Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/r9BTBhlF529tvMCn3kI4x7f9bME.roa
File:                     r9BTBhlF529tvMCn3kI4x7f9bME.roa (raw, json)
Hash identifier:          u2NJ2Vh8+2iDyBqVFlRzlYq6cUdUnu1Fs4y42LtSK/Y=
Subject key identifier:   AF:D0:53:06:19:45:E7:6F:6D:BC:C0:A7:DE:42:38:C7:B7:FD:6C:C1
Certificate issuer:       /CN=d08da9cf00d4d58b854ffc62010f235b06df354a
Certificate serial:       018B9FEE4DA2FC671EA95117F7010BC68D90
Authority key identifier: D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/r9BTBhlF529tvMCn3kI4x7f9bME.roa
Signing time:             Sun 05 Nov 2023 14:41:16 +0000
ROA not before:           Sun 05 Nov 2023 14:41:16 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     60150
IP address blocks:        185.96.56.0/22 maxlen: 24
                          194.38.48.0/22 maxlen: 24
                          193.168.200.0/22 maxlen: 24
                          193.160.220.0/22 maxlen: 24
                          185.136.16.0/22 maxlen: 24
                          147.185.196.0/23 maxlen: 24
                          147.185.206.0/23 maxlen: 24
                          207.244.196.0/22 maxlen: 24
                          43.240.148.0/22 maxlen: 22
                          207.244.208.0/22 maxlen: 24
                          45.12.100.0/22 maxlen: 24
                          2a07:5b40::/29 maxlen: 48
                          2a05:ff00::/29 maxlen: 48

Validation:               Failed, certificate revoked on Tue 07 Nov 2023 10:51:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:9f:ee:4d:a2:fc:67:1e:a9:51:17:f7:01:0b:c6:8d:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d08da9cf00d4d58b854ffc62010f235b06df354a
        Validity
            Not Before: Nov  5 14:41:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=afd053061945e76f6dbcc0a7de4238c7b7fd6cc1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:32:95:fb:bf:9e:59:51:64:fd:d6:93:c6:55:
                    f6:60:a9:3a:ca:3f:89:ea:6d:bf:20:2d:89:13:70:
                    fa:58:a2:10:52:ba:cd:5e:5b:34:97:88:4b:72:be:
                    22:b9:92:59:1e:10:8e:c8:8a:2c:41:1e:71:3a:e6:
                    9b:c7:30:e3:66:d8:75:ab:41:3e:63:dc:73:b8:06:
                    34:4f:67:24:b9:6e:86:0d:6d:36:c6:fd:24:ac:e2:
                    9f:00:e5:60:6b:e3:3c:15:50:99:80:72:1e:ff:40:
                    e5:30:79:72:77:b3:29:8b:ee:6e:2b:02:74:09:b0:
                    95:92:a5:96:37:18:74:d7:1f:e7:1f:ec:28:72:8b:
                    b3:f7:c1:af:7c:f7:ef:f0:91:14:22:cf:17:34:bd:
                    5e:03:7e:65:fe:48:1d:14:16:4e:47:51:8f:55:40:
                    d2:ec:2d:7f:78:2f:4a:74:c7:62:0e:6f:41:ad:9e:
                    5e:32:cd:c1:22:52:d0:0d:ef:d6:4c:06:e2:ad:59:
                    ae:4a:b6:d1:ec:43:3a:cc:63:a3:17:ab:1e:10:78:
                    79:9a:e2:9d:49:0b:07:ac:7f:cf:a0:59:e8:e6:2b:
                    11:61:d6:c3:62:9a:a0:2b:e4:22:6c:dc:25:f4:b3:
                    d6:02:d2:44:63:2c:53:80:c0:16:e6:ed:d9:93:b5:
                    1e:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:D0:53:06:19:45:E7:6F:6D:BC:C0:A7:DE:42:38:C7:B7:FD:6C:C1
            X509v3 Authority Key Identifier:
