Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/FT99-5iFHPrmHmqiUNvTR6Ah2rE.roa
File:                     FT99-5iFHPrmHmqiUNvTR6Ah2rE.roa (raw, json)
Hash identifier:          nkUcpyp8ZiSpayllupSKchq09aSaDiuJWaZ9E0++diQ=
Subject key identifier:   15:3F:7D:FB:98:85:1C:FA:E6:1E:6A:A2:50:DB:D3:47:A0:21:DA:B1
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       018B8F03D9DBCBF5B1531F576C244DD7C81D
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/FT99-5iFHPrmHmqiUNvTR6Ah2rE.roa
Signing time:             Thu 02 Nov 2023 07:51:16 +0000
ROA not before:           Thu 02 Nov 2023 07:51:16 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43260
IP address blocks:        193.30.241.0/24 maxlen: 24
                          77.83.39.0/24 maxlen: 24
                          85.209.120.0/23 maxlen: 24
                          45.94.171.0/24 maxlen: 24
                          2.56.108.0/24 maxlen: 24
                          2.56.110.0/24 maxlen: 24
                          195.177.95.0/24 maxlen: 24
                          45.88.139.0/24 maxlen: 24
                          45.81.114.0/24 maxlen: 24
                          195.62.24.0/24 maxlen: 24
                          45.81.113.0/24 maxlen: 24
                          45.81.115.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 02 Nov 2023 12:11:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:8f:03:d9:db:cb:f5:b1:53:1f:57:6c:24:4d:d7:c8:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Nov  2 07:51:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=153f7dfb98851cfae61e6aa250dbd347a021dab1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:8b:7a:5b:8c:31:71:a7:c9:34:b1:f9:e8:87:
                    14:a2:ba:4e:ef:dd:22:d4:02:f3:78:c7:3d:9f:aa:
                    f2:ab:88:cd:33:a3:62:ac:e2:56:0b:ef:0d:56:33:
                    4f:a8:42:7d:50:49:52:3f:b6:eb:8a:9d:f8:49:07:
                    82:c3:da:2a:0c:4a:c2:e1:25:d8:fb:ba:3c:78:cd:
                    9a:b6:52:d9:16:01:c8:e7:8a:64:3b:0d:01:e4:10:
                    8a:d0:e3:37:ff:ce:da:9a:d9:ea:15:ed:30:c9:94:
                    4a:64:09:21:e1:18:26:f8:be:28:c8:f7:10:bb:ee:
                    af:70:f4:f3:3a:4c:d6:d4:d5:02:59:b7:13:68:71:
                    85:39:19:e5:68:a7:1e:00:0b:76:33:53:88:19:e3:
                    e9:2e:ea:91:c1:95:b7:8a:42:ad:37:11:ae:cf:d1:
                    3c:0b:d3:d1:d9:7b:28:18:04:67:f3:0b:c3:40:68:
                    d0:24:bd:0e:06:d3:74:dd:c2:4e:52:fa:60:6a:93:
                    19:e8:79:51:61:d9:95:1a:f2:11:a8:f8:d0:5a:5b:
                    8b:9c:00:15:09:97:e1:06:b8:2f:c8:7b:23:18:46:
                    3a:5f:72:33:45:2e:bd:f3:00:f8:08:e5:16:6e:b1:
                    88:d9:e9:5a:b1:19:d5:0a:d9:34:3f:54:43:9b:9e:
                    f7:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:3F:7D:FB:98:85:1C:FA:E6:1E:6A:A2:50:DB:D3:47:A0:21:DA:B1
