Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/260b61-a348-4d47-92f6-1e0e8b909e34/1/9yOpkWn8dztn5jW8-n2pJDavLuM.roa
File:                     9yOpkWn8dztn5jW8-n2pJDavLuM.roa (raw, json)
Hash identifier:          19v8A5nJ4dBPmzPFdbrFvLT7sV6ThKiNUSN7CTYtBD0=
Subject key identifier:   F7:23:A9:91:69:FC:77:3B:67:E6:35:BC:FA:7D:A9:24:36:AF:2E:E3
Certificate issuer:       /CN=9e55320077696944b1613c2e8c9c606a1e06eb79
Certificate serial:       01889A80CD5C6224ED5C35449AC2BACFCBCD
Authority key identifier: 9E:55:32:00:77:69:69:44:B1:61:3C:2E:8C:9C:60:6A:1E:06:EB:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nlUyAHdpaUSxYTwujJxgah4G63k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/260b61-a348-4d47-92f6-1e0e8b909e34/1/9yOpkWn8dztn5jW8-n2pJDavLuM.roa
Signing time:             Thu 08 Jun 2023 10:15:12 +0000
ROA not before:           Thu 08 Jun 2023 10:15:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     206119
IP address blocks:        5.182.245.0/24 maxlen: 24
                          5.182.244.0/24 maxlen: 24
                          5.182.246.0/24 maxlen: 24
                          93.157.189.0/24 maxlen: 24
                          185.195.255.0/24 maxlen: 24
                          185.195.254.0/24 maxlen: 24
                          185.233.246.0/24 maxlen: 24
                          185.233.247.0/24 maxlen: 24
                          89.200.217.0/24 maxlen: 24
                          89.200.216.0/24 maxlen: 24
                          185.107.132.0/24 maxlen: 24
                          185.93.53.0/24 maxlen: 24
                          185.93.52.0/24 maxlen: 24
                          185.93.54.0/24 maxlen: 24
                          185.93.55.0/24 maxlen: 24
                          185.195.253.0/24 maxlen: 24
                          2a0a:61c0::/29 maxlen: 29
                          2a05:f740::/29 maxlen: 29
                          2a0c:f700::/29 maxlen: 29

Validation:               Failed, certificate revoked on Sun 01 Oct 2023 10:24:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:9a:80:cd:5c:62:24:ed:5c:35:44:9a:c2:ba:cf:cb:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e55320077696944b1613c2e8c9c606a1e06eb79
        Validity
            Not Before: Jun  8 10:15:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f723a99169fc773b67e635bcfa7da92436af2ee3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:cb:09:fd:af:e6:df:9f:16:06:67:b1:4c:67:
                    ba:de:c4:a6:c0:36:02:b9:67:41:4b:e7:f6:d9:01:
                    fb:a2:0e:66:ec:d9:76:6e:57:6c:25:18:c1:5c:87:
                    26:86:cc:4e:10:ca:5e:f5:8f:bf:ad:40:72:59:ec:
                    8d:0a:d8:f2:eb:b6:85:da:b5:af:2e:fa:2d:37:0b:
                    8a:12:d9:38:6b:7b:1c:1f:48:fd:58:de:06:dc:d9:
                    da:fb:a2:44:e9:da:bd:ae:15:be:70:eb:67:3a:ae:
                    9e:fc:12:05:c5:25:e2:81:33:5c:83:2c:17:18:4d:
                    1a:25:e5:43:cf:74:47:12:85:94:fc:4c:fa:ee:e7:
                    31:69:b2:76:90:da:bd:31:0b:9b:d0:c2:b4:cc:d5:
                    c3:ba:b5:86:03:21:62:22:79:ff:65:b9:8d:3f:13:
                    6e:f5:65:8a:d9:52:3f:8c:ed:f0:80:44:c3:31:25:
                    db:d3:30:45:7a:3e:b8:5d:a2:71:3b:45:e1:ce:f7:
                    29:36:8f:f2:35:5e:da:3b:98:4e:5f:4b:77:2c:a2:
                    62:ac:c2:81:65:5b:7c:df:eb:33:c6:e0:d8:73:c1:
                    08:3b:3a:87:24:50:d2:d9:7d:b4:78:a4:c2:bb:a4:
                    44:fa:06:33:56:10:9b:85:15:df:12:b2:36:ed:34:
                    37:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:23:A9:91:69:FC:77:3B:67:E6:35:BC:FA:7D:A9:24:36:AF:2E:E3
