Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/fe9d1d-4ade-4630-8aba-f8f0c7d662e7/1/8XqWTyY3B493OxHkfElp4onaJyU.roa
File:                     8XqWTyY3B493OxHkfElp4onaJyU.roa (raw, json)
Hash identifier:          rV7xJlxtEnHM5ZQyd8AOvz1mqfNUhX0qGXqxZuPWYdA=
Subject key identifier:   F1:7A:96:4F:26:37:07:8F:77:3B:11:E4:7C:49:69:E2:89:DA:27:25
Certificate issuer:       /CN=3edf7b2d68ba76a0bd1ba7e9d29fac5852316b9c
Certificate serial:       018764C717F769277CFF171A1558C0A89D44
Authority key identifier: 3E:DF:7B:2D:68:BA:76:A0:BD:1B:A7:E9:D2:9F:AC:58:52:31:6B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Pt97LWi6dqC9G6fp0p-sWFIxa5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/fe9d1d-4ade-4630-8aba-f8f0c7d662e7/1/8XqWTyY3B493OxHkfElp4onaJyU.roa
Signing time:             Sun 09 Apr 2023 06:49:42 +0000
ROA not before:           Sun 09 Apr 2023 06:49:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     44489
IP address blocks:        45.92.236.0/22 maxlen: 22
                          178.217.144.0/21 maxlen: 21
                          185.15.144.0/22 maxlen: 22
                          89.31.40.0/21 maxlen: 21
                          91.235.200.0/23 maxlen: 23
                          178.255.172.0/22 maxlen: 22
                          178.255.168.0/22 maxlen: 22
                          178.255.168.0/21 maxlen: 21
                          185.173.248.0/22 maxlen: 22
                          92.62.224.0/20 maxlen: 20
                          2a0b:7f00::/29 maxlen: 29
                          2a02:768::/32 maxlen: 32

Validation:               Failed, certificate revoked on Thu 28 Dec 2023 23:09:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:64:c7:17:f7:69:27:7c:ff:17:1a:15:58:c0:a8:9d:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3edf7b2d68ba76a0bd1ba7e9d29fac5852316b9c
        Validity
            Not Before: Apr  9 06:49:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f17a964f2637078f773b11e47c4969e289da2725
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:3b:14:ff:64:c0:80:43:c7:12:e1:54:fa:f6:
                    26:a5:32:f5:91:2a:e5:2c:0a:4c:1d:2f:4b:bb:e3:
                    17:52:58:c7:7a:98:ee:08:de:71:ad:d4:af:d9:a5:
                    e2:ab:87:15:a4:f8:d5:49:5e:1b:1b:91:5c:9a:7f:
                    c1:fe:98:52:f4:98:37:20:93:47:46:bb:2a:68:ad:
                    78:e0:49:f9:3d:5c:78:02:a3:8e:e4:2c:85:bc:c0:
                    93:c5:84:63:3b:b8:f4:62:77:79:ec:f4:77:4d:2e:
                    b5:e1:c8:0a:2b:59:d7:80:ab:ef:d0:5e:0f:c6:02:
                    7c:5b:f9:e4:64:f4:37:b8:d4:5a:30:bf:da:02:cf:
                    96:95:13:ea:f3:46:b7:02:d0:44:39:98:27:cc:27:
                    9e:1b:a9:04:2d:bb:a7:2b:bc:ba:c2:61:5d:0f:8c:
                    37:f7:cd:97:68:14:f3:90:00:23:92:1a:ef:3a:b2:
                    51:e2:33:46:6e:3e:f6:80:df:e0:32:11:f2:c7:40:
                    85:a8:d5:a3:58:d2:df:5e:17:a4:03:eb:d3:2e:f7:
                    5e:88:cb:01:ce:3e:07:97:db:00:23:69:79:a4:dc:
                    0c:68:77:ef:ac:a2:60:0b:a8:0a:c0:1b:0e:71:83:
                    16:15:28:27:50:dd:84:da:b5:d8:c3:8d:50:6a:21:
                    92:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:7A:96:4F:26:37:07:8F:77:3B:11:E4:7C:49:69:E2:89:DA:27:25
            X509v3 Authority Key Identifier:
                keyid:3E:DF:7B:2D:68:BA:76:A0:BD:1B:A7:E9:D2:9F:AC:58:52:31:6B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Pt97LWi6dqC9G6fp0p-sWFIxa5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/fe9d1d-4ade-4630-8aba-f8f0c7d662e7/1/8XqWTyY3B493OxHkfElp4onaJyU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/fe9d1d-4ade-4630-8aba-f8f0c7d662e7/1/Pt97LWi6dqC9G6fp0p-sWFIxa5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.92.236.0/22
                  89.31.40.0/21
                  91.235.200.0/23
                  92.62.224.0/20
                  178.217.144.0/21
                  178.255.168.0/21
                  185.15.144.0/22
                  185.173.248.0/22
                IPv6:
                  2a02:768::/32
                  2a0b:7f00::/29

    Signature Algorithm: sha256WithRSAEncryption
         33:87:96:0f:58:a9:ea:aa:44:8b:68:b8:ef:7f:97:90:7b:ef:
         aa:28:a8:e2:64:eb:3d:8c:00:10:6e:dd:74:26:61:e6:ae:0d:
         cf:c0:07:17:c4:d5:5b:75:95:72:68:19:27:1b:58:3e:d9:ed:
         22:75:2a:5e:5b:fd:fd:2d:18:46:2e:1e:4f:c4:2f:84:a2:86:
         fe:04:6f:d4:0f:58:f5:5e:89:b9:b2:0c:72:01:8c:ba:e0:14:
         27:e0:65:af:84:e8:b9:1a:b3:a5:59:d8:a3:bb:0b:c2:fa:f6:
         8e:ed:d8:6c:a3:c1:cf:13:00:92:41:02:1d:4a:3a:17:9d:20:
         99:82:97:81:4b:e8:43:4f:fe:36:6c:53:6a:38:5f:4b:1c:0c:
         88:51:34:8f:84:3d:1f:f1:5e:b9:63:15:d5:37:5d:aa:7d:58:
         af:8a:c4:c7:51:6c:8b:b8:69:ed:98:ca:3d:b3:80:ec:6a:13:
         45:ca:03:83:d4:a0:90:b9:93:72:1e:85:6f:22:cf:9d:d3:a1:
         56:a2:dc:ce:1f:24:e2:fc:56:a9:45:ca:be:ad:54:af:f6:37:
         48:f7:3e:36:05:6c:e3:f1:b7:03:00:be:f5:d6:34:08:4c:6d:
         a9:1b:f0:07:df:7a:4e:e2:da:b8:f5:5f:95:a0:2d:03:f7:b1:
         ec:8d:02:df
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYdkxxf3aSd8/xcaFVjAqJ1EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlZGY3YjJkNjhiYTc2YTBiZDFiYTdlOWQyOWZhYzU4NTIz
MTZiOWMwHhcNMjMwNDA5MDY0OTQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTdhOTY0ZjI2MzcwNzhmNzczYjExZTQ3YzQ5NjllMjg5ZGEyNzI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvjsU/2TAgEPHEuFU+vYmpTL1kSrl
LApMHS9Lu+MXUljHepjuCN5xrdSv2aXiq4cVpPjVSV4bG5Fcmn/B/phS9Jg3IJNH
RrsqaK144En5PVx4AqOO5CyFvMCTxYRjO7j0Ynd57PR3TS614cgKK1nXgKvv0F4P
xgJ8W/nkZPQ3uNRaML/aAs+WlRPq80a3AtBEOZgnzCeeG6kELbunK7y6wmFdD4w3
982XaBTzkAAjkhrvOrJR4jNGbj72gN/gMhHyx0CFqNWjWNLfXhekA+vTLvdeiMsB
zj4Hl9sAI2l5pNwMaHfvrKJgC6gKwBsOcYMWFSgnUN2E2rXYw41QaiGSZwIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFPF6lk8mNwePdzsR5HxJaeKJ2iclMB8GA1UdIwQY
MBaAFD7fey1ounagvRun6dKfrFhSMWucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHQ5N0xXaTZkcUM5RzZmcDBwLXNXRkl4YTV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi9mZTlkMWQtNGFkZS00NjMwLThhYmEt
ZjhmMGM3ZDY2MmU3LzEvOFhxV1R5WTNCNDkzT3hIa2ZFbHA0b25hSnlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi9mZTlkMWQtNGFkZS00NjMwLThhYmEtZjhmMGM3ZDY2MmU3
LzEvUHQ5N0xXaTZkcUM5RzZmcDBwLXNXRkl4YTV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjA2BAIAATAwAwQCLVzsAwQD
WR8oAwQBW+vIAwQEXD7gAwQDstmQAwQDsv+oAwQCuQ+QAwQCua34MBQEAgACMA4D
BQAqAgdoAwUDKgt/ADANBgkqhkiG9w0BAQsFAAOCAQEAM4eWD1ip6qpEi2i473+X
kHvvqiio4mTrPYwAEG7ddCZh5q4Nz8AHF8TVW3WVcmgZJxtYPtntInUqXlv9/S0Y
Ri4eT8QvhKKG/gRv1A9Y9V6JubIMcgGMuuAUJ+Blr4TouRqzpVnYo7sLwvr2ju3Y
bKPBzxMAkkECHUo6F50gmYKXgUvoQ0/+NmxTajhfSxwMiFE0j4Q9H/FeuWMV1Tdd
qn1Yr4rEx1Fsi7hp7ZjKPbOA7GoTRcoDg9SgkLmTch6FbyLPndOhVqLczh8k4vxW
qUXKvq1Ur/Y3SPc+NgVs4/G3AwC+9dY0CExtqRvwB996TuLauPVflaAtA/ex7I0C
3w==
-----END CERTIFICATE-----