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/FT99-5iFHPrmHmqiUNvTR6Ah2rE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.108.0/24
                  2.56.110.0/24
                  45.81.113.0-45.81.115.255
                  45.88.139.0/24
                  45.94.171.0/24
                  77.83.39.0/24
                  85.209.120.0/23
                  193.30.241.0/24
                  195.62.24.0/24
                  195.177.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:6e:fd:91:47:ad:34:c4:1e:a1:7d:bf:42:1d:a9:f0:24:b2:
         41:b2:44:98:99:64:c7:6e:9b:9d:b3:ee:c2:23:a8:c3:e1:77:
         b4:39:3d:c3:22:2a:83:eb:5b:33:4c:98:a3:a9:61:a1:9d:d6:
         cf:19:b4:28:6d:81:a1:11:03:98:68:5b:2b:9d:0c:32:bd:dd:
         da:58:64:74:e4:55:43:41:7d:2e:60:aa:e4:96:80:5b:dc:0d:
         9b:e3:54:47:df:46:58:76:a8:64:27:f5:80:f6:1e:cc:c8:09:
         d5:28:0f:7a:92:cd:b6:95:ab:3e:b4:8f:e3:25:7e:ab:71:cf:
         c9:30:19:23:ad:d6:ca:7f:ee:36:94:4b:00:e9:75:32:af:50:
         78:81:88:5c:c9:8c:fc:5e:f3:b7:1c:94:c6:78:b8:f6:68:ea:
         03:bb:65:ed:1d:3f:57:88:0c:88:30:d8:45:4a:a6:2f:49:ba:
         a9:be:d0:be:2e:97:0f:63:c5:b6:67:af:78:98:5a:bd:0b:68:
         b1:2a:a3:43:fb:dc:7d:e4:0b:62:a7:7f:c5:6a:94:52:80:1d:
         a7:55:0a:0f:52:b0:3e:c8:bc:3f:18:4a:2c:38:f8:82:55:58:
         9f:0c:ea:f4:72:8f:89:04:fa:e1:fd:09:5e:21:23:f4:e7:76:
         01:eb:4b:1d
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYuPA9nby/WxUx9XbCRN18gdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjMxMTAyMDc1MTE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTNmN2RmYjk4ODUxY2ZhZTYxZTZhYTI1MGRiZDM0N2EwMjFkYWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwYt6W4wxcafJNLH56IcUorpO790i
1ALzeMc9n6ryq4jNM6NirOJWC+8NVjNPqEJ9UElSP7brip34SQeCw9oqDErC4SXY
+7o8eM2atlLZFgHI54pkOw0B5BCK0OM3/87amtnqFe0wyZRKZAkh4Rgm+L4oyPcQ
u+6vcPTzOkzW1NUCWbcTaHGFORnlaKceAAt2M1OIGePpLuqRwZW3ikKtNxGuz9E8
C9PR2XsoGARn8wvDQGjQJL0OBtN03cJOUvpgapMZ6HlRYdmVGvIRqPjQWluLnAAV
CZfhBrgvyHsjGEY6X3IzRS698wD4COUWbrGI2elasRnVCtk0P1RDm573GwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFBU/ffuYhRz65h5qolDb00egIdqxMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvRlQ5OS01aUZIUHJtSG1xaVVOdlRSNkFoMnJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQAAjhsAwQA
AjhuMAwDBAAtUXEDBAItUXADBAAtWIsDBAAtXqsDBABNUycDBAFV0XgDBADBHvED
BADDPhgDBADDsV8wDQYJKoZIhvcNAQELBQADggEBAIVu/ZFHrTTEHqF9v0IdqfAk
skGyRJiZZMdum52z7sIjqMPhd7Q5PcMiKoPrWzNMmKOpYaGd1s8ZtChtgaERA5ho
WyudDDK93dpYZHTkVUNBfS5gquSWgFvcDZvjVEffRlh2qGQn9YD2HszICdUoD3qS
zbaVqz60j+Mlfqtxz8kwGSOt1sp/7jaUSwDpdTKvUHiBiFzJjPxe87cclMZ4uPZo
6gO7Ze0dP1eIDIgw2EVKpi9Juqm+0L4ulw9jxbZnr3iYWr0LaLEqo0P73H3kC2Kn
f8VqlFKAHadVCg9SsD7IvD8YSiw4+IJVWJ8M6vRyj4kE+uH9CV4hI/TndgHrSx0=
-----END CERTIFICATE-----