Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/_pRVri9zRIG6X_2F3eWcUWgvLZc.roa
File:                     _pRVri9zRIG6X_2F3eWcUWgvLZc.roa (raw, json)
Hash identifier:          srpTJykOVsVTgaY5aRxrfSHt/gULAfM1Nwb91OuCmWE=
Subject key identifier:   FE:94:55:AE:2F:73:44:81:BA:5F:FD:85:DD:E5:9C:51:68:2F:2D:97
Certificate issuer:       /CN=d08da9cf00d4d58b854ffc62010f235b06df354a
Certificate serial:       018B9FEB8D6CFAC9321149E85D11AF308253
Authority key identifier: D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/_pRVri9zRIG6X_2F3eWcUWgvLZc.roa
Signing time:             Sun 05 Nov 2023 14:38:16 +0000
ROA not before:           Sun 05 Nov 2023 14:38:16 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     202592
IP address blocks:        185.96.56.0/22 maxlen: 24
                          194.38.48.0/22 maxlen: 24
                          193.168.200.0/22 maxlen: 24
                          193.160.220.0/22 maxlen: 24
                          185.136.16.0/22 maxlen: 24
                          147.185.196.0/23 maxlen: 24
                          147.185.206.0/23 maxlen: 24
                          207.244.196.0/22 maxlen: 24
                          43.240.148.0/22 maxlen: 24
                          207.244.208.0/22 maxlen: 24
                          45.12.100.0/22 maxlen: 24
                          2a05:ff01::/32 maxlen: 32
                          2a05:ff00:2::/48 maxlen: 48
                          2a05:ff00:1::/48 maxlen: 48
                          2a07:5b40::/29 maxlen: 48
                          2a05:ff00::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 21 Nov 2023 07:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:9f:eb:8d:6c:fa:c9:32:11:49:e8:5d:11:af:30:82:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d08da9cf00d4d58b854ffc62010f235b06df354a
        Validity
            Not Before: Nov  5 14:38:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=fe9455ae2f734481ba5ffd85dde59c51682f2d97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:95:6a:ee:8d:99:86:dd:c0:e9:b6:b6:b3:ca:
                    fb:c9:f8:63:fb:7b:6c:ce:06:44:89:a0:c7:b0:94:
                    e0:63:11:6a:5c:2a:d5:65:37:1f:4b:b4:46:3c:02:
                    0c:f8:80:e5:2f:74:75:48:45:25:ea:98:8d:02:d5:
                    27:b2:a3:35:e5:70:da:ee:84:40:c3:ae:04:e5:57:
                    23:46:2f:a1:b7:e7:4c:9f:ab:37:c3:6b:cd:5a:49:
                    cf:cd:06:6a:c8:3d:ef:36:f7:41:bb:c5:47:cd:cf:
                    36:88:43:11:f6:e7:e6:cc:79:cc:53:5e:d2:4e:dd:
                    9b:87:86:90:57:f0:ef:29:2c:9d:d8:5a:16:8e:62:
                    5b:af:97:30:57:1d:4c:83:52:c3:36:95:e7:ad:5e:
                    b1:f2:06:be:df:f7:f5:4e:93:fc:69:cd:25:a2:74:
                    51:27:00:bf:63:00:05:d6:17:fc:be:2f:d8:70:79:
                    b3:7c:10:f0:e1:05:07:f2:61:57:d6:8e:b6:62:f5:
                    f7:1d:f0:4a:f0:c6:34:62:4a:a1:58:5e:15:58:7e:
                    a4:ec:d9:19:f2:ad:8d:e1:dc:a1:36:74:4a:05:b0:
                    97:f3:fe:5d:d0:1e:62:92:76:6e:da:43:ea:c1:cf:
                    d9:6d:d1:45:f9:91:26:87:03:0b:a0:11:46:60:a4:
                    26:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:94:55:AE:2F:73:44:81:BA:5F:FD:85:DD:E5:9C:51:68:2F:2D:97
