:f1:08:45:15:c8:f6:23:c2:00:
                    87:24:0d:b4:70:9a:28:ea:e6:e4:b6:b9:18:41:dd:
                    64:99:f4:dd:1c:63:08:6f:96:8f:68:f2:d0:3e:bf:
                    9c:cb:dc:43:ef:65:f8:f8:44:35:1a:41:c7:b0:b5:
                    fa:a6:d5:80:d9:e3:f1:e0:1a:ff:cb:94:cc:8a:7f:
                    6b:fb:df:7a:e1:c1:bf:93:e7:3a:9a:5d:92:79:20:
                    9e:db:1c:e6:0a:0e:7d:77:e2:72:31:b2:07:28:14:
                    eb:49:b4:63:e4:70:74:04:6c:77:3a:6b:4a:6a:89:
                    cd:1a:65:48:10:ac:06:c0:73:a2:de:57:4e:16:91:
                    21:12:16:80:7f:ec:aa:d9:da:86:df:39:cb:64:c2:
                    84:61:14:12:46:c2:7a:da:91:84:8c:4a:9c:13:d2:
                    a1:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:E3:72:14:2E:E3:37:46:C4:4B:55:B5:36:D9:E2:AE:68:4E:F5:6C
            X509v3 Authority Key Identifier:
                keyid:EE:A0:2B:19:7D:BA:F7:DE:B7:4E:0A:27:D9:D4:EC:D3:FA:E1:E8:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7qArGX269963Tgon2dTs0_rh6O0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/CONyFC7jN0bES1W1NtnirmhO9Ww.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/7qArGX269963Tgon2dTs0_rh6O0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.247.170.0-104.247.180.255
                  104.247.182.0/24
                  104.247.184.0-104.247.186.255
                  185.73.128.0/22
                  185.137.215.0/24
                IPv6:
                  2a03:a5a0:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         b3:0d:4e:9a:13:c9:20:2f:42:82:d8:a8:52:74:1c:e1:6c:9b:
         17:ca:a1:63:92:f5:dc:c7:37:6e:6f:cb:46:06:c9:46:a3:87:
         f2:bb:db:b1:c1:4f:1a:3c:c7:e7:99:b7:ea:c6:f8:2b:d5:77:
         58:cc:ce:71:7d:1f:dc:19:c7:67:99:fe:13:13:8b:5c:d4:85:
         43:d3:bb:21:b8:35:54:dc:f8:08:37:4e:4d:77:65:a2:a6:a8:
         92:f5:65:55:a0:dc:a3:d1:3a:40:d1:61:70:16:79:1e:ea:bb:
         f8:0e:5d:de:f8:1e:0a:c1:71:f4:dd:0c:7b:25:60:ab:4e:ee:
         c6:bf:a6:fd:7e:27:8e:ff:3c:c5:98:61:a5:5a:2f:8e:d0:f3:
         1f:6c:98:42:a4:5c:fa:49:68:37:7c:9e:63:88:78:70:60:e3:
         d0:c7:39:a9:88:1b:87:3d:c0:ce:0d:bb:1c:65:cd:af:5f:24:
         27:53:a9:80:63:78:64:7c:20:5c:bf:bd:25:5e:7b:e8:0b:73:
         12:e0:ec:f9:dc:ad:4a:93:d7:f3:ad:d1:bd:5d:f9:7b:c4:c4:
         7a:6d:ca:5f:70:c6:44:a7:b1:4b:18:bc:bb:cb:34:da:1d:43:
         61:c0:ad:e1:42:6f:16:10:02:a5:6e:8d:2a:14:3c:a4:26:73:
         6a:4d:1a:95
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAYedKgFkeT+eWjbFRmZKwAJVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYTAyYjE5N2RiYWY3ZGViNzRlMGEyN2Q5ZDRlY2QzZmFl
MWU4ZWQwHhcNMjMwNDIwMDUzNjI4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGUzNzIxNDJlZTMzNzQ2YzQ0YjU1YjUzNmQ5ZTJhZTY4NGVmNTZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmkBGWJKXHz8ecPN3Od47kWb1JfbI
GMj6N3xmeZ57HV67vz3tCUXr4PVtApoTKwLUK1dH0nKQBCZ7VxrD/iBu7mpW/wFt
FQHSk1Nr4+quejDbuoqvd28GmMZnollRywnxCEUVyPYjwgCHJA20cJoo6ubktrkY
Qd1kmfTdHGMIb5aPaPLQPr+cy9xD72X4+EQ1GkHHsLX6ptWA2ePx4Br/y5TMin9r
+9964cG/k+c6ml2SeSCe2xzmCg59d+JyMbIHKBTrSbRj5HB0BGx3OmtKaonNGmVI
EKwGwHOi3ldOFpEhEhaAf+yq2dqG3znLZMKEYRQSRsJ62pGEjEqcE9KhYQIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFAjjchQu4zdGxEtVtTbZ4q5oTvVsMB8GA1UdIwQY
MBaAFO6gKxl9uvfet04KJ9nU7NP64ejtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3FBckdYMjY5OTYzVGdvbjJkVHMwX3JoNk8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS85NzFiMTEtMjgwZS00Y2VkLWI5OWMt
YmJjY2FiOTEzYjVkLzEvQ09OeUZDN2pOMGJFUzFXMU50bmlybWhPOVd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS85NzFiMTEtMjgwZS00Y2VkLWI5OWMtYmJjY2FiOTEzYjVk
LzEvN3FBckdYMjY5OTYzVGdvbjJkVHMwX3JoNk8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA0BAIAATAuMAwDBAFo96oD
BABo97QDBABo97YwDAMEA2j3uAMEAGj3ugMEArlJgAMEALmJ1zAPBAIAAjAJAwcA
KgOloAABMA0GCSqGSIb3DQEBCwUAA4IBAQCzDU6aE8kgL0KC2KhSdBzhbJsXyqFj
kvXcxzdub8tGBslGo4fyu9uxwU8aPMfnmbfqxvgr1XdYzM5xfR/cGcdnmf4TE4tc
1IVD07shuDVU3PgIN05Nd2WipqiS9WVVoNyj0TpA0WFwFnke6rv4Dl3e+B4KwXH0
3Qx7JWCrTu7Gv6b9fieO/zzFmGGlWi+O0PMfbJhCpFz6SWg3fJ5jiHhwYOPQxzmp
iBuHPcDODbscZc2vXyQnU6mAY3hkfCBcv70lXnvoC3MS4Oz53K1Kk9fzrdG9Xfl7
xMR6bcpfcMZEp7FLGLy7yzTaHUNhwK3hQm8WEAKlbo0qFDykJnNqTRqV
-----END CERTIFICATE-----