Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/cdad8f-b919-45d1-af18-63742d19a012/1/xPph4lgV5uEGUU2MPCAKHBWBseE.roa
File:                     xPph4lgV5uEGUU2MPCAKHBWBseE.roa (raw, json)
Hash identifier:          fmtkJmt+RJUM/I0P4BiN4mCNgmrHoItuw4ml/f0XwHo=
Subject key identifier:   C4:FA:61:E2:58:15:E6:E1:06:51:4D:8C:3C:20:0A:1C:15:81:B1:E1
Certificate issuer:       /CN=8fd26ad6f91ba4472814bae484a8df1f634c3341
Certificate serial:       0186EA692F89EADB98AF6F306EABCE042144
Authority key identifier: 8F:D2:6A:D6:F9:1B:A4:47:28:14:BA:E4:84:A8:DF:1F:63:4C:33:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j9Jq1vkbpEcoFLrkhKjfH2NMM0E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/cdad8f-b919-45d1-af18-63742d19a012/1/xPph4lgV5uEGUU2MPCAKHBWBseE.roa
Signing time:             Thu 16 Mar 2023 12:33:27 +0000
ROA not before:           Thu 16 Mar 2023 12:33:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     200019
IP address blocks:        176.123.0.0/21 maxlen: 21
                          176.123.1.0/24 maxlen: 24
                          176.123.2.0/24 maxlen: 24
                          176.123.3.0/24 maxlen: 24
                          176.123.4.0/24 maxlen: 24
                          176.123.0.0/24 maxlen: 24
                          176.123.8.0/24 maxlen: 24
                          176.123.8.0/22 maxlen: 22
                          176.123.9.0/24 maxlen: 24
                          176.123.10.0/24 maxlen: 24
                          176.123.11.0/24 maxlen: 24
                          176.123.5.0/24 maxlen: 24
                          176.123.6.0/24 maxlen: 24
                          176.123.7.0/24 maxlen: 24
                          2001:678:6d4::/48 maxlen: 48
                          2001:678:6d4:9990::/60 maxlen: 60

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 02:29:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:ea:69:2f:89:ea:db:98:af:6f:30:6e:ab:ce:04:21:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8fd26ad6f91ba4472814bae484a8df1f634c3341
        Validity
            Not Before: Mar 16 12:33:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c4fa61e25815e6e106514d8c3c200a1c1581b1e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:05:8b:14:d6:3c:6e:b1:73:87:b1:af:5c:6a:
                    53:3e:cd:f7:4b:6c:ca:c0:d8:5f:84:50:37:bb:9e:
                    91:c4:0f:f8:c2:07:1d:1a:e6:1d:b1:da:53:48:79:
                    3b:02:df:1b:79:c5:bb:40:f9:51:12:61:66:2f:a1:
                    2e:90:de:e5:37:86:de:2f:32:69:e7:11:a6:f6:84:
                    73:24:16:2e:6e:1c:3a:c6:d1:87:f9:30:68:1f:11:
                    6e:e0:2f:19:d5:6c:7f:49:2e:05:f7:af:0f:98:3e:
                    5c:38:58:1b:af:b6:7c:9c:86:b8:80:9c:3d:7a:b4:
                    e9:04:50:26:23:1a:37:06:3d:15:e3:96:bc:12:00:
                    4b:2c:d0:8e:cc:93:d0:de:66:77:7a:67:90:a0:f1:
                    ba:7d:52:54:47:ee:61:ab:32:ff:06:be:cd:9a:c9:
                    b1:97:c3:a3:9f:83:a8:0b:bf:2a:87:5c:38:85:24:
                    10:41:3f:97:56:cc:f6:6c:3b:08:75:00:dd:1c:4a:
                    42:53:e0:f1:56:03:b8:d3:09:f1:c2:7e:c1:66:f4:
                    07:2b:4e:f8:c6:3d:e6:5a:65:6d:33:04:35:86:93:
                    d3:aa:d0:be:89:5d:45:0b:a6:8d:c5:b7:cf:3c:63:
                    54:ac:d3:60:d8:29:ea:33:f7:0b:7b:6b:97:63:27:
                    64:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:FA:61:E2:58:15:E6:E1:06:51:4D:8C:3C:20:0A:1C:15:81:B1:E1
            X509v3 Authority Key Identifier:
                keyid:8F:D2:6A:D6:F9:1B:A4:47:28:14:BA:E4:84:A8:DF:1F:63:4C:33:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j9Jq1vkbpEcoFLrkhKjfH2NMM0E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/cdad8f-b919-45d1-af18-63742d19a012/1/xPph4lgV5uEGUU2MPCAKHBWBseE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/cdad8f-b919-45d1-af18-63742d19a012/1/j9Jq1vkbpEcoFLrkhKjfH2NMM0E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.123.0.0-176.123.11.255
                IPv6:
                  2001:678:6d4::/48

    Signature Algorithm: sha256WithRSAEncryption
         12:ae:63:06:b5:8a:96:36:17:ad:68:94:23:29:28:dd:8f:89:
         90:7f:0e:b7:58:5b:db:44:a4:05:65:6d:e4:bc:b4:65:36:92:
         b9:b4:f9:fd:1c:67:dd:db:a4:ce:3c:e5:09:b0:ec:70:fb:d9:
         8a:b1:b1:af:79:23:69:23:f1:15:00:13:3b:7e:b0:61:5a:09:
         4e:75:1b:35:50:11:d4:e1:33:ea:e8:5e:be:14:cf:3b:57:1c:
         5b:81:8b:bf:fb:8e:e3:96:32:39:4f:00:30:6a:38:90:ae:e4:
         88:5f:22:ad:c6:e5:8e:30:a3:75:ef:dd:59:f8:15:c6:44:0e:
         f5:af:37:be:19:f3:80:13:55:bd:55:b1:87:b7:ec:6b:e7:79:
         3e:f6:45:10:19:9a:81:66:43:3b:7e:25:4f:ea:51:2c:fb:2d:
         8b:c0:d3:41:f9:6f:56:4c:fc:40:14:25:f7:22:ac:b7:16:5a:
         44:65:99:bc:c9:ac:81:95:c2:d1:b2:cb:23:23:6d:d7:d5:12:
         ee:ef:60:b8:02:87:30:3e:5f:87:36:6d:65:9b:c8:cc:39:d3:
         f3:0d:a9:5a:a3:52:3d:b2:65:14:8f:12:88:22:47:d2:7e:b1:
         48:38:c1:0a:3f:58:85:17:65:13:e4:c9:13:f6:e2:a3:6e:3b:
         e8:b2:f5:1c
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYbqaS+J6tuYr28wbqvOBCFEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmZDI2YWQ2ZjkxYmE0NDcyODE0YmFlNDg0YThkZjFmNjM0
YzMzNDEwHhcNMjMwMzE2MTIzMzI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGZhNjFlMjU4MTVlNmUxMDY1MTRkOGMzYzIwMGExYzE1ODFiMWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsAWLFNY8brFzh7GvXGpTPs33S2zK
wNhfhFA3u56RxA/4wgcdGuYdsdpTSHk7At8becW7QPlREmFmL6EukN7lN4beLzJp
5xGm9oRzJBYubhw6xtGH+TBoHxFu4C8Z1Wx/SS4F968PmD5cOFgbr7Z8nIa4gJw9
erTpBFAmIxo3Bj0V45a8EgBLLNCOzJPQ3mZ3emeQoPG6fVJUR+5hqzL/Br7Nmsmx
l8Ojn4OoC78qh1w4hSQQQT+XVsz2bDsIdQDdHEpCU+DxVgO40wnxwn7BZvQHK074
xj3mWmVtMwQ1hpPTqtC+iV1FC6aNxbfPPGNUrNNg2CnqM/cLe2uXYydkHwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFMT6YeJYFebhBlFNjDwgChwVgbHhMB8GA1UdIwQY
MBaAFI/Satb5G6RHKBS65ISo3x9jTDNBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajlKcTF2a2JwRWNvRkxya2hLamZIMk5NTTBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9jZGFkOGYtYjkxOS00NWQxLWFmMTgt
NjM3NDJkMTlhMDEyLzEveFBwaDRsZ1Y1dUVHVVUyTVBDQUtIQldCc2VFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9jZGFkOGYtYjkxOS00NWQxLWFmMTgtNjM3NDJkMTlhMDEy
LzEvajlKcTF2a2JwRWNvRkxya2hLamZIMk5NTTBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjATBAIAATANMAsDAwCwewME
ArB7CDAPBAIAAjAJAwcAIAEGeAbUMA0GCSqGSIb3DQEBCwUAA4IBAQASrmMGtYqW
NhetaJQjKSjdj4mQfw63WFvbRKQFZW3kvLRlNpK5tPn9HGfd26TOPOUJsOxw+9mK
sbGveSNpI/EVABM7frBhWglOdRs1UBHU4TPq6F6+FM87VxxbgYu/+47jljI5TwAw
ajiQruSIXyKtxuWOMKN1791Z+BXGRA71rze+GfOAE1W9VbGHt+xr53k+9kUQGZqB
ZkM7fiVP6lEs+y2LwNNB+W9WTPxAFCX3Iqy3FlpEZZm8yayBlcLRsssjI23X1RLu
72C4AocwPl+HNm1lm8jMOdPzDalao1I9smUUjxKIIkfSfrFIOMEKP1iFF2UT5MkT
9uKjbjvosvUc
-----END CERTIFICATE-----