            X509v3 Authority Key Identifier:
                keyid:9E:55:32:00:77:69:69:44:B1:61:3C:2E:8C:9C:60:6A:1E:06:EB:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nlUyAHdpaUSxYTwujJxgah4G63k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/260b61-a348-4d47-92f6-1e0e8b909e34/1/9yOpkWn8dztn5jW8-n2pJDavLuM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/260b61-a348-4d47-92f6-1e0e8b909e34/1/nlUyAHdpaUSxYTwujJxgah4G63k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.244.0-5.182.246.255
                  89.200.216.0/23
                  93.157.189.0/24
                  185.93.52.0/22
                  185.107.132.0/24
                  185.195.253.0-185.195.255.255
                  185.233.246.0/23
                IPv6:
                  2a05:f740::/29
                  2a0a:61c0::/29
                  2a0c:f700::/29

    Signature Algorithm: sha256WithRSAEncryption
         ce:a3:db:c3:45:9e:a5:f7:1b:db:c1:9d:0a:c8:ff:6b:8c:dc:
         96:87:73:c1:5f:62:6a:4c:02:40:b2:a5:b9:46:ef:41:83:42:
         6c:b7:1a:36:67:f0:20:9b:dc:ef:95:35:1e:4c:44:92:04:1c:
         ac:37:72:74:71:ec:f3:da:93:27:89:a5:2c:7d:75:15:b8:25:
         d9:a8:1b:f9:b3:6b:11:1e:0e:02:f6:68:ac:11:88:2e:ca:08:
         d2:37:a1:f8:65:d0:57:87:5a:44:6f:0c:c0:e7:4e:d4:31:a8:
         ec:13:c3:63:cb:5a:c8:9e:59:b5:2b:ce:f1:ec:a4:24:02:d2:
         bd:e8:9d:4d:f4:be:1e:9f:81:2f:7a:64:e8:34:b4:67:ab:db:
         91:3e:33:bc:60:fb:2b:5d:7d:5a:04:cd:3e:27:cd:77:d4:e6:
         ce:9d:a4:0d:62:50:77:bb:08:4b:f7:ec:02:90:8d:a5:5a:a1:
         36:f4:f2:f9:18:5a:9e:19:75:6d:34:36:6e:5c:ae:51:8b:aa:
         10:f9:4f:0f:48:35:3d:a3:27:2c:43:5a:c0:fe:01:60:1f:ac:
         87:a7:77:2d:a5:b4:02:59:4c:df:97:7e:e1:a4:dd:93:53:10:
         f0:8c:39:00:1c:4e:ff:9b:cf:75:c4:44:bc:8e:49:68:cf:28:
         80:4f:dd:5b
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAYiagM1cYiTtXDVEmsK6z8vNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllNTUzMjAwNzc2OTY5NDRiMTYxM2MyZThjOWM2MDZhMWUw
NmViNzkwHhcNMjMwNjA4MTAxNTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzIzYTk5MTY5ZmM3NzNiNjdlNjM1YmNmYTdkYTkyNDM2YWYyZWUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjcsJ/a/m358WBmexTGe63sSmwDYC
uWdBS+f22QH7og5m7Nl2bldsJRjBXIcmhsxOEMpe9Y+/rUByWeyNCtjy67aF2rWv
LvotNwuKEtk4a3scH0j9WN4G3Nna+6JE6dq9rhW+cOtnOq6e/BIFxSXigTNcgywX
GE0aJeVDz3RHEoWU/Ez67ucxabJ2kNq9MQub0MK0zNXDurWGAyFiInn/ZbmNPxNu
9WWK2VI/jO3wgETDMSXb0zBFej64XaJxO0XhzvcpNo/yNV7aO5hOX0t3LKJirMKB
ZVt83+szxuDYc8EIOzqHJFDS2X20eKTCu6RE+gYzVhCbhRXfErI27TQ3EwIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFPcjqZFp/Hc7Z+Y1vPp9qSQ2ry7jMB8GA1UdIwQY
MBaAFJ5VMgB3aWlEsWE8LoycYGoeBut5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmxVeUFIZHBhVVN4WVR3dWpKeGdhaDRHNjNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC8yNjBiNjEtYTM0OC00ZDQ3LTkyZjYt
MWUwZThiOTA5ZTM0LzEvOXlPcGtXbjhkenRuNWpXOC1uMnBKRGF2THVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC8yNjBiNjEtYTM0OC00ZDQ3LTkyZjYtMWUwZThiOTA5ZTM0
LzEvbmxVeUFIZHBhVVN4WVR3dWpKeGdhaDRHNjNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjA/BAIAATA5MAwDBAIFtvQD
BAAFtvYDBAFZyNgDBABdnb0DBAK5XTQDBAC5a4QwCwMEALnD/QMDArnAAwQBuen2
MBsEAgACMBUDBQMqBfdAAwUDKgphwAMFAyoM9wAwDQYJKoZIhvcNAQELBQADggEB
AM6j28NFnqX3G9vBnQrI/2uM3JaHc8FfYmpMAkCypblG70GDQmy3GjZn8CCb3O+V
NR5MRJIEHKw3cnRx7PPakyeJpSx9dRW4JdmoG/mzaxEeDgL2aKwRiC7KCNI3ofhl
0FeHWkRvDMDnTtQxqOwTw2PLWsieWbUrzvHspCQC0r3onU30vh6fgS96ZOg0tGer
25E+M7xg+ytdfVoEzT4nzXfU5s6dpA1iUHe7CEv37AKQjaVaoTb08vkYWp4ZdW00
Nm5crlGLqhD5Tw9INT2jJyxDWsD+AWAfrIendy2ltAJZTN+XfuGk3ZNTEPCMOQAc
Tv+bz3XERLyOSWjPKIBP3Vs=
-----END CERTIFICATE-----