Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/758467-6818-4e84-87ba-5d838668bebe/1/nFeQP5zvIkCfu44muh6YwLf7wvY.roa
File:                     nFeQP5zvIkCfu44muh6YwLf7wvY.roa (raw, json)
Hash identifier:          i05akdPIUUPWL85oAPgV9GLe9oYdbGLVtsA01kvMAF0=
Subject key identifier:   9C:57:90:3F:9C:EF:22:40:9F:BB:8E:26:BA:1E:98:C0:B7:FB:C2:F6
Certificate issuer:       /CN=bf2805992e6531d3da31ee1af6bcd5c06d02b6ca
Certificate serial:       01856C1C8E00BF840F5C1579DC345AB9210B
Authority key identifier: BF:28:05:99:2E:65:31:D3:DA:31:EE:1A:F6:BC:D5:C0:6D:02:B6:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vygFmS5lMdPaMe4a9rzVwG0Ctso.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/758467-6818-4e84-87ba-5d838668bebe/1/nFeQP5zvIkCfu44muh6YwLf7wvY.roa
Signing time:             Sun 01 Jan 2023 06:54:48 +0000
ROA not before:           Sun 01 Jan 2023 06:54:48 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     13189
IP address blocks:        185.94.72.0/22 maxlen: 22
                          83.172.64.0/19 maxlen: 19
                          95.140.176.0/20 maxlen: 20
                          62.101.32.0/21 maxlen: 21
                          62.101.40.0/22 maxlen: 22
                          62.101.44.0/22 maxlen: 22
                          212.112.32.0/19 maxlen: 19
                          62.101.48.0/22 maxlen: 22
                          62.101.56.0/21 maxlen: 21
                          83.172.96.0/19 maxlen: 19
                          2001:be8::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 10:33:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:1c:8e:00:bf:84:0f:5c:15:79:dc:34:5a:b9:21:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf2805992e6531d3da31ee1af6bcd5c06d02b6ca
        Validity
            Not Before: Jan  1 06:54:48 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9c57903f9cef22409fbb8e26ba1e98c0b7fbc2f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:6d:5c:a7:03:1a:3a:2e:ae:ce:54:bb:35:dc:
                    7f:a4:64:83:23:75:81:d2:19:66:4a:03:f1:cb:89:
                    1d:85:f5:54:b1:8a:af:d4:be:bf:26:c2:66:98:40:
                    66:19:4a:a7:d2:68:96:ab:ff:6c:5f:97:32:d7:a7:
                    46:7b:03:2f:48:85:0c:5f:31:e7:6d:f0:68:c6:ca:
                    86:41:48:95:c7:ba:41:87:8e:88:f5:88:54:e0:3a:
                    e4:0c:8f:08:92:b8:78:d6:6d:a8:65:37:6f:8e:d0:
                    fa:5a:00:52:46:94:3a:34:55:af:25:81:c2:c6:93:
                    25:d1:bc:a7:94:58:b6:ca:a6:2b:a6:82:64:89:3d:
                    67:91:56:c1:4f:57:6a:6c:c7:3a:58:91:2f:1c:d8:
                    49:4c:5f:40:7b:36:a0:35:03:f8:ec:9a:bd:80:5f:
                    51:be:2e:81:58:bf:fa:e9:ad:ba:c8:bd:fd:49:5b:
                    64:0b:83:63:65:80:a7:9f:d4:c6:30:0d:35:91:16:
                    1b:99:f0:fc:10:25:7e:f2:92:6d:cb:2a:67:c7:4f:
                    08:08:81:2e:d5:b4:31:94:25:45:ab:8f:d1:6d:3c:
                    a0:5f:53:d8:a8:aa:d4:cc:65:10:3a:61:9d:ab:f4:
                    4d:a0:50:fe:1e:b0:9e:2f:3d:a1:b1:0b:57:c1:22:
                    12:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:57:90:3F:9C:EF:22:40:9F:BB:8E:26:BA:1E:98:C0:B7:FB:C2:F6
            X509v3 Authority Key Identifier:
                keyid:BF:28:05:99:2E:65:31:D3:DA:31:EE:1A:F6:BC:D5:C0:6D:02:B6:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vygFmS5lMdPaMe4a9rzVwG0Ctso.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/758467-6818-4e84-87ba-5d838668bebe/1/nFeQP5zvIkCfu44muh6YwLf7wvY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/758467-6818-4e84-87ba-5d838668bebe/1/vygFmS5lMdPaMe4a9rzVwG0Ctso.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.101.32.0-62.101.51.255
                  62.101.56.0/21
                  83.172.64.0/18
                  95.140.176.0/20
                  185.94.72.0/22
                  212.112.32.0/19
                IPv6:
                  2001:be8::/32

    Signature Algorithm: sha256WithRSAEncryption
         1a:09:26:f3:63:56:9a:9d:df:af:49:54:e2:aa:88:c1:83:db:
         31:5e:e5:ba:e4:d1:09:a5:22:a7:df:65:1b:3a:3c:21:dd:c7:
         77:09:7a:a3:ec:46:71:d7:ca:a7:57:fe:da:a8:0d:01:3e:ef:
         2c:6e:9c:92:99:ab:79:17:e9:73:08:55:b4:cd:06:c6:1a:8d:
         77:17:50:0e:2f:ac:8a:cc:e5:8f:83:62:61:3b:60:70:3a:4c:
         4c:d6:10:20:43:85:fa:7a:3e:68:e4:e5:ac:f1:37:24:a6:ab:
         d5:61:5e:20:8e:40:28:b2:e5:e5:d8:ee:f7:41:a0:3a:5d:ab:
         13:09:82:d3:c5:d7:34:d7:cf:4e:da:2f:01:85:3d:06:30:3f:
         9b:75:0d:72:e9:a5:80:11:84:a8:52:cd:f8:45:d0:8b:d3:31:
         83:1b:af:b3:0b:ab:b1:b3:a1:b4:c4:4b:1e:ea:9b:6a:b9:b1:
         df:79:14:3b:7f:64:69:05:91:96:e6:1d:7d:6c:20:47:f4:eb:
         d8:fa:e7:66:f6:0f:8a:fa:db:73:b0:6a:b2:af:81:28:4e:64:
         10:42:7f:5b:e1:b5:00:a6:fe:5f:9f:e1:94:d2:07:33:df:a1:
         55:fe:b3:19:2c:57:39:63:c8:a5:2d:05:7a:29:4b:4a:e0:55:
         15:68:7e:ae
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgISAYVsHI4Av4QPXBV53DRauSELMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmMjgwNTk5MmU2NTMxZDNkYTMxZWUxYWY2YmNkNWMwNmQw
MmI2Y2EwHhcNMjMwMTAxMDY1NDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzU3OTAzZjljZWYyMjQwOWZiYjhlMjZiYTFlOThjMGI3ZmJjMmY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhW1cpwMaOi6uzlS7Ndx/pGSDI3WB
0hlmSgPxy4kdhfVUsYqv1L6/JsJmmEBmGUqn0miWq/9sX5cy16dGewMvSIUMXzHn
bfBoxsqGQUiVx7pBh46I9YhU4DrkDI8Ikrh41m2oZTdvjtD6WgBSRpQ6NFWvJYHC
xpMl0bynlFi2yqYrpoJkiT1nkVbBT1dqbMc6WJEvHNhJTF9AezagNQP47Jq9gF9R
vi6BWL/66a26yL39SVtkC4NjZYCnn9TGMA01kRYbmfD8ECV+8pJtyypnx08ICIEu
1bQxlCVFq4/RbTygX1PYqKrUzGUQOmGdq/RNoFD+HrCeLz2hsQtXwSIScwIDAQAB
o4ICPjCCAjowHQYDVR0OBBYEFJxXkD+c7yJAn7uOJroemMC3+8L2MB8GA1UdIwQY
MBaAFL8oBZkuZTHT2jHuGva81cBtArbKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdnlnRm1TNWxNZFBhTWU0YTlyelZ3RzBDdHNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi83NTg0NjctNjgxOC00ZTg0LTg3YmEt
NWQ4Mzg2NjhiZWJlLzEvbkZlUVA1enZJa0NmdTQ0bXVoNll3TGY3d3ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi83NTg0NjctNjgxOC00ZTg0LTg3YmEtNWQ4Mzg2NjhiZWJl
LzEvdnlnRm1TNWxNZFBhTWU0YTlyelZ3RzBDdHNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFQGCCsGAQUFBwEHAQH/BEUwQzAyBAIAATAsMAwDBAU+ZSAD
BAI+ZTADBAM+ZTgDBAZTrEADBARfjLADBAK5XkgDBAXUcCAwDQQCAAIwBwMFACAB
C+gwDQYJKoZIhvcNAQELBQADggEBABoJJvNjVpqd369JVOKqiMGD2zFe5brk0Qml
IqffZRs6PCHdx3cJeqPsRnHXyqdX/tqoDQE+7yxunJKZq3kX6XMIVbTNBsYajXcX
UA4vrIrM5Y+DYmE7YHA6TEzWECBDhfp6Pmjk5azxNySmq9VhXiCOQCiy5eXY7vdB
oDpdqxMJgtPF1zTXz07aLwGFPQYwP5t1DXLppYARhKhSzfhF0IvTMYMbr7MLq7Gz
obTESx7qm2q5sd95FDt/ZGkFkZbmHX1sIEf069j652b2D4r623OwarKvgShOZBBC
f1vhtQCm/l+f4ZTSBzPfoVX+sxksVzljyKUtBXopS0rgVRVofq4=
-----END CERTIFICATE-----