                keyid:D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/r9BTBhlF529tvMCn3kI4x7f9bME.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.240.148.0/22
                  45.12.100.0/22
                  147.185.196.0/23
                  147.185.206.0/23
                  185.96.56.0/22
                  185.136.16.0/22
                  193.160.220.0/22
                  193.168.200.0/22
                  194.38.48.0/22
                  207.244.196.0/22
                  207.244.208.0/22
                IPv6:
                  2a05:ff00::/29
                  2a07:5b40::/29

    Signature Algorithm: sha256WithRSAEncryption
         65:eb:e4:63:90:0f:c6:93:b0:9f:01:15:79:42:4d:3b:71:07:
         4a:7e:e0:d7:1f:ba:f2:7d:c2:f4:86:ce:13:c4:07:34:45:f9:
         df:d3:08:60:66:f4:ec:b1:93:f8:0c:f3:64:b6:69:a0:6b:3a:
         85:bf:fc:82:ab:cc:05:0e:d6:5a:0a:a2:0a:c8:98:d2:a8:03:
         47:5e:88:f8:8d:96:13:80:f4:67:e3:01:9f:d6:4d:dc:e4:ee:
         54:3c:f0:41:89:25:e3:e4:65:52:cd:86:85:fb:ef:ba:64:d1:
         28:ab:0c:53:41:1f:a5:29:ee:a4:64:a7:ed:92:3c:37:2b:17:
         96:14:e0:6a:69:7b:6b:00:0c:f9:c0:fa:b4:90:fd:d9:9a:85:
         42:ad:b5:fd:cf:e7:09:12:50:13:3c:81:3b:55:2d:27:32:a0:
         2c:90:8b:cd:94:09:9d:73:eb:e9:6f:29:91:e2:14:d3:05:c7:
         18:4a:a8:16:52:e3:4b:d6:d2:41:ee:58:20:e8:ba:86:e2:99:
         95:45:8f:9e:ad:c2:99:f4:26:15:73:d1:11:4c:f1:19:c0:8c:
         6b:c7:36:6e:e2:c2:38:dc:7e:98:8e:22:1a:84:07:b7:e7:5d:
         23:e6:f0:14:af:53:68:02:fd:7c:dc:ff:c2:95:af:3c:07:d2:
         d4:25:41:0d
-----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgISAYuf7k2i/GceqVEX9wELxo2QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwOGRhOWNmMDBkNGQ1OGI4NTRmZmM2MjAxMGYyMzViMDZk
ZjM1NGEwHhcNMjMxMTA1MTQ0MTE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmQwNTMwNjE5NDVlNzZmNmRiY2MwYTdkZTQyMzhjN2I3ZmQ2Y2MxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAujKV+7+eWVFk/daTxlX2YKk6yj+J
6m2/IC2JE3D6WKIQUrrNXls0l4hLcr4iuZJZHhCOyIosQR5xOuabxzDjZth1q0E+
Y9xzuAY0T2ckuW6GDW02xv0krOKfAOVga+M8FVCZgHIe/0DlMHlyd7Mpi+5uKwJ0
CbCVkqWWNxh01x/nH+wocouz98GvfPfv8JEUIs8XNL1eA35l/kgdFBZOR1GPVUDS
7C1/eC9KdMdiDm9BrZ5eMs3BIlLQDe/WTAbirVmuSrbR7EM6zGOjF6seEHh5muKd
SQsHrH/PoFno5isRYdbDYpqgK+QibNwl9LPWAtJEYyxTgMAW5u3Zk7UegwIDAQAB
o4ICWzCCAlcwHQYDVR0OBBYEFK/QUwYZRedvbbzAp95COMe3/WzBMB8GA1UdIwQY
MBaAFNCNqc8A1NWLhU/8YgEPI1sG3zVKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYt
MjBlMTk3ODBjYjJlLzEvcjlCVEJobEY1Mjl0dk1DbjNrSTR4N2Y5Yk1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYtMjBlMTk3ODBjYjJl
LzEvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHEGCCsGAQUFBwEHAQH/BGIwYDBIBAIAATBCAwQCK/CUAwQC
LQxkAwQBk7nEAwQBk7nOAwQCuWA4AwQCuYgQAwQCwaDcAwQCwajIAwQCwiYwAwQC
z/TEAwQCz/TQMBQEAgACMA4DBQMqBf8AAwUDKgdbQDANBgkqhkiG9w0BAQsFAAOC
AQEAZevkY5APxpOwnwEVeUJNO3EHSn7g1x+68n3C9IbOE8QHNEX539MIYGb07LGT
+AzzZLZpoGs6hb/8gqvMBQ7WWgqiCsiY0qgDR16I+I2WE4D0Z+MBn9ZN3OTuVDzw
QYkl4+RlUs2GhfvvumTRKKsMU0EfpSnupGSn7ZI8NysXlhTgaml7awAM+cD6tJD9
2ZqFQq21/c/nCRJQEzyBO1UtJzKgLJCLzZQJnXPr6W8pkeIU0wXHGEqoFlLjS9bS
Qe5YIOi6huKZlUWPnq3CmfQmFXPREUzxGcCMa8c2buLCONx+mI4iGoQHt+ddI+bw
FK9TaAL9fNz/wpWvPAfS1CVBDQ==
-----END CERTIFICATE-----