            X509v3 Authority Key Identifier:
                keyid:D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/_pRVri9zRIG6X_2F3eWcUWgvLZc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.240.148.0/22
                  45.12.100.0/22
                  147.185.196.0/23
                  147.185.206.0/23
                  185.96.56.0/22
                  185.136.16.0/22
                  193.160.220.0/22
                  193.168.200.0/22
                  194.38.48.0/22
                  207.244.196.0/22
                  207.244.208.0/22
                IPv6:
                  2a05:ff00::/31
                  2a07:5b40::/29

    Signature Algorithm: sha256WithRSAEncryption
         0a:bd:e0:c4:ea:91:d5:52:30:31:98:92:50:ba:8e:8b:12:dc:
         3c:14:c9:7c:94:d3:6d:d3:fc:f5:38:21:b7:bf:d6:81:76:44:
         dd:32:a6:7c:40:aa:f2:06:28:d5:a2:ec:c6:ed:55:34:cb:29:
         5a:fe:9a:9a:f2:e8:ad:fe:7d:26:70:4b:4b:d3:66:6d:41:61:
         69:c1:09:81:4f:34:dd:ea:74:a8:7e:34:9b:4b:a8:96:3f:0d:
         57:6d:25:2e:03:f0:1b:75:0a:59:df:95:45:65:12:a6:ec:ce:
         80:97:d6:f8:e4:f2:9e:ff:d3:6b:ec:89:77:7a:8a:7c:c0:85:
         da:d1:7d:fd:28:a6:19:fa:ce:5c:9a:15:31:1c:82:2b:48:5a:
         db:07:95:70:99:66:cc:c5:46:c6:c8:0f:8c:7e:3e:e0:89:cc:
         d4:61:61:b0:f5:6a:36:2a:55:0f:ae:73:31:50:5c:3b:42:f9:
         9e:38:4e:64:c7:65:ba:e9:e1:05:79:c2:79:68:9b:c9:8b:ab:
         d5:a0:b6:91:5c:f4:98:30:53:76:2b:df:f7:5d:74:bf:18:9f:
         06:20:c3:3c:b6:ba:98:97:c3:fc:db:2f:23:38:c9:bd:50:c3:
         38:c8:de:d5:8a:99:89:2e:be:d5:3f:0d:8f:bf:9f:59:ff:4a:
         0b:b2:fc:f3
-----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgISAYuf641s+skyEUnoXRGvMIJTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwOGRhOWNmMDBkNGQ1OGI4NTRmZmM2MjAxMGYyMzViMDZk
ZjM1NGEwHhcNMjMxMTA1MTQzODE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTk0NTVhZTJmNzM0NDgxYmE1ZmZkODVkZGU1OWM1MTY4MmYyZDk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkZVq7o2Zht3A6ba2s8r7yfhj+3ts
zgZEiaDHsJTgYxFqXCrVZTcfS7RGPAIM+IDlL3R1SEUl6piNAtUnsqM15XDa7oRA
w64E5VcjRi+ht+dMn6s3w2vNWknPzQZqyD3vNvdBu8VHzc82iEMR9ufmzHnMU17S
Tt2bh4aQV/DvKSyd2FoWjmJbr5cwVx1Mg1LDNpXnrV6x8ga+3/f1TpP8ac0lonRR
JwC/YwAF1hf8vi/YcHmzfBDw4QUH8mFX1o62YvX3HfBK8MY0YkqhWF4VWH6k7NkZ
8q2N4dyhNnRKBbCX8/5d0B5iknZu2kPqwc/ZbdFF+ZEmhwMLoBFGYKQmpQIDAQAB
o4ICWzCCAlcwHQYDVR0OBBYEFP6UVa4vc0SBul/9hd3lnFFoLy2XMB8GA1UdIwQY
MBaAFNCNqc8A1NWLhU/8YgEPI1sG3zVKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYt
MjBlMTk3ODBjYjJlLzEvX3BSVnJpOXpSSUc2WF8yRjNlV2NVV2d2TFpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYtMjBlMTk3ODBjYjJl
LzEvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHEGCCsGAQUFBwEHAQH/BGIwYDBIBAIAATBCAwQCK/CUAwQC
LQxkAwQBk7nEAwQBk7nOAwQCuWA4AwQCuYgQAwQCwaDcAwQCwajIAwQCwiYwAwQC
z/TEAwQCz/TQMBQEAgACMA4DBQEqBf8AAwUDKgdbQDANBgkqhkiG9w0BAQsFAAOC
AQEACr3gxOqR1VIwMZiSULqOixLcPBTJfJTTbdP89Tght7/WgXZE3TKmfECq8gYo
1aLsxu1VNMspWv6amvLorf59JnBLS9NmbUFhacEJgU803ep0qH40m0uolj8NV20l
LgPwG3UKWd+VRWUSpuzOgJfW+OTynv/Ta+yJd3qKfMCF2tF9/SimGfrOXJoVMRyC
K0ha2weVcJlmzMVGxsgPjH4+4InM1GFhsPVqNipVD65zMVBcO0L5njhOZMdluunh
BXnCeWibyYur1aC2kVz0mDBTdivf9110vxifBiDDPLa6mJfD/NsvIzjJvVDDOMje
1YqZiS6+1T8Nj7+fWf9KC7L88w==
-----END CERTIFICATE-----