Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/7sv484Aq8T1_aTkqu_QNNplqnvI.roa
File:                     7sv484Aq8T1_aTkqu_QNNplqnvI.roa (raw, json)
Hash identifier:          /YhyLf9+kRyPRQv9aY/7vBZ1Vor0Ao9YGtOoSnzExxM=
Subject key identifier:   EE:CB:F8:F3:80:2A:F1:3D:7F:69:39:2A:BB:F4:0D:36:99:6A:9E:F2
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       0186C121C29C04963F7C70F1DEFDBF3E3066
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/7sv484Aq8T1_aTkqu_QNNplqnvI.roa
Signing time:             Wed 08 Mar 2023 12:11:00 +0000
ROA not before:           Wed 08 Mar 2023 12:11:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     56690
IP address blocks:        193.233.150.0/24 maxlen: 24
                          193.233.164.0/24 maxlen: 24
                          193.233.166.0/23 maxlen: 23
                          193.233.168.0/23 maxlen: 23
                          193.233.73.0/24 maxlen: 24
                          193.233.92.0/22 maxlen: 24
                          193.233.12.0/23 maxlen: 23
                          193.233.240.0/22 maxlen: 24
                          193.233.24.0/23 maxlen: 23
                          193.233.26.0/23 maxlen: 23
                          193.233.28.0/23 maxlen: 23
                          193.233.254.0/23 maxlen: 23
                          193.233.54.0/23 maxlen: 23
                          193.233.176.0/20 maxlen: 20
                          193.233.212.0/22 maxlen: 22
                          193.233.224.0/22 maxlen: 22

Validation:               Failed, certificate revoked on Tue 14 Mar 2023 12:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:c1:21:c2:9c:04:96:3f:7c:70:f1:de:fd:bf:3e:30:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Mar  8 12:11:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=eecbf8f3802af13d7f69392abbf40d36996a9ef2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:65:48:03:b6:c6:55:2d:07:bd:af:c7:b4:27:
                    74:44:14:87:cf:08:90:2f:56:2a:3c:45:77:89:96:
                    ae:d4:5a:6f:22:34:ba:c3:01:e9:28:8a:7c:a6:ae:
                    f3:07:cb:61:f1:cc:6a:b0:ca:1a:a4:70:1b:3a:67:
                    e3:19:55:90:01:fd:b9:a8:79:8a:a8:7e:65:20:78:
                    d6:2c:96:63:c1:18:e8:6a:13:a0:dc:6e:4e:8d:13:
                    77:97:e2:c9:19:b1:e0:ee:7c:5e:78:55:86:fc:39:
                    43:ec:e4:59:0c:1d:f1:17:52:98:79:bd:de:cc:f7:
                    e6:84:e1:d9:b0:a0:cc:13:3d:6c:b4:01:61:84:e7:
                    b9:f6:39:67:27:76:2e:cb:e2:d9:24:bb:14:0c:bb:
                    0d:f8:d5:1a:5d:d7:d9:4d:7d:44:0a:f3:e8:5c:ab:
                    8b:c1:3d:cb:51:72:58:7f:5c:74:98:b8:53:91:46:
                    3b:da:67:e0:09:a2:96:c1:ab:2c:c8:b1:64:2a:60:
                    35:39:b6:7e:57:26:c2:10:c7:9e:5a:23:c5:08:06:
                    18:e3:d9:24:ef:d1:a5:c6:65:d2:d7:59:5c:3b:16:
                    61:07:38:01:c7:72:81:67:85:c3:7c:19:33:41:54:
                    17:65:bb:af:a0:49:0d:19:12:02:c5:c1:3c:a6:17:
                    bc:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:CB:F8:F3:80:2A:F1:3D:7F:69:39:2A:BB:F4:0D:36:99:6A:9E:F2
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/7sv484Aq8T1_aTkqu_QNNplqnvI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.12.0/23
                  193.233.24.0-193.233.29.255
                  193.233.54.0/23
                  193.233.73.0/24
                  193.233.92.0/22
                  193.233.150.0/24
                  193.233.164.0/24
                  193.233.166.0-193.233.169.255
                  193.233.176.0/20
                  193.233.212.0/22
                  193.233.224.0/22
                  193.233.240.0/22
                  193.233.254.0/23

    Signature Algorithm: sha256WithRSAEncryption
         40:93:23:2e:04:59:a4:26:d6:5a:f3:d9:e1:cc:eb:43:83:99:
         2c:ff:c5:8f:6c:36:7f:6e:85:a9:98:98:95:d3:5d:81:ea:5e:
         25:5c:7f:19:1b:92:a0:66:2d:ee:c7:eb:e7:4e:c2:f4:eb:d5:
         57:9b:e5:4b:66:9e:c6:26:b1:c8:c2:7a:69:7d:22:61:ee:fb:
         8a:7e:73:00:55:ce:16:6e:63:82:7c:dc:c1:f4:95:d1:23:8d:
         28:e5:89:22:cc:f5:08:7d:31:af:dd:16:68:4f:a2:5b:71:94:
         22:8c:df:48:ea:a6:59:c6:4e:35:e4:e2:d2:ba:ed:46:54:d4:
         3d:8c:2f:c4:05:a2:2d:01:fd:be:8f:52:68:26:e4:e1:b3:3c:
         ba:5b:75:4b:1f:f2:7f:fb:4c:08:10:55:cf:b5:dd:20:01:6c:
         e7:4d:17:4a:79:ba:f8:67:01:49:54:d8:b9:43:4e:95:43:4c:
         17:02:1e:2f:b3:70:82:60:43:73:55:1c:be:13:dd:54:4b:a8:
         c0:10:06:74:83:19:16:98:27:5f:36:e8:bf:aa:41:35:de:2e:
         a1:1e:cc:45:0e:bd:38:07:c5:20:52:6f:42:c9:b5:d7:f4:72:
         72:cf:28:68:e5:44:8d:46:23:11:4c:7f:b6:ba:cb:3e:c9:48:
         99:fb:b1:44
-----BEGIN CERTIFICATE-----
MIIFVTCCBD2gAwIBAgISAYbBIcKcBJY/fHDx3v2/PjBmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjMwMzA4MTIxMTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWNiZjhmMzgwMmFmMTNkN2Y2OTM5MmFiYmY0MGQzNjk5NmE5ZWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxmVIA7bGVS0Hva/HtCd0RBSHzwiQ
L1YqPEV3iZau1FpvIjS6wwHpKIp8pq7zB8th8cxqsMoapHAbOmfjGVWQAf25qHmK
qH5lIHjWLJZjwRjoahOg3G5OjRN3l+LJGbHg7nxeeFWG/DlD7ORZDB3xF1KYeb3e
zPfmhOHZsKDMEz1stAFhhOe59jlnJ3Yuy+LZJLsUDLsN+NUaXdfZTX1ECvPoXKuL
wT3LUXJYf1x0mLhTkUY72mfgCaKWwassyLFkKmA1ObZ+VybCEMeeWiPFCAYY49kk
79GlxmXS11lcOxZhBzgBx3KBZ4XDfBkzQVQXZbuvoEkNGRICxcE8phe8swIDAQAB
o4ICYTCCAl0wHQYDVR0OBBYEFO7L+POAKvE9f2k5Krv0DTaZap7yMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvN3N2NDg0QXE4VDFfYVRrcXVfUU5OcGxxbnZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHcGCCsGAQUFBwEHAQH/BGgwZjBkBAIAATBeAwQBwekMMAwD
BAPB6RgDBAHB6RwDBAHB6TYDBADB6UkDBALB6VwDBADB6ZYDBADB6aQwDAMEAcHp
pgMEAcHpqAMEBMHpsAMEAsHp1AMEAsHp4AMEAsHp8AMEAcHp/jANBgkqhkiG9w0B
AQsFAAOCAQEAQJMjLgRZpCbWWvPZ4czrQ4OZLP/Fj2w2f26FqZiYldNdgepeJVx/
GRuSoGYt7sfr507C9OvVV5vlS2aexiaxyMJ6aX0iYe77in5zAFXOFm5jgnzcwfSV
0SONKOWJIsz1CH0xr90WaE+iW3GUIozfSOqmWcZONeTi0rrtRlTUPYwvxAWiLQH9
vo9SaCbk4bM8ult1Sx/yf/tMCBBVz7XdIAFs500XSnm6+GcBSVTYuUNOlUNMFwIe
L7NwgmBDc1UcvhPdVEuowBAGdIMZFpgnXzbov6pBNd4uoR7MRQ69OAfFIFJvQsm1
1/Rycs8oaOVEjUYjEUx/trrLPslImfuxRA==
-----END CERTIFICATE-----